Commit ff565dd4 authored by rlacko's avatar rlacko 💬
Browse files

Add whens to main tasks and use template for sudoers file

parent 597f35bf
......@@ -2,6 +2,12 @@
timezone: Europe/Budapest
na: "https://git.sch.bme.hu/kszk/sysadmin/kubernetes/base-ansible-role"
hostname: "{{ inventory_hostname }}"
update: yes
setup_basic_packages: yes
disable_floppy: yes
disable_multipath: yes
vmware_multipath: yes
motd_text: KSZK Host
ssh:
port: 10022
......
......@@ -8,33 +8,40 @@
tags: [hostname]
- name: Upgrade packages
when: update is defined and update
import_tasks: update.yml
tags: [update]
- name: Setup admin users
when: user is defined
include_tasks: setup_user.yml
loop: "{{ users }}"
loop_control:
loop_var: user
- name: Install basic packages
when: setup_basic_packages is defined and setup_basic_packages
import_tasks: packages.yml
tags: [packages]
- name: Setup Message of the day (MOTD)
when: motd_text is defined
import_tasks: "motd.yml"
tags: [motd]
- name: Setup SSH
when: ssh is defined
import_tasks: "ssh.yml"
tags: [ssh]
- name: Disable floppy
when: disable_floppy is defined and disable_floppy
include_tasks: floppy.yaml
- name: Fix multipath UUID VMWare errors
when: vmware_multipath is defined and vmware_multipath
include_tasks: multipath.yaml
- name: Update netplan config
include_tasks: netplan.yaml
when: netplan is defined
include_tasks: netplan.yaml
---
- name: Install figlet for creating motd
package:
state: present
name:
- figlet
- name: Generate motd ascii from text
command: figlet {{ motd_text }}
register: motd_ascii_art
changed_when: false
- name: Remove parts of factory banner
file:
......@@ -11,5 +21,5 @@
- name: Place motd file.
template:
src: etc/update-motd.d/motd.sh
dest: /etc/update-motd.d/40-kszk-banner
dest: /etc/update-motd.d/40-custom-banner
mode: 0755
......@@ -21,21 +21,13 @@
- sudo
when: user.sudo
- set_fact:
sudoer_file: "/etc/sudoers.d/{{ user.name }}"
- name: sudoers file for the user
file:
path: "{{ sudoer_file }}"
state: touch
mode: "0600"
- name: Insert sudoer file content
template:
src: etc/sudoers.d/user.j2
dest: /etc/sudoers.d/{{ user.name }}
mode: 0600
owner: root
group: root
- name: Insert sudoer file content
copy:
dest: "{{ sudoer_file }}"
content: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"
when: user.passwordless_sudo
- name: "Set password to be expired"
......
{{ user.name }} ALL=(ALL) NOPASSWD:ALL
......@@ -6,12 +6,9 @@
# source: http://patorjk.com/software/taag/#p=display&f=Standard&t=KSZK%20server
cat <<EOF
_ ______ ______ __
| |/ / ___|__ / |/ / ___ ___ _ ____ _____ _ __
| ' /\___ \ / /| ' / / __|/ _ \ '__\ \ / / _ \ '__|
| . \ ___) / /_| . \ \__ \ __/ | \ V / __/ |
|_|\_\____/____|_|\_\ |___/\___|_| \_/ \___|_|
{% for line in motd_ascii_art.stdout.split('\n') %}
{{ line | replace("`","\\`") }}
{% endfor %}
EOF
echo "! ! !"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment