Added better use for admin user.
--- a/rpi-base/tasks/main.yml Sat Feb 15 14:30:44 2020 -0600
+++ b/rpi-base/tasks/main.yml Sat Feb 15 16:15:13 2020 -0600
@@ -37,6 +37,32 @@
become: yes
copy: src="jail.local" dest="/etc/fail2ban/jail.local"
+- name: add users
+ become: yes
+ user:
+ name: "{{admin_user_name}}"
+ password: "{{admin_user_password}}"
+ groups: "sudo,users"
+ append: yes
+
- name: authorize admin ssh keys
become: yes
+ authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys"
+
+- name: authorize pi ssh keys
+ become: yes
authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"
+
+- name: nopasswd sudo for admin user
+ become: yes
+ template:
+ src: "010_admin-nopasswd"
+ dest: "/etc/sudoers.d/010_admin-nopasswd"
+
+- name: disable ssh password login
+ become: yes
+ lineinfile:
+ path: "/etc/ssh/sshd_config"
+ regexp: "^PasswordAuthentication"
+ insertafter: "^#PasswordAuthentication"
+ line: "PasswordAuthentication no"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/templates/010_admin-nopasswd Sat Feb 15 16:15:13 2020 -0600
@@ -0,0 +1,1 @@
+{{admin_user_name}} ALL=(ALL) NOPASSWD: ALL