From 917571a140ecad633912ab7f699f294dfdee8064 Mon Sep 17 00:00:00 2001
From: distrobyte <jamesthackett1@gmail.com>
Date: Fri, 4 Aug 2023 14:10:04 +0100
Subject: [PATCH] More fixes

- Rename a task in the consul role to better reflect the actions being
  taken
- Add passwordless sudo as a configurable option to the ssh role,
  include base configuration for that
---
 ansible/roles/configure-consul/tasks/main.yml |  2 +-
 ansible/roles/ssh/defaults/main.yml           | 11 ++-----
 ansible/roles/ssh/tasks/main.yml              | 30 +++++--------------
 3 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/ansible/roles/configure-consul/tasks/main.yml b/ansible/roles/configure-consul/tasks/main.yml
index dfca8cd..e8ea69a 100644
--- a/ansible/roles/configure-consul/tasks/main.yml
+++ b/ansible/roles/configure-consul/tasks/main.yml
@@ -41,7 +41,7 @@
     path: /etc/systemd/resolved.conf.d
     state: directory
 
-- name: Configure Consul DNS
+- name: Configure Consul DNS in systemd-resolved
   become: true
   copy:
     dest: /etc/systemd/resolved.conf.d/consul.conf
diff --git a/ansible/roles/ssh/defaults/main.yml b/ansible/roles/ssh/defaults/main.yml
index 3e84c38..222959b 100644
--- a/ansible/roles/ssh/defaults/main.yml
+++ b/ansible/roles/ssh/defaults/main.yml
@@ -2,15 +2,10 @@
 # a current listing of all admins who have ssh access to Redbrick.
 
 github_users:
-  - user: mojito
+  - user: distro
     # omitting account variable won't add any github keys to the user.
     account: DistroByte
-    groups: [sudo]
-  - user: poitin
-    account: leath-dub
-    groups: [sudo]
-  - user: jameson
-    account: wizzdom
-    groups: [sudo]
+    groups: ["sudo"]
+    passwordless_sudo: true
 
 github_url: https://github.com
diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml
index ac1cb29..8238273 100644
--- a/ansible/roles/ssh/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@@ -29,26 +29,12 @@
   register: task_result
   failed_when: "'blah' in task_result"
 
-- name: Tell user to generate openVPN configuration for users
-  debug:
-    msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."
-
-- name: Copy configuraion to host
+- name: Set passwordless sudo
   become: true
-  ansible.builtin.copy:
-    src: templates/sshd_config.j2
-    dest: /etc/ssh/sshd_config
-    force: true
-
-- name: Restart sshd
-  become: true
-  service:
-    name: sshd
-    state: restarted
-
-- name: Inform user to add password for account
-  debug:
-    msg: "Please add a password for the following accounts: {{ github_users | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/ssh/ for more information."
-# - name: Remove user account
-#   debug:
-#     msg: 'ansible -i hosts all -m user -a "name={{ user }} state=absent remove=true" --become"'
+  lineinfile:
+    dest: /etc/sudoers
+    line: "{{ item.user | default(item) }} ALL=(ALL) NOPASSWD:ALL"
+    state: present
+    validate: "visudo -cf %s"
+  with_items: "{{ github_users }}"
+  when: item.user is defined and item.passwordless_sudo is true