aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/superusers
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/superusers')
-rw-r--r--ansible/roles/superusers/tasks/main.yml30
1 files changed, 30 insertions, 0 deletions
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
new file mode 100644
index 0000000..3a1e974
--- /dev/null
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: superuser accounts
+ tags: superusers
+ become: yes
+ user:
+ name: "{{ item.username }}"
+ groups: sudo,systemd-journal
+ shell: /bin/bash
+ append: yes
+ with_items:
+ - "{{ superusers }}"
+
+- name: superuser authorized_keys
+ tags: superusers
+ become: yes
+ authorized_key:
+ user: "{{ item.username }}"
+ state: "{{ item.state }}"
+ key: "{{ users[item.username].authorized_keys }}"
+ with_items:
+ - "{{ superusers }}"
+
+- name: Allow 'sudo' group to have passwordless sudo
+ tags: superusers
+ become: yes
+ lineinfile:
+ dest: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 11:14:32 +0000