twirre/ansible-domo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6939f40a9fd74413827f87677344a8f0d6966ef6
ansible-domo/roles/ssh/tasks/main.yml
Twirre Meulenbelt 6939f40a9f feat: add password for twirre user
2026-04-22 18:48:28 +02:00

61 lines
1.5 KiB
YAML
Raw Blame History

---
- name: Install SSH packages
ansible.builtin.apt:
name: "{{ ssh_packages }}"
state: present
update_cache: true
- name: Ensure admin groups exist
ansible.builtin.group:
name: "{{ item }}"
state: present
loop: "{{ ssh_admin_groups }}"
- name: Ensure admin users exist
ansible.builtin.user:
name: "{{ item.name }}"
shell: "{{ item.shell | default('/bin/bash') }}"
groups: "{{ item.groups | default([]) }}"
password: "{{ item.password | default(omit) }}"
update_password: always
append: true
create_home: true
state: present
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Ensure .ssh directories exist
ansible.builtin.file:
path: "/home/{{ item.name }}/.ssh"
state: directory
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: "0700"
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Install SSH authorized key files
ansible.builtin.copy:
dest: "/home/{{ item.name }}/.ssh/authorized_keys"
content: |
{% for key in item.authorized_keys | default([]) %}
{{ key }}
{% endfor %}
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: "0600"
loop: "{{ ssh_admin_users }}"
loop_control:
label: "{{ item.name }}"
- name: Harden sshd configuration
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config.d/99-twirre.conf
owner: root
group: root
mode: "0644"
notify: Restart ssh
Reference in New Issue View Git Blame Copy Permalink