From b419094cda74405eb4cbb8b7031b53cd2f347566 Mon Sep 17 00:00:00 2001 From: binary Date: Thu, 12 Nov 2020 14:29:49 +0100 Subject: Refactor and cleanup old roles --- roles/setup_security/tasks/main.yml | 65 ------------------------------------- 1 file changed, 65 deletions(-) delete mode 100644 roles/setup_security/tasks/main.yml (limited to 'roles/setup_security/tasks/main.yml') diff --git a/roles/setup_security/tasks/main.yml b/roles/setup_security/tasks/main.yml deleted file mode 100644 index 36844c3..0000000 --- a/roles/setup_security/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ - -# =========================================================================== # -# __ _ __ -# _________ / /__ ________ _______ _______(_) /___ __ -# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / / -# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ / -# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, / -# /____/ -# -# =========================================================================== # - ---- -- name: Remove default user pi - user: - name: pi - state: absent - remove: yes - -- name: Remove default group pi - group: - name: pi - state: absent - -- name: Apply syspatch for system type = {{ ansible_distribution }} - syspatch: - apply: true - when: inventory_hostname in groups["openbsd"] - -- name: Add puffy account for system type = {{ ansible_distribution }} - user: - name: puffy - group: wheel - when: inventory_hostname in groups["openbsd"] - -- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }} - copy: - src: "{{ role_path }}/files/doas.conf" - dest: "/etc/doas.conf" - -- name: Copy ssh key for puffy account - authorized_key: - user: puffy - state: present - key: "{{ item }}" - with_file: - - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh" - -- name: Copy ssh key for root account - authorized_key: - user: root - state: present - key: "{{ item }}" - with_file: - - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh" - -- name: Disable password login in sshd_config - lineinfile: - path: /etc/ssh/sshd_config - regexp: "PasswordAuthentication" - line: "PasswordAuthentication no" - -- name: Restart sshd daemon - service: - name: sshd - state: restarted -- cgit v1.2.3