44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
---
|
|
|
|
- name: "Ensure '{{ create_username }}'"
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ create_username }}"
|
|
password: "{{ create_pwgen | password_hash('sha512') }}"
|
|
state: present
|
|
shell: /bin/bash
|
|
groups: "{{ created_users_groups[ansible_os_family] }}"
|
|
append: true
|
|
generate_ssh_key: false
|
|
ssh_key_bits: 2048
|
|
ssh_key_file: .ssh/id_rsa
|
|
update_password: on_create
|
|
register: user_created
|
|
notify: print generated password
|
|
|
|
- name: Ensure 'sudo' package is installed
|
|
become: true
|
|
ansible.builtin.package: { name: sudo, state: present }
|
|
|
|
- name: Enable nopasswd sudo
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/sudoers
|
|
regexp: '^{{ create_username }}'
|
|
line: "{{ create_username }} ALL=(ALL:ALL) NOPASSWD:ALL"
|
|
insertafter: '^%{{ sudo_group_by_fam[ansible_os_family] }}.*$'
|
|
state: present
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: "Copy '~/.ssh/id_*.pub' (on controller) to authorized_keys for '{{ create_username }}'"
|
|
tags: ['keys']
|
|
ansible.posix.authorized_key:
|
|
user: "{{ create_username }}"
|
|
state: present
|
|
key: "{{ lookup('file', item) }}"
|
|
with_fileglob:
|
|
- "{{ '~/.ssh/id_*.pub' }}"
|
|
# with_items:
|
|
# - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
|
|
# - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}"
|
|
# - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
|