Added a playbook for disabling root on VPS and enabling key-based authentication

fortify@vps.yml

@@ -0,0 +1,53 @@
+---
+- name: Bootstrap virtual private servers
+  hosts: vps
+  gather_facts: yes
+  vars:
+    # # below is just to remind you to use '-u' instead 
+    # ansible_user: "{{ root_auths[0].username }}"
+    # # below is just to remind you to use '--ask-pass' instead
+    # ansible_password: "{{ root_auths[0].password }}"
+    FAMILY: "{{ ansible_facts['os_family'] }}"
+    root_disable_method: delog
+
+  tasks:
+    - name: Create users
+      include_role:
+        name: bootstrap
+        tasks_from: "users@{{ FAMILY  }}.yml"
+        defaults_from: "general.yml"
+      vars:
+        admins: "{{ admin_auths }}"
+        guests: "{{ guest_auths }}"
+        users: "{{ user_auths }}"
+      register: accts_created
+      tags: ['default', 'userbase_creation']
+    - name: Require authorized keys for SSH access to accounts
+      include_role:
+        name: bootstrap
+        tasks_from: auth@ssh.yml
+        defaults_from: general.yml
+      vars:
+        pubkeys: "{{ user_pubkeys }}"
+        root_acct: "{{ root_auths[0] }}"
+      register: ssh_authorized
+      tags: ['default', 'ssh_uthorization']
+    - name: Disable SSH login for this account
+      include_role:
+        name: bootstrap
+        tasks_from: denyroot@ssh.yml
+        defaults_from: general.yml
+      vars:
+        root_acct: "{{ root_auths[0] }}"
+      register: sshroot_disabled
+      tags: ['default', 'root_denial']
+      when: not ssh_root_login
+    - name: Disable root account
+      include_role:
+        name: bootstrap
+        tasks_from: denyroot.yml
+        defaults_from: general.yml
+      vars:
+        roots: "{{ root_auths }}"
+        nonlogin_method: "{{ root_disable_method }}"
+