Reorder

tasks/install_docker.yml

@@ -0,0 +1,29 @@
+- name: Install & configure Docker
+  hosts: athelas
+  become: true
+  tasks:
+
+  - name: Install ca-certificates & curl
+    ansible.builtin.package:
+      name:
+        - ca-certificates
+        - curl
+
+  - name: Add Docker GPG Key
+    ansible.builtin.apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+      state: present
+
+  - name: Add Docker repo
+    ansible.builtin.apt_repository:
+      repo: deb https://download.docker.com/linux/debian bookworm stable
+      state: present
+
+  - name: Install Docker
+    ansible.builtin.package:
+      name:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+        - docker-buildx-plugin
+        - docker-compose-plugin

tasks/install_vuls.yml

@@ -0,0 +1,17 @@
+- name: Install & Setup Vuls
+  hosts: athelas
+  become: true
+  tasks:
+
+  - name: Pull docker images
+    community.docker.docker_image_pull:
+      name: "{{ item }}"
+    with_items:
+      - vuls/go-cve-dictionary
+      - vuls/goval-dictionary
+      - vuls/gost
+      - vuls/go-exploitdb
+      - vuls/go-msfdb
+      - vuls/go-kev
+      - vuls/go-cti
+      - vuls/vuls

tasks/setup_ssh.yml

@@ -0,0 +1,61 @@
+- name: Configure SSH
+  hosts: athelas
+  tasks:
+
+  - name: Generate RSA4096 SSH key
+    community.crypto.openssh_keypair:
+      path: "~/ssh_key"
+      size: 4096
+
+  - name: Get SSH Private Key
+    ansible.builtin.fetch:
+      dest: "~/ansible/keys/"
+      src: "~/ssh_key"
+      flat: true
+
+  - name: Get SSH Public Key
+    ansible.builtin.fetch:
+      dest: "~/ansible/keys/"
+      src: "~/ssh_key.pub"
+      flat: true
+
+  - name: Copy new SSH configuration
+    ansible.builtin.template:
+      src: "~/ansible/templates/sshd_config.j2"
+      dest: "/etc/ssh/sshd_config"
+
+  - name: Create new user
+    ansible.builtin.user:
+      name: "test"
+      groups: "sudo"
+      append: true
+      password: "{{ lookup('password', '/tmp/userpass length=12 encrypt=sha512_crypt') }}"
+    become: true
+
+  - name: Display password
+    ansible.builtin.debug:
+      msg: "Password : {{ lookup('file', '/tmp/userpass') }}"
+
+  - name: Add SSH public key to remote host
+    ansible.builtin.authorized_key:
+      user: "test"
+      key: "{{ lookup('file', '~/ansible/keys/ssh_key.pub') }}"
+    become: true
+
+  - name: Restart SSH Services
+    ansible.builtin.service:
+      name: "{{ item }}"
+      state: restarted
+    become: true
+    with_items:
+      - ssh
+      - sshd
+
+- hosts: 127.0.0.1
+  connection: local
+  tasks:
+
+  - name: Delete pass file
+    ansible.builtin.file:
+      path: /tmp/userpass
+      state: absent