diff options
Diffstat (limited to 'roles/setup_security/tasks/main.yml')
-rw-r--r-- | roles/setup_security/tasks/main.yml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/roles/setup_security/tasks/main.yml b/roles/setup_security/tasks/main.yml index 7d29cf5..36844c3 100644 --- a/roles/setup_security/tasks/main.yml +++ b/roles/setup_security/tasks/main.yml @@ -20,3 +20,46 @@ group: name: pi state: absent + +- name: Apply syspatch for system type = {{ ansible_distribution }} + syspatch: + apply: true + when: inventory_hostname in groups["openbsd"] + +- name: Add puffy account for system type = {{ ansible_distribution }} + user: + name: puffy + group: wheel + when: inventory_hostname in groups["openbsd"] + +- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }} + copy: + src: "{{ role_path }}/files/doas.conf" + dest: "/etc/doas.conf" + +- name: Copy ssh key for puffy account + authorized_key: + user: puffy + state: present + key: "{{ item }}" + with_file: + - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh" + +- name: Copy ssh key for root account + authorized_key: + user: root + state: present + key: "{{ item }}" + with_file: + - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh" + +- name: Disable password login in sshd_config + lineinfile: + path: /etc/ssh/sshd_config + regexp: "PasswordAuthentication" + line: "PasswordAuthentication no" + +- name: Restart sshd daemon + service: + name: sshd + state: restarted |