blob: 29cf529daaea3ea118837d9313c310a76e9052ed (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: visudo -cf %s
- name: Add sudoers users to wheel group
user:
name: clarkzjw
groups: wheel
append: yes
- name: Set authorized keys taken from url
authorized_key:
user: clarkzjw
state: present
key: https://github.com/clarkzjw.keys
- name: Add Tailscale GPG apt Key
apt_key:
url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg
state: present
- name: Add Tailscale Repository
get_url:
url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list
dest: /etc/apt/sources.list.d/tailscale.list
- name: Install Tailscale
apt:
name:
- tailscale
update_cache: true
- name: Disable Root Login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin yes'
line: "PermitRootLogin no"
state: present
backup: yes
- name: Restart SSHD
systemd:
name: ssh
enabled: true
state: restarted
daemon_reload: true
|