diff --git a/roles/distro/tasks/main.yml b/roles/distro/tasks/main.yml index 83f12a2..9e06dc8 100644 --- a/roles/distro/tasks/main.yml +++ b/roles/distro/tasks/main.yml @@ -2,3 +2,4 @@ - include: debian.yml when: ansible_distribution == 'Debian' - include: modules.yml +- include: ssh.yml diff --git a/roles/distro/tasks/ssh.yml b/roles/distro/tasks/ssh.yml new file mode 100644 index 0000000..85b9093 --- /dev/null +++ b/roles/distro/tasks/ssh.yml @@ -0,0 +1,20 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: ssh.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: ssh.service + state: restarted + when: changed_ssh_config.changed == true diff --git a/roles/home/tasks/dirs.yml b/roles/home/tasks/dirs.yml index 1f01bec..e6f9fc1 100644 --- a/roles/home/tasks/dirs.yml +++ b/roles/home/tasks/dirs.yml @@ -19,3 +19,8 @@ file: path: "{{ ansible_env.HOME }}/.config/autostart" state: directory +- name: Create ~/.ssh directory + file: + path: "{{ ansible_env.HOME }}/.ssh" + state: directory + mode: '0700' diff --git a/roles/home/tasks/main.yml b/roles/home/tasks/main.yml index 5f0cb5d..dc3c748 100644 --- a/roles/home/tasks/main.yml +++ b/roles/home/tasks/main.yml @@ -7,3 +7,4 @@ - include: mate.yml - include: shell.yml - include: vim.yml +- include: ssh-authorized-keys.yml diff --git a/roles/home/tasks/ssh-authorized-keys.yml b/roles/home/tasks/ssh-authorized-keys.yml new file mode 100644 index 0000000..d98b1cf --- /dev/null +++ b/roles/home/tasks/ssh-authorized-keys.yml @@ -0,0 +1,13 @@ +--- +- name: Add home key to authorized_keys + lineinfile: + path: "{{ ansible_env.HOME }}/.ssh/authorized_keys" + line: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUfTUp1m8MUCjj0Vu8E9sVGwvf4FWL4QcaZ6m8gK5+xGZl+w+yAcb1acH/96Y0DaP4ZNDassC5OlE6F1oJ+cIKtTykXBxqlChLRDCdX8JCt3sBaVmEcRJ0v8MMQrqWX2ajAW6fC/zNYJ4qbhTMGLiEUPbYu7gZKn0e+MEPBRrxdXzqVLTBq0RMelGx74UpZUwzwROq+VxLsFrumFZNFNJL+rWEK3XO5SsQkNp5QNYluIr8+WDbVU6V2thgJTcFpWWWYVg/al5iY5/bcnVSpzoab7Xxo98OYzpSrY0g+CqkLQkfRehOUMeEOGQYZxpUaXFhg2jE+Kf7W2gm3CeJWTzP anthony@acperkins.com" + create: yes + mode: '0600' +- name: Add work key to authorized_keys + lineinfile: + path: "{{ ansible_env.HOME }}/.ssh/authorized_keys" + line: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjRPqXzNlrmPWGC6yRCnZszewblS6JcQeNBkHuNmWD9WoMFGLvjkl+NGiC01k9su4JMfz6vOvNG1A6J16+uhEz0+Q70Z/kCM91EqYK8iiGA+qfC2y5PMA10BtWInQ9OqPbanv38ZBB7+afOcEbGR3CC56rp/uibwdBo2RpVRjAjZfsC64tZ6Pt8C55rVvBeZwNtXtw9RIwKAJGmlBsZEdIKpTHIf2IDfPWX3OLahcNA5/6aNB65qQV7fqQXEgBSjJmMsdCD8Jy5O+f7rzC+kFxozB/36mV1pBgZhT/iTK9fFJip0vyFFjk4CPRRbrnnJUBod/aGfWAP876b/0DXviWQ== anthony.perkins@mkcollege.ac.uk" + create: yes + mode: '0600'