twirre/ansible-domo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: full untested ansible setup

Browse Source
This commit is contained in:
Twirre Meulenbelt
2026-04-22 12:22:58 +02:00
parent b1d9b2a857
commit 0d967909e7
37 changed files with 1362 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
roles/ssh/tasks/main.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Install SSH packages
ansible.builtin.apt:
name: "{{ ssh_packages }}"
state: present
update_cache: true
- name: Ensure admin groups exist
ansible.builtin.group:
name: "{{ item }}"
state: present
loop: "{{ ssh_admin_groups }}"
- name: Ensure admin users exist
ansible.builtin.user:
name: "{{ item.name }}"
shell: "{{ item.shell | default('/bin/bash') }}"
groups: "{{ item.groups | default([]) }}"
append: true
create_home: true
state: present
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Ensure .ssh directories exist
ansible.builtin.file:
path: "/home/{{ item.name }}/.ssh"
state: directory
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: "0700"
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Install SSH authorized key files
ansible.builtin.copy:
dest: "/home/{{ item.name }}/.ssh/authorized_keys"
content: |
{% for key in item.authorized_keys | default([]) %}
{{ key }}
{% endfor %}
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: "0600"
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Harden sshd configuration
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config.d/99-twirre.conf
owner: root
group: root
mode: "0644"
notify: Restart ssh