From ea32facca263f3b3b5e12dd3193625d2ac2b7b9e Mon Sep 17 00:00:00 2001
From: Quentin <quentin@deuxfleurs.fr>
Date: Sun, 16 Feb 2020 20:05:47 +0100
Subject: [PATCH] Safer Ansible

---
 ansible/cluster_nodes.yml           | 10 ++++++----
 ansible/roles/common/tasks/main.yml |  9 +++++++++
 ansible/roles/users/vars/main.yml   | 10 ++--------
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/ansible/cluster_nodes.yml b/ansible/cluster_nodes.yml
index 2fc0eb6..94521e6 100644
--- a/ansible/cluster_nodes.yml
+++ b/ansible/cluster_nodes.yml
@@ -9,8 +9,9 @@
     - role: users
       tags: account
 
-    - role: network
-      tags: net
+# UNSAFE
+#    - role: network
+#      tags: net
 
     - role: consul
       tags: kv
@@ -18,5 +19,6 @@
     - role: nomad
       tags: orchestrator
 
-    - role: storage
-      tags: sto
+# UNSAFE
+#   - role: storage
+#      tags: sto
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 3ffc105..b4d00bb 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -40,3 +40,12 @@
       - strace
       - sudo
     state: present
+
+- name: "Passwordless sudo"
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+
diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml
index fc0ef4a..e2734e3 100644
--- a/ansible/roles/users/vars/main.yml
+++ b/ansible/roles/users/vars/main.yml
@@ -11,13 +11,7 @@ active_users:
     ssh_keys: 
       - 'alex-key1.pub'
 
-  - username: 'erwan'
-    ssh_keys:
-      - 'erwan-key1.pub'
-
-  - username: 'valentin'
-    ssh_keys:
-      - 'valentin-key1.pub'
-
 disabled_users:
   - 'john.doe'
+  - 'erwan'
+  - 'valentin'