| - name: Allow CouchDB Infra access |
| authorized_key: |
| user: root |
| state: present |
| key: "{{ item }}" |
| with_items: |
| - https://github.com/davisp.keys |
| - https://github.com/kocolosk.keys |
| - https://github.com/nickva.keys |
| - https://github.com/wohali.keys |
| |
| - name: Lock root account |
| user: |
| name: root |
| password_lock: true |
| |
| - name: Disable password authentication |
| lineinfile: |
| dest: /etc/ssh/sshd_config |
| regexp: '^(#\s*)?PasswordAuthentication' |
| line: "PasswordAuthentication no" |
| state: present |
| notify: restart sshd |
| |
| - name: Disable empty password login |
| lineinfile: |
| dest: /etc/ssh/sshd_config |
| regexp: '^(#\s*)?PermitEmptyPasswords' |
| line: 'PermitEmptyPasswords no' |
| notify: restart sshd |
| |
| - name: Disable challenge response authentication |
| lineinfile: |
| dest: /etc/ssh/sshd_config |
| regexp: '^(#\s*)?ChallengeResponseAuthentication' |
| line: 'ChallengeResponseAuthentication no' |
| notify: restart sshd |
| |
| - name: Install basic ubiquitous packages |
| apt: |
| name: "{{ packages }}" |
| state: latest |
| update_cache: yes |
| cache_valid_time: 3600 |
| vars: |
| packages: |
| - apt-transport-https |
| - atop |
| - ca-certificates |
| - curl |
| - git |
| - gnupg2 |
| - iftop |
| - iperf3 |
| - mtr-tiny |
| - nload |
| - ntp |
| - python3 |
| - runit |
| - runit-systemd |
| - screen |
| - software-properties-common |
| - strace |
| - sudo |
| - tcpdump |
| - tmux |
| - vim |
| - wget |