aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/group_vars/all/users.yml10
-rw-r--r--ansible/inventory2
-rw-r--r--ansible/numquam.yml8
-rw-r--r--ansible/roles/superusers/tasks/main.yml30
-rw-r--r--ansible/roles/timezone/tasks/main.yml3
5 files changed, 52 insertions, 1 deletions
diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml
new file mode 100644
index 0000000..b81a274
--- /dev/null
+++ b/ansible/group_vars/all/users.yml
@@ -0,0 +1,10 @@
+users:
+ trygvis:
+ authorized_keys: |
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX+sVfRvl0+KxsDlbIutyB/Es3exTwNfDVHwi9orwz3 trygvis@birgitte
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAzB6JB/hZ87M6ozsd7lgKxgOacEOZZRxa4ucs11lqq trygvis@conflatorio
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+I9Xa11yaOzGCBkJQEYExYL7gSWYwdOGgT2KBMnKur trygvis@arius
+
+superusers:
+ - username: trygvis
+ state: present
diff --git a/ansible/inventory b/ansible/inventory
index ef29986..84d9b9c 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -4,6 +4,8 @@ all:
ansible_host: knot.trygvis.io
# mw:
# ansible_host: mw.trygvis.io
+ numquam:
+ ansible_host: numquam.trygvis.io
children:
via_knot:
hosts:
diff --git a/ansible/numquam.yml b/ansible/numquam.yml
new file mode 100644
index 0000000..36ec607
--- /dev/null
+++ b/ansible/numquam.yml
@@ -0,0 +1,8 @@
+---
+- hosts:
+ - numquam
+ vars_files:
+ - secrets.yml
+ roles:
+ - superusers
+ - timezone
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
new file mode 100644
index 0000000..3a1e974
--- /dev/null
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: superuser accounts
+ tags: superusers
+ become: yes
+ user:
+ name: "{{ item.username }}"
+ groups: sudo,systemd-journal
+ shell: /bin/bash
+ append: yes
+ with_items:
+ - "{{ superusers }}"
+
+- name: superuser authorized_keys
+ tags: superusers
+ become: yes
+ authorized_key:
+ user: "{{ item.username }}"
+ state: "{{ item.state }}"
+ key: "{{ users[item.username].authorized_keys }}"
+ with_items:
+ - "{{ superusers }}"
+
+- name: Allow 'sudo' group to have passwordless sudo
+ tags: superusers
+ become: yes
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
diff --git a/ansible/roles/timezone/tasks/main.yml b/ansible/roles/timezone/tasks/main.yml
index e60de32..0a7744a 100644
--- a/ansible/roles/timezone/tasks/main.yml
+++ b/ansible/roles/timezone/tasks/main.yml
@@ -2,7 +2,8 @@
- tags:
- timezone
block:
- - file:
+ - become: yes
+ file:
src: /usr/share/zoneinfo/Europe/Oslo
dest: /etc/localtime
state: link