it-team/lmn-vm
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow passwordless Sudo for user

Browse source
This commit is contained in:
Raphael Dannecker 2026-01-21 12:01:15 +01:00
parent 7070e183ae
commit 3faf0525a8
4 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

9
playbook.yml
View file

@ -26,6 +26,15 @@
createhome: true createhome: true
password: password password: password
- name: Allow sudo without password for user
ansible.builtin.lineinfile:
path: /etc/sudoers.d/95-user
line: 'user ALL=(root) NOPASSWD: ALL'
create: true
owner: root
group: root
mode: '0700'
- name: Enable autologin for user - name: Enable autologin for user
ansible.builtin.copy: ansible.builtin.copy:
content: | content: |

8
roles/vm_mount/files/lmn-parse-vminfo
View file

@ -5,9 +5,9 @@ import json, os, os.path, sys, stat, subprocess
if not os.path.isfile("/media/host/.vminfo.json"): if not os.path.isfile("/media/host/.vminfo.json"):
try: try:
subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "VM-Data", "/media/host"]) subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "VM-Data", "/media/host"], check=True)
except: except subprocess.CalledProcessError:
subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "Home_Linux", "/media/host"]) subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "Home_Linux", "/media/host"], check=True)
if not os.path.isfile("/media/host/.vminfo.json"): if not os.path.isfile("/media/host/.vminfo.json"):
print("/media/host/.vminfo.json not found",file=sys.stderr) print("/media/host/.vminfo.json not found",file=sys.stderr)
@ -44,4 +44,4 @@ for mount in mounts:
if not os.path.exists(directory): if not os.path.exists(directory):
os.makedirs(directory) os.makedirs(directory)
if not os.path.ismount(directory): if not os.path.ismount(directory):
subprocess.run(["/usr/bin/mount", "-t", "cifs", mount['RemotePath'], directory ,"-o", f"sec=krb5i,username={user},cruid=1000,uid=1000,gid=1000"]) subprocess.run(["/usr/bin/mount", "-t", "cifs", mount['RemotePath'], directory ,"-o", f"sec=krb5i,username={user},cruid=1000,uid=1000,gid=1000"], check=True)

4
roles/vm_mount/files/lmn-vminfo.service
View file

@ -6,4 +6,6 @@ Requires=network-online.target
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/python3 /usr/local/bin/lmn-parse-vminfo ExecStart=/usr/bin/python3 /usr/local/bin/lmn-parse-vminfo
RemainAfterExit=false RemainAfterExit=yes
Restart=on-failure
RestartSec=5

11
roles/vm_mount/tasks/main.yml
View file

@ -5,7 +5,8 @@
name: name:
- cifs-utils - cifs-utils
- krb5-user - krb5-user
- python3-pip # - python3-pip
- python3-impacket
- name: Provide lmn-parse-vminfo script - name: Provide lmn-parse-vminfo script
ansible.builtin.copy: ansible.builtin.copy:
@ -13,10 +14,10 @@
dest: /usr/local/bin/lmn-parse-vminfo dest: /usr/local/bin/lmn-parse-vminfo
mode: '0755' mode: '0755'
- name: Install impacket pip package # - name: Install impacket pip package
ansible.builtin.pip: # ansible.builtin.pip:
name: impacket # name: impacket
break_system_packages: true # break_system_packages: true
- name: Provide lmn-vminfo.service and timer - name: Provide lmn-vminfo.service and timer
ansible.builtin.copy: ansible.builtin.copy: