Safer Ansible

This commit is contained in:
Quentin 2020-02-16 20:05:47 +01:00
parent cbd12c1877
commit ea32facca2
3 changed files with 17 additions and 12 deletions

View file

@ -9,8 +9,9 @@
- role: users
tags: account
- role: network
tags: net
# UNSAFE
# - role: network
# tags: net
- role: consul
tags: kv
@ -18,5 +19,6 @@
- role: nomad
tags: orchestrator
- role: storage
tags: sto
# UNSAFE
# - role: storage
# tags: sto

View file

@ -40,3 +40,12 @@
- strace
- sudo
state: present
- name: "Passwordless sudo"
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'

View file

@ -11,13 +11,7 @@ active_users:
ssh_keys:
- 'alex-key1.pub'
- username: 'erwan'
ssh_keys:
- 'erwan-key1.pub'
- username: 'valentin'
ssh_keys:
- 'valentin-key1.pub'
disabled_users:
- 'john.doe'
- 'erwan'
- 'valentin'