-
Notifications
You must be signed in to change notification settings - Fork 5
/
playbook.yaml
49 lines (48 loc) · 1.94 KB
/
playbook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
- hosts: default
become: true
remote_user: ubuntu
vars:
ansible_python_interpreter: /usr/bin/python3
vault_addr:
ansible_user_password:
ansible_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8xYZMmdFegfk4NCog1casM50GMQOzunGt1gjO0TNLPI4aJvfwL3BDyEMmvzvkyLKlAxhuQ9nPjYW5X6BK1kihHIBgpz3lweaXJWE0ITJEGjLpniSBvvXsQQA/Dq7wIc/l383aEaiqYDzmUhcndBkCPcHPd7WyGTQJl76Oh+ot0gabQzy/qfXdZNCnAIyCrVV9ZVlZmvEVcPLWq2wtP3y/9m027GVTh01KxaZjVHvT5gvjsniN3ZI908HsSTTwHXykXQQCTIOTfKPVvpr3lSiFomzGKVLQU8bkRz86ICn5UlXUNlzgNQbRA/JBM2W+o8XbzYhyoL+srQ7upPuWkcRrYYNnCk6Ag9fnUXTFAjOJdKZdhrxF2AuM/uEp+M0JwSwsCgilnm5nztZfRf9QHgKuYAvelu4325TtazIPXUiwXAsIKCl0UyWI5YTRu3lO8P3fpG0HyMIG1y0MukTMUEP13kp3sqjif374JIKdThksjEetIYw2H9DU5WEVVXrHXUs= burkey@erebor.local
tasks:
- name: Assign the CIS banchmark role
include_role:
name: ubuntu-18.04-cis-benchmark-for-ansible
- name: Update SSH configuration
include_role:
name: ansible-linux-ssh
- name: Create Ansible user
user:
name: ansible
password: '{{ ansible_user_password | password_hash("sha512") }}'
state: present
shell: /bin/bash
become: yes
become_method: sudo
- name: Assign sudo permissions to ansible user
copy:
content: 'ansible ALL=(ALL:ALL) NOPASSWD:ALL'
dest: /etc/sudoers.d/ansible
mode: 644
# # Deploy Vault Agent
# - name: Add HashiCorp GPG key
# apt_key:
# url: https://apt.releases.hashicorp.com/gpg
# state: present
# - name: Add HashiCorp repository
# apt_repository:
# repo: deb [arch=amd64] https://apt.releases.hashicorp.com "{{ ansible_facts['lsb']['codename'] }}" main
# state: present
# mode: 644
# - name: Install Vault
# apt:
# name: vault-enterprise
# state: present
# update_cache: true
# - name: Disable Vault Service
# service:
# name: vault
# enabled: no