replace usernames
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
Torma Kristóf 2023-07-25 15:00:05 +02:00
parent 0a7746d60c
commit a53b27a8fd
5 changed files with 29 additions and 48 deletions

View File

@ -2,8 +2,8 @@
- name: clean motd - name: clean motd
ansible.builtin.file: ansible.builtin.file:
state: touch state: touch
owner: tormakris owner: tormakris@intra.tormakris.dev
group: tormakris group: tormakris@intra.tormakris.dev
mode: "0644" mode: "0644"
path: /home/tormakris/.hushlogin path: /home/tormakris@intra.tormakris.dev/.hushlogin
... ...

View File

@ -27,7 +27,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
state: absent state: absent
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: "^AllowUsers" regexp: "intra.tormakris.dev"
check_mode: true check_mode: true
changed_when: false changed_when: false
register: checkallowusers register: checkallowusers
@ -36,7 +36,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
state: present state: present
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: "AllowUsers tormakris ansible service-user" line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
when: checkallowusers.found == 0 when: checkallowusers.found == 0
- name: "Restart sshd" - name: "Restart sshd"

View File

@ -1,57 +1,22 @@
--- ---
- name: "Add service user"
ansible.builtin.user:
name: service-user
comment: Service user
shell: /bin/bash
- name: "Add ansible user"
ansible.builtin.user:
name: ansible
comment: Ansible
shell: /bin/bash
- name: "Add ansible user to sudo group"
ansible.builtin.user:
name: ansible
comment: Ansible
groups: sudo
append: yes
- name: Create .ssh directory of root user - name: Create .ssh directory of root user
ansible.builtin.file: ansible.builtin.file:
path: /home/ansible/.ssh path: /home/ansible@intra.tormakris.dev/.ssh
state: directory state: directory
owner: ansible owner: ansible@intra.tormakris.dev
group: ansible group: ansible@intra.tormakris.dev
- name: Copy authorized_keys - name: Copy authorized_keys
ansible.builtin.copy: ansible.builtin.copy:
src: authorized_keys src: authorized_keys
dest: /home/ansible/.ssh/authorized_keys dest: /home/ansible@intra.tormakris.dev/.ssh/authorized_keys
mode: 0600 mode: 0600
owner: ansible owner: ansible@intra.tormakris.dev
group: ansible group: ansible@intra.tormakris.dev
- name: Check if ansible is already nopasswd in sudoers
ansible.builtin.lineinfile:
state: absent
path: /etc/sudoers
regexp: "^ansible"
check_mode: true
changed_when: false
register: checkallowusers
- name: Define ansible nopasswd in sudoers
ansible.builtin.lineinfile:
state: present
path: /etc/sudoers
line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
when: checkallowusers.found == 0
- name: "Update authorized_keys of tormakris" - name: "Update authorized_keys of tormakris"
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: tormakris user: tormakris@intra.tormakris.dev
state: present state: present
key: https://static.tormakristof.eu/ssh.keys key: https://static.tormakristof.eu/ssh.keys
... ...

View File

@ -23,7 +23,7 @@
- name: "Add service user to docker group" - name: "Add service user to docker group"
ansible.builtin.user: ansible.builtin.user:
name: service-user name: service-user@intra.tormakris.dev
comment: Service user comment: Service user
groups: docker groups: docker
append: yes append: yes

View File

@ -85,4 +85,20 @@
ansible.builtin.service: ansible.builtin.service:
name: sssd name: sssd
state: restarted state: restarted
- name: Check if group is presend in sudoers
ansible.builtin.lineinfile:
state: absent
path: /etc/sudoers
regexp: "^%linuxadmins"
check_mode: true
changed_when: false
register: checksudoers
- name: Define group in sudoers
ansible.builtin.lineinfile:
state: present
path: /etc/ssh/sshd_config
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
when: checksudoers.found == 0
... ...