42 lines
1.6 KiB
YAML
42 lines
1.6 KiB
YAML
#!/usr/bin/ansible-playbook
|
|
# vim:ft=ansible:
|
|
- name: Configure Ansible system user
|
|
block:
|
|
- name: Create Ansible system user
|
|
user:
|
|
name: ansible
|
|
password_lock: yes
|
|
system: yes
|
|
become: yes
|
|
- name: Enroll Ansible user in sudo
|
|
user:
|
|
name: ansible
|
|
groups: sudo
|
|
when: ansible_distribution == "Ubuntu"
|
|
- name: Enroll Ansible user in wheel
|
|
user:
|
|
name: ansible
|
|
groups: wheel
|
|
when: ansible_distribution != "Ubuntu"
|
|
- name: Ensure perms on Ansible user home
|
|
file:
|
|
path: "/home/ansible"
|
|
mode: "0700"
|
|
- name: Ensure ownership of Ansible user home
|
|
file:
|
|
path: "/home/ansible"
|
|
owner: ansible
|
|
group: ansible
|
|
recurse: yes
|
|
- name: Add Ansible key to user
|
|
authorized_key:
|
|
user: ansible
|
|
manage_dir: yes
|
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible"
|
|
- name: Add Ansible user sudoers rule
|
|
template:
|
|
src: 90-ansible
|
|
dest: "/etc/sudoers.d/90-ansible"
|
|
mode: "0440"
|
|
become: yes
|