2023-01-08 05:18:48 -06:00
|
|
|
---
|
2023-01-08 06:07:22 -06:00
|
|
|
- name: Create Superusers
|
|
|
|
become: true
|
2023-01-08 05:18:48 -06:00
|
|
|
ansible.builtin.user:
|
2023-01-08 06:07:22 -06:00
|
|
|
name: "{{ item.username }}"
|
2023-01-08 05:18:48 -06:00
|
|
|
groups:
|
|
|
|
- sudo
|
|
|
|
create_home: true
|
|
|
|
shell: /bin/bash
|
2023-01-08 06:07:22 -06:00
|
|
|
loop: "{{ superusers }}"
|
|
|
|
|
|
|
|
- name: Generate .ssh Directories for Superusers
|
|
|
|
become: true
|
|
|
|
ansible.builtin.file:
|
|
|
|
state: directory
|
|
|
|
path: "/home/{{ item.username }}/.ssh/"
|
|
|
|
mode: 0700
|
|
|
|
owner: "{{ item.username }}"
|
|
|
|
group: "{{ item.username }}"
|
|
|
|
loop: "{{ superusers }}"
|
|
|
|
|
|
|
|
- name: Deploy Public Keys to authorized_keys Files
|
|
|
|
become: true
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: templates/authorized_keys.j2
|
|
|
|
dest: "/home/{{ item.username }}/.ssh/authorized_keys"
|
|
|
|
mode: 0600
|
|
|
|
owner: "{{ item.username }}"
|
|
|
|
group: "{{ item.username }}"
|
|
|
|
loop: "{{ superusers }}"
|
2023-01-08 05:18:48 -06:00
|
|
|
|
|
|
|
- name: Allow Superusers Passwordless Sudo
|
2023-01-08 06:07:22 -06:00
|
|
|
become: true
|
2023-01-08 05:18:48 -06:00
|
|
|
ansible.builtin.template:
|
|
|
|
src: templates/passwordless_sudo_entry.j2
|
2023-01-08 06:07:22 -06:00
|
|
|
dest: "/etc/sudoers.d/00_{{ item.username }}"
|
2023-01-08 05:18:48 -06:00
|
|
|
mode: 0440
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
force: true
|
2023-01-08 06:07:22 -06:00
|
|
|
loop: "{{ superusers }}"
|
|
|
|
|