61 lines
1.8 KiB
YAML
61 lines
1.8 KiB
YAML
---
|
|
- name: Define users
|
|
ansible.builtin.set_fact:
|
|
users:
|
|
- name: automation
|
|
shell: /bin/bash
|
|
sudo_nopasswd: true
|
|
ssh_keys:
|
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@internet-master.cz"
|
|
|
|
- name: hellsos
|
|
shell: /bin/bash
|
|
sudo_nopasswd: true
|
|
ssh_keys:
|
|
- "ssh-ed25519 AAAAC3..."
|
|
|
|
- name: jim
|
|
shell: /bin/bash
|
|
sudo_nopasswd: true
|
|
ssh_keys:
|
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"
|
|
|
|
# --------------------------------------------------
|
|
# Create users
|
|
# --------------------------------------------------
|
|
- name: Ensure users exist
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell }}"
|
|
create_home: true
|
|
loop: "{{ users }}"
|
|
|
|
# --------------------------------------------------
|
|
# Configure passwordless sudo safely
|
|
# --------------------------------------------------
|
|
- name: Configure passwordless sudo
|
|
ansible.builtin.copy:
|
|
dest: "/etc/sudoers.d/{{ item.name }}"
|
|
mode: '0440'
|
|
owner: root
|
|
group: root
|
|
content: "{{ item.name }} ALL=(ALL:ALL) NOPASSWD: ALL\n"
|
|
validate: 'visudo -cf %s'
|
|
loop: "{{ users }}"
|
|
when: item.sudo_nopasswd | default(false)
|
|
|
|
# --------------------------------------------------
|
|
# Install SSH keys
|
|
# --------------------------------------------------
|
|
- name: Install authorized SSH keys
|
|
ansible.builtin.authorized_key:
|
|
user: "{{ item.name }}"
|
|
key: "{{ item.ssh_keys | join('\n') }}"
|
|
exclusive: true
|
|
loop: "{{ users }}"
|
|
|
|
# --------------------------------------------------
|
|
# Reset connection so sudo rules take effect immediately
|
|
# --------------------------------------------------
|
|
- name: Reset SSH connection
|
|
meta: reset_connection |