do-initial.yml

---
- hosts: all
  remote_user: root
  sudo: no
  tasks:
    - name: Add user wrboyce
      action: user name=wrboyce comment="Will Boyce" groups=sudo password="<bzzt>"

    - name: Add SSH key to user wrboyce
      action: authorized_key user=wrboyce key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

    - name: Disallow root SSH access
      action: lineinfile dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present
      notify: restart ssh

    - name: Disallow SSH password authentication
      action: lineinfile dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
      notify: restart ssh

    - name: Disallow SSH GSS API authentication
      action: lineinfile dest=/etc/ssh/sshd_config regexp="^GSSAPIAuthentication" line="GSSAPIAuthentication no" state=present
      notify: restart ssh

  handlers:
    - name: restart ssh
      service: name=ssh state=restarted

initial.yml

- hosts: all
  remote_user: wrboyce
  sudo: yes
  tasks:
    - name: Install packages
      action: apt pkg={{ item }} state=installed update_cache=true
      with_items:
      - curl
      - git
      - zsh

    - name: Install zsh config
      shell: curl -s https://raw.githubusercontent.com/wrboyce/oh-my-zsh-custom/master/tools/install.sh | sh
      sudo: no

    - name: Set shell to zsh
      user: name=wrboyce shell=/bin/zsh