32 lines
946 B
YAML
32 lines
946 B
YAML
---
|
|
- name: "Create admin user accounts"
|
|
ansible.builtin.user:
|
|
name: "{{ item.username }}"
|
|
password: "{{ item.password | password_hash('sha512') }}"
|
|
shell: /bin/bash
|
|
with_items: "{{ admin_users }}"
|
|
|
|
- name: "Add authorized keys for admin user accounts"
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.username }}"
|
|
key: "{{ lookup('file', 'files/' + item.username + '.key.pub') }}"
|
|
with_items: "{{ admin_users }}"
|
|
register: add_authorized_keys
|
|
|
|
- name: "Add admin user accounts to sudoers file"
|
|
community.general.sudoers:
|
|
name: "sudo-{{ item.username }}"
|
|
user: "{{ item.username }}"
|
|
nopassword: false
|
|
commands: ALL
|
|
with_items: "{{ admin_users }}"
|
|
|
|
- name: "Disable password login"
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config_path }}"
|
|
regexp: '^(#\s*)?PasswordAuthentication '
|
|
line: 'PasswordAuthentication no'
|
|
when:
|
|
- add_authorized_keys is succeeded
|
|
notify: restart sshd
|