18 lines
651 B
YAML
18 lines
651 B
YAML
---
|
|
- name: Harden SSH on all inventory hosts
|
|
hosts: all
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
sshd_config_path: /etc/ssh/sshd_config
|
|
sshd_dropin_dir: /etc/ssh/sshd_config.d
|
|
root_authorized_keys_path: /root/.ssh/authorized_keys
|
|
local_public_key_path: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa.pub"
|
|
ansible_user: "{{ lookup('env', 'BOOTSTRAP_ROOT_USER') | default('root', true) }}"
|
|
ansible_password: "{{ lookup('env', 'BOOTSTRAP_ROOT_PASSWORD') | default(omit, true) }}"
|
|
ansible_become_password: "{{ lookup('env', 'BOOTSTRAP_BECOME_PASSWORD') | default(omit, true) }}"
|
|
|
|
roles:
|
|
- role: harden_ssh_root_key_only
|