diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..4bbc620 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = ~/Documents/projects/ansible-automations/inventory/servers.ini diff --git a/playbooks/create-user.yml b/playbooks/create-user.yml new file mode 100644 index 0000000..5ce5555 --- /dev/null +++ b/playbooks/create-user.yml @@ -0,0 +1,63 @@ +#=========================================================================== +# ? ABOUT +# @author : Noah Knegt +# @email : personal@noahknegt.com +# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations +# @createdOn : 09-02-2023 +# @description : This playbook will create a user on a remote hosts and +# adds an ssh key to the authorized_keys file. It will also +# disable password authentication and root login. +#=========================================================================== + +- hosts: ubuntu + vars: + provision_password: '$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/' + gather_facts: false + remote_user: root + + tasks: + - name: Add new provisioning user + user: + name: provision + password: "{{ provision_password }}" + shell: /bin/bash + + - name: Add provisioning user to sudoers + copy: + dest: /etc/sudoers.d/provision + content: "provision ALL=(ALL) NOPASSWD:ALL" + + - name: Deploy SSH key + authorized_key: + user: provision + key: "{{ lookup('file', '/home/noahk/.ssh/id_ed25519.pub') }}" + state: present + + - name: Disable password authentication + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^PasswordAuthentication' + line: 'PasswordAuthentication no' + state: present + backup: yes + validate: 'sshd -t -f %s' + notify: + - restart ssh + + - name: Disable root login + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: 'PermitRootLogin no' + state: present + backup: yes + validate: 'sshd -t -f %s' + notify: + - restart ssh + + handlers: + - name: restart ssh + service: + name: sshd + state: restarted +