32 lines
1.4 KiB
YAML
32 lines
1.4 KiB
YAML
---
|
|
- name: "Adding authorized_keys for the default local user."
|
|
shell: |
|
|
sudo mkdir -p /home/{{BUILD_USERNAME}}/.ssh
|
|
sudo tee /home/{{BUILD_USERNAME}}/.ssh/authorized_keys << EOF
|
|
{{BUILD_SECRET}}
|
|
EOF
|
|
sudo chown -R {{BUILD_USERNAME}} /home/{{BUILD_USERNAME}}/.ssh
|
|
sudo chmod 700 /home/{{BUILD_USERNAME}}/.ssh
|
|
sudo chmod 644 /home/{{BUILD_USERNAME}}/.ssh/authorized_keys
|
|
- name: "Adding the default local user to passwordless sudoers."
|
|
shell: |
|
|
sudo bash -c "echo \"""{{BUILD_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
|
|
- name: "Creating a local user for Ansible."
|
|
shell: |
|
|
sudo groupadd {{ANSIBLE_USERNAME}}
|
|
sudo useradd -g {{ANSIBLE_USERNAME}} -m -s /bin/bash {{ANSIBLE_USERNAME}}
|
|
sudo usermod -aG sudo {{ANSIBLE_USERNAME}}
|
|
echo {{ANSIBLE_USERNAME}}:"$(openssl rand -base64 14)" | sudo chpasswd
|
|
- name: "Adding authorized_keys to the local user for Ansible."
|
|
shell: |
|
|
sudo mkdir -p /home/{{ANSIBLE_USERNAME}}/.ssh
|
|
sudo tee /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys << EOF
|
|
{{ANSIBLE_SECRET}}
|
|
EOF
|
|
sudo chown -R {{ANSIBLE_USERNAME}} /home/{{ANSIBLE_USERNAME}}/.ssh
|
|
sudo chmod 700 /home/{{ANSIBLE_USERNAME}}/.ssh
|
|
sudo chmod 644 /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys
|
|
- name: "Adding the local user for Ansible to passwordless sudoers."
|
|
shell: |
|
|
sudo bash -c "echo \"""{{ANSIBLE_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
|