Created a role for initial lockdown of recent VPS, and started role for basic server configuration

2025-09-05 00:43:14 -04:00
parent e427da26a6
commit 0cafb4968b
12 changed files with 296 additions and 0 deletions
--- a/.ansible/roles/lockdown/tasks/deshell.yml
+++ b/.ansible/roles/lockdown/tasks/deshell.yml
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: MIT-0
+---
+# tasks file for lockdown
+- name: Disable shell for root user
+  when: ansible_facts["user_id"] != "root"
+  become: true
+  ansible.builtin.user:
+    name: root
+    shell: /sbin/nologin
+  tags:
+    - deshell_root
+  register: root_shell_disabled