First commit

setup_ssh.yml

@@ -0,0 +1,40 @@
+- name: Configure SSH
+  hosts: athelas
+  tasks:
+
+  - name: Generate RSA4096 SSH key
+    community.crypto.openssh_keypair:
+      path: "~/ssh_key"
+      size: 4096
+
+  - name: Get SSH Key
+    ansible.builtin.fetch:
+      dest: "~/ansible/keys"
+      src: "~/ssh_key"
+
+  - name: Copy new SSH configuration
+    ansible.builtin.template:
+      src: "templates/sshd_config.j2"
+      dest: "/etc/ssh/sshd_config"
+
+  - name: Generate password
+    ansible.builtin.command: openssl rand -base64 12
+    register: rand
+
+  - name: Create new user
+    ansible.builtin.user:
+      name: "test"
+      groups: "sudo"
+      append: true
+      password: "{{ rand.stdout | password_hash('sha512') }}"
+    become: true
+
+  - name: Display new user's password
+    ansible.builtin.debug:
+      msg: "New password is {{ rand.stdout }}"
+
+  - name: Add SSH public key to remote host
+    ansible.builtin.authorized_key:
+      user: "test"
+      key: "{{ lookup('file', '~/ssh_key') }}"
+    become: true