|
Last change
on this file since 14292 was
13994,
checked in by uli, 8 years ago
|
|
Turn (some) tasks from playbook into roles.
|
|
File size:
904 bytes
|
| Rev | Line | |
|---|
| [13839] | 1 | --- |
|---|
| 2 | # This ansible-playbook prepares fresh-from-hetzner |
|---|
| 3 | # servers for work with ansible. |
|---|
| 4 | # |
|---|
| 5 | # What it does: |
|---|
| 6 | # secures sshd (according to bettercrypto.org) |
|---|
| 7 | # adds accounts uli/henrik/deploy |
|---|
| 8 | # disables root access |
|---|
| 9 | # |
|---|
| 10 | # This playbook should be executed as first thing |
|---|
| 11 | # after getting your hands over new hardware |
|---|
| 12 | # |
|---|
| 13 | # It will normally be run with ``ask-pass`` |
|---|
| 14 | # |
|---|
| 15 | - hosts: yet-untouched |
|---|
| [13842] | 16 | vars: |
|---|
| 17 | deploy_user: 'deploy' |
|---|
| 18 | deploy_public_key: "{{ lookup('file', 'files/id-deploy.pub') }}" |
|---|
| [13849] | 19 | |
|---|
| [13839] | 20 | tasks: |
|---|
| [13842] | 21 | - name: "bootstrap | update authorized key of 'deploy'" |
|---|
| 22 | authorized_key: |
|---|
| 23 | user="{{ deploy_user }}" |
|---|
| 24 | key="{{ deploy_public_key }}" |
|---|
| 25 | |
|---|
| [13844] | 26 | - name: "bootstrap | grant sudoers perms to 'deploy'" |
|---|
| 27 | lineinfile: |
|---|
| [13847] | 28 | dest=/etc/sudoers |
|---|
| 29 | insertafter="^root" |
|---|
| 30 | line="{{ deploy_user }} ALL=(ALL) NOPASSWD{{ ':' }} ALL" |
|---|
| 31 | state=present |
|---|
| [13844] | 32 | |
|---|
| [13994] | 33 | roles: |
|---|
| 34 | - openssh |
|---|
| 35 | - core |
|---|
Note: See
TracBrowser for help on using the repository browser.
