vn-ansible/linux/base-config-debian/roles/config-root-user/tasks/main.yaml

88 lines
2.8 KiB
YAML
Raw Normal View History

2023-10-13 07:08:54 +00:00
---
2023-10-18 07:09:20 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-10-13 07:08:54 +00:00
# delete default user , only on VM
- name: delete default user , only on VM
user:
name: "{{ name_user }}"
state: absent
remove: yes
tags:
- delete-user
2023-10-18 07:09:20 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-10-13 07:08:54 +00:00
2023-10-18 07:09:20 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-10-13 07:08:54 +00:00
# change root password
- name: change root password
user:
name: root
password: "{{ ssh_password | password_hash('sha512') }}"
2023-10-18 07:09:20 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-10-13 07:08:54 +00:00
2023-10-18 07:09:20 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-10-13 07:08:54 +00:00
# config sshd_config file , no root password
- name: change sshd_config to no root password
lineinfile:
path: "{{ path_sshd_config_file }}"
regexp: "PermitRootLogin yes"
line: "#PermitRootLogin prohibit-password"
state: present
2023-10-18 08:58:33 +00:00
notify: Restart ssh service
#- name: change sshd_config to no root password
# copy:
# src: "{{ source_path_ssh }}"
# dest: "{{ dest_path_ssh }}"
# remote_src: yes
# owner: root
# group: root
# mode: '0644'
2023-10-13 07:08:54 +00:00
# delete file sshd_config.orig
#- name: delete /etc/ssh/sshd_config.orig file
# file:
# path: "{{ source_path_ssh }}"
# state: absent
# notify: Restart ssh service
2023-10-18 08:24:24 +00:00
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# changes .BASHRC file of root user
# step1 - uncomment lines
- name: uncomment this lines
lineinfile:
dest: "{{ path_bashrc_root }}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^# export LS_OPTIONS"
line: "export LS_OPTIONS='--color=auto'"
- regexp: "^# eval "$(dircolors)""
line: "eval "$(dircolors)""
- regexp: "^# alias ls='ls $LS_OPTIONS'"
line: "alias ls='ls $LS_OPTIONS'"
- regexp: "^# alias ll='ls $LS_OPTIONS -l'"
line: "alias ll='ls $LS_OPTIONS -l'"
- regexp: "# alias l='ls $LS_OPTIONS -lA'"
line: "alias l='ls $LS_OPTIONS -lA'"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# step2 - add block lines
- name: add block lines
blockinfile:
path: "{{ path_bashrc_root }}"
block: |
### 4Loooong memories
HISTSIZE=10000
HISTFILESIZE=20000
### 4security
TMOUT=3600
### write auto label
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
source /etc/profile.d/bash_completion.sh
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++