51 lines
3.2 KiB
YAML
51 lines
3.2 KiB
YAML
---
|
|
# tasks file for ansible_bootstrap
|
|
|
|
- name: "install python"
|
|
raw: pacman -Sy && pacman python
|
|
- name: sudoers install
|
|
pacman:
|
|
state: present # not required. choices: absent;latest;present. Desired state of the package.
|
|
name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove.
|
|
update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step.
|
|
- name: create profil
|
|
user:
|
|
name: "{{username}}" # required. Name of the user to create, remove or modify.
|
|
comment: undefined # not required. Optionally sets the description (aka I(GECOS)) of user account.
|
|
skeleton: false # not required. Optionally set a home skeleton directory. Requires create_home option!
|
|
create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
|
|
password: undefined # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
|
|
generate_ssh_key: no # not required. Whether to generate a SSH key for the user in question. This will B(not) overwrite an existing SSH key.
|
|
system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
|
|
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
|
|
ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
|
|
login_class: undefined # not required. Optionally sets the user's login class, a feature of most BSD OSs.
|
|
hidden: undefined # not required. macOS only, optionally hide the user from the login window and system preferences.,The default will be 'True' if the I(system) option is used.
|
|
- name : set sudoers right
|
|
lineinfile:
|
|
dest: '/etc/sudoers.d/{{ bootstrap__sudo_group }}'
|
|
regexp: '{{ item.regexp }}'
|
|
line: '{{ item.line }}'
|
|
state: 'present'
|
|
create: True
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: '0440'
|
|
validate: 'visudo -cf "%s"'
|
|
with_items:
|
|
- regexp: '^Defaults: %{{ bootstrap__sudo_group }} !?requiretty'
|
|
line: 'Defaults: %{{ bootstrap__sudo_group }} !requiretty'
|
|
- regexp: '^Defaults: %{{ bootstrap__sudo_group }} env_check\s'
|
|
line: 'Defaults: %{{ bootstrap__sudo_group }} env_check += "SSH_CLIENT"'
|
|
- regexp: '^%{{ bootstrap__sudo_group }}\s'
|
|
line: '%{{ bootstrap__sudo_group }} ALL = (ALL:ALL) NOPASSWD: SETENV: ALL'
|
|
|
|
|
|
- name: Ensure /etc/sudoers includes /etc/sudoers.d
|
|
lineinfile:
|
|
dest: '/etc/sudoers'
|
|
regexp: '^#includedir\s+/etc/sudoers.d$'
|
|
line: '#includedir /etc/sudoers.d'
|
|
state: 'present'
|
|
validate: 'visudo -cf "%s"'
|