Safer Ansible
This commit is contained in:
parent
cbd12c1877
commit
ea32facca2
3 changed files with 17 additions and 12 deletions
|
@ -9,8 +9,9 @@
|
|||
- role: users
|
||||
tags: account
|
||||
|
||||
- role: network
|
||||
tags: net
|
||||
# UNSAFE
|
||||
# - role: network
|
||||
# tags: net
|
||||
|
||||
- role: consul
|
||||
tags: kv
|
||||
|
@ -18,5 +19,6 @@
|
|||
- role: nomad
|
||||
tags: orchestrator
|
||||
|
||||
- role: storage
|
||||
tags: sto
|
||||
# UNSAFE
|
||||
# - role: storage
|
||||
# tags: sto
|
||||
|
|
|
@ -40,3 +40,12 @@
|
|||
- strace
|
||||
- sudo
|
||||
state: present
|
||||
|
||||
- name: "Passwordless sudo"
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo'
|
||||
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
|
|
|
@ -11,13 +11,7 @@ active_users:
|
|||
ssh_keys:
|
||||
- 'alex-key1.pub'
|
||||
|
||||
- username: 'erwan'
|
||||
ssh_keys:
|
||||
- 'erwan-key1.pub'
|
||||
|
||||
- username: 'valentin'
|
||||
ssh_keys:
|
||||
- 'valentin-key1.pub'
|
||||
|
||||
disabled_users:
|
||||
- 'john.doe'
|
||||
- 'erwan'
|
||||
- 'valentin'
|
||||
|
|
Reference in a new issue