ansible-ppm/roles/baseline/tasks/rootuser.yml

- name: Set root password
  ansible.builtin.user:
    name: root
    password: "{{ root_password }}"

- name: Ensure ssh directory for root
  ansible.builtin.file:
    state: directory
    path: /root/.ssh
    owner: root
    group: root
    mode: "0700"

- name: Set authorized keys for root
  ansible.builtin.copy:
    content: "{{ root_sshkeys | join('\n') }}"
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: "0600"

- name: Only allow root ssh
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    line: "PermitRootLogin prohibit-password"
    regexp: "^PermitRootLogin "
  notify: Restart sshd
initial commit 2024-10-16 21:13:17 +02:00			`- name: Set root password`
			`ansible.builtin.user:`
			`name: root`
			`password: "{{ root_password }}"`

			`- name: Ensure ssh directory for root`
			`ansible.builtin.file:`
			`state: directory`
			`path: /root/.ssh`
			`owner: root`
			`group: root`
			`mode: "0700"`

			`- name: Set authorized keys for root`
			`ansible.builtin.copy:`
			`content: "{{ root_sshkeys \| join('\n') }}"`
			`dest: /root/.ssh/authorized_keys`
			`owner: root`
			`group: root`
			`mode: "0600"`

			`- name: Only allow root ssh`
			`ansible.builtin.lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`line: "PermitRootLogin prohibit-password"`
			`regexp: "^PermitRootLogin "`
			`notify: Restart sshd`