- hosts: vpn remote_user: root gather_facts: false vars: create_user: josiah copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}" sys_packages: [ 'curl', 'vim', 'git', 'fail2ban' ] tasks: - name: Make sure we have a 'sudo' group group: name: sudo state: present - name: Allow sudo group to have passwordless sudo lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' validate: '/usr/sbin/visudo -cf %s' - name: Create a new regular user with sudo privileges user: name: "{{ create_user }}" state: present groups: sudo append: true create_home: true shell: /bin/bash - name: Set authorized key for remote user authorized_key: user: "{{ create_user }}" state: present key: "{{ copy_local_key }}" - name: Disable password authentication for root lineinfile: path: /etc/ssh/sshd_config state: present regexp: '^#?PermitRootLogin' line: 'PermitRootLogin prohibit-password' - name: Update apt apt: update_cache=yes - name: Install required system packages apt: name={{ sys_packages }} state=latest