mirror of https://dev.ccchb.de/ccchb/ansible.git
83 lines
1.7 KiB
YAML
83 lines
1.7 KiB
YAML
|
---
|
||
|
- name: Install defaults
|
||
|
package:
|
||
|
name:
|
||
|
- zsh
|
||
|
|
||
|
- name: Download .zshrc from grml
|
||
|
get_url:
|
||
|
url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc
|
||
|
dest: /etc/zsh/zshrc
|
||
|
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
|
||
|
validate_certs: false
|
||
|
|
||
|
- name: ssh publickey
|
||
|
authorized_key:
|
||
|
user: root
|
||
|
state: present
|
||
|
key: "{{ default_root_ssh_publickey }}"
|
||
|
|
||
|
- name: Update SSH configuration
|
||
|
notify: reload sshd
|
||
|
replace:
|
||
|
dest: /etc/ssh/sshd_config
|
||
|
regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)'
|
||
|
replace: "{{item.key}} {{item.value}}"
|
||
|
with_items:
|
||
|
- key: PermitRootLogin
|
||
|
value: without-password
|
||
|
- key: PasswordAuthentication
|
||
|
value: 'no'
|
||
|
- key: ChallengeResponseAuthentication
|
||
|
value: 'no'
|
||
|
- key: PrintLastLog
|
||
|
value: 'yes'
|
||
|
- key: UseDNS
|
||
|
value: 'no'
|
||
|
|
||
|
- name: Change shell of user root
|
||
|
user:
|
||
|
name: root
|
||
|
shell: /usr/bin/zsh
|
||
|
|
||
|
- name: Enable sshd
|
||
|
systemd:
|
||
|
name: sshd
|
||
|
enabled: yes
|
||
|
state: started
|
||
|
|
||
|
- name: Configure Network
|
||
|
notify: restart network
|
||
|
when: ipv4 is defined or ipv6 is defined
|
||
|
template:
|
||
|
src: systemd.network
|
||
|
dest: /etc/systemd/network/main.network
|
||
|
owner: root
|
||
|
mode: 644
|
||
|
|
||
|
- name: enable systemd-networkd
|
||
|
notify: restart network
|
||
|
systemd:
|
||
|
name: systemd-networkd
|
||
|
state: started
|
||
|
enabled: yes
|
||
|
|
||
|
- name: disable networking
|
||
|
systemd:
|
||
|
name: networking
|
||
|
state: stopped
|
||
|
enabled: no
|
||
|
|
||
|
- name: start systemd-resolved
|
||
|
systemd:
|
||
|
name: systemd-resolved
|
||
|
state: started
|
||
|
enabled: yes
|
||
|
|
||
|
- name: symling /etc/resolve
|
||
|
file:
|
||
|
src: /run/systemd/resolve/stub-resolv.conf
|
||
|
dest: /etc/resolv.conf
|
||
|
state: link
|
||
|
force: yes
|