|
|
@@ -0,0 +1,31 @@
|
|
|
+---
|
|
|
+- hosts: all
|
|
|
+ become_user: root
|
|
|
+ become: yes
|
|
|
+
|
|
|
+ tasks:
|
|
|
+ - name: Make sure we have a wheel group
|
|
|
+ ansible.builtin.group:
|
|
|
+ name: wheel
|
|
|
+ state: present
|
|
|
+
|
|
|
+ - name: Allow wheel group to have passwordless sudo
|
|
|
+ lineinfile:
|
|
|
+ dest: /etc/sudoers
|
|
|
+ state: present
|
|
|
+ regexp: '^%wheel'
|
|
|
+ line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
|
|
+ validate: 'visudo -cf %s'
|
|
|
+
|
|
|
+ - name: Add sudoers users to wheel group
|
|
|
+ user:
|
|
|
+ name=ansible
|
|
|
+ groups=wheel
|
|
|
+ append=yes
|
|
|
+ state=present
|
|
|
+ createhome=yes
|
|
|
+
|
|
|
+ - name: Set up authorized keys for the deployer user
|
|
|
+ authorized_key: user=ansible key="{{item}}"
|
|
|
+ with_file:
|
|
|
+ - /home/cmte/.ssh/id_rsa.pub
|
Douglas A