blob: 36844c3d1666ba93ea3b876ec139610caa9aa223 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# =========================================================================== #
# __ _ __
# _________ / /__ ________ _______ _______(_) /___ __
# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / /
# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ /
# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, /
# /____/
#
# =========================================================================== #
---
- name: Remove default user pi
user:
name: pi
state: absent
remove: yes
- name: Remove default group pi
group:
name: pi
state: absent
- name: Apply syspatch for system type = {{ ansible_distribution }}
syspatch:
apply: true
when: inventory_hostname in groups["openbsd"]
- name: Add puffy account for system type = {{ ansible_distribution }}
user:
name: puffy
group: wheel
when: inventory_hostname in groups["openbsd"]
- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }}
copy:
src: "{{ role_path }}/files/doas.conf"
dest: "/etc/doas.conf"
- name: Copy ssh key for puffy account
authorized_key:
user: puffy
state: present
key: "{{ item }}"
with_file:
- "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
- name: Copy ssh key for root account
authorized_key:
user: root
state: present
key: "{{ item }}"
with_file:
- "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"
- name: Disable password login in sshd_config
lineinfile:
path: /etc/ssh/sshd_config
regexp: "PasswordAuthentication"
line: "PasswordAuthentication no"
- name: Restart sshd daemon
service:
name: sshd
state: restarted
|
