Safer Ansible
This commit is contained in:
parent
cbd12c1877
commit
ea32facca2
3 changed files with 17 additions and 12 deletions
|
@ -9,8 +9,9 @@
|
||||||
- role: users
|
- role: users
|
||||||
tags: account
|
tags: account
|
||||||
|
|
||||||
- role: network
|
# UNSAFE
|
||||||
tags: net
|
# - role: network
|
||||||
|
# tags: net
|
||||||
|
|
||||||
- role: consul
|
- role: consul
|
||||||
tags: kv
|
tags: kv
|
||||||
|
@ -18,5 +19,6 @@
|
||||||
- role: nomad
|
- role: nomad
|
||||||
tags: orchestrator
|
tags: orchestrator
|
||||||
|
|
||||||
- role: storage
|
# UNSAFE
|
||||||
tags: sto
|
# - role: storage
|
||||||
|
# tags: sto
|
||||||
|
|
|
@ -40,3 +40,12 @@
|
||||||
- strace
|
- strace
|
||||||
- sudo
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: "Passwordless sudo"
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '^%sudo'
|
||||||
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
|
||||||
|
|
|
@ -11,13 +11,7 @@ active_users:
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- 'alex-key1.pub'
|
- 'alex-key1.pub'
|
||||||
|
|
||||||
- username: 'erwan'
|
|
||||||
ssh_keys:
|
|
||||||
- 'erwan-key1.pub'
|
|
||||||
|
|
||||||
- username: 'valentin'
|
|
||||||
ssh_keys:
|
|
||||||
- 'valentin-key1.pub'
|
|
||||||
|
|
||||||
disabled_users:
|
disabled_users:
|
||||||
- 'john.doe'
|
- 'john.doe'
|
||||||
|
- 'erwan'
|
||||||
|
- 'valentin'
|
||||||
|
|
Reference in a new issue