created role for bootstrapping a Linode VPS via API or a LAN homeserver

roles/init-server/tasks/lock.yml

@@ -0,0 +1,41 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for roles/init-vps
+# @TODO complete below tasks
+- name: Checking whether administrative login used
+  when: ansible_facts["user_id"] not in (admins | map(attribute="username") | list)
+  ansible.builtin.fail:
+    msg: Administrative user does not exist on managed node
+- name: Prohibiting SSH root login
+  when: harden
+  become: true
+  ansible.builtin.copy:
+    src: sshd_config.d/denyroot.conf
+    dest: /etc/ssh/sshd_config.d/denyroot.conf
+    owner: root
+    group: root
+    mode: "644"
+    force: true
+    backup: true
+    validate: "sshd -t %s"
+- name: Create groups for FTP services
+  when: "'internal-sftp' in item.service or 'proftpd' in item.service or 'vsftpd' in item.service"
+  become: true
+  ansible.builtin.group:
+    name: "{{ item.username }}"
+    system: true
+    state: present
+  loop: "{{ sys_users }}"
+  register: ftp_groups
+- name: Configuring SFTP for FTP group
+  become: true
+  ansible.builtin.template:
+    src: sshd_config.d/sftp.conf.j2
+    dest: /etc/ssh/sshd_config.d/sftp.conf
+    owner: root
+    group: root
+    mode: "644"
+    force: true
+    backup: true
+    validate: "sshd -t %s"
+  register: configured_sftp