2 - name: only allow pubkey auth for root
4 dest: /etc/ssh/sshd_config
5 regexp: "^PermitRootLogin"
6 line: "PermitRootLogin without-password"
9 - name: limit allowed users (1/2)
11 dest: /etc/ssh/sshd_config
13 line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group | default([])) | union(sshd_allowusers_host | default([]))) }}"
14 when: sshd_allowusers_set | default(true)
17 - name: limit allowed users (2/2)
19 dest: /etc/ssh/sshd_config
22 when: not sshd_allowusers_set | default(true)
25 - name: Set authorized keys for root user
28 key: "{{ lookup('pipe','cat ssh/noc/*.pub') }}"
31 - name: disable apt suggests and recommends
32 copy: src=02no-recommends dest=/etc/apt/apt.conf.d/ mode=0644
34 - name: install basic packages
35 apt: name={{ item }} state=present
58 - name: install systemd specific packages
59 apt: name={{ item }} state=present
64 - name: set systemd-related environment variables
65 copy: src=xdg_runtime_dir.sh dest=/etc/profile.d/xdg_runtime_dir.sh mode=0644
67 when: ansible_service_mgr == "systemd"
70 copy: src={{ item.src }} dest={{ item.dest }} mode=0644
72 - { "src": "zprofile", "dest": "/etc/zsh/zprofile" }
73 - { "src": "zshrc", "dest": "/etc/zsh/zshrc" }
74 - { "src": "zshrc.skel", "dest": "/etc/skel/.zshrc" }
76 - name: set root default shell to zsh
77 user: name=root shell=/bin/zsh
79 - name: set default shell for adduser
80 lineinfile: dest=/etc/adduser.conf regexp={{ item.regexp }} line={{ item.line }}
82 - { regexp: "^DSHELL", line: "DSHELL=/bin/zsh" }