blob: 36844c3d1666ba93ea3b876ec139610caa9aa223 (
plain) (
tree)
|
|
# =========================================================================== #
# __ _ __
# _________ / /__ ________ _______ _______(_) /___ __
# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / /
# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ /
# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, /
# /____/
#
# =========================================================================== #
---
- name: Remove default user pi
user:
name: pi
state: absent
remove: yes
- name: Remove default group pi
group:
name: pi
state: absent
- name: Apply syspatch for system type = {{ ansible_distribution }}
syspatch:
apply: true
when: inventory_hostname in groups["openbsd"]
- name: Add puffy account for system type = {{ ansible_distribution }}
user:
name: puffy
group: wheel
when: inventory_hostname in groups["openbsd"]
- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }}
copy:
src: "{{ role_path }}/files/doas.conf"
dest: "/etc/doas.conf"
- name: Copy ssh key for puffy account
authorized_key:
user: puffy
state: present
key: "{{ item }}"
with_file:
- "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
- name: Copy ssh key for root account
authorized_key:
user: root
state: present
key: "{{ item }}"
with_file:
- "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
- name: Disable password login in sshd_config
lineinfile:
path: /etc/ssh/sshd_config
regexp: "PasswordAuthentication"
line: "PasswordAuthentication no"
- name: Restart sshd daemon
service:
name: sshd
state: restarted
|
