aboutsummaryrefslogtreecommitdiff
path: root/terraform/ansible/roles/superusers/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/ansible/roles/superusers/tasks/main.yml')
-rw-r--r--terraform/ansible/roles/superusers/tasks/main.yml31
1 files changed, 31 insertions, 0 deletions
diff --git a/terraform/ansible/roles/superusers/tasks/main.yml b/terraform/ansible/roles/superusers/tasks/main.yml
new file mode 100644
index 0000000..70623a0
--- /dev/null
+++ b/terraform/ansible/roles/superusers/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- tags: superusers
+ block:
+ - name: getent passwd
+ getent:
+ database: passwd
+
+ - name: getent group
+ getent:
+ database: group
+
+# NOTE: Accounts are added by the luser module.
+- tags: superusers
+ vars:
+ usernames: "{{ users|dict2items|map(attribute='key')|list }}"
+ unix_groups:
+ - sudo
+ - systemd-journal
+ with_items: "{{ unix_groups }}"
+ loop_control:
+ loop_var: group
+ include_tasks: adjust-group.yml
+
+- name: "Allow 'sudo' group to have passwordless sudo"
+ tags: superusers
+ become: yes
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-08 19:22:09 +0000