---- name: Configure Server hosts: sample_server gather_facts: no remote_

1. ---
2. - name: Configure Server
3. hosts: sample_server
4. gather_facts: no
5. remote_user: root
6.  
7. vars:
8. username: sample_user
9. password: sample_password
10.  
11. tasks:
12. - name: Update apt cache
13. apt: update_cache=yes
14.  
15. - name: Safe aptitude upgrade
16. apt: upgrade=safe
17. async: 600
18. poll: 5
19.  
20. - name: Add my user
21. user:
22. name: "{{ username }}"
23. password: "{{ password }}"
24. update_password: always
25. shell: /bin/bash
26. groups: sudo
27. append: yes
28. generate_ssh_key: yes
29. ssh_key_bits: 2048
30. state: present
31.  
32. - name: Add my workstation user's public key to the new user
33. authorized_key:
34. user: "{{ username }}"
35. key: "{{ lookup('file', 'certificates/id_rsa.pub') }}"
36. state: present
37.  
38. - name: Change SSH port
39. lineinfile:
40. dest: /etc/ssh/sshd_config
41. regexp: "^Port"
42. line: "Port 30000"
43. state: present
44. # notify:
45. # - Restart SSH
46.  
47. - name: Remove root SSH access
48. lineinfile:
49. dest: /etc/ssh/sshd_config
50. regexp: "^PermitRootLogin"
51. line: "PermitRootLogin no"
52. state: present
53. # notify:
54. # - Restart SSH
55.  
56. - name: Remove password SSH access
57. lineinfile:
58. dest: /etc/ssh/sshd_config
59. regexp: "^PasswordAuthentication"
60. line: "PasswordAuthentication no"
61. state: present
62. # notify:
63. # - Restart SSH
64.  
65. - name: Reboot the server
66. service: name=ssh state=restarted
67.  
68. handlers:
69. - name: Restart SSH
70. service: name=ssh state=restarted