system/tasks/sudoers.yml
vincent 885a1388d9
All checks were successful
continuous-integration/drone/push Build is passing
feat: remove reference to a specific user
2023-01-10 20:45:21 +01:00

24 lines
686 B
YAML

- name: Set sudoers right
ansible.builtin.lineinfile:
dest: '/etc/sudoers.d/{{ system_sudoers_group }}'
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
state: 'present'
create: True
owner: 'root'
group: 'root'
mode: '0440'
validate: 'visudo -cf "%s"'
with_items:
- regexp: '^%{{ system_sudoers_group }}\s'
line: '%{{ system_sudoers_group }} ALL = (ALL) NOPASSWD:ALL'
become: True
- name: Change secure path
ansible.builtin.replace:
path: '/etc/sudoers'
regexp: ^Defaults\s*secure_path.*
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
validate: 'visudo -cf "%s"'
become: true