2021-11-29 10:04:16 +01:00
|
|
|
---
|
|
|
|
# tasks file for base
|
|
|
|
|
|
|
|
- name: "Check if all variable is here"
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- root_password is defined
|
|
|
|
|
|
|
|
- name: Change root password
|
|
|
|
user:
|
|
|
|
name: root
|
|
|
|
password: "{{ root_password | string | password_hash('sha512') }}"
|
|
|
|
update_password: "always"
|
|
|
|
no_log: "{{ no_log | default(true) }}"
|
|
|
|
|
|
|
|
- name: Generate SSH key
|
|
|
|
community.crypto.openssh_keypair:
|
|
|
|
path: /root/.ssh/id_ed25519
|
|
|
|
type: ed25519
|
2023-04-16 20:27:09 +02:00
|
|
|
mode: "0600"
|
2021-11-29 10:04:16 +01:00
|
|
|
comment: "root@{{ inventory_hostname }}"
|
|
|
|
force: "{{ force_ssh_key_regen | default(false) }}"
|
|
|
|
|
|
|
|
- name: Get Public Keys
|
|
|
|
ansible.builtin.fetch:
|
|
|
|
src: /root/.ssh/id_ed25519.pub
|
|
|
|
flat: true
|
|
|
|
dest: "public_keys/{{ inventory_hostname }}/"
|
|
|
|
|
|
|
|
- name: Merge authorized_key list
|
|
|
|
set_fact:
|
|
|
|
ssh_pub_keys: "{{ default_ssh_pub_keys + (extra_ssh_pub_keys | default([])) }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: Add authorized key
|
|
|
|
ansible.posix.authorized_key:
|
|
|
|
user: root
|
|
|
|
key: "{{ ssh_pub_keys | join('\n') }}"
|
|
|
|
exclusive: true
|