You've already forked ansible-role-sudo
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ea17bd56a5 | |||
dc4e741b85
|
|||
6679f1602f
|
|||
|
6469d81fcf
|
@@ -14,7 +14,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v5.0.1
|
- uses: actions/checkout@v5.0.1
|
||||||
- name: Run ansible-lint
|
- name: Run ansible-lint
|
||||||
uses: ansible/ansible-lint@v25.11.0
|
uses: ansible/ansible-lint@v25.11.1
|
||||||
with:
|
with:
|
||||||
args: "--config-file .ansible-lint"
|
args: "--config-file .ansible-lint"
|
||||||
setup_python: "true"
|
setup_python: "true"
|
||||||
|
|||||||
95
tasks/main.yaml
Normal file
95
tasks/main.yaml
Normal file
@@ -0,0 +1,95 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Load variables
|
||||||
|
ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
|
||||||
|
- name: Verify variables
|
||||||
|
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||||
|
vars:
|
||||||
|
params:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_facts['distribution'] }}_verify_vars.yaml"
|
||||||
|
- "{{ ansible_facts['os_family'] }}_verify_vars.yaml"
|
||||||
|
- "verify_vars.yaml"
|
||||||
|
|
||||||
|
- name: Install sudo
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ sudo_users_package_names }}"
|
||||||
|
|
||||||
|
- name: Enable includedir directive
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: "^(#)+(\\s)*includedir(\\s)*/etc/sudoers.d"
|
||||||
|
line: "#includedir /etc/sudoers.d"
|
||||||
|
validate: 'visudo --check --file %s'
|
||||||
|
mode: "0440"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
|
||||||
|
- name: Flush drop-in files of sudoers.d
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: "{{ item }}"
|
||||||
|
path: "/etc/sudoers.d"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0750"
|
||||||
|
with_items:
|
||||||
|
- absent
|
||||||
|
- directory
|
||||||
|
|
||||||
|
- name: "Create sudoers drop-in file to execute commands for specific unix users"
|
||||||
|
community.general.sudoers:
|
||||||
|
name: "{{ item.filename | default(item.user) }}"
|
||||||
|
state: present
|
||||||
|
user: "{{ item.user }}"
|
||||||
|
nopassword: "{{ item.nopassword | default(false) }}"
|
||||||
|
commands: "{{ item.commands | default('ALL') }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ sudo_users_sudoers }}"
|
||||||
|
when: item.user is defined and item.user | length > 0 and
|
||||||
|
item.group is not defined and
|
||||||
|
item.runas is not defined
|
||||||
|
|
||||||
|
- name: "Create sudoers drop-in file to execute commands for specific unix users as specific unix user"
|
||||||
|
community.general.sudoers:
|
||||||
|
name: "{{ item.filename | default(item.user) }}"
|
||||||
|
state: present
|
||||||
|
user: "{{ item.user }}"
|
||||||
|
runas: "{{ item.runas }}"
|
||||||
|
nopassword: "{{ item.nopassword | default(false) }}"
|
||||||
|
commands: "{{ item.commands | default('ALL') }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ sudo_users_sudoers }}"
|
||||||
|
when: item.user is defined and item.user | length > 0 and
|
||||||
|
item.group is not defined and
|
||||||
|
item.runas is defined and item.runas | length > 0
|
||||||
|
|
||||||
|
- name: "Create sudoers drop-in file to execute commands for specific unix groups"
|
||||||
|
community.general.sudoers:
|
||||||
|
name: "{{ item.filename | default(item.group) }}"
|
||||||
|
state: present
|
||||||
|
group: "{{ item.group }}"
|
||||||
|
nopassword: "{{ item.nopassword | default(false) }}"
|
||||||
|
commands: "{{ item.commands | default('ALL') }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ sudo_users_sudoers }}"
|
||||||
|
when: item.user is not defined and
|
||||||
|
item.group is defined and item.group | length > 0 and
|
||||||
|
item.runas is not defined
|
||||||
|
|
||||||
|
- name: "Create sudoers drop-in file to execute commands for specific unix groups as specifix unix user"
|
||||||
|
community.general.sudoers:
|
||||||
|
name: "{{ item.filename | default(item.group) }}"
|
||||||
|
state: present
|
||||||
|
group: "{{ item.group }}"
|
||||||
|
runas: "{{ item.runas }}"
|
||||||
|
nopassword: "{{ item.nopassword | default(false) }}"
|
||||||
|
commands: "{{ item.commands | default('ALL') }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ sudo_users_sudoers }}"
|
||||||
|
when: item.user is not defined and
|
||||||
|
item.group is defined and item.group | length > 0 and
|
||||||
|
item.runas is defined and item.runas | length > 0
|
||||||
@@ -1,16 +1,16 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Load variables
|
- name: Load variables
|
||||||
ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yml"
|
ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
|
||||||
- name: Verify variables
|
- name: Verify variables
|
||||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||||
vars:
|
vars:
|
||||||
params:
|
params:
|
||||||
files:
|
files:
|
||||||
- "{{ ansible_facts['distribution'] }}_verify_vars.yml"
|
- "{{ ansible_facts['distribution'] }}_verify_vars.yaml"
|
||||||
- "{{ ansible_facts['os_family' }}_verify_vars.yml"
|
- "{{ ansible_facts['os_family'] }}_verify_vars.yaml"
|
||||||
- "verify_vars.yml"
|
- "verify_vars.yaml"
|
||||||
|
|
||||||
- name: Install sudo
|
- name: Install sudo
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
|
|||||||
Reference in New Issue
Block a user