65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
- name: Update/install OpenSSH via apt
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.apt:
|
|
name: openssh-server
|
|
state: latest
|
|
- name: Add 'bhays' user
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.user:
|
|
name: bhays
|
|
groups: sudo,adm
|
|
append: true
|
|
shell: /bin/bash
|
|
comment: Benjamin Hays
|
|
- name: Update/install Sudo
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.apt:
|
|
name: sudo
|
|
state: latest
|
|
- name: Ensure .ssh user folder exists
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.file:
|
|
path: "/home/bhays/.ssh/"
|
|
owner: bhays
|
|
mode: "0770"
|
|
state: directory
|
|
- name: Ensure .ssh user folder exists (macOS)
|
|
when: ansible_os_family == "Darwin"
|
|
ansible.builtin.file:
|
|
path: "/Users/bhays/.ssh/"
|
|
owner: bhays
|
|
mode: "0770"
|
|
state: directory
|
|
- name: Copy public key
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.copy:
|
|
owner: bhays
|
|
mode: "0600"
|
|
src: ../../config/ssh/authorized_keys
|
|
dest: /home/bhays/.ssh/authorized_keys
|
|
- name: Copy public key (macOS)
|
|
when: ansible_os_family == "Darwin"
|
|
ansible.builtin.copy:
|
|
owner: bhays
|
|
mode: "0600"
|
|
src: ../../config/ssh/authorized_keys
|
|
dest: /Users/bhays/.ssh/authorized_keys
|
|
- name: Copy secure login banner
|
|
ansible.builtin.copy:
|
|
owner: root
|
|
mode: "0644"
|
|
src: ../../config/ssh/login_banner
|
|
dest: /etc/login_banner
|
|
- name: Copy Secure Configuration File
|
|
ansible.builtin.copy:
|
|
owner: bhays
|
|
mode: "0600"
|
|
src: ../../config/ssh/sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
- name: Restart OpenSSH
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.systemd:
|
|
name: ssh
|
|
state: restarted
|
|
changed_when: false
|