--- - hosts: irc-etc become: yes handlers: - name: Restart ssh service: name: ssh state: restarted tasks: - name: ping host ping: - name: Allow passwordless sudo lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD:ALL' validate: 'visudo -cf %s' - name: Create admin user user: name: joe groups: sudo shell: /bin/bash - name: Create normal user user: name: pew shell: /bin/bash - name: Add authorized ssh key from localhost authorized_key: user: "{{ item }}" state: present key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" with_items: - joe - pew - name: Disable password ssh lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present notify: Restart ssh # May have to be done manually - name: Disallow root SSH access lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present notify: Restart ssh - name: Update apt and upgrade packages apt: update_cache: yes upgrade: yes - name: Install packages apt: pkg: - apt-transport-https - ca-certificates - curl - git - gnupg - htop - iodine - mosh - oidentd - software-properties-common - tmux - weechat - zsh state: latest - name: Add Docker and Syncthing GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg - name: Add Docker and Syncthing APT repository apt_repository: repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_lsb.codename}} stable - name: Update apt apt: update_cache: yes # May require a reboot - name: Install Docker & Synthing apt: pkg: - docker-ce - docker-compose state: latest - name: Add admin user to docker group user: name: joe groups: docker append: yes