vn-ansible/roles/config-root-user/tasks/main.yaml

103 lines
3.3 KiB
YAML

---
- name: "[CONFIG ROOT USER] Comprobando si es necesario configurar SSH root user"
meta: end_host
when: root_user_enabled is not defined or not root_user_enabled
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# delete default user , only on VM
- name: delete default user , only on VM
user:
name: "{{ name_user }}"
state: absent
remove: yes
# tags:
# - delete-user
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# change root password
- name: change root password
user:
name: root
password: "{{ ssh_password | password_hash('sha512') }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DISABLE to MAINTAIN AUTHORIZED KEYS FILE
# delete root ssh pub key in Authorized_keys
#- name: delete ssh pub key in /root/.ssh/authorized_keys
# file:
# path: "{{ root_authorized_keys }}"
# state: absent
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config sshd_config file , no root password
#- name: change sshd_config to no root password
# lineinfile:
# path: "{{ path_sshd_config_file }}"
# regexp: "PermitRootLogin yes"
# line: "#PermitRootLogin prohibit-password"
# state: present
# notify: Restart ssh service
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ ssh_daemon }}"
enabled: yes
#- name: change sshd_config to no root password
# copy:
# src: "{{ source_path_ssh }}"
# dest: "{{ dest_path_ssh }}"
# remote_src: yes
# owner: root
# group: root
# mode: '0644'
# delete file sshd_config.orig
#- name: delete /etc/ssh/sshd_config.orig file
# file:
# path: "{{ source_path_ssh }}"
# state: absent
# notify: Restart ssh service
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# changes .BASHRC file of root user
# step1 - uncomment lines
- name: uncomment this lines
lineinfile:
dest: "{{ path_bashrc_root }}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^# export LS_OPTIONS"
line: "{{ export_LS_OPTIONS }}"
- regexp: "^# eval"
line: "{{ eval_dircolors }}"
- regexp: "^# alias ls='ls $LS_OPTIONS'"
line: "{{ alias_ls }}"
- regexp: "^# alias ll='ls $LS_OPTIONS -l'"
line: "{{ alias_ll }}"
- regexp: "# alias la='ls $LS_OPTIONS -la'"
line: "{{ alias_la }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# step2 - add block lines
- name: add block lines
blockinfile:
path: "{{ path_bashrc_root }}"
block: |
### 4Loooong memories
HISTSIZE=10000
HISTFILESIZE=20000
### 4security
TMOUT=3600
### write auto label
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
source /etc/profile.d/bash_completion.sh
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++