ansible-hacklab-desktop/roles/desktop_auth/tasks/main.yml

73 lines
1.7 KiB
YAML
Raw Permalink Normal View History

2018-06-02 22:03:27 +00:00
- name: Install sudo
apt:
name: sudo
state: present
- name: Install sshd
apt:
name: openssh-server
state: present
- name: root password
user:
name: root
password: "$6$rounds=2000000$ssaaJvMG.V6ateJd$.3Ht.X1PlcakPTz3OYexs6h/jz6NR5Qy.9YWynZ.XDQlCqBYfrUdFhqM6kAQcKO/fxVHwo1uRrqcKxYvGNKz/0"
- name: /root/.ssh
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
- name: /root/.ssh/authorized_keys
template:
src: authorized_keys.j2
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
- name: Configure SSH for key-only root access
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^\\s*PermitRootLogin\\s+"
line: "PermitRootLogin without-password"
notify: restart sshd
- name: SSH PubkeyAuthentication=yes
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^\\s*PubkeyAuthentication\\s+"
line: "PubkeyAuthentication yes"
notify: restart sshd
- name: SSH PasswordAuthentication=no
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^\\s*PasswordAuthentication\\s+"
line: "PasswordAuthentication no"
notify: restart sshd
- name: Hacklab user
user:
name: hacklab
password: "$6$KE4g5K18$qeK6I7/j78Ob6cDqoJRt1IzvQ34PpOi1/HSQ2oEjAf3h/7XtkS6DJ6pEW.zm8szJ3wzA0cJ0vbSRHf2pWKJFo/" # "hacklab"
groups: cdrom,dip,plugdev,lpadmin,dialout,sudo
comment: Hacklab
shell: /bin/bash
- name: Disable hacklab user authorized_keys
file:
path: /home/hacklab/.ssh/authorized_keys
state: absent
#- name: Disable lightdm guest
# copy:
# content: "[Seat:*]\nallow-guest=false\n"
# dest: /etc/lightdm/lightdm.conf.d/50-no-guest.conf
# owner: root
# group: root
# mode: 0644