From a077d65e5f7f415cc17abeee2264e24957ef97cd Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 13 Jan 2023 16:53:03 -0800 Subject: change domain to clarkzjw.cc --- .../atlas/ansible/roles/init/tasks/main.yaml | 56 ++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml (limited to 'clarkzjw.cc/config/atlas/ansible/roles/init/tasks') diff --git a/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml new file mode 100644 index 0000000..29cf529 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml @@ -0,0 +1,56 @@ +- name: Make sure we have a 'wheel' group + group: + name: wheel + state: present + +- name: Allow 'wheel' group to have passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD: ALL' + validate: visudo -cf %s + +- name: Add sudoers users to wheel group + user: + name: clarkzjw + groups: wheel + append: yes + +- name: Set authorized keys taken from url + authorized_key: + user: clarkzjw + state: present + key: https://github.com/clarkzjw.keys + +- name: Add Tailscale GPG apt Key + apt_key: + url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg + keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg + state: present + +- name: Add Tailscale Repository + get_url: + url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list + dest: /etc/apt/sources.list.d/tailscale.list + +- name: Install Tailscale + apt: + name: + - tailscale + update_cache: true + +- name: Disable Root Login + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin yes' + line: "PermitRootLogin no" + state: present + backup: yes + +- name: Restart SSHD + systemd: + name: ssh + enabled: true + state: restarted + daemon_reload: true -- cgit v1.2.3