Add sudoers file and clone repo into /srv

ooni · Jul 3, 2024 · 2b90119 · 2b90119
1 parent 7ee6dac
commit 2b90119
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/ansible/roles/ansible_controller/tasks/main.yml b/ansible/roles/ansible_controller/tasks/main.yml
@@ -15,3 +15,8 @@
 - name: set the hostname
   ansible.builtin.hostname:
     name: "ansible-controller"
+
+- name: clone devops repo into /srv/devops
+  ansible.builtin.git:
+    repo: "https://github.com/ooni/devops.git"
+    dest: /srv/devops
diff --git a/ansible/roles/ssh_users/tasks/main.yml b/ansible/roles/ssh_users/tasks/main.yml
@@ -59,3 +59,7 @@
     remove: yes
   with_items: user_list.stdout_lines
   when: "item != 'nobody' and item not in (admin_usernames | union(non_admin_usernames))"
+
+
+- name: sudoers.d/80-admins
+  template: src=sudoers dest=/etc/sudoers.d/80-admins owner=root group=root mode=0440 validate='visudo -cf %s'
diff --git a/ansible/roles/ssh_users/templates/sudoers b/ansible/roles/ssh_users/templates/sudoers
@@ -0,0 +1,4 @@
+# ansible-managed in roles/ssh_users/templates/sudoers
+{% for username in admin_usernames %}
+{{ ssh_users[username].login }} ALL=(ALL:ALL) NOPASSWD: ALL
+{% endfor %}