From 885a1388d957a62613083fb70654f8714156fe00 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 10 Jan 2023 20:45:21 +0100 Subject: [PATCH] feat: remove reference to a specific user --- defaults/main.yml | 1 + tasks/base_software.yml | 8 -------- tasks/ssh.yml | 2 -- tasks/sudoers.yml | 6 +++--- 4 files changed, 4 insertions(+), 13 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index b876e0d..c60e310 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,6 +21,7 @@ system_user: home: /home/ansible shell: '/bin/bash' system_group: [] +system_sudoers_group: "superusergroup" keystodeploy: [] # - name: toto # user: toto diff --git a/tasks/base_software.yml b/tasks/base_software.yml index f588043..0d1531f 100644 --- a/tasks/base_software.yml +++ b/tasks/base_software.yml @@ -53,11 +53,3 @@ update_cache: true become: true when: ansible_facts['os_family'] == "RedHat" - -#- name: Pass user shell to zsh -# user: -# name: "{{ user.name }}" -# shell: /bin/zsh -# state: present -# when: ansible_facts['os_family'] != "RedHat" -# become: true diff --git a/tasks/ssh.yml b/tasks/ssh.yml index 9ed0ee6..a62a920 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -11,7 +11,6 @@ owner: '{{ item }}' mode: 0700 with_items: - - '{{ user.name }}' - ansible - name: Copy ssh config for user @@ -25,7 +24,6 @@ selevel: s0 owner: '{{ item }}' with_items: - - '{{ user.name }}' - ansible - name: Ensure root ssh directory exist become: true diff --git a/tasks/sudoers.yml b/tasks/sudoers.yml index 8d38087..7db1388 100644 --- a/tasks/sudoers.yml +++ b/tasks/sudoers.yml @@ -1,6 +1,6 @@ - name: Set sudoers right ansible.builtin.lineinfile: - dest: '/etc/sudoers.d/{{ user.name }}' + dest: '/etc/sudoers.d/{{ system_sudoers_group }}' regexp: '{{ item.regexp }}' line: '{{ item.line }}' state: 'present' @@ -10,8 +10,8 @@ mode: '0440' validate: 'visudo -cf "%s"' with_items: - - regexp: '^{{ user.name }}\s' - line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL' + - regexp: '^%{{ system_sudoers_group }}\s' + line: '%{{ system_sudoers_group }} ALL = (ALL) NOPASSWD:ALL' become: True - name: Change secure path