improve idempotence
This commit is contained in:
parent
ca6c4c26f7
commit
73b553633b
2 changed files with 19 additions and 0 deletions
14
files/admin_ssh_acl.ps1
Normal file
14
files/admin_ssh_acl.ps1
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Ansible Managed
|
||||
# set acl on administrators_authorized_keys
|
||||
$admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
|
||||
$acl = Get-Acl $Env:ProgramData\ssh\administrators_authorized_keys
|
||||
$acl.SetAccessRuleProtection($true, $false)
|
||||
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule($admins,"FullControl","Allow")
|
||||
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
|
||||
$acl.SetAccessRule($administratorsRule)
|
||||
$acl.SetAccessRule($systemRule)
|
||||
$acl | Set-Acl
|
||||
|
||||
[System.IO.Directory]::CreateDirectory('.ansible\status')
|
||||
attrib +h .ansible
|
||||
Add-Content -Path .ansible\status\admin_ssh_acl.txt -Value "PS2 upgrades to PS3. See https://backwesen.de/voc/win_ansible_role_winrm.git"
|
|
@ -14,3 +14,8 @@
|
|||
src: 'templates/ssh_keys.ps1'
|
||||
dest: '.ansible\ssh_keys.ps1'
|
||||
notify: 'Install SSH Keys'
|
||||
|
||||
- name: Set Admin SSH ACL
|
||||
ansible.builtin.script: files/admin_ssh_acl.ps1
|
||||
args:
|
||||
creates: '.ansible\status\admin_ssh_acl.txt'
|
||||
|
|
Loading…
Reference in a new issue