Skip to content

Instantly share code, notes, and snippets.

@nickleefly

nickleefly/initialize_basic_user.yml

Created September 11, 2017 07:53
Show Gist options
  • Save nickleefly/b5fa141305e0845406db132997d95a36 to your computer and use it in GitHub Desktop.
Save nickleefly/b5fa141305e0845406db132997d95a36 to your computer and use it in GitHub Desktop.
Download ZIP
ansible playbook setup user
Raw
initialize_basic_user.yml
---
- hosts: linode
remote_user: root
vars:
NORMAL_USER_NAME: 'yourusername'
tasks:
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: "Create a secondary, non-root user"
user: name={{ NORMAL_USER_NAME }}
password='$6$rounds=656000$W.dSlhtSxE2HdSc1$4WbCFM6zQV1hTQYTCqmcddnKrSXIZ9LfWRAjJBervBFG.rH953lTa7rMeZNrN65zPzEONntMtYt9Bw74PvAei0'
shell=/bin/bash
group=wheel
- name: Add remote authorized key to allow future passwordless logins
authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '/Users/yourusename/.ssh/id_rsa.pub') }}"
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
- name: Add sudoers users to wheel group
user:
name=nick
groups=wheel
append=yes
state=present
Raw
list_users
- hosts: all
vars:
sudoers:
- user1
- user2
- user3
tasks:
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: visudo -cf %s
- name: Add sudoers users to wheel group
user:
name: "{{ item }}"
groups: wheel
append: yes
with_items: "{{ sudoers }}"
Raw
password-generate.sh
python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('plaintextpassword')"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment