diff options
author | clarkzjw <[email protected]> | 2023-03-02 22:48:42 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2023-03-02 22:48:42 -0800 |
commit | 1b36d880c202d5868757e2e49c6e774e43dc4f8d (patch) | |
tree | bb13f4d12d1320f0434eff7740fd6ac000cfbedb /hetzner/init.yaml | |
parent | f4fc1682ad379799b0610c1477e1fead06880993 (diff) | |
parent | 0a044f572564412df4d33a6899c6c6f007c004f6 (diff) | |
download | homelab-1b36d880c202d5868757e2e49c6e774e43dc4f8d.tar.gz |
Merge branch 'hetzner'
add ansible playbook collections for debian initialization
Diffstat (limited to 'hetzner/init.yaml')
-rw-r--r-- | hetzner/init.yaml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/hetzner/init.yaml b/hetzner/init.yaml new file mode 100644 index 0000000..a4a3db1 --- /dev/null +++ b/hetzner/init.yaml | |||
@@ -0,0 +1,53 @@ | |||
1 | --- | ||
2 | - name: System initialization | ||
3 | hosts: localhost | ||
4 | become: true | ||
5 | tasks: | ||
6 | - name: Make sure we have a 'wheel' group | ||
7 | group: | ||
8 | name: wheel | ||
9 | state: present | ||
10 | |||
11 | - name: Allow 'wheel' group to have passwordless sudo | ||
12 | lineinfile: | ||
13 | dest: /etc/sudoers | ||
14 | state: present | ||
15 | regexp: '^%wheel' | ||
16 | line: '%wheel ALL=(ALL) NOPASSWD: ALL' | ||
17 | validate: visudo -cf %s | ||
18 | |||
19 | - name: Add sudoers users to wheel group | ||
20 | user: | ||
21 | name: clarkzjw | ||
22 | groups: wheel | ||
23 | append: yes | ||
24 | shell: /bin/bash | ||
25 | |||
26 | - name: Set authorized keys taken from url | ||
27 | authorized_key: | ||
28 | user: clarkzjw | ||
29 | state: present | ||
30 | key: https://github.com/clarkzjw.keys | ||
31 | |||
32 | - name: Disable Root Login | ||
33 | lineinfile: | ||
34 | dest: /etc/ssh/sshd_config | ||
35 | regexp: '^PermitRootLogin' | ||
36 | line: "PermitRootLogin no" | ||
37 | state: present | ||
38 | backup: yes | ||
39 | |||
40 | - name: Disable Password Login | ||
41 | lineinfile: | ||
42 | dest: /etc/ssh/sshd_config | ||
43 | regexp: '^PasswordAuthentication' | ||
44 | line: "PasswordAuthentication no" | ||
45 | state: present | ||
46 | backup: yes | ||
47 | |||
48 | - name: Restart SSHD | ||
49 | systemd: | ||
50 | name: ssh | ||
51 | enabled: true | ||
52 | state: restarted | ||
53 | daemon_reload: true | ||