2022-08-30 14:43:41 +02:00
|
|
|
- name: create group 'ansible'
|
|
|
|
group:
|
|
|
|
name: ansible
|
|
|
|
gid: 501
|
|
|
|
|
|
|
|
- name: create user 'ansible'
|
|
|
|
user:
|
|
|
|
name: ansible
|
|
|
|
uid: 501
|
|
|
|
group: ansible
|
|
|
|
home: /var/lib/ansible
|
|
|
|
password: "*" # disabled password but can be accessed with SSH
|
|
|
|
groups:
|
|
|
|
- ansible
|
|
|
|
- wheel
|
|
|
|
|
|
|
|
- name: make sure ansible owns its home
|
|
|
|
file:
|
|
|
|
state: directory
|
|
|
|
path: /var/lib/ansible
|
|
|
|
owner: ansible
|
|
|
|
group: ansible
|
|
|
|
mode: '2755'
|
|
|
|
|
|
|
|
- name: set ansible's authorized keys
|
|
|
|
authorized_key:
|
|
|
|
user: ansible
|
|
|
|
key: '{{ item }}'
|
|
|
|
path: /var/lib/ansible/.ssh/authorized_keys
|
|
|
|
with_file:
|
|
|
|
- public_keys/yubikey
|
|
|
|
- public_keys/ansible
|
2022-08-30 15:10:01 +02:00
|
|
|
|
|
|
|
- name: commit ansible's home to lbu
|
|
|
|
lbu:
|
|
|
|
include:
|
|
|
|
- /var/lib/ansible
|
|
|
|
- /var/lib/ansible/.ssh/authorized_keys
|
|
|
|
exclude:
|
|
|
|
- /var/lib/ansible/.ansible
|
|
|
|
- /var/lib/ansible/.ash_history
|