45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
- name: Add Local User
|
|
ansible.builtin.user:
|
|
name: "{{ svc_acct_name }}"
|
|
comment: General Service Account
|
|
password_lock: true
|
|
shell: "/bin/bash"
|
|
create_home: true
|
|
- name: Wheel Group
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
ansible.builtin.user:
|
|
name: servicelink
|
|
groups: wheel
|
|
append: true
|
|
- name: Sudo Group
|
|
when: ansible_facts['distribution'] == "Ubuntu"
|
|
ansible.builtin.user:
|
|
name: "{{ svc_acct_name }}"
|
|
groups: sudo
|
|
append: true
|
|
- name: Make servicelink sudo Passwordless
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL"
|
|
validate: /usr/sbin/visudo -cf %s
|
|
- name: "Make .ssh dir"
|
|
ansible.builtin.file:
|
|
path: "/home/{{ svc_acct_name }}/.ssh/"
|
|
state: directory
|
|
owner: "{{ svc_acct_name }}"
|
|
group: "{{ svc_acct_name }}"
|
|
mode: "0700"
|
|
- name: Make Authorised Key
|
|
ansible.builtin.file:
|
|
path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys"
|
|
# state: touch
|
|
owner: "{{ svc_acct_name }}"
|
|
group: "{{ svc_acct_name }}"
|
|
mode: "0600"
|
|
- name: Add Publickey
|
|
ansible.builtin.lineinfile:
|
|
path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
|
|
line: "{{ item }}"
|
|
loop: "{{ svc_acct_keys }}"
|