forked from ipfs-search/ipfs-search
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbootstrap.yml
57 lines (48 loc) · 1.28 KB
/
bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
- include: python2.yml
- hosts: all
become: true
vars:
- remote_user: "{{ lookup('env','USER') }}"
tasks:
- name: Create user '{{ remote_user}}'
user: name="{{ remote_user }}" shell=/bin/bash state=present
- name: Add SSH public key to user remote
authorized_key:
user="{{ remote_user }}"
key="{{ lookup('file', "~/.ssh/id_rsa.pub") }}"
- name: Add remote user to sudoers
lineinfile:
"dest=/etc/sudoers
regexp='^{{ remote_user }} ALL'
line='{{ remote_user }} ALL=(ALL:ALL) NOPASSWD: ALL'
state=present"
- name: Disallow root SSH access
lineinfile:
dest=/etc/ssh/sshd_config
regexp="^PermitRootLogin"
line="PermitRootLogin no"
state=present
notify:
- restart sshd
- name: Disallow SSH password authentication
lineinfile:
dest=/etc/ssh/sshd_config
regexp="^PasswordAuthentication"
line="PasswordAuthentication no"
state=present
notify:
- restart sshd
- name: Disallow SSH GSS API authentication
lineinfile:
dest=/etc/ssh/sshd_config
regexp="^GSSAPIAuthentication"
line="GSSAPIAuthentication no"
state=present
notify:
- restart sshd
handlers:
- name: restart sshd
service:
name=sshd
state=restarted