Safer Ansible

3 files changed, 17 insertions, 12 deletions

diff --git a/ansible/cluster_nodes.yml b/ansible/cluster_nodes.yml
index 2fc0eb6..94521e6 100644
--- a/ansible/cluster_nodes.yml
+++ b/ansible/cluster_nodes.yml
@@ -9,8 +9,9 @@
     - role: users
       tags: account
 
-    - role: network
-      tags: net
+# UNSAFE
+#    - role: network
+#      tags: net
 
     - role: consul
       tags: kv
@@ -18,5 +19,6 @@
     - role: nomad
       tags: orchestrator
 
-    - role: storage
-      tags: sto
+# UNSAFE
+#   - role: storage
+#      tags: sto
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 3ffc105..b4d00bb 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -40,3 +40,12 @@
       - strace
       - sudo
     state: present
+
+- name: "Passwordless sudo"
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+
diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml
index fc0ef4a..e2734e3 100644
--- a/ansible/roles/users/vars/main.yml
+++ b/ansible/roles/users/vars/main.yml
@@ -11,13 +11,7 @@ active_users:
     ssh_keys: 
       - 'alex-key1.pub'
 
-  - username: 'erwan'
-    ssh_keys:
-      - 'erwan-key1.pub'
-
-  - username: 'valentin'
-    ssh_keys:
-      - 'valentin-key1.pub'
-
 disabled_users:
   - 'john.doe'
+  - 'erwan'
+  - 'valentin'