xenobyte/sukaato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Made state status and copied file ownership explicit

Browse Source
This commit is contained in:
Alex Tavarez
2025-09-05 18:52:18 -04:00
parent a39d7a78ae
commit 6ea6e14c82
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.ansible/roles/lockdown/tasks/main.yml
View File

@@ -31,8 +31,6 @@
uid: 1000 uid: 1000
password: "{{ item.password }}" password: "{{ item.password }}"
append: yes append: yes
groups:
- sudo
shell: /bin/bash shell: /bin/bash
generate_ssh_key: yes generate_ssh_key: yes
password_expire_min: 93 password_expire_min: 93
@@ -84,6 +82,7 @@
owner: "{{ item.name }}" owner: "{{ item.name }}"
group: "{{ item.name }}" group: "{{ item.name }}"
mode: "0600" mode: "0600"
state: present
tags: tags:
- other_users - other_users
- others_ssh - others_ssh
@@ -101,6 +100,7 @@
owner: "{{ created_admin.name }}" owner: "{{ created_admin.name }}"
group: "{{ created_admin.name }}" group: "{{ created_admin.name }}"
mode: "0600" mode: "0600"
state: present
tags: tags:
- default - default
- administrative_user - administrative_user
@@ -129,7 +129,10 @@
dest: /etc/ssh/sshd_config.d/auth.conf dest: /etc/ssh/sshd_config.d/auth.conf
force: yes force: yes
backup: yes backup: yes
owner: root
group: root
mode: "0644" mode: "0644"
state: present
tags: tags:
- depass_root - depass_root
register: constrained_auth register: constrained_auth
@@ -139,7 +142,10 @@
dest: /etc/ssh/sshd_config.d/denyroot.conf dest: /etc/ssh/sshd_config.d/denyroot.conf
force: yes force: yes
backup: yes backup: yes
owner: root
group: root
mode: "0644" mode: "0644"
state: present
tags: tags:
- prohib_root_ssh - prohib_root_ssh
register: prohibited_root_ssh_login register: prohibited_root_ssh_login