ansible/roles/common/tasks/ansibleuser.yml

42 lines
1.6 KiB
YAML

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
- name: Configure Ansible system user
block:
- name: Create Ansible system user
user:
name: ansible
password_lock: yes
system: yes
become: yes
- name: Enroll Ansible user in sudo
user:
name: ansible
groups: sudo
when: ansible_distribution == "Ubuntu"
- name: Enroll Ansible user in wheel
user:
name: ansible
groups: wheel
when: ansible_distribution != "Ubuntu"
- name: Ensure perms on Ansible user home
file:
path: "/home/ansible"
mode: "0700"
- name: Ensure ownership of Ansible user home
file:
path: "/home/ansible"
owner: ansible
group: ansible
recurse: yes
- name: Add Ansible key to user
authorized_key:
user: ansible
manage_dir: yes
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible"
- name: Add Ansible user sudoers rule
template:
src: 90-ansible
dest: "/etc/sudoers.d/90-ansible"
mode: "0440"
become: yes