ansible/xoxys.sudo
0
0
Fork 0
Code Issues Pull Requests Releases Activity

feat: add logile option
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2022-09-19 16:45:34 +02:00
parent 1664e1c333
commit 038924e2e5
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -2,6 +2,8 @@
sudo_packages: sudo_packages:
- sudo - sudo
sudo_logfile: /var/log/sudo.log
sudo_misc_settings: sudo_misc_settings:
- "!visiblepw" - "!visiblepw"
- always_set_home - always_set_home

33
tasks/main.yml
View File

@ -1,2 +1,33 @@
--- ---
- include_tasks: setup.yml - block:
- name: Install requirements
package:
name: "{{ item }}"
state: present
loop: "{{ sudo_packages }}"
- name: Add base sudo config
template:
src: etc/sudoers.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
validate: "/usr/sbin/visudo -cf %s"
- name: Add config files to sudoers.d
template:
src: etc/sudoers.d/sudo_ext.j2
dest: "/etc/sudoers.d/{{ item.name }}"
owner: root
group: root
mode: 0440
validate: "/usr/sbin/visudo -cf %s"
loop: "{{ sudo_aliases }}"
loop_control:
label: "{{ item.name }}"
when:
- sudo_aliases is defined
- item.user_aliases is defined
become: True
become_user: root

33
tasks/setup.yml
View File

@ -1,33 +0,0 @@
---
- block:
- name: Install requirements
package:
name: "{{ item }}"
state: present
loop: "{{ sudo_packages }}"
- name: Add base sudo config
template:
src: etc/sudoers.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
validate: "/usr/sbin/visudo -cf %s"
- name: Add config files to sudoers.d
template:
src: etc/sudoers.d/sudo_ext.j2
dest: "/etc/sudoers.d/{{ item.name }}"
owner: root
group: root
mode: 0440
validate: "/usr/sbin/visudo -cf %s"
loop: "{{ sudo_aliases }}"
loop_control:
label: "{{ item.name }}"
when:
- sudo_aliases is defined
- item.user_aliases is defined
become: True
become_user: root

3
templates/etc/sudoers.j2
View File

@ -5,14 +5,13 @@
Defaults {{ item }} Defaults {{ item }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if sudo_env_keep -%} {% if sudo_env_keep -%}
Defaults env_keep = "{{ sudo_env_keep|join(' ') }}" Defaults env_keep = "{{ sudo_env_keep|join(' ') }}"
{% endif %} {% endif %}
{% if sudo_secure_path -%} {% if sudo_secure_path -%}
Defaults secure_path = "{{ sudo_secure_path }}" Defaults secure_path = "{{ sudo_secure_path }}"
{% endif %} {% endif %}
Defaults logfile = {{ sudo_logfile }}
## Allow root to run any commands anywhere ## Allow root to run any commands anywhere
root ALL=(ALL) ALL root ALL=(ALL) ALL