Last change
on this file since 14187 was
13994,
checked in by uli, 8 years ago
|
Turn (some) tasks from playbook into roles.
|
File size:
904 bytes
|
Line | |
---|
1 | --- |
---|
2 | # This ansible-playbook prepares fresh-from-hetzner |
---|
3 | # servers for work with ansible. |
---|
4 | # |
---|
5 | # What it does: |
---|
6 | # secures sshd (according to bettercrypto.org) |
---|
7 | # adds accounts uli/henrik/deploy |
---|
8 | # disables root access |
---|
9 | # |
---|
10 | # This playbook should be executed as first thing |
---|
11 | # after getting your hands over new hardware |
---|
12 | # |
---|
13 | # It will normally be run with ``ask-pass`` |
---|
14 | # |
---|
15 | - hosts: yet-untouched |
---|
16 | vars: |
---|
17 | deploy_user: 'deploy' |
---|
18 | deploy_public_key: "{{ lookup('file', 'files/id-deploy.pub') }}" |
---|
19 | |
---|
20 | tasks: |
---|
21 | - name: "bootstrap | update authorized key of 'deploy'" |
---|
22 | authorized_key: |
---|
23 | user="{{ deploy_user }}" |
---|
24 | key="{{ deploy_public_key }}" |
---|
25 | |
---|
26 | - name: "bootstrap | grant sudoers perms to 'deploy'" |
---|
27 | lineinfile: |
---|
28 | dest=/etc/sudoers |
---|
29 | insertafter="^root" |
---|
30 | line="{{ deploy_user }} ALL=(ALL) NOPASSWD{{ ':' }} ALL" |
---|
31 | state=present |
---|
32 | |
---|
33 | roles: |
---|
34 | - openssh |
---|
35 | - core |
---|
Note: See
TracBrowser for help on using the repository browser.