58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
---
|
|
- name: SSH
|
|
hosts: server
|
|
tasks:
|
|
- name: Ensure ansible ssh directory exists
|
|
file:
|
|
path: /home/ansible/.ssh
|
|
state: directory
|
|
|
|
- name: Import SSH keys
|
|
authorized_key:
|
|
user: ansible
|
|
key: '{{ item }}'
|
|
state: present
|
|
loop: '{{ ssh_keys }}'
|
|
|
|
- name: Allow ansible user to only log in on wg0
|
|
become: true
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
backup: true
|
|
line: "{{ item }}"
|
|
insertafter: EOF
|
|
loop:
|
|
- "\n# Allow Ansible user to log in only using SSH key and only on wg0 interface"
|
|
- "Match User ansible Address !10.123.0.0/24"
|
|
- " PermitRootLogin no"
|
|
- " PasswordAuthentication no"
|
|
- " AllowTcpForwarding no"
|
|
- " X11Forwarding no"
|
|
notify: restart sshd
|
|
handlers:
|
|
- name: restart sshd
|
|
become: true
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
|
|
- name: Users
|
|
hosts: all
|
|
tasks:
|
|
- name: Set bash as default shell for root
|
|
become: true
|
|
user:
|
|
name: root
|
|
shell: /bin/bash
|
|
|
|
#- name: User fr
|
|
# user:
|
|
# name: fr
|
|
# password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
|
|
# groups:
|
|
# # Arduino serial access
|
|
# - dialout
|
|
# - wheel
|
|
# state: present
|
|
|