created new playbook for nonroot user login, moved package installation stage/order prior to user/group management

2026-06-10 13:57:11 -04:00
parent c31acb2dcc
commit fc565fa3ce
2 changed files with 41 additions and 9 deletions
--- a/administrate@homeserver.yml.example
+++ b/administrate@homeserver.yml.example
@@ -0,0 +1,29 @@
+- name: Initialize homeserver
+  hosts: armitage
+  remote_user: senpai
+  tasks:
+    - name: Installing requisite packages
+      ansible.builtin.include_role:
+        name: init-server
+        tasks_from: userspace@install-pkgs
+        handlers_from: userspace
+    - name: Disable root user shell login
+      become: true
+      ansible.builtin.user:
+        name: root
+        shell: /sbin/nologin
+      tags:
+        - disable_root_shell
+    - name: Disable login for root user altogether
+      become: true
+      ansible.builtin.user:
+        name: root
+        password: "'*'"
+      tags:
+        - disable_root_login
+    - name: Configuring aliases for using git
+      community.general.git_config:
+        name: "alias.{{ item[0] }}"
+        scope: global
+        value: "{{ item[1] }}"
+      loop: []
--- a/init@homeserver.yml.example
+++ b/init@homeserver.yml.example
@@ -5,8 +5,8 @@
  vars:
    harden: true
    local_facts:
-      user_dir: ~
-      user_id: ~
+      user_id: ~ # REQUIRED
+      user_dir: ~ # REQUIRED
  tasks:
    - name: Hardening SSH server
      ansible.builtin.include_role:
@@ -17,12 +17,15 @@
        # defaults_from: main # not required. File to load from a role's C(defaults/) directory.
        # allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
        # handlers_from: main # not required. File to load from a role's C(handlers/) directory.
+    - name: Installing requisite packages
+      ansible.builtin.include_role:
+        name: init-server
+        tasks_from: core@install-pkgs
+        handlers_from: core
+    # - name: Reboot machine for shell environment change
+    #   ansible.builtin.reboot:
+    #     msg: Rebooting machine
    - name: Initializing groups and users
      ansible.builtin.include_role:
-        name: init-server  # required. The name of the role to be executed.
-        # apply:  # not required. Accepts a hash of task keywords (e.g. C(tags), C(become)) that will be applied to all tasks within the included role.
-        tasks_from: ssh-users # not required. File to load from a role's C(tasks/) directory.
-        vars_from: main # not required. File to load from a role's C(vars/) directory.
-        defaults_from: main # not required. File to load from a role's C(defaults/) directory.
-        # allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
-        # handlers_from: main # not required. File to load from a role's C(handlers/) directory.
+        name: init-server
+        tasks_from: ssh-users