diff --git a/roles/immortal/tasks/main.yml b/roles/immortal/tasks/main.yml index 9fec248..456ab4e 100644 --- a/roles/immortal/tasks/main.yml +++ b/roles/immortal/tasks/main.yml @@ -7,7 +7,8 @@ - name: Backup ssh config fetch: src: /etc/ssh/sshd_config - dest: "{{ inventory_hostname }}" + dest: "{{ inventory_hostname }}" + become: yes - name: Backup os-release fetch: @@ -31,7 +32,8 @@ state: present key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" exclusive: yes - become: yes + become: yes + - name: Give all users exclusively the current controller user's SSH key ansible.posix.authorized_key: @@ -39,46 +41,47 @@ state: present key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" exclusive: yes - become: yes - loop: "{{ users_list.users }}" + become: yes + loop: "{{ users_list.users }}" -- name: Ensure UFW is installed - package: - name: ufw - state: present +- block: + - name: Ensure UFW is installed + package: + name: ufw + state: present -- name: Configure ufw defaults - ufw: direction={{ item.direction }} policy={{ item.policy }} - with_items: - - { direction: 'incoming', policy: 'deny' } - - { direction: 'outgoing', policy: 'allow' } - notify: - - restart ufw + - name: Configure ufw defaults + ufw: direction={{ item.direction }} policy={{ item.policy }} + with_items: + - { direction: 'incoming', policy: 'deny' } + - { direction: 'outgoing', policy: 'allow' } + notify: + - restart ufw -- name: Configure ufw rules - ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }} - with_items: - - { rule: 'limit', port: '22', proto: 'tcp' } - notify: - - restart ufw + - name: Configure ufw rules + ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }} + with_items: + - { rule: 'limit', port: '22', proto: 'tcp' } + notify: + - restart ufw -- name: Enable ufw logging - ufw: logging=on - notify: - - restart ufw + - name: Enable ufw logging + ufw: logging=on + notify: + - restart ufw -- name: Enable ufw - ufw: state=enabled - -- name: Change root password - user: - name: root - shell: /bin/bash - password: "{{ genPass.stdout | password_hash('sha512') }}" - -- name: Change admin password - user: - name: "{{ ansible_user }}" - shell: /bin/bash - password: "{{ genPass.stdout | password_hash('sha512') }}" + - name: Enable ufw + ufw: state=enabled + + - name: Change root password + user: + name: root + shell: /bin/bash + password: "{{ genPass.stdout | password_hash('sha512') }}" + - name: Change admin password + user: + name: "{{ ansible_user }}" + shell: /bin/bash + password: "{{ genPass.stdout | password_hash('sha512') }}" + become: yes