aboutsummaryrefslogtreecommitdiffstats
path: root/roles/setup_security
diff options
context:
space:
mode:
Diffstat (limited to 'roles/setup_security')
-rw-r--r--roles/setup_security/files/doas.conf2
-rw-r--r--roles/setup_security/tasks/main.yml65
2 files changed, 0 insertions, 67 deletions
diff --git a/roles/setup_security/files/doas.conf b/roles/setup_security/files/doas.conf
deleted file mode 100644
index cf3a9d0..0000000
--- a/roles/setup_security/files/doas.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-permit keepenv nopass puffy as root
-permit keepenv nopass root
diff --git a/roles/setup_security/tasks/main.yml b/roles/setup_security/tasks/main.yml
deleted file mode 100644
index 36844c3..0000000
--- a/roles/setup_security/tasks/main.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-
-# =========================================================================== #
-# __ _ __
-# _________ / /__ ________ _______ _______(_) /___ __
-# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / /
-# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ /
-# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, /
-# /____/
-#
-# =========================================================================== #
-
----
-- name: Remove default user pi
- user:
- name: pi
- state: absent
- remove: yes
-
-- name: Remove default group pi
- group:
- name: pi
- state: absent
-
-- name: Apply syspatch for system type = {{ ansible_distribution }}
- syspatch:
- apply: true
- when: inventory_hostname in groups["openbsd"]
-
-- name: Add puffy account for system type = {{ ansible_distribution }}
- user:
- name: puffy
- group: wheel
- when: inventory_hostname in groups["openbsd"]
-
-- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }}
- copy:
- src: "{{ role_path }}/files/doas.conf"
- dest: "/etc/doas.conf"
-
-- name: Copy ssh key for puffy account
- authorized_key:
- user: puffy
- state: present
- key: "{{ item }}"
- with_file:
- - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
-
-- name: Copy ssh key for root account
- authorized_key:
- user: root
- state: present
- key: "{{ item }}"
- with_file:
- - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
-
-- name: Disable password login in sshd_config
- lineinfile:
- path: /etc/ssh/sshd_config
- regexp: "PasswordAuthentication"
- line: "PasswordAuthentication no"
-
-- name: Restart sshd daemon
- service:
- name: sshd
- state: restarted
remember that computers suck.