diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-11-05 23:18:06 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-11-05 23:18:06 +0100 |
commit | b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b (patch) | |
tree | 8c0f0d802773664e9d01ebf7ae6fb066b6f5fd93 /ansible/roles/superusers/tasks/main.yml | |
parent | 85b3d2a16b5cfbb499a4ebcb88967dcdc334cf21 (diff) | |
download | infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.gz infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.bz2 infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.xz infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.zip |
Importing Bitraf's lusers, updating superusers.
Diffstat (limited to 'ansible/roles/superusers/tasks/main.yml')
-rw-r--r-- | ansible/roles/superusers/tasks/main.yml | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml index 3a1e974..70623a0 100644 --- a/ansible/roles/superusers/tasks/main.yml +++ b/ansible/roles/superusers/tasks/main.yml @@ -1,26 +1,27 @@ --- -- name: superuser accounts - tags: superusers - become: yes - user: - name: "{{ item.username }}" - groups: sudo,systemd-journal - shell: /bin/bash - append: yes - with_items: - - "{{ superusers }}" +- tags: superusers + block: + - name: getent passwd + getent: + database: passwd -- name: superuser authorized_keys - tags: superusers - become: yes - authorized_key: - user: "{{ item.username }}" - state: "{{ item.state }}" - key: "{{ users[item.username].authorized_keys }}" - with_items: - - "{{ superusers }}" + - name: getent group + getent: + database: group + +# NOTE: Accounts are added by the luser module. +- tags: superusers + vars: + usernames: "{{ users|dict2items|map(attribute='key')|list }}" + unix_groups: + - sudo + - systemd-journal + with_items: "{{ unix_groups }}" + loop_control: + loop_var: group + include_tasks: adjust-group.yml -- name: Allow 'sudo' group to have passwordless sudo +- name: "Allow 'sudo' group to have passwordless sudo" tags: superusers become: yes lineinfile: |