e8716e742e
If we move these into a subdir, it cleans up the number of things we nave to files match on. Stop running disable-puppet-agent in base. We run it in run-puppet which should be fine. Change-Id: Ia16adb96b11d25a097490882c4c59a50a0b7b23d
67 lines
1.5 KiB
YAML
67 lines
1.5 KiB
YAML
- name: Add sudo group
|
|
group:
|
|
name: "sudo"
|
|
state: present
|
|
|
|
# NOTE(mordred): We replace the main file rather than dropping a file in to
|
|
# /etc/sudoers.d to deal with divergent base sudoers files from our distros.
|
|
# We also want to change some default behavior (we want nopassword sudo, for
|
|
# instance).
|
|
- name: Setup sudoers file
|
|
copy:
|
|
dest: /etc/sudoers
|
|
src: sudoers
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
|
|
- name: Setup login.defs file
|
|
copy:
|
|
dest: /etc/login.defs
|
|
src: '{{ ansible_facts.os_family }}/login.defs'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Delete old users
|
|
loop: "{{ disabled_users }}"
|
|
user:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
remove: yes
|
|
|
|
- name: Add groups
|
|
loop: "{{ base_users + extra_users }}"
|
|
group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
gid: "{{ all_users[item].gid|default(omit) }}"
|
|
when:
|
|
- item in all_users
|
|
- "'gid' in all_users[item]"
|
|
|
|
- name: Add users
|
|
loop: "{{ base_users + extra_users }}"
|
|
user:
|
|
name: "{{ item }}"
|
|
state: present
|
|
uid: "{{ all_users[item].uid }}"
|
|
group: "{{ item }}"
|
|
comment: "{{ all_users[item].comment }}"
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
when:
|
|
- item in all_users
|
|
- "'uid' in all_users[item]"
|
|
|
|
- name: Add ssh keys to users
|
|
loop: "{{ base_users + extra_users }}"
|
|
authorized_key:
|
|
user: "{{ item }}"
|
|
state: present
|
|
key: "{{ all_users[item].key }}"
|
|
exclusive: yes
|
|
when:
|
|
- item in all_users
|
|
- "'key' in all_users[item]"
|