ensure user password is enforced (#582)
Reviewed-on: #582 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
8e0e7bde21
commit
4416b7b519
6 changed files with 12 additions and 11 deletions
|
|
@ -32,7 +32,7 @@
|
|||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo, docker
|
||||
state: present
|
||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||
|
|
@ -28,7 +28,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: docker-user
|
||||
password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo, docker
|
||||
state: present
|
||||
allow_sudo: true
|
||||
|
|
@ -36,7 +36,7 @@
|
|||
uid: "5000"
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@
|
|||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo, docker
|
||||
state: present
|
||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
allow_passwordless_sudo: true
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
update_password: always
|
||||
groups: ssh, sudo
|
||||
state: present
|
||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||
|
|
|
|||
|
|
@ -23,3 +23,4 @@
|
|||
loop: "{{ pbs_users }}"
|
||||
when: "item.name in users.stdout"
|
||||
changed_when: false
|
||||
no_log: true
|
||||
|
|
|
|||
Loading…
Reference in a new issue