equal
deleted
inserted
replaced
35 |
35 |
36 - name: install fail2ban config |
36 - name: install fail2ban config |
37 become: yes |
37 become: yes |
38 copy: src="jail.local" dest="/etc/fail2ban/jail.local" |
38 copy: src="jail.local" dest="/etc/fail2ban/jail.local" |
39 |
39 |
|
40 - name: add users |
|
41 become: yes |
|
42 user: |
|
43 name: "{{admin_user_name}}" |
|
44 password: "{{admin_user_password}}" |
|
45 groups: "sudo,users" |
|
46 append: yes |
|
47 |
40 - name: authorize admin ssh keys |
48 - name: authorize admin ssh keys |
41 become: yes |
49 become: yes |
|
50 authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys" |
|
51 |
|
52 - name: authorize pi ssh keys |
|
53 become: yes |
42 authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" |
54 authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" |
|
55 |
|
56 - name: nopasswd sudo for admin user |
|
57 become: yes |
|
58 template: |
|
59 src: "010_admin-nopasswd" |
|
60 dest: "/etc/sudoers.d/010_admin-nopasswd" |
|
61 |
|
62 - name: disable ssh password login |
|
63 become: yes |
|
64 lineinfile: |
|
65 path: "/etc/ssh/sshd_config" |
|
66 regexp: "^PasswordAuthentication" |
|
67 insertafter: "^#PasswordAuthentication" |
|
68 line: "PasswordAuthentication no" |