Changeset - b32e4e0e89fe
Parent rev.
Child rev.
[Not reviewed]
0 1 0
x - 21 months ago 2023-08-24 01:55:34
xbr@c3l.lu
feat: change root shell to bash
1 file changed with 6 insertions and 1 deletions:
initial_server_setup/initial_setup.yml
6
1
0 comments (0 inline, 0 general)
initial_server_setup/initial_setup.yml
Show inline comments
 
@@ -94,45 +94,50 @@
 

			




	
	
	
		
 
    # Create Freifunk Users

			




	
	
	
		
 
    - name: Create member users

			




	
	
	
		
 
      ansible.builtin.user:

			




	
	
	
		
 
        name: "{{ item.username }}"

			




	
	
	
		
 
        password: "{{ password | password_hash('sha512') }}"

			




	
	
	
		
 
        update_password: "on_create"

			




	
	
	
		
 
        groups:

			




	
	
	
		
 
          - sudo

			




	
	
	
		
 
        append: true

			




	
	
	
		
 
        shell: /bin/bash

			




	
	
	
		
 
        state: present

			




	
	
	
		
 
      loop: "{{ users_member }}"

			




	
	
	
		
 
      tags: users

			




	
	
	
		
 
    - name: Create system users (no password)

			




	
	
	
		
 
      ansible.builtin.user:

			




	
	
	
		
 
        name: "{{ item.username }}"

			




	
	
	
		
 
        groups:

			




	
	
	
		
 
          - sudo

			




	
	
	
		
 
        append: true

			




	
	
	
		
 
        shell: /bin/bash

			




	
	
	
		
 
        state: present

			




	
	
	
		
 
      loop: "{{ users_system }}"

			




	
	
	
		
 
      tags: users

			




	
	
	
		
 
    - name: Change shell for root to bash

			




	
	
	
		
 
      ansible.builtin.user:

			




	
	
	
		
 
        name: "root"

			




	
	
	
		
 
        shell: /bin/bash

			




	
	
	
		
 
      tags: users

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Add SSH key for users from vars

			




	
	
	
		
 
      ansible.posix.authorized_key:

			




	
	
	
		
 
        user: "{{ item.username }}"

			




	
	
	
		
 
        state: present

			




	
	
	
		
 
        key: "{{ lookup('file', item.key_path) }}"

			




	
	
	
		
 
      tags: users

			




	
	
	
		
 
      loop: "{{ users_member | union(users_system) }}"

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Allow for password-less sudo

			




	
	
	
		
 
      community.general.sudoers:

			




	
	
	
		
 
        name: passwordless-sudo

			




	
	
	
		
 
        group: sudo

			




	
	
	
		
 
        commands: ALL

			




	
	
	
		
 
        nopassword: true

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Reload SSHD

			




	
	
	
		
 
      ansible.builtin.service:

			




	
	
	
		
 
        name: "sshd"

			




	
	
	
		
 
        state: "reloaded"

			




	
	
	
		
 
      tags: network,ssh

			




	
	
		
 
\ No newline at end of file

			




	
	
	
		
 
      tags: network,ssh

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: saturn-2977081
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support