diff options
Diffstat (limited to 'terraform/ansible/roles/superusers/tasks/main.yml')
-rw-r--r-- | terraform/ansible/roles/superusers/tasks/main.yml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/terraform/ansible/roles/superusers/tasks/main.yml b/terraform/ansible/roles/superusers/tasks/main.yml new file mode 100644 index 0000000..70623a0 --- /dev/null +++ b/terraform/ansible/roles/superusers/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- tags: superusers + block: + - name: getent passwd + getent: + database: passwd + + - name: getent group + getent: + database: group + +# NOTE: Accounts are added by the luser module. +- tags: superusers + vars: + usernames: "{{ users|dict2items|map(attribute='key')|list }}" + unix_groups: + - sudo + - systemd-journal + with_items: "{{ unix_groups }}" + loop_control: + loop_var: group + include_tasks: adjust-group.yml + +- name: "Allow 'sudo' group to have passwordless sudo" + tags: superusers + become: yes + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' |