aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/superusers
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-04-10 09:04:50 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2018-04-10 09:04:50 +0200
commit0f9a79c433f26ef12c8e22a97c41d755ce3b8590 (patch)
treec299531781d3a2c1d423f4eb4c402012dc45a5c3 /ansible/roles/superusers
parent9e31be4a459959ced8ca47f88360f63088775945 (diff)
downloadinfra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.gz
infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.bz2
infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.xz
infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.zip
o Adding numquam and superusers role.
Diffstat (limited to 'ansible/roles/superusers')
-rw-r--r--ansible/roles/superusers/tasks/main.yml30
1 files changed, 30 insertions, 0 deletions
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
new file mode 100644
index 0000000..3a1e974
--- /dev/null
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: superuser accounts
+ tags: superusers
+ become: yes
+ user:
+ name: "{{ item.username }}"
+ groups: sudo,systemd-journal
+ shell: /bin/bash
+ append: yes
+ with_items:
+ - "{{ superusers }}"
+
+- name: superuser authorized_keys
+ tags: superusers
+ become: yes
+ authorized_key:
+ user: "{{ item.username }}"
+ state: "{{ item.state }}"
+ key: "{{ users[item.username].authorized_keys }}"
+ with_items:
+ - "{{ superusers }}"
+
+- name: Allow 'sudo' group to have passwordless sudo
+ tags: superusers
+ become: yes
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'