58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
---
|
|
- name: "Add service user"
|
|
ansible.builtin.user:
|
|
name: service-user
|
|
comment: Service user
|
|
shell: /bin/bash
|
|
|
|
- name: "Add ansible user"
|
|
ansible.builtin.user:
|
|
name: ansible
|
|
comment: Ansible
|
|
shell: /bin/bash
|
|
|
|
- name: "Add ansible user to sudo group"
|
|
ansible.builtin.user:
|
|
name: ansible
|
|
comment: Ansible
|
|
groups: sudo
|
|
append: yes
|
|
|
|
- name: Create .ssh directory of root user
|
|
ansible.builtin.file:
|
|
path: /home/ansible/.ssh
|
|
state: directory
|
|
owner: ansible
|
|
group: ansible
|
|
|
|
- name: Copy authorized_keys
|
|
ansible.builtin.copy:
|
|
src: authorized_keys
|
|
dest: /home/ansible/.ssh/authorized_keys
|
|
mode: 0600
|
|
owner: ansible
|
|
group: ansible
|
|
|
|
- name: Check if ansible is already nopasswd in sudoers
|
|
ansible.builtin.lineinfile:
|
|
state: absent
|
|
path: /etc/sudoers
|
|
regexp: "^ansible"
|
|
check_mode: true
|
|
changed_when: false
|
|
register: checkallowusers
|
|
|
|
- name: Define ansible nopasswd in sudoers
|
|
ansible.builtin.lineinfile:
|
|
state: present
|
|
path: /etc/sudoers
|
|
line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
|
|
when: checkallowusers.found == 0
|
|
|
|
- name: "Update authorized_keys of tormakris"
|
|
ansible.posix.authorized_key:
|
|
user: tormakris
|
|
state: present
|
|
key: https://static.tormakristof.eu/ssh.keys
|
|
...
|