52 lines
1.4 KiB
YAML
52 lines
1.4 KiB
YAML
---
|
||
- name: User "{{ admin_user }}" anlegen
|
||
ansible.builtin.user:
|
||
name: "{{ admin_user }}"
|
||
shell: /bin/bash
|
||
state: present
|
||
register: admin_user_result
|
||
|
||
- name: .ssh‑Verzeichnis anlegen
|
||
ansible.builtin.file:
|
||
path: "/home/{{ admin_user }}/.ssh"
|
||
state: directory
|
||
owner: "{{ admin_user }}"
|
||
group: "{{ admin_user }}"
|
||
mode: "0700"
|
||
when: admin_user_result.changed
|
||
|
||
- name: Public‑Keys von URL holen
|
||
ansible.builtin.uri:
|
||
url: "{{ admin_ssh_pub_key_url }}"
|
||
return_content: yes
|
||
delegate_to: localhost
|
||
register: fetched_keys
|
||
|
||
- name: Liste der einzelnen Keys erstellen
|
||
ansible.builtin.set_fact:
|
||
key_list: "{{ fetched_keys.content.splitlines() }}"
|
||
|
||
- name: authorized_keys anlegen (falls nicht vorhanden)
|
||
ansible.builtin.file:
|
||
path: "/home/{{ admin_user }}/.ssh/authorized_keys"
|
||
state: touch
|
||
owner: "{{ admin_user }}"
|
||
group: "{{ admin_user }}"
|
||
mode: "0600"
|
||
|
||
- name: Jeden Key einzeln mit authorized_key hinzufügen
|
||
ansible.builtin.authorized_key:
|
||
user: "{{ admin_user }}"
|
||
key: "{{ item | trim }}"
|
||
state: present
|
||
loop: "{{ key_list }}"
|
||
when: item | trim != ""
|
||
|
||
- name: Passwordless‑sudo für alle Befehle konfigurieren
|
||
ansible.builtin.copy:
|
||
dest: "/etc/sudoers.d/{{ admin_user }}"
|
||
content: |
|
||
{{ admin_user }} ALL=(ALL) NOPASSWD: ALL
|
||
owner: root
|
||
group: root
|
||
mode: "0440" |