computer-playbook/roles/user-administrator/tasks/main.yml

61 lines
1.8 KiB
YAML

- name: create administrator
user:
name: administrator
update_password: on_create
password: "{{ user_administrator_initial_password | password_hash('sha512') }}"
create_home: yes
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_bits: 8192
when: run_once_user_administrator is not defined
- name: "set correct rights for {{path_administrator_home}}"
file:
path: "{{path_administrator_home}}"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_scripts}}"
file:
path: "{{path_administrator_home}}scripts"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: create {{path_administrator_home}}.ssh/authorized_keys
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys"
dest: "{{path_administrator_home}}.ssh/authorized_keys"
owner: administrator
group: administrator
mode: '0644'
when: run_once_user_administrator is not defined
- name: grant administrator sudo rights with password
copy:
src: "administrator"
dest: /etc/sudoers.d/administrator
mode: '0644'
owner: root
group: root
notify: sshd restart
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_home}}volumes/"
file:
path: "{{path_administrator_home}}volumes"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: run the user_administrator tasks once
set_fact:
run_once_user_administrator: true
when: run_once_user_administrator is not defined