44 lines
1018 B
YAML
44 lines
1018 B
YAML
- name: Ensure sudo is available
|
|
ansible.builtin.apt:
|
|
state: present
|
|
update_cache: true
|
|
pkg:
|
|
- sudo
|
|
- zsh
|
|
- name: Create webadmin user
|
|
ansible.builtin.user:
|
|
name: webadmin
|
|
state: present
|
|
shell: /bin/zsh
|
|
groups:
|
|
- nginx
|
|
append: true
|
|
- name: Copy webadmin public key
|
|
ansible.posix.authorized_key:
|
|
user: webadmin
|
|
state: present
|
|
key: "{{ lookup('file', 'files/webadmin.pem.pub') }}"
|
|
- name: Add webadmin to sudoers
|
|
ansible.builtin.copy:
|
|
dest: "/etc/sudoers.d/webadmin"
|
|
content: "webadmin ALL=(ALL) NOPASSWD: ALL"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
- name: Disable Password Authentication
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
line: PasswordAuthentication no
|
|
state: present
|
|
backup: true
|
|
notify:
|
|
- Restart SSH
|
|
- name: Disable root login
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
line: PermitRootLogin no
|
|
state: present
|
|
backup: true
|
|
notify:
|
|
- Restart SSH
|