aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2020-02-16 20:05:47 +0100
committerQuentin <quentin@deuxfleurs.fr>2020-02-16 20:05:47 +0100
commitea32facca263f3b3b5e12dd3193625d2ac2b7b9e (patch)
treea2fe6cd9a6e4b556fb49a209074c4ef2a96a64cc /ansible/roles
parentcbd12c18779e6ecb0587ba06c256ffb930f35e67 (diff)
downloadinfrastructure-ea32facca263f3b3b5e12dd3193625d2ac2b7b9e.tar.gz
infrastructure-ea32facca263f3b3b5e12dd3193625d2ac2b7b9e.zip
Safer Ansible
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/common/tasks/main.yml9
-rw-r--r--ansible/roles/users/vars/main.yml10
2 files changed, 11 insertions, 8 deletions
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 3ffc105..b4d00bb 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -40,3 +40,12 @@
- strace
- sudo
state: present
+
+- name: "Passwordless sudo"
+ lineinfile:
+ path: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+ validate: 'visudo -cf %s'
+
diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml
index fc0ef4a..e2734e3 100644
--- a/ansible/roles/users/vars/main.yml
+++ b/ansible/roles/users/vars/main.yml
@@ -11,13 +11,7 @@ active_users:
ssh_keys:
- 'alex-key1.pub'
- - username: 'erwan'
- ssh_keys:
- - 'erwan-key1.pub'
-
- - username: 'valentin'
- ssh_keys:
- - 'valentin-key1.pub'
-
disabled_users:
- 'john.doe'
+ - 'erwan'
+ - 'valentin'