freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-ffibk/roles/users/tasks/main.yml
prisma01 b91112516d
Introduce Kumpir, our new www server, add wordpress role (#26) 
* Introduce Kumpir, our new www server, add wordpress role

* move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook

* set server type to services

* fix typo

* rename service-wordpress to service-nginx-wordpress

* Add service-nginx-etherpad role

* Add ed25519 keypair for system_users when supported.

* Revert "Add ed25519 keypair for system_users when supported."

This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534.

* Change generated keys format to ed25519

* fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default

* Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
2019-09-26 22:13:13 +02:00

51 lines
1.2 KiB
YAML
Raw Blame History

---
- name: ensure sudo is installed
package:
name: "sudo"
state: present
- name: ensure system users are present
user:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
shell: "{{ item.shell }}"
home: "{{ item.home }}"
generate_ssh_key: "{{ item.generate_ssh_key }}"
ssh_key_type: "{{ item.ssh_key_type }}"
state: "{{ item.state }}"
loop: "{{ system_users }}"
- name: ensure ssh config directory is present
file:
path: "{{ item.home }}/.ssh"
state: directory
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: '0700'
loop: "{{ system_users }}"
- name: configure ssh public keys
template:
src: "authorized_keys.j2"
dest: "{{ item.home }}/.ssh/authorized_keys"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: '0600'
loop: "{{ system_users }}"
- name: configure passwordless sudo access
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ item.name }}"
owner: root
group: root
mode: '0440'
validate: "/usr/sbin/visudo -cf %s"
loop: "{{ system_users }}"
- name: remove admin lines from /etc/sudoers
lineinfile:
path: "/etc/sudoers"
state: absent
regexp: '^admin\s'
validate: "/usr/sbin/visudo -cf %s"
Reference in a new issue View git blame Copy permalink