replace sudoers tasks with module (users, sanoid, munin) (#217)
Reviewed-on: #217 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
7d43294ce8
commit
506fa8da8d
5 changed files with 27 additions and 36 deletions
|
@ -41,7 +41,7 @@ users:
|
||||||
- ssh
|
- ssh
|
||||||
- sudo
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
|
|
||||||
|
|
|
@ -14,13 +14,9 @@
|
||||||
create_home: false
|
create_home: false
|
||||||
|
|
||||||
- name: Ensure user is added to sudoers
|
- name: Ensure user is added to sudoers
|
||||||
become: true
|
community.general.sudoers:
|
||||||
ansible.builtin.blockinfile:
|
name: "users-sudo-munin"
|
||||||
path: /etc/sudoers
|
|
||||||
state: present
|
state: present
|
||||||
block: |
|
user: munin
|
||||||
munin ALL=(ALL) NOPASSWD:ALL
|
commands: ALL
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
nopassword: true
|
||||||
backup: true
|
|
||||||
marker_begin: munin-sudoers BEGIN
|
|
||||||
marker_end: munin-sudoers END
|
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
groups_as_list: "{{ (((item.groups) | list) | sort) | unique }}"
|
groups_as_list: "{{ (((item.groups) | list) | sort) | unique }}"
|
||||||
loop: "{{ users }}"
|
loop: "{{ users }}"
|
||||||
when: item.groups is defined
|
when: item.groups is defined
|
||||||
|
become: false
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Ensure groups exist
|
- name: Ensure groups exist
|
||||||
|
@ -31,18 +32,18 @@
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ item.username }}"
|
user: "{{ item.username }}"
|
||||||
key: "{{ item.public_ssh_key }}"
|
key: "{{ item.public_ssh_key }}"
|
||||||
state: present
|
state: "{{ item.state | default('present') }}"
|
||||||
when: item.public_ssh_key is defined
|
when: item.public_ssh_key is defined
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Ensure users are added to sudoers
|
- name: Ensure users are added to sudoers
|
||||||
ansible.builtin.lineinfile:
|
community.general.sudoers:
|
||||||
dest: /etc/sudoers
|
name: "users-sudo-{{ item.username }}"
|
||||||
state: present
|
state: "{{ item.state | default('present') }}"
|
||||||
regexp: '^{{ item.username }} '
|
user: "{{ item.username }}"
|
||||||
line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL"
|
commands: ALL
|
||||||
validate: 'visudo -cf %s'
|
nopassword: "{{ item.allow_passwordless_sudo }}"
|
||||||
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
|
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
|
@ -11,17 +11,14 @@
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_destination_host
|
- sanoid_syncoid_destination_host
|
||||||
|
|
||||||
- name: add user to sudoers
|
- name: Ensure user is added to sudoers
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.blockinfile:
|
community.general.sudoers:
|
||||||
path: /etc/sudoers
|
name: "users-sudo-{{ sanoid_user }}"
|
||||||
state: present
|
state: present
|
||||||
block: |
|
user: "{{ sanoid_user }}"
|
||||||
{{ sanoid_user }} ALL=(ALL) NOPASSWD:ALL
|
commands: ALL
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
nopassword: true
|
||||||
backup: true
|
|
||||||
marker_begin: sanoid-sudoers BEGIN
|
|
||||||
marker_end: sanoid-sudoers END
|
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_destination_host
|
- sanoid_syncoid_destination_host
|
||||||
|
|
||||||
|
|
|
@ -8,16 +8,13 @@
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_source_host
|
- sanoid_syncoid_source_host
|
||||||
|
|
||||||
- name: add user to sudoers
|
- name: Ensure user is added to sudoers
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.blockinfile:
|
community.general.sudoers:
|
||||||
path: /etc/sudoers
|
name: "users-sudo-{{ sanoid_user }}"
|
||||||
state: present
|
state: present
|
||||||
block: |
|
user: "{{ sanoid_user }}"
|
||||||
{{ sanoid_user }} ALL=(ALL) NOPASSWD:ALL
|
commands: ALL
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
nopassword: true
|
||||||
backup: true
|
|
||||||
marker_begin: sanoid-sudoers BEGIN
|
|
||||||
marker_end: sanoid-sudoers END
|
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_source_host
|
- sanoid_syncoid_source_host
|
||||||
|
|
Loading…
Reference in a new issue