Kapisi/roles/ShadowArch/tasks/authentication.yml

---
  - name: Test root password
    ignore_errors: yes
    register: root_password_test
    vars:
      ansible_become_user: "{{ item }}"
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    command: id
    loop:
      - root
      - "{{ ansible_user_id }}"

  - name: Define passwords
    ignore_errors: yes
    vars:
      ansible_become_user: "root"
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: root_password_test.rc is not defined or root_password_test.rc != 0
    command:
      cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
    loop:
      - root
      - "{{ ansible_user_id }}"

  - name: Ensure deploy user has sudo permissions.
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    copy:
      dest: /etc/sudoers.d/basics
      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"

  - name: Ensure we include /etc/sudoers.d (Current)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture != "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "@includedir /etc/sudoers.d"

  - name: Ensure we include /etc/sudoers.d (Legacy)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture == "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "#includedir /etc/sudoers.d"
AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00			`---`
			`- name: Test root password`
			`ignore_errors: yes`
			`register: root_password_test`
			`vars:`
			`ansible_become_user: "{{ item }}"`
			`ansible_become_method: su`
			`ansible_become_password: "{{ passwords[inventory_hostname] }}"`
			`become: yes`
			`command: id`
			`loop:`
			`- root`
			`- "{{ ansible_user_id }}"`

			`- name: Define passwords`
			`ignore_errors: yes`
			`vars:`
			`ansible_become_user: "root"`
			`ansible_become_password: "{{ passwords[inventory_hostname] }}"`
			`become: yes`
			`when: root_password_test.rc is not defined or root_password_test.rc != 0`
			`command:`
			`cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' \| chpasswd {{ item }}"`
			`loop:`
			`- root`
			`- "{{ ansible_user_id }}"`

			`- name: Ensure deploy user has sudo permissions.`
			`vars:`
			`ansible_become_method: su`
			`ansible_become_password: "{{ passwords[inventory_hostname] }}"`
			`become: yes`
			`copy:`
			`dest: /etc/sudoers.d/basics`
			`content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"`

			`- name: Ensure we include /etc/sudoers.d (Current)`
			`vars:`
			`ansible_become_method: su`
			`ansible_become_password: "{{ passwords[inventory_hostname] }}"`
			`become: yes`
			`when: ansible_architecture != "armv6l"`
			`lineinfile:`
			`path: /etc/sudoers`
			`regexp: "includedir /etc/sudoers.d"`
			`line: "@includedir /etc/sudoers.d"`

			`- name: Ensure we include /etc/sudoers.d (Legacy)`
			`vars:`
			`ansible_become_method: su`
			`ansible_become_password: "{{ passwords[inventory_hostname] }}"`
			`become: yes`
			`when: ansible_architecture == "armv6l"`
			`lineinfile:`
			`path: /etc/sudoers`
			`regexp: "includedir /etc/sudoers.d"`
			`line: "#includedir /etc/sudoers.d"`