ansible-roles/system
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1419eaa003
system/tasks/ssh.yml
vincent 1419eaa003
All checks were successful
continuous-integration/drone/push Build is passing
Details
style: correct ansible lint
2022-12-10 20:25:54 +01:00

92 lines
2.1 KiB
YAML
Raw Blame History

- name: Ensure SSH instalation
become: true
ansible.builtin.package:
name: '{{ system_ssh_package }}'
state: present
- name: Ensure .ssh exist for user
become: true
ansible.builtin.file:
state: directory
path: '/home/{{ item }}/.ssh'
owner: '{{ item }}'
mode: 0700
with_items:
- '{{ user.name }}'
- ansible
- name: Copy ssh config for user
become: true
ansible.builtin.template:
dest: '/home/{{ item }}/.ssh/config'
src: 'ssh/config.j2'
force: true
remote_src: false
mode: '600'
selevel: s0
owner: '{{ item }}'
with_items:
- '{{ user.name }}'
- ansible
- name: Ensure root ssh directory exist
become: true
ansible.builtin.file:
state: directory
path: '/root/.ssh'
owner: 'root'
mode: 0700
- name: Copy ssh config for root
become: true
ansible.builtin.copy:
dest: /root/.ssh/
src: 'ssh/config'
force: true
remote_src: false
mode: '600'
selevel: s0
owner: 'root'
- name: Ensure key directory exist
become: true
ansible.builtin.file:
state: directory
path: '{{ item.keyfile | dirname }}'
owner: '{{ item.user }}'
mode: 0700
with_items: '{{ privatekeytodeploy }}'
- name: Install ssh private key
become: true
ansible.builtin.copy:
content: '{{ item.privatekey }}'
dest: '{{ item.keyfile }}'
mode: 0600
owner: '{{ item.user }}'
with_items: '{{ privatekeytodeploy }}'
- name: Deploy SSH-Keys to remote host
ansible.posix.authorized_key:
user: '{{ item.user }}'
key: '{{ item.sshkey }}'
exclusive: false
with_items: '{{ keystodeploy }}'
become: true
- name: Les connexions par mot de passe sont désactivées
become: true
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication'
line: 'PasswordAuthentication no'
state: present
notify: Restart sshd
- name: Remove root SSH access
become: true
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
notify: Restart sshd
Reference in New Issue View Git Blame Copy Permalink