From 0f9a79c433f26ef12c8e22a97c41d755ce3b8590 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Tue, 10 Apr 2018 09:04:50 +0200
Subject: o Adding numquam and superusers role.

---
 ansible/group_vars/all/users.yml        | 10 ++++++++++
 ansible/inventory                       |  2 ++
 ansible/numquam.yml                     |  8 ++++++++
 ansible/roles/superusers/tasks/main.yml | 30 ++++++++++++++++++++++++++++++
 ansible/roles/timezone/tasks/main.yml   |  3 ++-
 5 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 ansible/group_vars/all/users.yml
 create mode 100644 ansible/numquam.yml
 create mode 100644 ansible/roles/superusers/tasks/main.yml

(limited to 'ansible')

diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml
new file mode 100644
index 0000000..b81a274
--- /dev/null
+++ b/ansible/group_vars/all/users.yml
@@ -0,0 +1,10 @@
+users:
+  trygvis:
+    authorized_keys: |
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX+sVfRvl0+KxsDlbIutyB/Es3exTwNfDVHwi9orwz3 trygvis@birgitte
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAzB6JB/hZ87M6ozsd7lgKxgOacEOZZRxa4ucs11lqq trygvis@conflatorio
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+I9Xa11yaOzGCBkJQEYExYL7gSWYwdOGgT2KBMnKur trygvis@arius
+
+superusers:
+  - username: trygvis
+    state: present
diff --git a/ansible/inventory b/ansible/inventory
index ef29986..84d9b9c 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -4,6 +4,8 @@ all:
       ansible_host: knot.trygvis.io
 #    mw:
 #      ansible_host: mw.trygvis.io
+    numquam:
+      ansible_host: numquam.trygvis.io
   children:
     via_knot:
       hosts:
diff --git a/ansible/numquam.yml b/ansible/numquam.yml
new file mode 100644
index 0000000..36ec607
--- /dev/null
+++ b/ansible/numquam.yml
@@ -0,0 +1,8 @@
+---
+- hosts:
+    - numquam
+  vars_files:
+    - secrets.yml
+  roles:
+    - superusers
+    - timezone
diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
new file mode 100644
index 0000000..3a1e974
--- /dev/null
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: superuser accounts
+  tags: superusers
+  become: yes
+  user:
+    name: "{{ item.username }}"
+    groups: sudo,systemd-journal
+    shell: /bin/bash
+    append: yes
+  with_items:
+    - "{{ superusers }}"
+
+- name: superuser authorized_keys
+  tags: superusers
+  become: yes
+  authorized_key:
+    user: "{{ item.username }}"
+    state: "{{ item.state }}"
+    key: "{{ users[item.username].authorized_keys }}"
+  with_items:
+    - "{{ superusers }}"
+
+- name: Allow 'sudo' group to have passwordless sudo
+  tags: superusers
+  become: yes
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
diff --git a/ansible/roles/timezone/tasks/main.yml b/ansible/roles/timezone/tasks/main.yml
index e60de32..0a7744a 100644
--- a/ansible/roles/timezone/tasks/main.yml
+++ b/ansible/roles/timezone/tasks/main.yml
@@ -2,7 +2,8 @@
 - tags:
     - timezone
   block:
-    - file:
+    - become: yes
+      file:
         src: /usr/share/zoneinfo/Europe/Oslo
         dest: /etc/localtime
         state: link
-- 
cgit v1.2.3