4 {{ [ 'root' ] | union(sshd_allowusers_group | default([]))
5 | union(sshd_allowusers_host | default([])) }}
7 - name: only allow pubkey auth for root
9 dest: /etc/ssh/sshd_config
10 regexp: "^PermitRootLogin"
11 line: "PermitRootLogin without-password"
14 - name: limit allowed users (1/3)
16 dest: /etc/ssh/sshd_config
17 regexp: "^#?AllowUsers"
18 line: "AllowUsers {{ ' '.join(sshd_allowusers) }}"
19 when: sshd_allowusers_set is defined and sshd_allowgroup is not defined
23 - name: "limit allowed users (2/3): Make sure AllowUsers is not in sshd_config"
25 dest: /etc/ssh/sshd_config
29 - name: "limit allowed users (2/3): Set AllowGroups in sshd_config"
31 dest: /etc/ssh/sshd_config
32 regexp: "^#?AllowGroups"
33 line: AllowGroups {{ sshd_allowgroup }}
35 - name: "limit allowed users (2/3): Add allowed users to ssh group"
38 groups: "{{ sshd_allowgroup }}"
40 with_items: "{{ sshd_allowusers }}"
42 when: sshd_allowgroup is defined
44 - name: limit allowed users (3/3)
46 dest: /etc/ssh/sshd_config
47 regexp: "^Allow(Users|Groups)"
49 when: sshd_allowusers_set is not defined and sshd_allowgroup is not defined
52 - name: Set authorized keys for root user
55 key: "{{ lookup('pipe','cat ssh/noc/*.pub') }}"
58 - name: disable apt suggests and recommends
59 copy: src=02no-recommends dest=/etc/apt/apt.conf.d/ mode=0644
61 - name: install basic packages
62 apt: name={{ item }} state=present
85 - name: install systemd specific packages
86 apt: name={{ item }} state=present
91 - name: set systemd-related environment variables
92 copy: src=xdg_runtime_dir.sh dest=/etc/profile.d/xdg_runtime_dir.sh mode=0644
94 when: ansible_service_mgr == "systemd"
97 copy: src={{ item.src }} dest={{ item.dest }} mode=0644
99 - { "src": "zprofile", "dest": "/etc/zsh/zprofile" }
100 - { "src": "zshrc", "dest": "/etc/zsh/zshrc" }
101 - { "src": "zshrc.skel", "dest": "/etc/skel/.zshrc" }
103 - name: set root default shell to zsh
104 user: name=root shell=/bin/zsh
106 - name: set default shell for adduser
107 lineinfile: dest=/etc/adduser.conf regexp={{ item.regexp }} line={{ item.line }}
109 - { regexp: "^DSHELL", line: "DSHELL=/bin/zsh" }