diff --git a/Makefile b/Makefile
index 009213e5439a9ca0de1f8fb48ec6c7f769fef770..bc41cf0b97c1b5cd6a147bf26d85d191d0f41d34 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ clean:
find . -type f -name "*.orig" -delete
open_all:
- ${EDITOR} .gitignore inventory Makefile host_info.yml README.md whoami.yml
+ ${EDITOR} .gitignore become_user_cfg.yml host_info.yml inventory Makefile README.md shutdown.yml whoami.yml
inventory_generation:
cp inventory.sample inventory && ${EDITOR} inventory
diff --git a/README.md b/README.md
index fff4416db28741d1896924c7d1887ad9ddc55dec..10e040ad2f3bc200b7cefcca5f318b4d6961ac3a 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,12 @@ Suitable for server and workstation.
✨ Features
-----------
-| playbook | return |
-|-----------------------------------|---------------------------------------------------|
-| [`host_info.yml`](host_info.yml) | distribution full name & version |
-| [`whoami.yml`](whoami.yml) | `ansible_user` & `become_user` (`sudo` method) |
+| playbook | purpose |
+| :--------------------------------------: | :--------------------------------------------------------------: |
+| [`become_user_cfg.yml`](become_user_cfg.yml) | Set `sudo` without password for `become_user` access |
+| [`host_info.yml`](host_info.yml) | Return message with distribution full name & version |
+| [`shutdown.yml`](shutdown.yml) | Shutdown target in 10 min |
+| [`whoami.yml`](whoami.yml) | Return message with `ansible_user` & `become_user` (`sudo` method) |
🚀 Quickstart
diff --git a/become_user_cfg.yml b/become_user_cfg.yml
new file mode 100644
index 0000000000000000000000000000000000000000..943e4824a6c7ee5e613b25e35fb56b3e1a3d4fbd
--- /dev/null
+++ b/become_user_cfg.yml
@@ -0,0 +1,52 @@
+---
+- hosts: "{{ host_list }}"
+ become: yes
+ become_method: sudo
+ remote_user: "{{ my_user }}"
+
+ tasks:
+ - name: SUDO | Group sudo presence
+ ansible.builtin.group:
+ name: sudo
+ state: present
+
+ - name: SUDO | Group wheel absence
+ ansible.builtin.group:
+ name: wheel
+ state: absent
+
+ - name: SUDO | User presence (with groups)
+ ansible.builtin.user:
+ name: "{{ my_user }}"
+ state: present
+ groups: sudo
+ append: true
+
+ - name: SUDO | Reset ansible connection to apply group update
+ meta: reset_connection
+
+ - name: "SSH | Local public key is present for {{ my_user }}"
+ ansible.builtin.authorized_key:
+ comment: "Managed by Ansible from GitLab @free_zed"
+ key: https://gitlab.com/free_zed.keys
+ state: present
+ user: "{{ my_user }}"
+
+ - name: SSH | Disallow SSHÂ password authentication for root
+ copy:
+ src: sshd_config
+ dest: /etc/ssh/sshd_config
+
+ - name: "SSH | Local public key is present for root"
+ ansible.builtin.authorized_key:
+ comment: "Managed by Ansible from GitLab @free_zed"
+ key: https://gitlab.com/free_zed.keys
+ state: present
+ user: root
+
+ - name: SSH | Remove no password directive
+ ansible.builtin.lineinfile:
+ path: /etc/sudoers
+ state: absent
+ regexp: 'NOPASSWD'
+ validate: '/usr/sbin/visudo -cf %s'
diff --git a/shutdown.yml b/shutdown.yml
new file mode 100644
index 0000000000000000000000000000000000000000..310be6ccdcfbb45ba1e97fffebd632b62d380f0a
--- /dev/null
+++ b/shutdown.yml
@@ -0,0 +1,8 @@
+---
+- hosts: "{{ host_list }}"
+ remote_user: root
+
+ tasks:
+ - name: Shutdown the host in 10 min
+ community.general.shutdown:
+ delay: 600