63 lines
No EOL
1.5 KiB
YAML
63 lines
No EOL
1.5 KiB
YAML
|
|
- name: Erstelle einen neuen User mit Sudo-Rechten
|
|
user:
|
|
name: "{{ user_name }}"
|
|
password: "{{ lookup('pipe', 'op read \"op://' + op_password_path + '\"') | password_hash('sha512') }}"
|
|
state: present
|
|
shell: /bin/bash
|
|
groups: wheel
|
|
append: yes
|
|
|
|
- name: Erstelle den SSH-Ordner für den neuen User
|
|
file:
|
|
path: "/home/{{ user_name }}/.ssh"
|
|
state: directory
|
|
mode: '0700'
|
|
owner: "{{ user_name }}"
|
|
group: "{{ user_name }}"
|
|
|
|
- name: Setze die Berechtigungen für die authorized_keys-Datei
|
|
file:
|
|
path: "/home/{{ user_name }}/.ssh/authorized_keys"
|
|
state: touch
|
|
mode: '0600'
|
|
owner: "{{ user_name }}"
|
|
group: "{{ user_name }}"
|
|
|
|
- name: Add public keys as authorized_keys
|
|
copy:
|
|
src: files/authorized_keys
|
|
dest: "/home/{{ user_name }}/.ssh/authorized_keys"
|
|
|
|
- name: Grant passwordless sudo privileges to the user
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "^{{ user_name }} "
|
|
line: "{{ user_name }} ALL=(ALL) NOPASSWD: ALL"
|
|
validate: visudo -cf %s
|
|
|
|
- name: Ensure Docker group exists
|
|
ansible.builtin.group:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Add user to Docker group
|
|
ansible.builtin.user:
|
|
name: "{{ user_name }}"
|
|
groups: docker
|
|
append: yes
|
|
|
|
- name: Enable and start Docker service
|
|
ansible.builtin.service:
|
|
name: docker
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Entferne den Root-SSH-Zugang
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
notify:
|
|
- restart sshd |