aab871d86b
* wip * ufw: wireguard: Regeln verschärft(UDP) * wip * weitere ceph-nodes ergänzt
47 lines
1.2 KiB
YAML
47 lines
1.2 KiB
YAML
---
|
|
|
|
- name: "Create user group(s)"
|
|
group:
|
|
name: "{{ item }}"
|
|
loop: "{{ user_groups }}"
|
|
when: user_groups
|
|
|
|
- name: "Create user"
|
|
user:
|
|
name: "{{ user_name }}"
|
|
groups: "{{ (user_groups | join(',')) }}"
|
|
generate_ssh_key: "{{ user_generate_ssh_key }}"
|
|
shell: "{{ user_shell }}"
|
|
|
|
- name: "Set authorized_key to allow SSH key based logins"
|
|
authorized_key:
|
|
user: "{{ user_name }}"
|
|
key: "{{ lookup('file', user_local_ssh_key_path) }}"
|
|
when: user_local_ssh_key_path | default(False)
|
|
|
|
- name: "Enable including files from sudoers.d/"
|
|
lineinfile:
|
|
path: "/etc/sudoers"
|
|
regexp: "^#includedir /etc/sudoers.d"
|
|
line: "#includedir /etc/sudoers.d"
|
|
state: "present"
|
|
backup: True
|
|
when: user_enable_passwordless_sudo
|
|
|
|
- name: Disable sudoers.d
|
|
lineinfile:
|
|
path: "/etc/sudoers"
|
|
regexp: "^#includedir /etc/sudoers.d"
|
|
line: "#includedir /etc/sudoers.d"
|
|
state: "absent"
|
|
backup: True
|
|
when: user_enable_passwordless_sudo == False
|
|
|
|
- name: "Enable passwordless sudo"
|
|
copy:
|
|
content: "%{{ user_name }} ALL=(ALL) NOPASSWD:ALL"
|
|
dest: "/etc/sudoers.d/{{ user_name }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0440"
|
|
when: user_enable_passwordless_sudo
|