deploy/ansible/roles/configure/tasks/main.yml
- name: set hostname
hostname: name={{hostname}}
- name: add loopback references to our domain in /etc/hosts
lineinfile: "dest=/etc/hosts line='127.0.0.1 {{hostname}} {{fqdn}}'"
- name: get github public key
command: /usr/bin/ssh-keyscan github.com
register: github_keyscan
- name: add github key to ssh known hosts
lineinfile: dest=/etc/ssh/ssh_known_hosts
create=yes
regexp='^github.com'
line="{{github_keyscan.stdout}}"
- name: ensure ssh agent socket environment variable persists when sudoing
lineinfile: dest=/etc/sudoers
insertafter='^Defaults'
line='Defaults env_keep += "SSH_AUTH_SOCK"'
state=present
validate='visudo -cf %s'
- name: disallow password authentication
lineinfile: dest=/etc/ssh/sshd_config regexp="/^PasswordAuthentication/" line="PasswordAuthentication no"
- name: disallow challenge response authentication
lineinfile: dest=/etc/ssh/sshd_config regexp="/^ChallengeResponseAuthentication/" line="ChallengeResponseAuthentication no"
- name: log file exists
file: path={{site_log_file}} state=touch owner={{site_user}} group={{site_group}}
- name: sync all users
user: name={{item.name}} state={{item.state}} groups={{item.groups}} password={{item.shadow_pass}} shell={{item.shell | default("/bin/bash") }} force=yes
with_items: users
- name: sync all users keys
authorized_key: user={{item.0.name}} key="{{item.1.key}}" state={{item.1.state}}
with_subelements:
- users
- keys
- name: ensure absent users' home directories are removed
file: path=/home/{{item.name}} state={{ (item.state == 'present') | ternary('directory', 'absent')}}
with_items: users