47 lines
No EOL
1.2 KiB
YAML
47 lines
No EOL
1.2 KiB
YAML
|
|
- name: Erstelle einen neuen User mit Sudo-Rechten
|
|
user:
|
|
name: "{{ username }}"
|
|
password: "{{ user_password | password_hash('sha512') }}" # Das Passwort wird mit SHA-512 gehasht
|
|
state: present
|
|
shell: /bin/bash
|
|
groups: wheel # Gibt Sudo-Rechte
|
|
append: yes
|
|
|
|
- name: Erstelle den SSH-Ordner für den neuen User
|
|
file:
|
|
path: "/home/{{ username }}/.ssh"
|
|
state: directory
|
|
mode: '0700'
|
|
owner: "{{ username }}"
|
|
group: "{{ username }}"
|
|
|
|
- name: Setze die Berechtigungen für die authorized_keys-Datei
|
|
file:
|
|
path: "/home/{{ username }}/.ssh/authorized_keys"
|
|
state: touch
|
|
mode: '0600'
|
|
owner: "{{ username }}"
|
|
group: "{{ username }}"
|
|
|
|
- name: Add public key to enable user ssh
|
|
lineinfile:
|
|
path: "/home/{{ username }}/.ssh/authorized_keys"
|
|
line: '{{ ssh_public_key }}'
|
|
state: present
|
|
|
|
- name: Grant sudo privileges to the user
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "^{{ username }} "
|
|
line: "{{ username }} ALL=(ALL) ALL"
|
|
validate: visudo -cf %s
|
|
|
|
- name: Entferne den Root-SSH-Zugang
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
notify:
|
|
- restart sshd |