Add superuser, sudo group, and sudo group sudoers file.

2021-01-31 17:46:59 -06:00 · 2021-01-31 17:46:59 -06:00 · 47be3301e1
commit 47be3301e1
parent 235d8c304d
6 changed files with 45 additions and 9 deletions
--- a/files/sudoers_ansible
+++ b/files/sudoers_ansible
@ -1 +1 @@
-ansible ALL=(ALL) NOPASSWD: ALL
+ansible ALL=(ALL) NOPASSWD: ALL
--- a/files/sudoers_sudo
+++ b/files/sudoers_sudo
@ -0,0 +1 @@
+%sudo ALL=(ALL) ALL
--- a/local.yml
+++ b/local.yml
@ -15,8 +15,10 @@

  tasks:
    - include: tasks/packages.yml
+    - include: tasks/groups.yml
    - include: tasks/users.yml
    - include: tasks/cron.yml
+    - include: tasks/sudo.yml
    - include: tasks/harden.yml
      ignore_errors: yes

--- a/tasks/groups.yml
+++ b/tasks/groups.yml
@ -0,0 +1,6 @@
+---
+# Groups that do not come to all distros by default.
+
+- name: Ensure sudo group exists (Looking at you BSD!)
+  group:
+    name: sudo
--- a/tasks/sudo.yml
+++ b/tasks/sudo.yml
@ -0,0 +1,18 @@
+---
+# Ensure the proper users have sudo access.
+
+- name: Add Ansible Sudoers File
+  copy:
+    src: sudoers_ansible
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
+
+- name: Add Sudo Group Sudoers File
+  copy:
+    src: sudoers_sudo
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
--- a/tasks/users.yml
+++ b/tasks/users.yml
@ -1,14 +1,23 @@
 ---
+# Create users for both desktop and server machines.

- name: Create Ansible User
+# Scheduler
+- name: Create User Ansible
  user:
    name: ansible
+    comment: Ansible
    system: yes
+    

- name: Add Ansible Sudoers File
-  copy:
-    src: sudoers_ansible
-    dest: "{{ sudoers_install_dir }}"
-    owner: root
-    group: "{{ root_group }}"
-    mode: 0440
+# Superuser
+- name: Create User Hyperling
+  user:
+    name: ling
+    comment: Hyperling
+    groups: 
+      - sudo
+    append: yes
+    shell: /bin/bash
+    create_home: yes
+    skeleton: yes
+    generate_ssh_key: yes