diff --git a/roles/iiab-admin/tasks/access.yml b/roles/iiab-admin/tasks/access.yml index dbbff4bbc..6762e5b43 100644 --- a/roles/iiab-admin/tasks/access.yml +++ b/roles/iiab-admin/tasks/access.yml @@ -1,8 +1,9 @@ - name: Install textmode remote access packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - screen - - lynx + - screen + - lynx tags: - download diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index f9c06ca26..8dc95d8ef 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,57 +1,69 @@ - name: Create iiab-admin user and password - user: name={{ iiab_admin_user }} - password={{ iiab_admin_passw_hash }} - update_password=on_create + user: + name: "{{ iiab_admin_user }}" + password: "{{ iiab_admin_passw_hash }}" + update_password: on_create + shell: /bin/bash - name: Create a wheel group - group: name=wheel - state=present + group: + name: wheel + state: present -- name: Create a sudo group - group: name=sudo - state=present +- name: Create a sudo group (redhat) + group: + name: sudo + state: present when: is_redhat - name: Add user to wheel group - user: name={{ iiab_admin_user }} groups=wheel,sudo + user: + name: "{{ iiab_admin_user }}" + groups: wheel,sudo - name: Create root .ssh - file: path=/root/.ssh - mode=0700 - owner=root - group=root - state=directory + file: + path: /root/.ssh + owner: root + group: root + mode: 0700 + state: directory - name: Install dummy root keys as placeholder - copy: src=dummy_authorized_keys - dest=/root/.ssh/authorized_keys - force=no - owner=root - group=root - mode=0600 + copy: + src: dummy_authorized_keys + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + force: no # backup=yes - name: Edit the sudoers file -- first make it editable - file: path=/etc/sudoers - mode=0640 + file: + path: /etc/sudoers + mode: 0640 - name: Have sudo log all commands it handles - lineinfile: regexp=logfile - line='Defaults logfile = /var/log/sudo.log' - state=present - dest=/etc/sudoers + lineinfile: + regexp: logfile + line: "Defaults logfile = /var/log/sudo.log" + dest: /etc/sudoers + state: present - name: Lets wheel sudo without password lineinfile: - line: "%wheel ALL= NOPASSWD: ALL" - dest: /etc/sudoers + line: "%wheel ALL= NOPASSWD: ALL" + dest: /etc/sudoers - name: Remove the line which requires tty - lineinfile: regexp=requiretty - state=absent - dest=/etc/sudoers + lineinfile: + regexp: requiretty + dest: /etc/sudoers + state: absent - name: End editing the sudoers file -- protect it again - file: path=/etc/sudoers - mode=0440 + file: + path: /etc/sudoers + mode: 0440 diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 5f609238b..b13a3d6cb 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -7,11 +7,12 @@ tags: - base -- name: Add iiab-admin parameters to ini file - ini_file: dest='{{ service_filelist }}' - section=iiab-admin - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: iiab-admin + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: iiab-admin @@ -21,19 +22,23 @@ value: "{{ iiab_admin_user }}" - name: Set up to issue warning if iiab-admin password is still default - template: src=profile_ssh_warn.sh - dest=/etc/profile.d/ + template: + src: profile_ssh_warn.sh + dest: /etc/profile.d/ - name: Is this LXDE? - stat: path=/home/pi/.config/lxsession + stat: + path: /home/pi/.config/lxsession register: lx - name: Do the same if running on Raspbian - template: src=lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/ + template: + src: lxde_ssh_warn.sh + dest: /home/pi/.config/lxsession/LXDE-pi/ when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu -- name: Put an autostart line to check for default password in LXDE - lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/autostart +- name: Put an autostart line to check for default password in LXDE (raspbian) + lineinfile: + line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh" + dest: /home/pi/.config/lxsession/LXDE-pi/autostart when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu