admin/skato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 3 Releases Wiki Activity

created new playbook for nonroot user login, moved package installation stage/order prior to user/group management

Browse Source
This commit is contained in:
xenobyte
2026-06-10 13:57:11 -04:00
parent c31acb2dcc
commit fc565fa3ce
2 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
administrate@homeserver.yml.example Normal file
View File

@@ -0,0 +1,29 @@
- name: Initialize homeserver
hosts: armitage
remote_user: senpai
tasks:
- name: Installing requisite packages
ansible.builtin.include_role:
name: init-server
tasks_from: userspace@install-pkgs
handlers_from: userspace
- name: Disable root user shell login
become: true
ansible.builtin.user:
name: root
shell: /sbin/nologin
tags:
- disable_root_shell
- name: Disable login for root user altogether
become: true
ansible.builtin.user:
name: root
password: "'*'"
tags:
- disable_root_login
- name: Configuring aliases for using git
community.general.git_config:
name: "alias.{{ item[0] }}"
scope: global
value: "{{ item[1] }}"
loop: []

21
init@homeserver.yml.example
View File

@@ -5,8 +5,8 @@
vars: vars:
harden: true harden: true
local_facts: local_facts:
user_dir: ~ user_id: ~ # REQUIRED
user_id: ~ user_dir: ~ # REQUIRED
tasks: tasks:
- name: Hardening SSH server - name: Hardening SSH server
ansible.builtin.include_role: ansible.builtin.include_role:
@@ -17,12 +17,15 @@
# defaults_from: main # not required. File to load from a role's C(defaults/) directory. # defaults_from: main # not required. File to load from a role's C(defaults/) directory.
# allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters. # allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
# handlers_from: main # not required. File to load from a role's C(handlers/) directory. # handlers_from: main # not required. File to load from a role's C(handlers/) directory.
- name: Installing requisite packages
ansible.builtin.include_role:
name: init-server
tasks_from: core@install-pkgs
handlers_from: core
# - name: Reboot machine for shell environment change
# ansible.builtin.reboot:
# msg: Rebooting machine
- name: Initializing groups and users - name: Initializing groups and users
ansible.builtin.include_role: ansible.builtin.include_role:
name: init-server # required. The name of the role to be executed. name: init-server
# apply: # not required. Accepts a hash of task keywords (e.g. C(tags), C(become)) that will be applied to all tasks within the included role. tasks_from: ssh-users
tasks_from: ssh-users # not required. File to load from a role's C(tasks/) directory.
vars_from: main # not required. File to load from a role's C(vars/) directory.
defaults_from: main # not required. File to load from a role's C(defaults/) directory.
# allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
# handlers_from: main # not required. File to load from a role's C(handlers/) directory.