30 lines
816 B
YAML
30 lines
816 B
YAML
- name: Create unpriviledged user
|
|
loop: "{{ users }}"
|
|
no_log: true
|
|
user:
|
|
name: "{{ item.user }}"
|
|
password: "{{ item.password | password_hash('sha512') }}"
|
|
shell: "{{ item.shell }}"
|
|
groups: "{{ item.groups }}"
|
|
append: yes
|
|
tags:
|
|
- users
|
|
notify:
|
|
- Disable the root account
|
|
- name: Copy ssh key for unpriviledged user
|
|
loop: "{{ users }}"
|
|
no_log: true
|
|
authorized_key:
|
|
key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
|
|
follow: yes
|
|
user: '{{ item.user }}'
|
|
tags:
|
|
- users
|
|
- name: Set base iptables filter # TODO: Replace this with the firewall role
|
|
copy:
|
|
src: '{{ role_path }}/files/iptables-rules/'
|
|
dest: '/etc/iptables/'
|
|
notify: Run service actions
|
|
tags:
|
|
- firewall
|