| Line | |
|---|
| 1 | --- |
|---|
| 2 | # This ansible-playbook prepares fresh-from-hetzner |
|---|
| 3 | # servers for work with ansible. |
|---|
| 4 | # |
|---|
| 5 | # What it does: |
|---|
| 6 | # secures sshd (according to bettercrypto.org) |
|---|
| 7 | # adds accounts uli/henrik/deploy |
|---|
| 8 | # disables root access |
|---|
| 9 | # |
|---|
| 10 | # This playbook should be executed as first thing |
|---|
| 11 | # after getting your hands over new hardware |
|---|
| 12 | # |
|---|
| 13 | # It will normally be run with ``ask-pass`` |
|---|
| 14 | # |
|---|
| 15 | - hosts: yet-untouched |
|---|
| 16 | vars: |
|---|
| 17 | deploy_user: 'deploy' |
|---|
| 18 | deploy_public_key: "{{ lookup('file', 'files/id-deploy.pub') }}" |
|---|
| 19 | tasks: |
|---|
| 20 | |
|---|
| 21 | - name: "bootstrap | create 'deploy' user" |
|---|
| 22 | user: |
|---|
| 23 | name="{{ deploy_user }}" |
|---|
| 24 | append=yes |
|---|
| 25 | uid=2222 |
|---|
| 26 | |
|---|
| 27 | - name: "bootstrap | update authorized key of 'deploy'" |
|---|
| 28 | authorized_key: |
|---|
| 29 | user="{{ deploy_user }}" |
|---|
| 30 | key="{{ deploy_public_key }}" |
|---|
| 31 | |
|---|
| 32 | - name: "bootstrap | restart sshd" |
|---|
| 33 | service: |
|---|
| 34 | name="ssh" |
|---|
| 35 | enabled=yes |
|---|
| 36 | state=restarted |
|---|
Note: See
TracBrowser for help on using the repository browser.
