ansible/roles/pve_auth/templates/user.cfg.j2

{{ ansible_managed | comment }}

{% for name, user in pve_auth__users.items() %}
{% if user.enabled | default(True) %}
user:{{ name }}@pve:1:0::::::
{% endif %}
{% endfor %}

{% for group in pve_auth__groups.keys() %}
{% set users = pve_auth__users
               | selectattr("groups", "defined")
	       | selectattr("groups", "contains", group) %}
group:{{ group }}:{{ users | join(",") }}::
{% endfor %}

{% for group, roles in pve_auth__groups.items() %}
acl:1:/:@{{ group }}:{{ roles | join(",") }}:
{% endfor %}
pve_auth: create role 2023-04-05 22:06:50 +02:00			`{{ ansible_managed \| comment }}`

			`{% for name, user in pve_auth__users.items() %}`
			`{% if user.enabled \| default(True) %}`
			`user:{{ name }}@pve:1:0::::::`
			`{% endif %}`
			`{% endfor %}`

			`{% for group in pve_auth__groups.keys() %}`
			`{% set users = pve_auth__users`
			`\| selectattr("groups", "defined")`
			`\| selectattr("groups", "contains", group) %}`
			`group:{{ group }}:{{ users \| join(",") }}::`
			`{% endfor %}`

			`{% for group, roles in pve_auth__groups.items() %}`
			`acl:1:/:@{{ group }}:{{ roles \| join(",") }}:`
			`{% endfor %}`