homeserver/roles/nickjj.ansible-user/tasks/main.yml
Quotengrote aab871d86b
Bootstrap & SSH-Keys Neuanfang (#69)
* wip

* ufw: wireguard: Regeln verschärft(UDP)

* wip

* weitere ceph-nodes ergänzt
2020-11-21 18:44:56 +01:00

47 lines
1.2 KiB
YAML

---
- name: "Create user group(s)"
group:
name: "{{ item }}"
loop: "{{ user_groups }}"
when: user_groups
- name: "Create user"
user:
name: "{{ user_name }}"
groups: "{{ (user_groups | join(',')) }}"
generate_ssh_key: "{{ user_generate_ssh_key }}"
shell: "{{ user_shell }}"
- name: "Set authorized_key to allow SSH key based logins"
authorized_key:
user: "{{ user_name }}"
key: "{{ lookup('file', user_local_ssh_key_path) }}"
when: user_local_ssh_key_path | default(False)
- name: "Enable including files from sudoers.d/"
lineinfile:
path: "/etc/sudoers"
regexp: "^#includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
state: "present"
backup: True
when: user_enable_passwordless_sudo
- name: Disable sudoers.d
lineinfile:
path: "/etc/sudoers"
regexp: "^#includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
state: "absent"
backup: True
when: user_enable_passwordless_sudo == False
- name: "Enable passwordless sudo"
copy:
content: "%{{ user_name }} ALL=(ALL) NOPASSWD:ALL"
dest: "/etc/sudoers.d/{{ user_name }}"
owner: "root"
group: "root"
mode: "0440"
when: user_enable_passwordless_sudo