Update ansible/group_vars/all.yml, ansible/roles/base/files/10periodic, ansible/roles/base/files/authorized_keys_administrator, ansible/roles/base/files/authorized_keys_user, ansible/roles/base/files/issue, ansible/roles/base/files/motd, ansible/roles/base/files/sshd_config_secured, ansible/roles/base/files/sshd_config_secured_redhat, ansible/roles/base/tasks/main.yml, ansible/roles/base/tasks/ssh.yml, ansible/roles/base/vars/main.yml, ansible/roles/cloudflare/tasks/main.yml, ansible/roles/k3s/argocd/tasks/main.yml, ansible/roles/k3s/argocd/templates/apps.yaml, ansible/roles/k3s/argocd/templates/argocd.yaml, ansible/roles/k3s/download/tasks/main.yml, ansible/roles/k3s/master/defaults/main.yml, ansible/roles/k3s/master/tasks/main.yml, ansible/roles/k3s/master/templates/content.j2, ansible/roles/k3s/master/templates/k3s.service.j2, ansible/roles/k3s/master/templates/metallb.configmap.j2, ansible/roles/k3s/master/templates/metallb.crds.j2, ansible/roles/k3s/master/templates/metallb.namespace.j2, ansible/roles/k3s/master/templates/vip.rbac.yaml.j2, ansible/roles/k3s/master/templates/vip.yaml.j2, ansible/roles/k3s/node/tasks/main.yml, ansible/roles/k3s/node/templates/k3s.service.j2, ansible/roles/k3s/post/defaults/main.yml, ansible/roles/k3s/post/tasks/main.yml, ansible/roles/k3s/post/templates/metallb.crs.j2, ansible/roles/k3s/prereq/tasks/main.yml, ansible/roles/update/tasks/main.yml, ansible/templates/packages.yml, ansible/ansible.cfg
This commit is contained in:
47
ansible/roles/base/tasks/ssh.yml
Normal file
47
ansible/roles/base/tasks/ssh.yml
Normal file
@@ -0,0 +1,47 @@
|
||||
- name: Deploy SSH Key (administrator)
|
||||
copy:
|
||||
dest: /home/administrator/.ssh/authorized_keys
|
||||
src: files/authorized_keys_administrator
|
||||
force: true
|
||||
|
||||
- name: ensure ssh folder exists for user
|
||||
file:
|
||||
path: /home/user/.ssh
|
||||
state: directory
|
||||
|
||||
- name: Deploy SSH Key (user)
|
||||
copy:
|
||||
dest: /home/user/.ssh/authorized_keys
|
||||
src: files/authorized_keys_user
|
||||
force: true
|
||||
|
||||
- name: Remove Root SSH Configuration
|
||||
file:
|
||||
path: /root/.ssh
|
||||
state: absent
|
||||
|
||||
- name: Copy Secured SSHD Configuration
|
||||
copy:
|
||||
src: files/sshd_config_secured
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Copy Secured SSHD Configuration
|
||||
copy:
|
||||
src: files/sshd_config_secured_redhat
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Restart SSHD
|
||||
systemd:
|
||||
name: sshd
|
||||
daemon_reload: yes
|
||||
state: restarted
|
||||
enabled: yes
|
||||
ignore_errors: yes
|
||||
Reference in New Issue
Block a user