athens-school/Ansible
4
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity
Ansible/user-provision/tasks/main.yml
Tanguy Herbron f983f9f2ed feat: Align configuration and Makefile 
This contains a lot of changes, including better system configuration for some issues discovered during testing, and minor tweaking for better user experience when doing maintenance
2025-03-22 19:26:04 +01:00

67 lines
1.8 KiB
YAML
Raw Blame History

- block:
- include_vars: "{{ playbook_dir ~ '/vault/user_provisioning' }}"
# Atmen : slave, servant
- name: Add provisioning user "atmen" for ansible
ansible.builtin.user:
name: atmen
comment: Ansible provisioner
groups: sudo
append: yes
shell: /bin/bash
password: "{{ vault_atmen_password | password_hash('sha512') }}"
- name: Set authorized key for atmen
ansible.posix.authorized_key:
user: atmen
state: present
key: "{{ lookup('file', atmen_ssh_key_host_path) }}"
- name: Add maintainer user
ansible.builtin.user:
name: "{{ vault_maintainer_user }}"
comment: Maintainer user
groups: sudo
append: yes
shell: /bin/bash
password: "{{ vault_maintainer_password | password_hash('sha512') }}"
- name: Set authorized key for maintainer user
ansible.posix.authorized_key:
user: "{{ vault_maintainer_user }}"
state: present
key: "{{ lookup('file', maintainer_ssh_key_host_path) }}"
- name: Disable root login
ansible.builtin.user:
name: root
password: '*'
- name: Disable SSH login for creator
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
line: DenyUsers creator
state: present
- name: Disable password login
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: '^(#\s*)?PasswordAuthentication '
line: "PasswordAuthentication no"
notify: restart sshd
- name: Remove SSH message
ansible.builtin.file:
path: /etc/ssh/sshd_config.d/rename_user.conf
state: absent
ignore_errors: yes
- name: Change SSH port
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^Port "
line: "Port {{ sshd_port }}"
notify: restart sshd
changed_when: true
become: yes
Reference in New Issue View Git Blame Copy Permalink