41 lines
975 B
YAML
41 lines
975 B
YAML
- name: Configure SSH
|
|
hosts: athelas
|
|
tasks:
|
|
|
|
- name: Generate RSA4096 SSH key
|
|
community.crypto.openssh_keypair:
|
|
path: "~/ssh_key"
|
|
size: 4096
|
|
|
|
- name: Get SSH Key
|
|
ansible.builtin.fetch:
|
|
dest: "~/ansible/keys"
|
|
src: "~/ssh_key"
|
|
|
|
- name: Copy new SSH configuration
|
|
ansible.builtin.template:
|
|
src: "templates/sshd_config.j2"
|
|
dest: "/etc/ssh/sshd_config"
|
|
|
|
- name: Generate password
|
|
ansible.builtin.command: openssl rand -base64 12
|
|
register: rand
|
|
|
|
- name: Create new user
|
|
ansible.builtin.user:
|
|
name: "test"
|
|
groups: "sudo"
|
|
append: true
|
|
password: "{{ rand.stdout | password_hash('sha512') }}"
|
|
become: true
|
|
|
|
- name: Display new user's password
|
|
ansible.builtin.debug:
|
|
msg: "New password is {{ rand.stdout }}"
|
|
|
|
- name: Add SSH public key to remote host
|
|
ansible.builtin.authorized_key:
|
|
user: "test"
|
|
key: "{{ lookup('file', '~/ssh_key') }}"
|
|
become: true
|