feat: reworked most of the ansible playbooks and roles
This commit is contained in:
AJ Schroeder
@@ -1,31 +1,46 @@
|
||||
---
|
||||
- name: "Adding authorized_keys for the default local user."
|
||||
shell: |
|
||||
sudo mkdir -p /home/{{BUILD_USERNAME}}/.ssh
|
||||
sudo tee /home/{{BUILD_USERNAME}}/.ssh/authorized_keys << EOF
|
||||
{{BUILD_SECRET}}
|
||||
EOF
|
||||
sudo chown -R {{BUILD_USERNAME}} /home/{{BUILD_USERNAME}}/.ssh
|
||||
sudo chmod 700 /home/{{BUILD_USERNAME}}/.ssh
|
||||
sudo chmod 644 /home/{{BUILD_USERNAME}}/.ssh/authorized_keys
|
||||
- name: "Adding the default local user to passwordless sudoers."
|
||||
shell: |
|
||||
sudo bash -c "echo \"""{{BUILD_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
|
||||
- name: "Creating a local user for Ansible."
|
||||
shell: |
|
||||
sudo groupadd {{ANSIBLE_USERNAME}}
|
||||
sudo useradd -g {{ANSIBLE_USERNAME}} -m -s /bin/bash {{ANSIBLE_USERNAME}}
|
||||
sudo usermod -aG sudo {{ANSIBLE_USERNAME}}
|
||||
echo {{ANSIBLE_USERNAME}}:"$(openssl rand -base64 14)" | sudo chpasswd
|
||||
- name: "Adding authorized_keys to the local user for Ansible."
|
||||
shell: |
|
||||
sudo mkdir -p /home/{{ANSIBLE_USERNAME}}/.ssh
|
||||
sudo tee /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys << EOF
|
||||
{{ANSIBLE_SECRET}}
|
||||
EOF
|
||||
sudo chown -R {{ANSIBLE_USERNAME}} /home/{{ANSIBLE_USERNAME}}/.ssh
|
||||
sudo chmod 700 /home/{{ANSIBLE_USERNAME}}/.ssh
|
||||
sudo chmod 644 /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys
|
||||
- name: "Adding the local user for Ansible to passwordless sudoers."
|
||||
shell: |
|
||||
sudo bash -c "echo \"""{{ANSIBLE_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
|
||||
# Tasks for setting custom facts.
|
||||
- name: "Setting custom facts."
|
||||
ansible.builtin.set_fact:
|
||||
enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
|
||||
|
||||
# Tasks for creating the local group for Ansible.
|
||||
- name: "Creating the local group for Ansible."
|
||||
ansible.builtin.group:
|
||||
name: "{{ ansible_username }}"
|
||||
|
||||
# Tasks for creating the sudo group.
|
||||
- name: "Creating the sudo group."
|
||||
ansible.builtin.group:
|
||||
name: sudo
|
||||
|
||||
# Tasks for creating the local user for Ansible.
|
||||
- name: "Creating the local user for Ansible."
|
||||
ansible.builtin.user:
|
||||
name: "{{ ansible_username }}"
|
||||
group: "{{ ansible_username }}"
|
||||
groups: sudo
|
||||
password: '!'
|
||||
shell: /bin/bash
|
||||
|
||||
# Tasks for managing the authorized keys for the local users.
|
||||
- name: "Managing the authorized keys for the local users."
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.user }}"
|
||||
key: "{{ item.key }}"
|
||||
loop:
|
||||
- user: "{{ ansible_username }}"
|
||||
key: "{{ ansible_key }}"
|
||||
- user: "{{ build_username }}"
|
||||
key: "{{ build_key }}"
|
||||
no_log: true
|
||||
|
||||
# Tasks for managing sudoers.d for the local users.
|
||||
- name: "Managing sudoers.d for the local users."
|
||||
community.general.sudoers:
|
||||
name: "{{ item }}"
|
||||
user: "{{ item }}"
|
||||
commands: ALL
|
||||
loop:
|
||||
- "{{ build_username }}"
|
||||
- "{{ ansible_username }}"
|
||||
|
||||
2
ansible/roles/users/vars/main.yml
Normal file
2
ansible/roles/users/vars/main.yml
Normal file
@@ -0,0 +1,2 @@
|
||||
---
|
||||
task_name: "Configure the operating system users."
|
||||
Reference in New Issue
Block a user