27 lines
1.4 KiB
YAML
27 lines
1.4 KiB
YAML
---
|
|
- name: admin_login
|
|
hosts: servers # @NOTE for IPv6, switch to 'servers6' instead of 'servers4'--for both, 'servers'
|
|
vars_files:
|
|
# @NOTE if second line is uncommented with its variables actively in use, first line should too be uncommented
|
|
# - vars/ssh_keys_vault.yml
|
|
- vars/ssh_keys.yml
|
|
vars:
|
|
ansible_user: "{{ passwords[0].username }}"
|
|
ansible_ssh_user: "{{ passwords[0].username }}"
|
|
# @NOTE one of below two lines should be commented/uncommented in a mutually exclusive fashion
|
|
# ansible_ssh_private_key_file: "{{ chosen_native_ssh_private_key_file | default(chosen_local_ssh_private_key_file, true) }}" # @NOTE only works with soft-coded SSH key list building
|
|
ansible_ssh_private_key_file: "{{ chosen_local_ssh_private_key_file }}"
|
|
# @NOTE below three lines should only be uncommented when above two are commented and vice versa; key-based authentication should have already been enabled prior to running this playbook
|
|
# ansible_password: "{{ passwords[0].password }}"
|
|
# ansible_ssh_pass: "{{ passwords[0].username }}"
|
|
# ansible_ssh_password: "{{ passwords[0].username }}"
|
|
tasks:
|
|
- name: Disable shell access for root
|
|
ansible.builtin.include_role:
|
|
name: lockdown
|
|
defaults_from: main
|
|
vars_from: main
|
|
handlers_from: main
|
|
tasks_from: deshell
|
|
apply:
|
|
become: yes |