Move tasks in dedicated directory

532a6e07 · Freezed · foobar · c579bdf7 · 532a6e07 · 532a6e07
Commit 532a6e07 authored 3 years ago by Freezed Committed by foobar 3 years ago
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,8 @@ clean:
 	find . -type f -name "*.orig" -delete

 open_all:
-	${EDITOR} .gitignore become_user_cfg.yml host_info.yml inventory Makefile README.md shutdown.yml whoami.yml
+	${EDITOR} .gitignore inventory Makefile README.md
+	${EDITOR} tasks/*.yml

 inventory_generation:
 	cp inventory.sample inventory && ${EDITOR} inventory
--- a/README.md
+++ b/README.md
@@ -13,12 +13,12 @@ Suitable for server and workstation.
 ✨ Features
 -----------

-|   playbook                                    |   purpose                                                             |
-|   :--------------------------------------:    |   :--------------------------------------------------------------:    |
-| [`become_user_cfg.yml`](become_user_cfg.yml)  |   Set `sudo` without password for `become_user` access                |
-| [`host_info.yml`](host_info.yml)              |   Return message with distribution full name & version                |
-| [`shutdown.yml`](shutdown.yml)                |   Shutdown target in 10 min                                           |
-| [`whoami.yml`](whoami.yml)                    |   Return message with `ansible_user` & `become_user` (`sudo` method)  |
+|   playbook                                            |   purpose                                                             |
+|   :--------------------------------------:            |   :--------------------------------------------------------------:    |
+| [`become_user_cfg.yml`](tasks/become_user_cfg.yml)    |   Set `sudo` without password for `become_user` access                |
+| [`host_info.yml`](tasks/host_info.yml)                |   Return message with distribution full name & version                |
+| [`shutdown.yml`](tasks/shutdown.yml)                  |   Shutdown target in 10 min                                           |
+| [`whoami.yml`](tasks/whoami.yml)                      |   Return message with `ansible_user` & `become_user` (`sudo` method)  |


 🚀 Quickstart

--- a/become_user_cfg.yml
+++ b/become_user_cfg.yml
 ---
 - hosts: "{{ host_list }}"
-  become: yes
  become_method: sudo
  remote_user: "{{ my_user }}"

  tasks:
    - name: SUDO | Group sudo presence
+      become: yes
      ansible.builtin.group:
        name: sudo
        state: present

    - name: SUDO | Group wheel absence
+      become: yes
      ansible.builtin.group:
        name: wheel
        state: absent

    - name: SUDO | User presence (with groups)
+      become: yes
      ansible.builtin.user:
        name: "{{ my_user }}"
        state: present
@@ -23,21 +25,26 @@
        append: true

    - name: SUDO | Reset ansible connection to apply group update
+      become: yes
      meta: reset_connection

    - name: "SSH | Local public key is present for {{ my_user }}"
+      become: yes
      ansible.builtin.authorized_key:
        comment: "Managed by Ansible from GitLab @free_zed"
        key: https://gitlab.com/free_zed.keys
        state: present
        user: "{{ my_user }}"

+
    - name: SSH | Disallow SSH password authentication for root
+      become: yes
      copy:
        src: sshd_config
        dest: /etc/ssh/sshd_config

    - name: "SSH | Local public key is present for root"
+      become: yes
      ansible.builtin.authorized_key:
        comment: "Managed by Ansible from GitLab @free_zed"
        key: https://gitlab.com/free_zed.keys
@@ -45,6 +52,7 @@
        user: root

    - name: SSH | Remove no password directive
+      become: yes
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        state: absent

--- a/tasks/files/sshd_config
+++ b/tasks/files/sshd_config
+# ############################################# #
+#            /etc/ssh/sshd_config               #
+#                                               #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#                                               #
+#   https://lab.frogg.it/fcode/ansible/debian   #
+#                                               #
+# ############################################# #
+
+Include /etc/ssh/sshd_config.d/*.conf
+PermitRootLogin prohibit-password
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem	sftp	/usr/lib/openssh/sftp-server
--- a/host_info.yml
+++ b/host_info.yml
--- a/shutdown.yml
+++ b/shutdown.yml
--- a/whoami.yml
+++ b/whoami.yml