37 lines
869 B
YAML
37 lines
869 B
YAML
- name: Ensure ts-admin user exists
|
|
ansible.builtin.user:
|
|
name: ts-admin
|
|
shell: /bin/bash
|
|
state: present
|
|
|
|
- name: Ensure .ssh directory exists for ts-admin
|
|
ansible.builtin.file:
|
|
path: /home/ts-admin/.ssh
|
|
state: directory
|
|
owner: ts-admin
|
|
group: ts-admin
|
|
mode: '0700'
|
|
|
|
- name: Add authorized keys for ts-admin
|
|
ansible.builtin.authorized_key:
|
|
user: ts-admin
|
|
state: present
|
|
key: "{{ item }}"
|
|
loop: "{{ ssh_public_keys }}"
|
|
when: ssh_public_keys is defined
|
|
|
|
- name: Ensure /etc/sudoers.d directory exists
|
|
ansible.builtin.file:
|
|
path: /etc/sudoers.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Allow ts-admin passwordless sudo
|
|
ansible.builtin.copy:
|
|
dest: /etc/sudoers.d/ts-admin
|
|
content: "ts-admin ALL=(ALL) NOPASSWD:ALL\n"
|
|
owner: root
|
|
group: root
|
|
mode: '0440' |