Replace references with properties and add SSH key

This commit is contained in:
Sam A. 2023-04-17 16:03:32 +02:00 committed by Sam Al-Sapti
parent 4c06b5d505
commit 8dd399f483
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
3 changed files with 13 additions and 6 deletions

View file

@ -1,6 +1,5 @@
# vim: ft=yaml.ansible
---
ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
hostname: pi
timezone: Europe/Copenhagen
@ -9,3 +8,7 @@ hdd_mount_point: /opt/{{ hdd_name }}
ssd_name: pi-ssd
ssd_mount_point: /opt/{{ ssd_name }}
ssh_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf

View file

@ -14,9 +14,10 @@
- name: Change GPIO_PIN
ansible.builtin.lineinfile:
path: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
regexp: '^GPIO_PIN = '
line: GPIO_PIN = 14
dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
state: present
listen: pi-fan-controller
- name: Install requirements for pi-fan-controller

View file

@ -3,26 +3,29 @@
- name: Add public SSH key to default user
ansible.posix.authorized_key:
user: "{{ ansible_user }}"
key: "{{ ssh_key }}"
key: "{{ ssh_keys | join('\n') }}"
exclusive: true
- name: Allow SSH login with public keys
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PubkeyAuthentication '
line: PubkeyAuthentication yes
dest: /etc/ssh/sshd_config
state: present
notify: sshd
- name: Disallow SSH login with password
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication '
line: PasswordAuthentication no
dest: /etc/ssh/sshd_config
state: present
notify: sshd
- name: Disallow root login over SSH
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PermitRootLogin '
line: PermitRootLogin no
dest: /etc/ssh/sshd_config
state: present
notify: sshd