ansible/roles/ldap_client/tasks/1_group_security.yml

38 lines
999 B
YAML
Raw Permalink Normal View History

---
# Filter SSH on groups
- name: Filter SSH on groups
when: ansible_facts['hostname'] != "camelot" # Camelot is accessible for everyone
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ^AllowGroups
line: AllowGroups root sudoldap aurore ssh
state: present
# To gain root access with ldap rights
- name: Install SUDO package
package:
name: sudo
state: present
register: package_result
retries: 3
until: package_result is succeeded
# Set sudo group
2019-03-23 13:49:53 +01:00
- name: Configure sudoers sudo group
lineinfile:
dest: /etc/sudoers
regexp: ^%{{ sudo_group }}
2019-03-12 07:48:09 +01:00
line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
state: present
validate: /usr/sbin/visudo -cf %s
2019-03-23 13:49:53 +01:00
# Set sudo location group
- name: Configure sudoers sudo location group
lineinfile:
dest: /etc/sudoers
regexp: ^%{{ sudo_group_location }}
2019-03-23 13:49:53 +01:00
line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
state: present
validate: /usr/sbin/visudo -cf %s
2019-03-23 13:49:53 +01:00
when: sudo_group_location is defined