Allow multiple users
This commit is contained in:
Alex
parent
42561893f3
commit
d8ccb3b45a
GPG Key ID:
F92BA85F61F4C173
|
|
@ -24,9 +24,3 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: ssh
|
name: ssh
|
||||||
state: reloaded
|
state: reloaded
|
||||||
- name: Enable and restart iptables
|
|
||||||
systemd:
|
|
||||||
name: netfilter-persistent
|
|
||||||
enabled: yes
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: yes
|
|
||||||
|
|
|
||||||
|
|
@ -1,59 +1,29 @@
|
||||||
- name: Install base tools
|
|
||||||
apt:
|
|
||||||
install_recommends: no
|
|
||||||
name:
|
|
||||||
- iptables-persistent
|
|
||||||
- netfilter-persistent
|
|
||||||
- sed
|
|
||||||
- git
|
|
||||||
- zsh
|
|
||||||
- vim
|
|
||||||
- sudo
|
|
||||||
- iptables
|
|
||||||
cache_valid_time: 3600
|
|
||||||
tags:
|
|
||||||
- setup
|
|
||||||
- packages
|
|
||||||
- name: Upgrade all packages to the latest version
|
|
||||||
apt:
|
|
||||||
name: "*"
|
|
||||||
state: latest
|
|
||||||
tags:
|
|
||||||
- update
|
|
||||||
- packages
|
|
||||||
- name: Clean up unused dependencies and packages
|
|
||||||
apt:
|
|
||||||
autoremove: yes
|
|
||||||
autoclean: yes
|
|
||||||
tags:
|
|
||||||
- update
|
|
||||||
- packages
|
|
||||||
- name: Create unpriviledged user
|
- name: Create unpriviledged user
|
||||||
|
loop: "{{ users }}"
|
||||||
|
no_log: true
|
||||||
user:
|
user:
|
||||||
name: '{{ username }}'
|
name: "{{ item.user }}"
|
||||||
password: "{{ password | password_hash('sha512') }}" # TODO: Set up a vault for user and pass
|
password: "{{ item.password | password_hash('sha512') }}"
|
||||||
shell: /bin/zsh
|
shell: "{{ item.shell }}"
|
||||||
groups: sudo
|
groups: "{{ item.groups }}"
|
||||||
append: yes
|
append: yes
|
||||||
tags:
|
tags:
|
||||||
- setup
|
|
||||||
- users
|
- users
|
||||||
notify:
|
notify:
|
||||||
- Disable the root account
|
- Disable the root account
|
||||||
- name: Copy ssh key for unpriviledged user
|
- name: Copy ssh key for unpriviledged user
|
||||||
|
loop: "{{ users }}"
|
||||||
|
no_log: true
|
||||||
authorized_key:
|
authorized_key:
|
||||||
key: "{{lookup('file', '{{ role_path }}/files/ssh.pub')}}"
|
key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
|
||||||
follow: yes
|
follow: yes
|
||||||
user: '{{ username }}'
|
user: '{{ item.user }}'
|
||||||
tags:
|
tags:
|
||||||
- setup
|
|
||||||
- users
|
- users
|
||||||
- name: Set base iptables filter
|
- name: Set base iptables filter # TODO: Replace this with the firewall role
|
||||||
copy:
|
copy:
|
||||||
src: '{{ role_path }}/files/iptables-rules/'
|
src: '{{ role_path }}/files/iptables-rules/'
|
||||||
dest: '/etc/iptables/'
|
dest: '/etc/iptables/'
|
||||||
notify:
|
notify: Run service actions
|
||||||
- Enable and restart iptables
|
|
||||||
tags:
|
tags:
|
||||||
- update
|
|
||||||
- firewall
|
- firewall
|
||||||
|
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
username: caskd
|
|
||||||
Reference in New Issue