1 files changed, 53 insertions, 0 deletions
diff --git a/hetzner/init.yaml b/hetzner/init.yaml
new file mode 100644
index 0000000..a4a3db1
--- /dev/null
+++ b/hetzner/init.yaml
@@ -0,0 +1,53 @@
+---
+  - name: System initialization
+    hosts: localhost
+    become: true
+    tasks:
+      - name: Make sure we have a 'wheel' group
+        group:
+          name: wheel
+          state: present
+      - name: Allow 'wheel' group to have passwordless sudo
+        lineinfile:
+          dest: /etc/sudoers
+          state: present
+          regexp: '^%wheel'
+          line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+          validate: visudo -cf %s
+      - name: Add sudoers users to wheel group
+        user:
+          name: clarkzjw
+          groups: wheel
+          append: yes
+          shell: /bin/bash
+      - name: Set authorized keys taken from url
+        authorized_key:
+          user: clarkzjw
+          state: present
+          key: https://github.com/clarkzjw.keys
+      - name: Disable Root Login
+        lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: '^PermitRootLogin'
+          line: "PermitRootLogin no"
+          state: present
+          backup: yes
+      - name: Disable Password Login
+        lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: '^PasswordAuthentication'
+          line: "PasswordAuthentication no"
+          state: present
+          backup: yes
+      - name: Restart SSHD
+        systemd:
+          name: ssh
+          enabled: true
+          state: restarted
+          daemon_reload: true

diff --git a/hetzner/init.yaml b/hetzner/init.yaml new file mode 100644 index 0000000..a4a3db1 --- /dev/null +++ b/hetzner/init.yaml
@@ -0,0 +1,53 @@
	1	---
	2	- name: System initialization
	3	hosts: localhost
	4	become: true
	5	tasks:
	6	- name: Make sure we have a 'wheel' group
	7	group:
	8	name: wheel
	9	state: present
	10
	11	- name: Allow 'wheel' group to have passwordless sudo
	12	lineinfile:
	13	dest: /etc/sudoers
	14	state: present
	15	regexp: '^%wheel'
	16	line: '%wheel ALL=(ALL) NOPASSWD: ALL'
	17	validate: visudo -cf %s
	18
	19	- name: Add sudoers users to wheel group
	20	user:
	21	name: clarkzjw
	22	groups: wheel
	23	append: yes
	24	shell: /bin/bash
	25
	26	- name: Set authorized keys taken from url
	27	authorized_key:
	28	user: clarkzjw
	29	state: present
	30	key: https://github.com/clarkzjw.keys
	31
	32	- name: Disable Root Login
	33	lineinfile:
	34	dest: /etc/ssh/sshd_config
	35	regexp: '^PermitRootLogin'
	36	line: "PermitRootLogin no"
	37	state: present
	38	backup: yes
	39
	40	- name: Disable Password Login
	41	lineinfile:
	42	dest: /etc/ssh/sshd_config
	43	regexp: '^PasswordAuthentication'
	44	line: "PasswordAuthentication no"
	45	state: present
	46	backup: yes
	47
	48	- name: Restart SSHD
	49	systemd:
	50	name: ssh
	51	enabled: true
	52	state: restarted
	53	daemon_reload: true