|
new file 100644
|
|
|
---
|
|
|
|
|
|
- name: Deploy pam-auth-update configuration file for enabling pam_umask
|
|
|
copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
|
|
|
notify: Update PAM configuration
|
|
|
|
|
|
- name: Set login UMASK
|
|
|
lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
|
|
|
|
|
|
- name: Set home directory mask
|
|
|
lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
|
|
|
|
|
|
- name: Install sudo
|
|
|
apt: name=sudo state=present
|
|
|
|
|
|
- name: Install common packages
|
|
|
apt: name="{{ item }}" state="present"
|
|
|
with_items: common_packages
|
|
|
|
|
|
- name: Set-up operating system groups
|
|
|
group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
|
|
|
with_items: os_groups
|
|
|
|
|
|
- name: Set-up operating system user groups
|
|
|
group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
|
|
|
with_items: os_users
|
|
|
|
|
|
- name: Set-up operating system users
|
|
|
user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
|
|
|
groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
|
|
|
password="{{ item.password }}"
|
|
|
with_items: os_users
|
|
|
|
|
|
- name: Set-up authorised keys
|
|
|
authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
|
|
|
with_subelements:
|
|
|
- os_users
|
|
|
- authorized_keys
|
|
|
|
|
|
- name: Disable remote logins for root
|
|
|
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
|
|
|
notify:
|
|
|
- Restart SSH
|
|
|
|
|
|
- name: Disable remote login authentication via password
|
|
|
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
|
|
|
notify:
|
|
|
- Restart SSH
|
|
\ No newline at end of file
|