917571a140
- Rename a task in the consul role to better reflect the actions being taken - Add passwordless sudo as a configurable option to the ssh role, include base configuration for that
40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
---
|
|
- include_tasks: creategroups.yml
|
|
loop: "{{ github_users }}"
|
|
loop_control:
|
|
loop_var: user_data
|
|
|
|
- name: Ensure user accounts are present
|
|
become: true
|
|
user:
|
|
name: "{{ item.user | default(item) }}"
|
|
shell: /bin/bash
|
|
createhome: true
|
|
groups: "{{ item.groups | default(item) }}"
|
|
append: yes
|
|
home: /home/{{ item.user | default(item) }}
|
|
state: present
|
|
with_items: "{{ github_users }}"
|
|
|
|
- name: Ensure authorized_keys for GitHub user accounts are present
|
|
become: true
|
|
authorized_key:
|
|
user: "{{ item.user | default(item) }}"
|
|
key: "{{ github_url }}/{{ item.account | default('') }}.keys"
|
|
manage_dir: true
|
|
state: present
|
|
exclusive: False
|
|
with_items: "{{ github_users }}"
|
|
ignore_errors: true
|
|
register: task_result
|
|
failed_when: "'blah' in task_result"
|
|
|
|
- name: Set passwordless sudo
|
|
become: true
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
line: "{{ item.user | default(item) }} ALL=(ALL) NOPASSWD:ALL"
|
|
state: present
|
|
validate: "visudo -cf %s"
|
|
with_items: "{{ github_users }}"
|
|
when: item.user is defined and item.passwordless_sudo is true
|