87 lines
1.6 KiB
YAML
87 lines
1.6 KiB
YAML
- name: Change hostname
|
|
hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
|
|
- name: Update packages
|
|
community.general.pacman:
|
|
update_cache: yes
|
|
upgrade: yes
|
|
|
|
- name: Install utility packages
|
|
community.general.pacman:
|
|
name:
|
|
- neovim
|
|
- neofetch
|
|
- fish
|
|
- htop
|
|
- tmux
|
|
- git
|
|
- cronie
|
|
- progress
|
|
- rsync
|
|
- man-db
|
|
|
|
state: present
|
|
|
|
- name: Disable SSH password auth
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#PasswordAuthentication yes"
|
|
line: "PasswordAuthentication no"
|
|
register: sshd_config
|
|
|
|
- name: Change SSH port
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#Port 22"
|
|
line: "Port {{ sshd_port }}"
|
|
register: sshd_config
|
|
|
|
- name: Restart SSHD
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
when: sshd_config.changed
|
|
|
|
- name: Disable root login
|
|
user:
|
|
name: root
|
|
password: "*"
|
|
|
|
- name: Create unpriviledged user
|
|
user:
|
|
name: "{{ username }}"
|
|
|
|
- name: Deploy SSH key to unpriviledged user
|
|
ansible.posix.authorized_key:
|
|
user: "{{ username }}"
|
|
state: present
|
|
key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}.pub')}}"
|
|
|
|
- name: Deploy keyfile
|
|
copy:
|
|
src: k5e
|
|
dest: /k5e
|
|
mode: 0600
|
|
|
|
- name: Setup crypttab
|
|
community.general.crypttab:
|
|
backing_device: "{{ secondary_disk }}"
|
|
name: disk
|
|
state: present
|
|
password: /k5e
|
|
|
|
- name: Decrypt secondary disk
|
|
luks_device:
|
|
device: "{{ secondary_disk }}"
|
|
keyfile: /k5e
|
|
name: disk
|
|
state: opened
|
|
|
|
- name: Setup fstab
|
|
mount:
|
|
path: /mnt/disk
|
|
src: /dev/mapper/disk
|
|
state: mounted
|
|
fstype: ext4
|