inital commit: add playbooks with roles to setup server and add user

2025-03-18 23:37:20 +01:00 · 2025-03-18 23:37:20 +01:00 · ef4aab6a5d
commit ef4aab6a5d
parent 9c48cd4353
9 changed files with 218 additions and 0 deletions
--- a/roles/create_user_with_root/tasks/main.yml
+++ b/roles/create_user_with_root/tasks/main.yml
@ -0,0 +1,47 @@
+
+- name: Erstelle einen neuen User mit Sudo-Rechten
+  user:
+    name: "{{ username }}"
+    password: "{{ user_password | password_hash('sha512') }}"  # Das Passwort wird mit SHA-512 gehasht
+    state: present
+    shell: /bin/bash
+    groups: wheel  # Gibt Sudo-Rechte
+    append: yes
+
+- name: Erstelle den SSH-Ordner für den neuen User
+  file:
+    path: "/home/{{ username }}/.ssh"
+    state: directory
+    mode: '0700'
+    owner: "{{ username }}"
+    group: "{{ username }}"
+
+- name: Setze die Berechtigungen für die authorized_keys-Datei
+  file:
+    path: "/home/{{ username }}/.ssh/authorized_keys"
+    state: touch
+    mode: '0600'
+    owner: "{{ username }}"
+    group: "{{ username }}"
+
+- name: Add public key to enable user ssh
+  lineinfile:
+    path: "/home/{{ username }}/.ssh/authorized_keys"
+    line: '{{ ssh_public_key }}'
+    state: present
+  
+- name: Grant sudo privileges to the user
+  lineinfile:
+    path: /etc/sudoers
+    regexp: "^{{ username }} "
+    line: "{{ username }} ALL=(ALL) ALL"
+    validate: visudo -cf %s
+
+- name: Entferne den Root-SSH-Zugang
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^PermitRootLogin'
+    line: 'PermitRootLogin no'
+    state: present
+  notify:
+    - restart sshd