--- - name: Bootstrap virtual private servers hosts: vps gather_facts: yes vars: # # below is just to remind you to use '-u' instead # ansible_user: "{{ root_auths[0].username }}" # # below is just to remind you to use '--ask-pass' instead # ansible_password: "{{ root_auths[0].password }}" FAMILY: "{{ ansible_facts['os_family'] }}" root_disable_method: delog tasks: - name: Create users include_role: name: bootstrap tasks_from: "users@{{ FAMILY }}.yml" defaults_from: "general.yml" vars: admins: "{{ admin_auths }}" guests: "{{ guest_auths }}" users: "{{ user_auths }}" register: accts_created tags: ['default', 'userbase_creation'] - name: Require authorized keys for SSH access to accounts include_role: name: bootstrap tasks_from: auth@ssh.yml defaults_from: general.yml vars: pubkeys: "{{ user_pubkeys }}" root_acct: "{{ root_auths[0] }}" register: ssh_authorized tags: ['default', 'ssh_uthorization'] - name: Disable SSH login for this account include_role: name: bootstrap tasks_from: denyroot@ssh.yml defaults_from: general.yml vars: root_acct: "{{ root_auths[0] }}" register: sshroot_disabled tags: ['default', 'root_denial'] when: not ssh_root_login - name: Disable root account include_role: name: bootstrap tasks_from: denyroot.yml defaults_from: general.yml vars: roots: "{{ root_auths }}" nonlogin_method: "{{ root_disable_method }}"