73 lines
1.6 KiB
YAML
73 lines
1.6 KiB
YAML
- name: Configura container LXC
|
|
hosts: lxc_containers
|
|
vars:
|
|
ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
|
|
gather_facts: false
|
|
become: yes
|
|
|
|
tasks:
|
|
- name: Ensure SSH is installed
|
|
ansible.builtin.apt:
|
|
name: openssh-server
|
|
state: present
|
|
update_cache: yes
|
|
|
|
|
|
- name: Ensure SSH is running
|
|
ansible.builtin.systemd:
|
|
name: ssh
|
|
state: started
|
|
enabled: yes
|
|
|
|
|
|
- name: Configure SSH to allow root login
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PermitRootLogin'
|
|
line: 'PermitRootLogin yes'
|
|
notify: Restart SSH
|
|
|
|
|
|
- name: Disable DNS lookup to speed up SSH login
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?UseDNS'
|
|
line: 'UseDNS no'
|
|
notify: Restart SSH
|
|
|
|
|
|
- name: Ensure .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
|
|
|
|
- name: Install authorized_keys for root
|
|
ansible.builtin.copy:
|
|
dest: /root/.ssh/authorized_keys
|
|
content: "{{ ssh_public_key }}"
|
|
mode: '0600'
|
|
owner: root
|
|
group: root
|
|
|
|
|
|
- name: Configure SSH for key-only root login
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/ssh/sshd_config
|
|
block: |
|
|
PermitRootLogin prohibit-password
|
|
PasswrodAuthentication no
|
|
UseDNS no
|
|
notify: Restart SSH
|
|
|
|
|
|
|
|
|
|
handlers:
|
|
- name: Restart SSH
|
|
ansible.builtin.service:
|
|
name: ssh
|
|
state: restarted
|