64 lines
1.9 KiB
YAML
64 lines
1.9 KiB
YAML
#===========================================================================
|
|
# ? ABOUT
|
|
# @author : Noah Knegt
|
|
# @email : personal@noahknegt.com
|
|
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
|
|
# @createdOn : 09-02-2023
|
|
# @description : This playbook will create a user on a remote hosts and
|
|
# adds an ssh key to the authorized_keys file. It will also
|
|
# disable password authentication and root login.
|
|
#===========================================================================
|
|
|
|
- hosts: ubuntu
|
|
vars:
|
|
provision_password: '$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/'
|
|
gather_facts: false
|
|
remote_user: root
|
|
|
|
tasks:
|
|
- name: Add new provisioning user
|
|
user:
|
|
name: provision
|
|
password: "{{ provision_password }}"
|
|
shell: /bin/bash
|
|
|
|
- name: Add provisioning user to sudoers
|
|
copy:
|
|
dest: /etc/sudoers.d/provision
|
|
content: "provision ALL=(ALL) NOPASSWD:ALL"
|
|
|
|
- name: Deploy SSH key
|
|
authorized_key:
|
|
user: provision
|
|
key: "{{ lookup('file', '/home/noahk/.ssh/id_ed25519.pub') }}"
|
|
state: present
|
|
|
|
- name: Disable password authentication
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PasswordAuthentication'
|
|
line: 'PasswordAuthentication no'
|
|
state: present
|
|
backup: yes
|
|
validate: 'sshd -t -f %s'
|
|
notify:
|
|
- restart ssh
|
|
|
|
- name: Disable root login
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
backup: yes
|
|
validate: 'sshd -t -f %s'
|
|
notify:
|
|
- restart ssh
|
|
|
|
handlers:
|
|
- name: restart ssh
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
|