From 41fc32cd5c08670a1aa9fe6c166f879d7d713ae2 Mon Sep 17 00:00:00 2001 From: Hannes Braun <hannes.braun@slub-dresden.de> Date: Thu, 16 Mar 2023 16:09:48 +0100 Subject: [PATCH] Added task and template to make user sudo, if defined --- defaults/main.yml | 1 + tasks/main.yml | 11 +++++++++++ templates/etc/sudoers.d/sudoers-user-file.jinja2 | 1 + 3 files changed, 13 insertions(+) create mode 100644 templates/etc/sudoers.d/sudoers-user-file.jinja2 diff --git a/defaults/main.yml b/defaults/main.yml index 8dbbf8e..27f5c40 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,5 +6,6 @@ human_users: # extra_groups: "ssh" # ssh_key_file: "claussni.pub" # ssh_key_url: https://git.slub-dresden.de/{{ name }}.keys + # sudo: false | true absent_users: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 77f6177..b70f31c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -23,6 +23,17 @@ with_items: "{{ human_users }}" become: true +- name: make user sudo if + ansible.builtin.template: + src: etc/sudoers.d/sudoers-user-file.jinja2 + dest: /etc/sudoers.d/{{ item.name }} + owner: root + group: root + mode: 0440 + validate: /usr/sbin/visudo -cf %s + when: ( item.sudo = true ) + with_items: "{{ human_users }}" + - name: Add user to groups user: name: "{{ item.name }}" diff --git a/templates/etc/sudoers.d/sudoers-user-file.jinja2 b/templates/etc/sudoers.d/sudoers-user-file.jinja2 new file mode 100644 index 0000000..55d0532 --- /dev/null +++ b/templates/etc/sudoers.d/sudoers-user-file.jinja2 @@ -0,0 +1 @@ +{{ item.name }} ALL=(ALL) NOPASSWD:ALL \ No newline at end of file -- GitLab