more corrections

2023-07-25 15:59:06 +02:00 · 2023-07-25 15:59:06 +02:00 · d3b6348480
commit d3b6348480
parent 68613a253a
1 changed files with 42 additions and 2 deletions
--- a/roles/realmd/tasks/main.yaml
+++ b/roles/realmd/tasks/main.yaml
@ -99,17 +99,45 @@
 - name: Define group in sudoers
  ansible.builtin.lineinfile:
    state: present
-    path: /etc/ssh/sshd_config
+    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
  when: checksudoers.found == 0

+- name: Remove misconfig from sshd
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
+
+- name: Remove old AllowUsers
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    regexp: "^AllowUsers tormakris ansible service-user"
+
+- name: Check if AllowUsers is defined
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    regexp: "intra.tormakris.dev"
+  check_mode: true
+  changed_when: false
+  register: checkallowusers
+
+- name: Define AllowUsers if undefined
+  ansible.builtin.lineinfile:
+    state: present
+    path: /etc/ssh/sshd_config
+    line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
+  when: checkallowusers.found == 0
+
 - name: Create home for tormakris
  ansible.builtin.command:
    cmd: mkhomedir_helper tormakris@intra.tormakris.dev

 - name: Remove home directory
  ansible.builtin.file:
-    path: /home/tormakris@intra.tormakris.dev/tormakris
+    path: /home/tormakris@intra.tormakris.dev/tormakris/
    state: absent
    recurse: yes

@ -121,6 +149,18 @@
    owner: tormakris@intra.tormakris.dev
    group: domain users@intra.tormakris.dev

+- name: Create home for ansible
+  ansible.builtin.command:
+    cmd: mkhomedir_helper ansible@intra.tormakris.dev
+
+- name: Copy ansible home
+  ansible.builtin.copy:
+    src: /home/ansible/
+    dest: /home/ansible@intra.tormakris.dev/
+    remote_src: yes
+    owner: tormakris@intra.tormakris.dev
+    group: domain users@intra.tormakris.dev
+
 - name: "Update authorized_keys of tormakris"
  ansible.posix.authorized_key:
    user: tormakris@intra.tormakris.dev