jotbe/ansible-role-common
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: jotbe:2953f200a117cac0349833dae66c988729238cd0
Branches Tags
jotbe:master
jotbe:bugfix/docker-users-group
jotbe:feature/debian-bullseye
jotbe:feature/optional_install_of_ansible
jotbe:1.0.0
..
compare: jotbe:fa1f9e2bf5ea3887751619cac4a6c26a1151d4c3
Branches Tags
jotbe:master
jotbe:bugfix/docker-users-group
jotbe:feature/debian-bullseye
jotbe:feature/optional_install_of_ansible
jotbe:1.0.0

No commits in common. "2953f200a117cac0349833dae66c988729238cd0" and "fa1f9e2bf5ea3887751619cac4a6c26a1151d4c3" have entirely different histories.
2953f200a1 ... fa1f9e2bf5

3 changed files with 30 additions and 63 deletions
Show stats Expand all files Collapse all files

6
README.md
View file

@ -22,12 +22,6 @@ users:
- vagrant - vagrant
sudoers: sudoers:
- vagrant - vagrant
# Will install a specific Ansible version on the target host
ensure_ansible_version: 2.10.3
# Allow sudo with a password (applied to group sudo)
enable_sudo: yes
# Allow passwordless sudo (applied to group wheel)
enable_passwordless_sudo: yes
``` ```
Dependencies Dependencies

4
defaults/main.yml
View file

@ -11,6 +11,4 @@ users:
- vagrant - vagrant
sudoers: sudoers:
- vagrant - vagrant
ensure_ansible_version: 2.10.3 ensure_ansible_version: 2.10.3
enable_sudo: yes
enable_passwordless_sudo: yes

83
tasks/users.yml
View file

@ -5,40 +5,31 @@
- sudo - sudo
when: ansible_facts['os_family'] == 'FreeBSD' when: ansible_facts['os_family'] == 'FreeBSD'
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: /usr/local/etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
when: ansible_facts['os_family'] == 'FreeBSD'
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
when:
- ansible_facts['os_family'] in ['Debian', 'Archlinux']
- name: 'Create users with corresponding groups' - name: 'Create users with corresponding groups'
user: user:
name: "{{ item }}" name: "{{ item }}"
groups: users groups: users
with_items: "{{ users }}" with_items: "{{ users }}"
- block:
- name: 'Ensure that sudo group is existing'
group:
name: sudo
state: present
- name: 'Allow sudo group to do sudo'
lineinfile:
dest: "{{ lookup('first_found', files, errors='ignore') }}"
state: present
regexp: '^#?\s*%sudo'
line: '%sudo ALL=(ALL) ALL'
validate: visudo -cf %s
vars:
files:
- /etc/sudoers
- /usr/local/etc/sudoers # e.g. FreeBSD
- name: 'Add sudoers user to sudo group'
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items: "{{ sudoers }}"
when:
- enable_sudo
- not enable_passwordless_sudo
- name: 'Add corresponding authorized_keys to each user' - name: 'Add corresponding authorized_keys to each user'
authorized_key: authorized_key:
user: "{{ item }}" user: "{{ item }}"
@ -47,33 +38,17 @@
with_items: "{{ users }}" with_items: "{{ users }}"
ignore_errors: yes ignore_errors: yes
- block: - name: 'Ensure that wheel group is existing'
- name: 'Ensure that wheel group is existing' group:
group: name: wheel
name: wheel state: present
state: present
- name: 'Add sudoers user to wheel group' - name: 'Add sudoers user to wheel group'
user: user:
name: "{{ item }}" name: "{{ item }}"
groups: wheel groups: wheel
append: yes append: yes
with_items: "{{ sudoers }}" with_items: "{{ sudoers }}"
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: "{{ lookup('first_found', files, errors='ignore') }}"
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
vars:
files:
- /etc/sudoers
- /usr/local/etc/sudoers # e.g. FreeBSD
when:
- enable_sudo
- enable_passwordless_sudo
- name: Copy tmux config - name: Copy tmux config
copy: copy: