Spaces:
No application file
No application file
File size: 1,393 Bytes
8b058a4 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
---
- name: Set up users with sudo privileges and SSH keys
hosts: all
become: yes
vars_files:
- ../vars/secrets.yml
vars:
users:
- name: jake
ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN13c8DOTx1GjD027XbN/G6MByFEvDX8zttW9EwCxQFe main key"
- name: rayhan
ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6Zr582CwihCcLtO0wY0urFnsaka5TRUELAU/7qxt/m rayhanunix@LAPTOP-72FA1E7J"
tasks:
- name: Create users
user:
name: "{{ item.name }}"
password: "{{ item.password | password_hash('sha512') }}"
state: present
groups: sudo
shell: /bin/bash
loop: "{{ vault_users }}"
- name: Add SSH keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.ssh_key }}"
state: present
loop: "{{ users }}"
- name: Ensure sudo group has sudo privileges
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL:ALL) ALL'
validate: '/usr/sbin/visudo -cf %s'
- name: Disable password authentication for SSH
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
state: present
notify: Restart SSH
handlers:
- name: Restart SSH
service:
name: sshd
state: restarted
|