replace usernames

roles/common/tasks/clean-motd.yaml

@@ -2,8 +2,8 @@
 - name: clean motd
   ansible.builtin.file:
     state: touch
-    owner: tormakris
-    group: tormakris
+    owner: tormakris@intra.tormakris.dev
+    group: tormakris@intra.tormakris.dev
     mode: "0644"
-    path: /home/tormakris/.hushlogin
+    path: /home/tormakris@intra.tormakris.dev/.hushlogin
 ...

roles/common/tasks/ssh-security-settings.yaml

@@ -27,7 +27,7 @@
   ansible.builtin.lineinfile:
     state: absent
     path: /etc/ssh/sshd_config
-    regexp: "^AllowUsers"
+    regexp: "intra.tormakris.dev"
   check_mode: true
   changed_when: false
   register: checkallowusers
@@ -36,7 +36,7 @@
   ansible.builtin.lineinfile:
     state: present
     path: /etc/ssh/sshd_config
-    line: "AllowUsers tormakris ansible service-user"
+    line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
   when: checkallowusers.found == 0
 
 - name: "Restart sshd"

roles/common/tasks/user-ops.yaml

@@ -1,57 +1,22 @@
 ---
-- name: "Add service user"
-  ansible.builtin.user:
-    name: service-user
-    comment: Service user
-    shell: /bin/bash
-
-- name: "Add ansible user"
-  ansible.builtin.user:
-    name: ansible
-    comment: Ansible
-    shell: /bin/bash
-
-- name: "Add ansible user to sudo group"
-  ansible.builtin.user:
-    name: ansible
-    comment: Ansible
-    groups: sudo
-    append: yes
-
 - name: Create .ssh directory of root user
   ansible.builtin.file:
-    path: /home/ansible/.ssh
+    path: /home/ansible@intra.tormakris.dev/.ssh
     state: directory
-    owner: ansible
-    group: ansible
+    owner: ansible@intra.tormakris.dev
+    group: ansible@intra.tormakris.dev
 
 - name: Copy authorized_keys
   ansible.builtin.copy:
     src: authorized_keys
-    dest: /home/ansible/.ssh/authorized_keys
+    dest: /home/ansible@intra.tormakris.dev/.ssh/authorized_keys
     mode: 0600
-    owner: ansible
-    group: ansible
-
-- name: Check if ansible is already nopasswd in sudoers
-  ansible.builtin.lineinfile:
-    state: absent
-    path: /etc/sudoers
-    regexp: "^ansible"
-  check_mode: true
-  changed_when: false
-  register: checkallowusers
-
-- name: Define ansible nopasswd in sudoers
-  ansible.builtin.lineinfile:
-    state: present
-    path: /etc/sudoers
-    line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
-  when: checkallowusers.found == 0
+    owner: ansible@intra.tormakris.dev
+    group: ansible@intra.tormakris.dev
 
 - name: "Update authorized_keys of tormakris"
   ansible.posix.authorized_key:
-    user: tormakris
+    user: tormakris@intra.tormakris.dev
     state: present
     key: https://static.tormakristof.eu/ssh.keys
 ...

roles/docker/tasks/main.yaml

@@ -23,7 +23,7 @@
 
 - name: "Add service user to docker group"
   ansible.builtin.user:
-    name: service-user
+    name: service-user@intra.tormakris.dev
     comment: Service user
     groups: docker
     append: yes

roles/realmd/tasks/main.yaml

@@ -85,4 +85,20 @@
   ansible.builtin.service:
     name: sssd
     state: restarted
+
+- name: Check if group is presend in sudoers
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/sudoers
+    regexp: "^%linuxadmins"
+  check_mode: true
+  changed_when: false
+  register: checksudoers
+
+- name: Define group in sudoers
+  ansible.builtin.lineinfile:
+    state: present
+    path: /etc/ssh/sshd_config
+    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
+  when: checksudoers.found == 0
 ...