jakub/ansible
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update initial_install/roles/users/tasks/main.yml

Browse Source
This commit is contained in:
jakub
2026-04-24 14:30:08 +00:00
parent 9c2f0e577b
commit 22deb79b46
1 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
initial_install/roles/users/tasks/main.yml
+27 -18
View File
@@ -1,3 +1,4 @@
```yaml
--- ---
- name: Define users - name: Define users
ansible.builtin.set_fact: ansible.builtin.set_fact:
@@ -20,23 +21,33 @@
ssh_keys: ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"
- name: Pick sudo group per distro # --------------------------------------------------
ansible.builtin.set_fact: # Create users (NO sudo group here!)
sudo_group: >- # --------------------------------------------------
{{ 'wheel'
if ansible_facts.os_family in
['RedHat','Rocky','AlmaLinux','Fedora','OracleLinux','Suse']
else 'sudo' }}
- name: Ensure users exist - name: Ensure users exist
ansible.builtin.user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
shell: "{{ item.shell }}" shell: "{{ item.shell }}"
groups: "{{ sudo_group }}"
append: true
create_home: true create_home: true
loop: "{{ users }}" loop: "{{ users }}"
# --------------------------------------------------
# Configure passwordless sudo safely
# --------------------------------------------------
- name: Configure passwordless sudo
ansible.builtin.copy:
dest: "/etc/sudoers.d/{{ item.name }}"
mode: '0440'
owner: root
group: root
content: "{{ item.name }} ALL=(ALL:ALL) NOPASSWD: ALL\n"
validate: 'visudo -cf %s'
loop: "{{ users }}"
when: item.sudo_nopasswd | default(false)
# --------------------------------------------------
# Install SSH keys
# --------------------------------------------------
- name: Install authorized SSH keys - name: Install authorized SSH keys
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
@@ -44,11 +55,9 @@
exclusive: true exclusive: true
loop: "{{ users }}" loop: "{{ users }}"
- name: Configure passwordless sudo # --------------------------------------------------
ansible.builtin.copy: # Reset connection so sudo rules take effect immediately
dest: "/etc/sudoers.d/{{ item.name }}" # --------------------------------------------------
mode: '0440' - name: Reset SSH connection (refresh sudo context)
content: "{{ item.name }} ALL=(ALL:ALL) NOPASSWD:ALL\n" meta: reset_connection
validate: 'visudo -cf %s' ```
loop: "{{ users }}"
when: item.sudo_nopasswd