vm-ansible/roles/common/tasks/user-ops.yaml

58 lines
1.3 KiB
YAML

---
- name: "Add service user"
ansible.builtin.user:
name: service-user
comment: Service user
shell: /bin/bash
- name: "Add ansible user"
ansible.builtin.user:
name: ansible
comment: Ansible
shell: /bin/bash
- name: "Add ansible user to sudo group"
ansible.builtin.user:
name: ansible
comment: Ansible
groups: sudo
append: yes
- name: Create .ssh directory of root user
ansible.builtin.file:
path: /home/ansible/.ssh
state: directory
owner: ansible
group: ansible
- name: Copy authorized_keys
ansible.builtin.copy:
src: authorized_keys
dest: /home/ansible/.ssh/authorized_keys
mode: 0600
owner: ansible
group: ansible
- name: Check if ansible is already nopasswd in sudoers
ansible.builtin.lineinfile:
state: absent
path: /etc/sudoers
regexp: "^ansible"
check_mode: true
changed_when: false
register: checkallowusers
- name: Define ansible nopasswd in sudoers
ansible.builtin.lineinfile:
state: present
path: /etc/sudoers
line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
when: checkallowusers.found == 0
- name: "Update authorized_keys of tormakris"
ansible.posix.authorized_key:
user: tormakris
state: present
key: https://static.tormakristof.eu/ssh.keys
...