35 lines
947 B
YAML
35 lines
947 B
YAML
- name: Ensure ansible user exists
|
|
ansible.builtin.user:
|
|
name: "{{ ansible_user_name }}"
|
|
shell: "{{ ansible_user_shell }}"
|
|
groups: "{{ ansible_user_groups }}"
|
|
append: true
|
|
create_home: true
|
|
|
|
- name: Configure passwordless sudo
|
|
ansible.builtin.copy:
|
|
dest: "/etc/sudoers.d/{{ ansible_user_name }}"
|
|
content: "{{ ansible_user_name }} ALL=(ALL) NOPASSWD:ALL\n"
|
|
owner: root
|
|
group: root
|
|
mode: '0440'
|
|
|
|
- name: Ensure root .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0700'
|
|
|
|
- name: Add SSH keys to root authorized_keys
|
|
ansible.builtin.authorized_key:
|
|
user: root
|
|
key: "{{ item }}"
|
|
loop: "{{ ansible_user_authorized_keys }}"
|
|
|
|
- name: Add SSH keys to ansible user authorized_keys
|
|
ansible.builtin.authorized_key:
|
|
user: "{{ ansible_user_name }}"
|
|
key: "{{ item }}"
|
|
loop: "{{ ansible_user_authorized_keys }}" |