From 0a044f572564412df4d33a6899c6c6f007c004f6 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Thu, 2 Mar 2023 22:48:26 -0800
Subject: add ansible playbooks for system initialization

---
 hetzner/init.yaml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 hetzner/init.yaml

(limited to 'hetzner/init.yaml')

diff --git a/hetzner/init.yaml b/hetzner/init.yaml
new file mode 100644
index 0000000..a4a3db1
--- /dev/null
+++ b/hetzner/init.yaml
@@ -0,0 +1,53 @@
+---
+  - name: System initialization
+    hosts: localhost
+    become: true
+    tasks:
+      - name: Make sure we have a 'wheel' group
+        group:
+          name: wheel
+          state: present
+
+      - name: Allow 'wheel' group to have passwordless sudo
+        lineinfile:
+          dest: /etc/sudoers
+          state: present
+          regexp: '^%wheel'
+          line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+          validate: visudo -cf %s
+
+      - name: Add sudoers users to wheel group
+        user:
+          name: clarkzjw
+          groups: wheel
+          append: yes
+          shell: /bin/bash
+
+      - name: Set authorized keys taken from url
+        authorized_key:
+          user: clarkzjw
+          state: present
+          key: https://github.com/clarkzjw.keys
+
+      - name: Disable Root Login
+        lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: '^PermitRootLogin'
+          line: "PermitRootLogin no"
+          state: present
+          backup: yes
+
+      - name: Disable Password Login
+        lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: '^PasswordAuthentication'
+          line: "PasswordAuthentication no"
+          state: present
+          backup: yes
+
+      - name: Restart SSHD
+        systemd:
+          name: ssh
+          enabled: true
+          state: restarted
+          daemon_reload: true
-- 
cgit v1.2.3