evolinx-users: optimize sudo configuration
Some checks reported errors
continuous-integration/drone/push Build was killed
Some checks reported errors
continuous-integration/drone/push Build was killed
This commit is contained in:
parent
1dc4d0e133
commit
270d03b6a6
|
@ -25,6 +25,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||||
|
* evolinux-users: check permissions for /etc/sudoers.d
|
||||||
|
* evolinux-users: optimize sudo configuration
|
||||||
* lxc: Fail if /var is nosuid
|
* lxc: Fail if /var is nosuid
|
||||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||||
|
|
||||||
|
|
|
@ -20,10 +20,6 @@
|
||||||
|
|
||||||
- name: Configure sudo
|
- name: Configure sudo
|
||||||
include: sudo.yml
|
include: sudo.yml
|
||||||
vars:
|
|
||||||
user: "{{ item.value }}"
|
|
||||||
loop: "{{ evolinux_users | dict2items }}"
|
|
||||||
when: evolinux_users | length > 0
|
|
||||||
|
|
||||||
- name: Configure SSH
|
- name: Configure SSH
|
||||||
include: ssh.yml
|
include: ssh.yml
|
||||||
|
|
|
@ -1,9 +1,21 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: sudo_jessie.yml
|
- include: sudo_jessie.yml
|
||||||
when: ansible_distribution_release == "jessie"
|
vars:
|
||||||
|
user: "{{ item.value }}"
|
||||||
|
loop: "{{ evolinux_users | dict2items }}"
|
||||||
|
when:
|
||||||
|
- evolinux_users | length > 0
|
||||||
|
- ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- include: sudo_stretch.yml
|
|
||||||
|
- block:
|
||||||
|
- include: sudo_stretch_common.yml
|
||||||
|
|
||||||
|
- include: sudo_stretch_user.yml
|
||||||
|
vars:
|
||||||
|
user: "{{ item.value }}"
|
||||||
|
loop: "{{ evolinux_users | dict2items }}"
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_major_version is defined
|
- ansible_distribution_major_version is defined
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
|
@ -1,5 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: "/etc/sudoers.d presence and permissions"
|
||||||
|
file:
|
||||||
|
path: /etc/sudoers.d
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0750"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: "Verify 'evolinux' sudoers file presence (Debian 9 or later)"
|
- name: "Verify 'evolinux' sudoers file presence (Debian 9 or later)"
|
||||||
template:
|
template:
|
||||||
src: sudoers_stretch.j2
|
src: sudoers_stretch.j2
|
||||||
|
@ -13,15 +21,3 @@
|
||||||
group:
|
group:
|
||||||
name: "{{ evolinux_sudo_group }}"
|
name: "{{ evolinux_sudo_group }}"
|
||||||
system: yes
|
system: yes
|
||||||
|
|
||||||
- name: "Add user to '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
|
|
||||||
user:
|
|
||||||
name: '{{ user.name }}'
|
|
||||||
groups: "{{ evolinux_sudo_group }}"
|
|
||||||
append: yes
|
|
||||||
|
|
||||||
- name: "Add user to 'adm' group (Debian 9 or later)"
|
|
||||||
user:
|
|
||||||
name: '{{ user.name }}'
|
|
||||||
groups: "adm"
|
|
||||||
append: yes
|
|
13
evolinux-users/tasks/sudo_stretch_user.yml
Normal file
13
evolinux-users/tasks/sudo_stretch_user.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Add user to '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
|
||||||
|
user:
|
||||||
|
name: '{{ user.name }}'
|
||||||
|
groups: "{{ evolinux_sudo_group }}"
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: "Add user to 'adm' group (Debian 9 or later)"
|
||||||
|
user:
|
||||||
|
name: '{{ user.name }}'
|
||||||
|
groups: "adm"
|
||||||
|
append: yes
|
Loading…
Reference in a new issue