You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
# https://stackoverflow.com/questions/37333305/ansible-create-a-user-with-sudo-privileges
|
|
- name: Install Packages.
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- sudo
|
|
- ufw
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Ensure group.
|
|
ansible.builtin.group:
|
|
name: '{{ item.group }}'
|
|
state: present
|
|
with_items: '{{ users }}'
|
|
|
|
- name: Ensure Users.
|
|
ansible.builtin.user:
|
|
name: '{{ item.name }}'
|
|
comment: '{{ item.name }} user'
|
|
group: '{{ item.group }}'
|
|
with_items: '{{ users }}'
|
|
|
|
- name: Add sudoers.
|
|
ansible.builtin.template:
|
|
src: sudoers.j2
|
|
dest: /etc/sudoers.d/{{ item.name }}
|
|
mode: 0440
|
|
with_items: '{{ users }}'
|
|
when: item.passwordless_sudo
|
|
|
|
- name: Set authorized key.
|
|
authorized_key:
|
|
user: '{{ homelab_user }}'
|
|
state: present
|
|
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
|
|
|
- name: Copy Bashrc.
|
|
ansible.builtin.copy:
|
|
src: bash_rc
|
|
dest: /home/{{ homelab_user }}/.bash_rc
|
|
group: '{{ homelab_user }}'
|
|
owner: '{{ homelab_user }}'
|
|
mode: 0644
|
|
|
|
- name: Disable password authentication for root.
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
state: present
|
|
regexp: ^#?PermitRootLogin
|
|
line: PermitRootLogin prohibit-password
|
|
|
|
- name: Disable password authentication for users.
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
state: present
|
|
regexp: ^#?PasswordAuthentication
|
|
line: PasswordAuthentication no
|