Initial ansible files

Author: lucasballr

.gitignore

@@ -0,0 +1 @@
+keys/*

ansible_defense.yml

@@ -0,0 +1,30 @@
+---
+- name: Update servers
+  vars: 
+    p: "super_secret"
+  hosts: servers
+  tasks:
+  - name: Update password
+    ansible.builtin.user:
+      name: root
+      password: "{{ p | password_hash('sha512') }}"
+      state: present
+  - name: Place ssh key
+    authorized_key:
+      user: "root"
+      key: "{{ lookup('file', './keys/ansible.pub') }}"
+      state: present
+  - name: Change ssh_config
+    lineinfile:
+      path: "/etc/ssh/sshd_config"
+      regex: "^(#)?{{item.key}}"
+      line: "{{item.key}} {{item.value}}"
+      state: present
+    loop:
+      - { key: "PermitRootLogin", value: "yes" }
+      - { key: "AuthenticationMethods", value: "publickey" }
+      - { key: "PasswordAuthentication", value: "no" }
+      - { key: "PubkeyAuthentication", value: "yes" }
+      - { key: "PermitEmptyPasswords", value: "no" }
+    notify:
+      - restart sshd

handlers/restart.yml

@@ -0,0 +1,5 @@
+---
+- name: restart sshd
+  ansible.builtin.service:
+    name: sshd
+    state: restarted

inventory.ini

@@ -0,0 +1,9 @@
+[servers:vars]
+#ansible_connection=ssh
+ansible_user=notroot
+ansible_ssh_pass=bingbong1
+ansible_sudo_pass=bingbong1
+key_file="./ansible"
+
+[servers]
+10.16.0.5 ansible_become=true