This commit is contained in:
parent
68613a253a
commit
d3b6348480
@ -99,17 +99,45 @@
|
|||||||
- name: Define group in sudoers
|
- name: Define group in sudoers
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
state: present
|
state: present
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/sudoers
|
||||||
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
|
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
|
||||||
when: checksudoers.found == 0
|
when: checksudoers.found == 0
|
||||||
|
|
||||||
|
- name: Remove misconfig from sshd
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
state: absent
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
|
||||||
|
- name: Remove old AllowUsers
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
state: absent
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: "^AllowUsers tormakris ansible service-user"
|
||||||
|
|
||||||
|
- name: Check if AllowUsers is defined
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
state: absent
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: "intra.tormakris.dev"
|
||||||
|
check_mode: true
|
||||||
|
changed_when: false
|
||||||
|
register: checkallowusers
|
||||||
|
|
||||||
|
- name: Define AllowUsers if undefined
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
state: present
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
|
||||||
|
when: checkallowusers.found == 0
|
||||||
|
|
||||||
- name: Create home for tormakris
|
- name: Create home for tormakris
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: mkhomedir_helper tormakris@intra.tormakris.dev
|
cmd: mkhomedir_helper tormakris@intra.tormakris.dev
|
||||||
|
|
||||||
- name: Remove home directory
|
- name: Remove home directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /home/tormakris@intra.tormakris.dev/tormakris
|
path: /home/tormakris@intra.tormakris.dev/tormakris/
|
||||||
state: absent
|
state: absent
|
||||||
recurse: yes
|
recurse: yes
|
||||||
|
|
||||||
@ -121,6 +149,18 @@
|
|||||||
owner: tormakris@intra.tormakris.dev
|
owner: tormakris@intra.tormakris.dev
|
||||||
group: domain users@intra.tormakris.dev
|
group: domain users@intra.tormakris.dev
|
||||||
|
|
||||||
|
- name: Create home for ansible
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: mkhomedir_helper ansible@intra.tormakris.dev
|
||||||
|
|
||||||
|
- name: Copy ansible home
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: /home/ansible/
|
||||||
|
dest: /home/ansible@intra.tormakris.dev/
|
||||||
|
remote_src: yes
|
||||||
|
owner: tormakris@intra.tormakris.dev
|
||||||
|
group: domain users@intra.tormakris.dev
|
||||||
|
|
||||||
- name: "Update authorized_keys of tormakris"
|
- name: "Update authorized_keys of tormakris"
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: tormakris@intra.tormakris.dev
|
user: tormakris@intra.tormakris.dev
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user