m/natelandau_ansible-homelab-config
1
0
Fork 0
mirror of https://github.com/natelandau/ansible-homelab-config.git synced 2025-11-18 01:43:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: favor sudoers.d over lines in /etc/sudoers

Browse Source
This commit is contained in:
Nathaniel Landau
2024-03-18 16:03:44 -04:00
parent 8734731355
commit 6e8b39aef9
1 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tasks/backups.yml
View File

@@ -24,24 +24,18 @@
when: when:
- is_nomad_client or is_nomad_server - is_nomad_client or is_nomad_server
- name: Ensure nomad user can run sudo with the restore script - name: "SUDO: Confirm users can run service_backups"
become: true become: true
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/sudoers path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
state: present state: present
line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore" create: true
validate: "/usr/sbin/visudo -cf %s" mode: "0440"
when:
- is_nomad_client or is_nomad_server
- "'pis' in group_names"
- name: Ensure my user can run sudo with the restore script
become: true
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
validate: "/usr/sbin/visudo -cf %s" validate: "/usr/sbin/visudo -cf %s"
loop:
- nomad
- "{{ ansible_user }}"
when: when:
- is_nomad_client or is_nomad_server - is_nomad_client or is_nomad_server
- "'pis' in group_names" - "'pis' in group_names"