infrastructure/ansible/playbooks/nanna-setup.yaml

---
- name: Basic setup for nanna
  hosts: nanna
  tasks:
    - name: Configure sshd
      become: true
      ansible.builtin.copy:
        dest: /etc/ssh/sshd_config.d/00_pbri.conf
        mode: u=rw,g=r,o=r
        # Included by /etc/ssh/sshd_config before other configuration
        content: |
          Port 2309
          PermitRootLogin no
          PubkeyAuthentication yes
          AuthorizedKeysFile .ssh/authorized_keys
          PasswordAuthentication no
        validate: /usr/sbin/sshd -T -f %s
      notify:
        - Restart sshd
    - name: Install and set up Docker and docker-compose
      ansible.builtin.include_role:
        name: docker
    - name: Add Davids group
      become: true
      ansible.builtin.group:
        name: "david"
        state: "present"
    - name: Add David
      become: true
      ansible.builtin.user:
        name: "david"
        group: "david"
        state: "present"
        shell: "/bin/bash"
        # Disable password auth
        password: "!"
    - name: Create David SSH directory
      become: true
      ansible.builtin.file:
        path: /home/david/.ssh
        owner: david
        group: david
        state: directory
        mode: "0700"
    - name: Set David SSH key
      become: true
      ansible.builtin.lineinfile:
        path: /home/david/.ssh/authorized_keys
        line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICttSQcZsKvw5qKCDGt\
nxEdyH1aEGOGGRqDCp3U/SG46 davidtanner@coolerLaptop2.fritz.box"
        owner: david
        group: david
        create: true
        state: present
        mode: "0600"

  handlers:
    - name: Restart sshd
      become: true
      ansible.builtin.service:
        name: ssh
        state: restarted