---- name: Set all facts block: - name: Set user passphrase fact

1. ---
2. - name: Set all facts
3. block:
4. - name: Set user passphrase fact
5. set_fact:
6. password: 'foobar'
7. - name: Set user name
8. set_fact:
9. username: 'foobar'
10. - name: install ansible prerequisites
11. script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
12. - name: Configure server
13. block:
14. - name: Change ssh port
15. lineinfile:
16. dest: "/etc/ssh/sshd_config"
17. regexp: "^Port"
18. line: "Port 575"
19. - name: Disable root login
20. lineinfile:
21. dest: "/etc/ssh/sshd_config"
22. regexp: "^PermitRootLogin"
23. line: "PermitRootLogin no"
24. - name: Change swapiness
25. sysctl:
26. name: vm.swappiness
27. value: 10
28. state: present
29. - name: Create user with ssh key, but no password.
30. user:
31. name: "{{ username }}"
32. generate_ssh_key: yes
33. shell: /bin/bash
34. ssh_key_passphrase: "{{ password }}"
35. - name: Copy {{ username }}'s id_rsa.pub to /home/{{ username }}/.ssh/id_rsa.pub
36. copy:
37. src: ./files/user/id_rsa.pub
38. dest: /home/{{username}}/.ssh/id_rsa.pub
39. mode: 0400
40. owner: "{{ username }}"
41. - name: Append user public ssh key to authorized_keys file if not exist
42. shell: "cd /home/{{ username }}/.ssh/; rm -f id_rsa; touch authorized_keys; chown {{ username }}:{{ username }} authorized_keys; chmod 600 authorized_keys; if ! grep ansible authorized_keys > /dev/null; then cat id_rsa.pub >> authorized_keys; fi;"
43. - name: Make sure {{ username }} with sudo permission
44. lineinfile:
45. path: /etc/sudoers
46. regexp: "^{{ username }}"
47. state: present
48. line: "{{ username }} ALL=(ALL) NOPASSWD: ALL"
49. - name: Restart sshd service
50. service:
51. name: sshd
52. state: restarted
53. become: yes