- name: Install shit hosts: all tasks: - name: Std Repo stuff ansible.builtin.apt: update_cache: true name: - vim - curl - wget - sudo - net-tools - nmap - python3-pip - python3-passlib - vnstat - chrony - name: Enable VNStat service ansible.builtin.service: name: vnstat enabled: true state: started - name: Enable Chrony (NTP) service ansible.builtin.service: name: chrony enabled: true state: started - name: Sysctl hosts: all tasks: - name: Disable dmesg logging to console ansible.posix.sysctl: name: kernel.printk value: '3 4 1 3' state: present sysctl_set: true - name: Add users hosts: all vars: users: - arya - mrlerien - devrand - midou - ansiblerunner password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db tasks: - name: Bashrc skel ansible.builtin.template: src: templates/bashrc.j2 dest: /etc/skel/.bashrc mode: preserve - name: Profile skel ansible.builtin.template: src: templates/profile.j2 dest: /etc/skel/.profile mode: preserve - name: Bash_aliases skel ansible.builtin.template: src: templates/bash_aliases.j2 dest: /etc/skel/.bash_aliases mode: preserve - name: Prompt skel ansible.builtin.template: src: templates/prompt.j2 dest: /etc/skel/.prompt mode: preserve - name: Bashrc root ansible.builtin.template: src: templates/bashrc.j2 dest: /root/.bashrc mode: preserve - name: Profile root ansible.builtin.template: src: templates/profile.j2 dest: /root/.profile mode: preserve - name: Bash_aliases root ansible.builtin.template: src: templates/bash_aliases.j2 dest: /root/.bash_aliases mode: preserve - name: Prompt root ansible.builtin.template: src: templates/prompt.j2 dest: /root/.prompt mode: preserve - name: Add user ansible.builtin.user: name: "{{ item }}" group: users groups: users,sudo password: "{{ password }}" shell: /bin/bash update_password: on_create # Add the same initial password for all users (can be overwritten by user) with_items: - "{{ users }}" - name: "Add authorized keys" ansible.posix.authorized_key: user: "{{ item }}" key: "{{ lookup('file', 'files/' + item + '.pub') }}" with_items: - "{{ users }}" - name: "Allow admin users to sudo without a password" ansible.builtin.lineinfile: dest: "/etc/sudoers" # path: in version 2.3 state: "present" regexp: "^%sudo" line: "%sudo ALL=(ALL) NOPASSWD: ALL" - name: Add extra authorized_key for soleil hosts: soleil vars: users: - arya - mrlerien - devrand - midou tasks: - name: Add extra authorized_key for soleil ansible.posix.authorized_key: user: "{{ item }}" key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM" with_items: - "{{ users }}" - name: Configure SSHD hosts: all tasks: - name: Sshd configuration file update ansible.builtin.template: src: templates/sshd_config.j2 dest: /etc/ssh/sshd_config backup: true owner: 0 group: 0 mode: "0644" validate: '/usr/sbin/sshd -T -f %s' notify: - restart sshd handlers: - name: Restart sshd ansible.builtin.service: name: sshd enabled: true state: restarted