--- # tasks file for ssh - name: Add group ansible.builtin.group: name: "{{ ssh_item.name }}" state: present loop: "{{ ssh_users }}" loop_control: loop_var: ssh_item - name: Add user ansible.builtin.user: name: "{{ ssh_item.name }}" group: "{{ ssh_item.name }}" home: /home/{{ ssh_item.name }} create_home: true shell: /bin/bash state: "{{ ssh_item.state }}" loop: "{{ ssh_users }}" loop_control: loop_var: ssh_item - name: Add authorized_key ansible.posix.authorized_key: user: "{{ ssh_item.0.name }}" key: "{{ ssh_item.1.key }}" exclusive: "{{ ssh_item.0.exclusive }}" state: "{{ ssh_item.0.state }}" loop: "{{ ssh_users | subelements('keys') }}" loop_control: loop_var: ssh_item - name: Add sudoer rule for local user ansible.builtin.template: src: templates/10_allowed_suoders.j2 dest: /etc/sudoers.d/10_allowed_suoders owner: root group: root mode: '0440' validate: /usr/sbin/visudo -csf %s - name: Add hardened SSH config ansible.builtin.template: src: templates/00-sshd.conf.j2 dest: /etc/ssh/sshd_config.d/00-sshd.conf owner: root group: root mode: '0600' validate: /usr/sbin/sshd -t -f %s notify: Reload SSH - name: Set bash profile ansible.builtin.copy: src: files/profile.d/00-bash.sh dest: /etc/profile.d/00-bash.sh owner: root group: root mode: '0644' - name: Set vim config ansible.builtin.copy: src: files/vim/vimrc.local dest: /etc/vim/vimrc.local owner: root group: root mode: '0644'