Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - hosts: new
- vars:
- - root_password: 'foo'
- - minerva_password: 'bar'
- tasks:
- - name: Change root password
- user:
- name=root
- password={{ root_password }}
- - name: Add user minerva
- user:
- name=minerva
- password={{ minerva_password }}
- - name: Add SSH public keys to user minerva
- authorized_key:
- user=minerva
- key="{{ lookup('file', "../keys/id_rsa.pub") }}"
- - name: Add user minerva to sudoers
- lineinfile:
- "dest=/etc/sudoers
- regexp="^minerva ALL"
- line="minerva ALL=(ALL) NOPASSWD: ALL"
- state=present
- - name: Disallow root SSH access
- lineinfile:
- dest=/etc/ssh/sshd_config
- regexp="^PermitRootLogin"
- line="PermitRootLogin no"
- state=present
- notify:
- - restart sshd
- - name: Disallow SSH password authentication
- lineinfile:
- dest=/etc/ssh/sshd_config
- regexp="^PasswordAuthentication"
- line="PasswordAuthentication no"
- state=present
- notify:
- - restart sshd
- handlers:
- - name: restart sshd
- service:
- name=sshd
- state=restarted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement