38 lines
999 B
YAML
38 lines
999 B
YAML
---
|
|
# Filter SSH on groups
|
|
- name: Filter SSH on groups
|
|
when: ansible_facts['hostname'] != "camelot" # Camelot is accessible for everyone
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: ^AllowGroups
|
|
line: AllowGroups root sudoldap aurore ssh
|
|
state: present
|
|
|
|
# To gain root access with ldap rights
|
|
- name: Install SUDO package
|
|
package:
|
|
name: sudo
|
|
state: present
|
|
register: package_result
|
|
retries: 3
|
|
until: package_result is succeeded
|
|
|
|
# Set sudo group
|
|
- name: Configure sudoers sudo group
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
regexp: ^%{{ sudo_group }}
|
|
line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
|
|
state: present
|
|
validate: /usr/sbin/visudo -cf %s
|
|
|
|
# Set sudo location group
|
|
- name: Configure sudoers sudo location group
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
regexp: ^%{{ sudo_group_location }}
|
|
line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
|
|
state: present
|
|
validate: /usr/sbin/visudo -cf %s
|
|
when: sudo_group_location is defined
|