source: main/waeup-ansible/bootstrap.yml @ 14187

Last change on this file since 14187 was 13994, checked in by uli, 8 years ago

Turn (some) tasks from playbook into roles.

File size: 904 bytes
Line 
1---
2# This ansible-playbook prepares fresh-from-hetzner
3# servers for work with ansible.
4#
5# What it does:
6#   secures sshd (according to bettercrypto.org)
7#   adds accounts uli/henrik/deploy
8#   disables root access
9#
10# This playbook should be executed as first thing
11# after getting your hands over new hardware
12#
13# It will normally be run with ``ask-pass``
14#
15- hosts: yet-untouched
16  vars:
17    deploy_user: 'deploy'
18    deploy_public_key: "{{ lookup('file', 'files/id-deploy.pub') }}"
19
20  tasks:
21    - name: "bootstrap | update authorized key of 'deploy'"
22      authorized_key:
23        user="{{ deploy_user }}"
24        key="{{ deploy_public_key }}"
25
26    - name: "bootstrap | grant sudoers perms to 'deploy'"
27      lineinfile:
28        dest=/etc/sudoers
29        insertafter="^root"
30        line="{{ deploy_user }}  ALL=(ALL) NOPASSWD{{ ':' }} ALL"
31        state=present
32
33  roles:
34    - openssh
35    - core
Note: See TracBrowser for help on using the repository browser.