2020-04-07 23:50:04 +00:00
|
|
|
- name: Create unpriviledged user
|
2020-05-25 19:36:49 +00:00
|
|
|
loop: "{{ users }}"
|
|
|
|
|
no_log: true
|
2020-04-07 23:50:04 +00:00
|
|
|
user:
|
2020-05-25 19:36:49 +00:00
|
|
|
name: "{{ item.user }}"
|
|
|
|
|
password: "{{ item.password | password_hash('sha512') }}"
|
|
|
|
|
shell: "{{ item.shell }}"
|
|
|
|
|
groups: "{{ item.groups }}"
|
2020-04-07 23:50:04 +00:00
|
|
|
append: yes
|
2020-04-10 14:08:12 +00:00
|
|
|
tags:
|
|
|
|
|
- users
|
2020-04-08 01:30:18 +00:00
|
|
|
notify:
|
|
|
|
|
- Disable the root account
|
2020-04-07 23:50:04 +00:00
|
|
|
- name: Copy ssh key for unpriviledged user
|
2020-05-25 19:36:49 +00:00
|
|
|
loop: "{{ users }}"
|
|
|
|
|
no_log: true
|
2020-04-07 23:50:04 +00:00
|
|
|
authorized_key:
|
2020-05-25 19:36:49 +00:00
|
|
|
key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
|
2020-04-07 23:50:04 +00:00
|
|
|
follow: yes
|
2020-05-25 19:36:49 +00:00
|
|
|
user: '{{ item.user }}'
|
2020-04-10 14:08:12 +00:00
|
|
|
tags:
|
|
|
|
|
- users
|
2020-05-25 19:36:49 +00:00
|
|
|
- name: Set base iptables filter # TODO: Replace this with the firewall role
|
2020-04-07 23:50:04 +00:00
|
|
|
copy:
|
|
|
|
|
src: '{{ role_path }}/files/iptables-rules/'
|
|
|
|
|
dest: '/etc/iptables/'
|
2020-05-25 19:36:49 +00:00
|
|
|
notify: Run service actions
|
2020-04-10 14:08:12 +00:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
