diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-04-10 09:04:50 +0200 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-04-10 09:04:50 +0200 |
commit | 0f9a79c433f26ef12c8e22a97c41d755ce3b8590 (patch) | |
tree | c299531781d3a2c1d423f4eb4c402012dc45a5c3 /ansible/roles/superusers | |
parent | 9e31be4a459959ced8ca47f88360f63088775945 (diff) | |
download | infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.gz infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.bz2 infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.tar.xz infra-0f9a79c433f26ef12c8e22a97c41d755ce3b8590.zip |
o Adding numquam and superusers role.
Diffstat (limited to 'ansible/roles/superusers')
-rw-r--r-- | ansible/roles/superusers/tasks/main.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml new file mode 100644 index 0000000..3a1e974 --- /dev/null +++ b/ansible/roles/superusers/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: superuser accounts + tags: superusers + become: yes + user: + name: "{{ item.username }}" + groups: sudo,systemd-journal + shell: /bin/bash + append: yes + with_items: + - "{{ superusers }}" + +- name: superuser authorized_keys + tags: superusers + become: yes + authorized_key: + user: "{{ item.username }}" + state: "{{ item.state }}" + key: "{{ users[item.username].authorized_keys }}" + with_items: + - "{{ superusers }}" + +- name: Allow 'sudo' group to have passwordless sudo + tags: superusers + become: yes + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' |