47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
---
|
|
- name: Bootstrap virtual private servers
|
|
hosts: vps
|
|
gather_facts: yes
|
|
vars:
|
|
# # below is just to remind you to use '-u' instead
|
|
# ansible_user: "{{ root_auths[0].username }}"
|
|
# # below is just to remind you to use '--ask-pass' instead
|
|
# ansible_password: "{{ root_auths[0].password }}"
|
|
FAMILY: "{{ ansible_facts['os_family'] }}"
|
|
|
|
tasks:
|
|
- name: Create users
|
|
include_role:
|
|
name: bootstrap
|
|
tasks_from: "users@{{ FAMILY }}.yml"
|
|
vars:
|
|
admins: "{{ admin_auths }}"
|
|
guests: "{{ guest_auths }}"
|
|
users: "{{ user_auths }}"
|
|
register: accts_created
|
|
tags: ['default', 'userbase_creation']
|
|
- name: Require authorized keys for SSH access to accounts
|
|
include_role:
|
|
name: bootstrap
|
|
tasks_from: auth@ssh.yml
|
|
defaults_from: options/ssh.yml
|
|
vars_from: options/ssh.yml
|
|
register: ssh_authorized
|
|
tags: ['default', 'ssh_uthorization']
|
|
- name: Disable SSH login for this account
|
|
include_role:
|
|
name: bootstrap
|
|
tasks_from: denyroot@ssh.yml
|
|
defaults_from: options/ssh.yml
|
|
vars_from: options/ssh.yml
|
|
register: sshroot_disabled
|
|
tags: ['default', 'root_denial']
|
|
when: not ssh_root_login
|
|
- name: Disable root account
|
|
include_role:
|
|
name: bootstrap
|
|
tasks_from: denyroot.yml
|
|
defaults_from: options/ssh.yml
|
|
vars_from: options/ssh.yml
|
|
|