earnest ma 2022-07-04 13:26:16 -04:00
parent 82ce09f773
commit c54cd719e9
Signed by: earnest ma
GPG Key ID: A343F43342EB6E2A
4 changed files with 32 additions and 0 deletions

View File

@ -5,3 +5,8 @@
daemon_reload: yes
enabled: yes
state: restarted
- name: restart_sshd
ansible.builtin.systemd:
name: sshd.service
state: restarted

View File

@ -8,6 +8,7 @@
- include: packages.yml
- include: users.yml
- include: nix.yml
- include: sshd.yml
- name: Disable wake on USB
import_tasks: disable_usb_wake.yml

View File

@ -0,0 +1,14 @@
---
- name: Disable password-based SSH root login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin prohibit-password'
notify: restart_sshd
# - name: Disable password authentication
# lineinfile:
# path: /etc/ssh/sshd_config
# regexp: '^PasswordAuthentication'
# line: 'PasswordAuthentication no'
# notify: restart_sshd

View File

@ -1,7 +1,19 @@
---
- name: Sudo group
group:
name: sudo
state: present
- name: Configure user earne
user:
name: earne
comment: earnest ma
shell: /usr/bin/zsh
groups: docker,earne,mock,wheel
- authorized_key:
user: earne
state: present
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClkhr7Rc2qbSEQ+MkEsD/147gb0pShJt+odxis76WRe main
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcKxz8Risfe13F+LxnUD5V1kApoxDtU7dO901SJiP6J backupk