58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
---
|
|
|
|
#- name: (sudoers-server.yml) include variables
|
|
# include_vars: "{{ item }}"
|
|
# with_first_found:
|
|
# - "sudoers-{{ inventory_hostname }}.yml"
|
|
# - "sudoers-{{ ansible_distribution_release }}.yml"
|
|
# - "sudoers-{{ ansible_distribution | lower }}.yml"
|
|
# - "sudoers-default.yml"
|
|
# tags:
|
|
# - sudoers-remove
|
|
# - sudoers-file-configuration
|
|
# - sudoers-global-configuration
|
|
|
|
- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
state: absent
|
|
regexp: '^{{ item }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
validate: visudo -cf %s
|
|
with_items: '{{ sudoers_server_remove_user }}'
|
|
tags:
|
|
- sudoers-remove
|
|
|
|
- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
|
|
template:
|
|
src: etc/sudoers.d/50-user.server.j2
|
|
dest: /etc/sudoers.d/50-user
|
|
#validate: visudo -cf %s
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
tags:
|
|
- sudoers-file-configuration
|
|
|
|
- name: (sudoers-server.yml) update global sudoers configuration file
|
|
template:
|
|
src: etc/sudoers.server.j2
|
|
dest: /etc/sudoers
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
#validate: visudo -cf %s
|
|
tags:
|
|
- sudoers-global-configuration
|
|
|
|
- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
|
|
user:
|
|
name: "{{ item }}"
|
|
groups: sudo
|
|
append: yes
|
|
with_items: "{{ sudo_server_users }}"
|
|
tags:
|
|
- sudo-users
|