vm-ansible/roles/backuphost/tasks/main.yaml

63 lines
1.4 KiB
YAML

---
- name: "Add backup user"
ansible.builtin.user:
name: backup
comment: Backup user
shell: /bin/bash
- name: "Dsiable service user"
ansible.builtin.user:
name: service-user
state: present
password_lock: true
shell: "/sbin/nologin"
- name: Undefine AllowUsers
ansible.builtin.lineinfile:
state: absent
path: /etc/ssh/sshd_config
line: "AllowUsers tormakris ansible service-user"
- name: Check if AllowUsers is defined
ansible.builtin.lineinfile:
state: absent
path: /etc/ssh/sshd_config
regexp: "^AllowUsers"
check_mode: true
changed_when: false
register: checkallowusers
- name: Define AllowUsers if undefined
ansible.builtin.lineinfile:
state: present
path: /etc/ssh/sshd_config
line: "AllowUsers tormakris ansible backup"
when: checkallowusers.found == 0
- name: "Restart sshd"
ansible.builtin.service:
name: sshd
state: restarted
- name: Create .ssh directory of backup user
ansible.builtin.file:
path: /home/backup/.ssh
state: directory
- name: Copy authorized_keys
ansible.builtin.copy:
src: authorized_keys
dest: /home/backup/.ssh/authorized_keys
mode: 0600
owner: backup
group: backup
- name: Copy ssh config
ansible.builtin.copy:
src: ssh_config
dest: /home/backup/.ssh/config
mode: 0600
owner: backup
group: backup
...