diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml index 053100b..b7af80c 100644 --- a/roles/ssh/defaults/main.yml +++ b/roles/ssh/defaults/main.yml @@ -43,6 +43,9 @@ sshd_password_auth: yes # chroot: /var/www/html # keys_file: %h/.ssh/authorized_keys # allow_forwarding: False +# sudo_defaults: +# - '!env_reset' +# - '!requiretty' # sudo: # - cmd: # - /usr/local/bin/ diff --git a/roles/ssh/templates/sudo.j2 b/roles/ssh/templates/sudo.j2 index 32dc9b7..04f942c 100644 --- a/roles/ssh/templates/sudo.j2 +++ b/roles/ssh/templates/sudo.j2 @@ -1,4 +1,7 @@ {% for user in ssh_users | default([]) %} +{% if user.sudo_defaults is defined and user.sudo_defaults | length > 0 %} +Defaults:{{ user.name }} {{ user.sudo_defaults | join(',') }} +{% endif %} {% if user.sudo is defined %} {% for command in user.sudo %} {{ user.name }} ALL=({{ command.run_as | default('root') }}) {% if command.nopasswd is defined and command.nopasswd %} NOPASSWD: {% endif %} {{ command.cmd | join(',') }}