vm-ansible/roles/common/tasks/user-ops.yaml

58 lines
1.3 KiB
YAML
Raw Normal View History

2022-02-05 21:00:03 +01:00
---
- name: "Add service user"
ansible.builtin.user:
name: service-user
comment: Service user
2022-04-13 19:28:54 +02:00
shell: /bin/bash
2022-02-05 21:00:03 +01:00
2022-04-16 23:47:29 +02:00
- name: "Add ansible user"
ansible.builtin.user:
name: ansible
comment: Ansible
shell: /bin/bash
- name: "Add ansible user to sudo group"
ansible.builtin.user:
name: ansible
comment: Ansible
groups: sudo
append: yes
- name: Create .ssh directory of root user
2023-03-05 19:00:38 +01:00
ansible.builtin.file:
2022-04-16 23:47:29 +02:00
path: /home/ansible/.ssh
state: directory
owner: ansible
group: ansible
- name: Copy authorized_keys
2023-03-05 19:00:38 +01:00
ansible.builtin.copy:
2022-04-16 23:47:29 +02:00
src: authorized_keys
dest: /home/ansible/.ssh/authorized_keys
mode: 0600
owner: ansible
group: ansible
2022-04-17 14:38:46 +02:00
- name: Check if ansible is already nopasswd in sudoers
2023-03-05 19:00:38 +01:00
ansible.builtin.lineinfile:
2022-04-17 14:38:46 +02:00
state: absent
path: /etc/sudoers
regexp: "^ansible"
check_mode: true
changed_when: false
register: checkallowusers
- name: Define ansible nopasswd in sudoers
2023-03-05 19:00:38 +01:00
ansible.builtin.lineinfile:
2022-04-17 14:38:46 +02:00
state: present
path: /etc/sudoers
2022-04-17 14:47:29 +02:00
line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
2022-04-17 14:38:46 +02:00
when: checkallowusers.found == 0
2022-02-05 21:00:03 +01:00
- name: "Update authorized_keys of tormakris"
ansible.posix.authorized_key:
user: tormakris
state: present
key: https://static.tormakristof.eu/ssh.keys
2022-04-16 19:55:29 +02:00
...