77 lines
2.1 KiB
YAML
77 lines
2.1 KiB
YAML
---
|
|
- name: Basic setup for nanna
|
|
hosts: nanna
|
|
tasks:
|
|
- name: Configure sshd
|
|
become: true
|
|
ansible.builtin.copy:
|
|
dest: /etc/ssh/sshd_config.d/00_pbri.conf
|
|
mode: u=rw,g=r,o=r
|
|
# Included by /etc/ssh/sshd_config before other configuration
|
|
content: |
|
|
Port 2309
|
|
PermitRootLogin no
|
|
PubkeyAuthentication yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
PasswordAuthentication no
|
|
validate: /usr/sbin/sshd -T -f %s
|
|
notify:
|
|
- Restart sshd
|
|
- name: Install and set up Docker and docker-compose
|
|
ansible.builtin.include_role:
|
|
name: docker
|
|
- name: Add Davids group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "david"
|
|
state: "present"
|
|
- name: Add David
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "david"
|
|
group: "david"
|
|
state: "present"
|
|
shell: "/bin/bash"
|
|
# Disable password auth
|
|
password: "!"
|
|
- name: Create David SSH directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /home/david/.ssh
|
|
owner: david
|
|
group: david
|
|
state: directory
|
|
mode: "0700"
|
|
- name: Set David SSH key
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /home/david/.ssh/authorized_keys
|
|
line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICttSQcZsKvw5qKCDGt\
|
|
nxEdyH1aEGOGGRqDCp3U/SG46 davidtanner@coolerLaptop2.fritz.box"
|
|
owner: david
|
|
group: david
|
|
create: true
|
|
state: present
|
|
mode: "0600"
|
|
- name: Add work SSH key
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /home/paul/.ssh/authorized_keys
|
|
line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeHrSd8NJ9dAoQEJez\
|
|
FbxfbWlo/HQNoA8vaaBZj58Cp paul@MacBook-Pro.meqo"
|
|
owner: paul
|
|
group: paul
|
|
create: true
|
|
state: present
|
|
mode: "0600"
|
|
- name: Install Nix
|
|
ansible.builtin.include_role:
|
|
name: install_nix
|
|
|
|
handlers:
|
|
- name: Restart sshd
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: ssh
|
|
state: restarted
|