improve idempotence

This commit is contained in:
L3D 2022-12-29 18:38:33 +01:00
parent ca6c4c26f7
commit 73b553633b
Signed by: l3d
GPG key ID: CD08445BFF4313D1
2 changed files with 19 additions and 0 deletions

14
files/admin_ssh_acl.ps1 Normal file
View file

@ -0,0 +1,14 @@
# Ansible Managed
# set acl on administrators_authorized_keys
$admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
$acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
[System.IO.Directory]::CreateDirectory('.ansible\status')
attrib +h .ansible
Add-Content -Path .ansible\status\admin_ssh_acl.txt -Value "PS2 upgrades to PS3. See https://backwesen.de/voc/win_ansible_role_winrm.git"

View file

@ -14,3 +14,8 @@
src: 'templates/ssh_keys.ps1'
dest: '.ansible\ssh_keys.ps1'
notify: 'Install SSH Keys'
- name: Set Admin SSH ACL
ansible.builtin.script: files/admin_ssh_acl.ps1
args:
creates: '.ansible\status\admin_ssh_acl.txt'