users: do not add users to the sudo group if they are not meant to be administrators.

2017-11-07 12:37:46 +01:00 · 2017-11-07 12:37:46 +01:00 · 805062b3c0
parent 5556c1318d
commit 805062b3c0
2 changed files with 2 additions and 1 deletions
--- a/users/defaults/main.yml
+++ b/users/defaults/main.yml
@ -14,4 +14,4 @@ users_update_password: 'on_create'
 #users_system_users:
 #  - { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
 #users_additional_groups:
-#  - 
+#  - { group: 'foo' }
--- a/users/tasks/main.yml
+++ b/users/tasks/main.yml
@ -25,6 +25,7 @@
    - name: Add the admin users to the sudoers group
      user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
      with_items: '{{ users_system_users | default([]) }}'
+      when: item.admin

    - name: ensure that the users can login with their ssh keys as root if we want ensure direct access
      authorized_key: user=root key="{{ item.ssh_key }}" state=present