Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - name: Set all facts
- block:
- - name: Set user passphrase fact
- set_fact:
- password: 'foobar'
- - name: Set user name
- set_fact:
- username: 'foobar'
- - name: install ansible prerequisites
- script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
- - name: Configure server
- block:
- - name: Change ssh port
- lineinfile:
- dest: "/etc/ssh/sshd_config"
- regexp: "^Port"
- line: "Port 575"
- - name: Disable root login
- lineinfile:
- dest: "/etc/ssh/sshd_config"
- regexp: "^PermitRootLogin"
- line: "PermitRootLogin no"
- - name: Change swapiness
- sysctl:
- name: vm.swappiness
- value: 10
- state: present
- - name: Create user with ssh key, but no password.
- user:
- name: "{{ username }}"
- generate_ssh_key: yes
- shell: /bin/bash
- ssh_key_passphrase: "{{ password }}"
- - name: Copy {{ username }}'s id_rsa.pub to /home/{{ username }}/.ssh/id_rsa.pub
- copy:
- src: ./files/user/id_rsa.pub
- dest: /home/{{username}}/.ssh/id_rsa.pub
- mode: 0400
- owner: "{{ username }}"
- - name: Append user public ssh key to authorized_keys file if not exist
- shell: "cd /home/{{ username }}/.ssh/; rm -f id_rsa; touch authorized_keys; chown {{ username }}:{{ username }} authorized_keys; chmod 600 authorized_keys; if ! grep ansible authorized_keys > /dev/null; then cat id_rsa.pub >> authorized_keys; fi;"
- - name: Make sure {{ username }} with sudo permission
- lineinfile:
- path: /etc/sudoers
- regexp: "^{{ username }}"
- state: present
- line: "{{ username }} ALL=(ALL) NOPASSWD: ALL"
- - name: Restart sshd service
- service:
- name: sshd
- state: restarted
- become: yes
Add Comment
Please, Sign In to add comment