More fixes

- Rename a task in the consul role to better reflect the actions being taken - Add passwordless sudo as a configurable option to the ssh role, include base configuration for that
2023-08-04 14:10:04 +01:00 · 2023-08-04 14:10:04 +01:00 · 917571a140
commit 917571a140
parent 6a6be89cc2
3 changed files with 12 additions and 31 deletions
--- a/ansible/roles/configure-consul/tasks/main.yml
+++ b/ansible/roles/configure-consul/tasks/main.yml
@ -41,7 +41,7 @@
    path: /etc/systemd/resolved.conf.d
    state: directory

- name: Configure Consul DNS
+- name: Configure Consul DNS in systemd-resolved
  become: true
  copy:
    dest: /etc/systemd/resolved.conf.d/consul.conf
--- a/ansible/roles/ssh/defaults/main.yml
+++ b/ansible/roles/ssh/defaults/main.yml
@ -2,15 +2,10 @@
 # a current listing of all admins who have ssh access to Redbrick.

 github_users:
-  - user: mojito
+  - user: distro
    # omitting account variable won't add any github keys to the user.
    account: DistroByte
-    groups: [sudo]
-  - user: poitin
-    account: leath-dub
-    groups: [sudo]
-  - user: jameson
-    account: wizzdom
-    groups: [sudo]
+    groups: ["sudo"]
+    passwordless_sudo: true

 github_url: https://github.com
--- a/ansible/roles/ssh/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@ -29,26 +29,12 @@
  register: task_result
  failed_when: "'blah' in task_result"

- name: Tell user to generate openVPN configuration for users
-  debug:
-    msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."
-
- name: Copy configuraion to host
+- name: Set passwordless sudo
  become: true
-  ansible.builtin.copy:
-    src: templates/sshd_config.j2
-    dest: /etc/ssh/sshd_config
-    force: true
-
- name: Restart sshd
-  become: true
-  service:
-    name: sshd
-    state: restarted
-
- name: Inform user to add password for account
-  debug:
-    msg: "Please add a password for the following accounts: {{ github_users | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/ssh/ for more information."
-# - name: Remove user account
-#   debug:
-#     msg: 'ansible -i hosts all -m user -a "name={{ user }} state=absent remove=true" --become"'
+  lineinfile:
+    dest: /etc/sudoers
+    line: "{{ item.user | default(item) }} ALL=(ALL) NOPASSWD:ALL"
+    state: present
+    validate: "visudo -cf %s"
+  with_items: "{{ github_users }}"
+  when: item.user is defined and item.passwordless_sudo is true