|
Last change
on this file since 17773 was
15915,
checked in by uli, 5 years ago
|
|
Rename group [yet-untouched] -> [yet_untouched]
as ansible does not like dashes in groupnames.
|
|
File size:
939 bytes
|
| Line | |
|---|
| 1 | --- |
|---|
| 2 | # This ansible-playbook prepares freshly initiated vagrant |
|---|
| 3 | # servers for work with ansible. |
|---|
| 4 | # |
|---|
| 5 | # It should be played as first thing after running `vagrant` |
|---|
| 6 | # on the remote host. |
|---|
| 7 | # |
|---|
| 8 | # The documentation for this playbook is in `README.vhosts.rst`. Please read |
|---|
| 9 | # it! Do not run this playbook without having read the README. |
|---|
| 10 | # |
|---|
| 11 | - hosts: yet_untouched |
|---|
| 12 | become: yes |
|---|
| 13 | vars: |
|---|
| 14 | # Enable root access via SSH? Set to false not before user |
|---|
| 15 | # accounts are active. |
|---|
| 16 | permit_ssh_root: false |
|---|
| 17 | |
|---|
| 18 | roles: |
|---|
| 19 | - openssh |
|---|
| 20 | |
|---|
| 21 | handlers: |
|---|
| 22 | - name: "Restart sshd" |
|---|
| 23 | service: |
|---|
| 24 | name="ssh" |
|---|
| 25 | enabled=yes |
|---|
| 26 | state=restarted |
|---|
| 27 | |
|---|
| 28 | tasks: |
|---|
| 29 | - name: Disable SSH root access |
|---|
| 30 | # make sure this is not run before you can log in otherwise! |
|---|
| 31 | lineinfile: |
|---|
| 32 | dest=/etc/ssh/sshd_config |
|---|
| 33 | backrefs=yes |
|---|
| 34 | line='PermitRootLogin no' |
|---|
| 35 | regexp='^PermitRootLogin yes' |
|---|
| 36 | state=present |
|---|
| 37 | notify: "restart sshd" |
|---|
| 38 | when: not permit_ssh_root |
|---|
Note: See
TracBrowser for help on using the repository browser.
