Code Review
/
ta
/
infra-ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
FIX: Syntax error in SSH hardening playbook
[ta/infra-ansible.git]
/
roles
/
bootstrap-host
/
tasks
/
create_sudo_user.yml
diff --git
a/roles/bootstrap-host/tasks/create_sudo_user.yml
b/roles/bootstrap-host/tasks/create_sudo_user.yml
index
bfab595
..
fe8fc33
100644
(file)
--- a/
roles/bootstrap-host/tasks/create_sudo_user.yml
+++ b/
roles/bootstrap-host/tasks/create_sudo_user.yml
@@
-38,14
+38,23
@@
tags:
- ssh-key-authorized
tags:
- ssh-key-authorized
-- name: Ensure
root
's new public ssh key is in authorized_keys
+- name: Ensure
sudo user
's new public ssh key is in authorized_keys
authorized_key:
user: "{{ sudo_user }}"
key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
manage_dir: no
authorized_key:
user: "{{ sudo_user }}"
key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
manage_dir: no
+ exclusive: yes
tags:
- ssh-key-authorized
tags:
- ssh-key-authorized
+- name: Populate authorized keys from config to sudo user
+ authorized_key:
+ user: "{{ sudo_user }}"
+ key: "{{ sudo_user_authorized_keys | join('\n') }}"
+ manage_dir: no
+ tags:
+ - configured-authorized-keys
+
- name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
file:
path: "/etc/userconfig/id_rsa"
- name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
file:
path: "/etc/userconfig/id_rsa"