qduc · May 31, 2020 13:35
diff --git a/initial_setup.yml b/initial_setup.yml
 #################################################
 # DO Community Playbooks: Initial Server Setup
 #################################################
 ---
 - hosts: all
  become: true
  vars_files:
    - vars/default.yml
  vars_prompt:
    - name: ip_addr
      prompt: "Enter static IP [ENTER to skip]"
      private: no
    - name: hostname
      prompt: "Enter hostname [ENTER to skip]"
      private: no
  tasks:

 # Sudo Group Setup
    - name: Make sure we have a 'wheel' group
      group:
        name: wheel
        state: present

    - name: Allow 'wheel' group to have passwordless sudo
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%wheel'
        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
        validate: '/usr/sbin/visudo -cf %s'

 # User + Key Setup
    - name: Create a new regular user with sudo privileges
      user:
        name: "{{ create_user }}"
        state: present
        groups: wheel
        append: true
        create_home: true
        shell: /bin/bash

    - name: Set authorized key for remote user
      authorized_key:
        user: "{{ create_user }}"
        state: present
        key: "{{ copy_local_key }}"

    - name: Disable password authentication for root
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin prohibit-password'
      notify: restart sshd

 # Fix slow ssh login
    - name: Fix slow ssh login
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        regexp: "{{ item.regexp }}"
        line: "{{ item.line }}"
      with_items:
        - { regexp: '^#?UseDNS', line: 'UseDNS no' }
        - { regexp: '^#?GSSAPIAuthentication ', line: 'GSSAPIAuthentication no' }
      notify: restart sshd

 # Configure static IP (todo)
    - name: Set static IP
      debug:
      when: ip_addr != ''

 # Configure hostname
    - name: Configure hostname
      lineinfile:
        path: /etc/hostname
        state: present
        regexp: 'localhost.localdomain'
        line: "{{ hostname }}"
      when: hostname != ''

  handlers:
    - name: restart sshd
      service:
        name: sshd
        state: restarted
diff --git a/vars.yml b/vars.yml
 ---
 create_user: your_username_here
 copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/local.id_rsa.pub') }}"
	#################################################
	# DO Community Playbooks: Initial Server Setup
	#################################################
	---
	- hosts: all
	become: true
	vars_files:
	- vars/default.yml
	vars_prompt:
	- name: ip_addr
	prompt: "Enter static IP [ENTER to skip]"
	private: no
	- name: hostname
	prompt: "Enter hostname [ENTER to skip]"
	private: no
	tasks:

	# Sudo Group Setup
	- name: Make sure we have a 'wheel' group
	group:
	name: wheel
	state: present

	- name: Allow 'wheel' group to have passwordless sudo
	lineinfile:
	path: /etc/sudoers
	state: present
	regexp: '^%wheel'
	line: '%wheel ALL=(ALL) NOPASSWD: ALL'
	validate: '/usr/sbin/visudo -cf %s'

	# User + Key Setup
	- name: Create a new regular user with sudo privileges
	user:
	name: "{{ create_user }}"
	state: present
	groups: wheel
	append: true
	create_home: true
	shell: /bin/bash

	- name: Set authorized key for remote user
	authorized_key:
	user: "{{ create_user }}"
	state: present
	key: "{{ copy_local_key }}"

	- name: Disable password authentication for root
	lineinfile:
	path: /etc/ssh/sshd_config
	state: present
	regexp: '^#?PermitRootLogin'
	line: 'PermitRootLogin prohibit-password'
	notify: restart sshd

	# Fix slow ssh login
	- name: Fix slow ssh login
	lineinfile:
	path: /etc/ssh/sshd_config
	state: present
	regexp: "{{ item.regexp }}"
	line: "{{ item.line }}"
	with_items:
	- { regexp: '^#?UseDNS', line: 'UseDNS no' }
	- { regexp: '^#?GSSAPIAuthentication ', line: 'GSSAPIAuthentication no' }
	notify: restart sshd

	# Configure static IP (todo)
	- name: Set static IP
	debug:
	when: ip_addr != ''

	# Configure hostname
	- name: Configure hostname
	lineinfile:
	path: /etc/hostname
	state: present
	regexp: 'localhost.localdomain'
	line: "{{ hostname }}"
	when: hostname != ''

	handlers:
	- name: restart sshd
	service:
	name: sshd
	state: restarted
	---
	create_user: your_username_here
	copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/local.id_rsa.pub') }}"