--- - name: Create groups group: name={{ item.name }} state=present with_items: "{{ itix_groups }}" tags: bootstrap - name: Create users user: state=present name={{ item.login }} group={{ item.group }} groups={{ item.groups }} uid={{ item.uid }} comment={{ item.comment }} password={{ item.password }} with_items: "{{ itix_users }}" tags: bootstrap - name: Create the .ssh directory for users file: state=directory owner={{ item.login }} group={{ item.group }} mode=0700 path=/home/{{ item.login }}/.ssh with_items: "{{ itix_users }}" tags: bootstrap - name: Set a strong root password (only usable from console) user: name=root password={{ root_password }} tags: bootstrap - name: Set SSH key for users authorized_key: user={{ item.login }} key="{{ item.ssh_public_key }}" with_items: "{{ itix_users }}" when: "item.ssh_public_key is defined" tags: bootstrap - name: Tell SSHD not to use DNS lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *UseDNS +" line="UseDNS no" notify: restart sshd tags: config - name: Tell SSHD to forbid root accesses lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PermitRootLogin +" line="PermitRootLogin no" notify: restart sshd tags: config - name: Tell SSHD to forbid password accesses lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PasswordAuthentication +" line="PasswordAuthentication no" notify: restart sshd tags: config - name: Install some software dnf: name={{ item }} state=installed with_items: - vim-enhanced - tmux - unzip - tcpdump - telnet - strace - man-pages - man - iptraf - wget - openssh-clients tags: rpm - name: Fix /etc/environment to include PATH lineinfile: dest=/etc/environment regexp="^PATH=" line="PATH=/bin:/usr/bin:/sbin:/usr/sbin" tags: config - name: Set the hostname command: hostnamectl set-hostname {{ inventory_hostname_short }} --static tags: - config - dns - name: Ensure consistent locale across systems (1/2) lineinfile: dest=/etc/locale.conf regexp="^LANG=" line="LANG=en_US.utf8" - name: Ensure consistent locale across systems (2/2) lineinfile: dest=/etc/locale.conf line="LC_CTYPE=en_US.utf8"