38 lines
1018 B
YAML
38 lines
1018 B
YAML
- name: Create a group of users that will be able to use sudo without typing in their passwords.
|
|
ansible.builtin.group:
|
|
name: sudo-nopassword
|
|
become: true
|
|
|
|
- name: Grant the group to run commands with root privileges.
|
|
community.general.sudoers:
|
|
name: sudo-nopassword
|
|
group: sudo-nopassword
|
|
commands: ALL
|
|
nopassword: true
|
|
become: true
|
|
|
|
- name: Create accounts for system users
|
|
ansible.builtin.user:
|
|
name: "{{ item.username }}"
|
|
comment: "{{ item.comment }}"
|
|
state: present
|
|
append: false
|
|
loop: "{{ shell_users }}"
|
|
become: true
|
|
|
|
- name: Add a public SSH key to all of the user accounts for the devops people.
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.username }}"
|
|
key: "{{ item.public_ssh_key }}"
|
|
loop: "{{ shell_users }}"
|
|
become: true
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
|
|
- name: Remove all user accounts that have been revoked.
|
|
ansible.builtin.user:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ revoked_shell_users }}"
|
|
become: true
|
|
|