42FS/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ansible/ensure_tsadmin.yml
Jan Forman 4b130f505f add playbook
2026-01-12 14:24:29 +01:00

54 lines
1.5 KiB
YAML
Raw Permalink Blame History

- name: Ensure tsadmin user and SSH key
hosts: all
become: yes
vars:
ts_user: ts-admin
ts_pubkeys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+VHh9Q7Y/0dQgDqoHaQyf6EZjXqiBDg7FvQPrt5LSx Jan Forman"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdDJqGN9L5zkCoQPCOmOy3Rozf4CY+w3p1nf4Ztl4VD miko@Directwire"
tasks:
- name: Ensure user exists
ansible.builtin.user:
name: "{{ ts_user }}"
state: present
create_home: yes
shell: /bin/bash
- name: Ensure .ssh directory exists
ansible.builtin.file:
path: "/home/{{ ts_user }}/.ssh"
state: directory
owner: "{{ ts_user }}"
group: "{{ ts_user }}"
mode: '0700'
- name: Install public keys for the user
ansible.builtin.authorized_key:
user: "{{ ts_user }}"
key: "{{ item }}"
state: present
loop: "{{ ts_pubkeys }}"
- name: Ensure authorized_keys permissions
ansible.builtin.file:
path: "/home/{{ ts_user }}/.ssh/authorized_keys"
owner: "{{ ts_user }}"
group: "{{ ts_user }}"
mode: '0600'
state: file
- name: Ensure user is member of sudo group
ansible.builtin.user:
name: "{{ ts_user }}"
groups: sudo
append: yes
- name: Allow user to sudo without password via sudoers.d
ansible.builtin.copy:
dest: "/etc/sudoers.d/{{ ts_user }}"
content: "{{ ts_user }} ALL=(ALL) NOPASSWD:ALL\n"
owner: root
group: root
mode: '0440'
Reference in New Issue View Git Blame Copy Permalink