---- name: Add deployment user action: 'user name={{ deploy_user }} passwor

1. ---
2. - name: Add deployment user
3. action: 'user name={{ deploy_user }} password={{ deploy_password }} generate_ssh_key=yes shell=/bin/bash'
4.  
5. - name: Add authorized deploy keys
6. action: "authorized_key user={{ deploy_user }} key=\"{{ lookup('file', item) }}\""
7. with_items: '{{ ssh_public_key_files }}'
8.  
9. - name: Remove sudo group rights
10. action: lineinfile dest=/etc/sudoers regexp="^%sudo" state=absent
11.  
12. - name: Add deploy user to sudoers
13. action: 'lineinfile dest=/etc/sudoers regexp="{{ deploy_user }} ALL" line="{{ deploy_user }} ALL=(ALL) NOPASSWD: ALL" state=present'
14.  
15. - name: Disallow root SSH access
16. action: lineinfile dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present
17. notify: Restart sshd
18.  
19. - name: Disallow password authentication
20. action: lineinfile dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
21. notify: Restart sshd