mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 11:42:08 +00:00
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
- name: Create user {{ iiab_admin_user }} in group sudo for Admin Console; set password from iiab_admin_pwd_hash if newly creating account
|
|
user:
|
|
name: "{{ iiab_admin_user }}" # iiab-admin
|
|
password: "{{ iiab_admin_pwd_hash }}"
|
|
update_password: on_create
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
|
|
#- name: Create a wheel group
|
|
# group:
|
|
# name: wheel
|
|
# state: present
|
|
|
|
#- name: Create a sudo group (redhat)
|
|
# group:
|
|
# name: sudo
|
|
# state: present
|
|
# when: is_redhat | bool
|
|
|
|
#- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
|
|
# user:
|
|
# name: "{{ iiab_admin_user }}"
|
|
# groups: wheel,sudo
|
|
|
|
- name: Edit the sudoers file -- first make it editable
|
|
file:
|
|
path: /etc/sudoers
|
|
mode: 0640
|
|
|
|
- name: Have sudo log all commands it handles
|
|
lineinfile:
|
|
regexp: logfile
|
|
line: "Defaults logfile = /var/log/sudo.log"
|
|
dest: /etc/sudoers
|
|
state: present
|
|
|
|
#- name: Lets {{ iiab_admin_user }} sudo without password
|
|
##- name: Lets wheel sudo without password
|
|
# lineinfile:
|
|
# line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
|
|
## line: "%wheel ALL= NOPASSWD: ALL"
|
|
# dest: /etc/sudoers
|
|
|
|
- name: Remove the line which requires tty
|
|
lineinfile:
|
|
regexp: requiretty
|
|
dest: /etc/sudoers
|
|
state: absent
|
|
|
|
- name: End editing the sudoers file -- protect it again
|
|
file:
|
|
path: /etc/sudoers
|
|
mode: 0440
|