redbrick/nomad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More fixes

Browse source 
- Rename a task in the consul role to better reflect the actions being
  taken
- Add passwordless sudo as a configurable option to the ssh role,
  include base configuration for that
This commit is contained in:
distrobyte 2023-08-04 14:10:04 +01:00
parent 6a6be89cc2
commit 917571a140
3 changed files with 12 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible/roles/configure-consul/tasks/main.yml
View file

@ -41,7 +41,7 @@
path: /etc/systemd/resolved.conf.d path: /etc/systemd/resolved.conf.d
state: directory state: directory
- name: Configure Consul DNS - name: Configure Consul DNS in systemd-resolved
become: true become: true
copy: copy:
dest: /etc/systemd/resolved.conf.d/consul.conf dest: /etc/systemd/resolved.conf.d/consul.conf

11
ansible/roles/ssh/defaults/main.yml
View file

@ -2,15 +2,10 @@
# a current listing of all admins who have ssh access to Redbrick. # a current listing of all admins who have ssh access to Redbrick.
github_users: github_users:
- user: mojito - user: distro
# omitting account variable won't add any github keys to the user. # omitting account variable won't add any github keys to the user.
account: DistroByte account: DistroByte
groups: [sudo] groups: ["sudo"]
- user: poitin passwordless_sudo: true
account: leath-dub
groups: [sudo]
- user: jameson
account: wizzdom
groups: [sudo]
github_url: https://github.com github_url: https://github.com

30
ansible/roles/ssh/tasks/main.yml
View file

@ -29,26 +29,12 @@
register: task_result register: task_result
failed_when: "'blah' in task_result" failed_when: "'blah' in task_result"
- name: Tell user to generate openVPN configuration for users - name: Set passwordless sudo
debug:
msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."
- name: Copy configuraion to host
become: true become: true
ansible.builtin.copy: lineinfile:
src: templates/sshd_config.j2 dest: /etc/sudoers
dest: /etc/ssh/sshd_config line: "{{ item.user | default(item) }} ALL=(ALL) NOPASSWD:ALL"
force: true state: present
validate: "visudo -cf %s"
- name: Restart sshd with_items: "{{ github_users }}"
become: true when: item.user is defined and item.passwordless_sudo is true
service:
name: sshd
state: restarted
- name: Inform user to add password for account
debug:
msg: "Please add a password for the following accounts: {{ github_users | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/ssh/ for more information."
# - name: Remove user account
# debug:
# msg: 'ansible -i hosts all -m user -a "name={{ user }} state=absent remove=true" --become"'