only set root pass/ssh keys if vars are set
This commit is contained in:
parent
1bd7ae2913
commit
0cdef8be5b
1 changed files with 4 additions and 0 deletions
|
|
@ -2,6 +2,7 @@
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: root
|
name: root
|
||||||
password: "{{ root_password }}"
|
password: "{{ root_password }}"
|
||||||
|
when: root_password is defined
|
||||||
|
|
||||||
- name: Ensure ssh directory for root
|
- name: Ensure ssh directory for root
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
@ -10,6 +11,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
when: root_sshkeys is defined
|
||||||
|
|
||||||
- name: Set authorized keys for root
|
- name: Set authorized keys for root
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
|
|
@ -18,6 +20,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
when: root_sshkeys is defined
|
||||||
|
|
||||||
- name: Only allow root ssh
|
- name: Only allow root ssh
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
|
|
@ -25,3 +28,4 @@
|
||||||
line: "PermitRootLogin prohibit-password"
|
line: "PermitRootLogin prohibit-password"
|
||||||
regexp: "^PermitRootLogin "
|
regexp: "^PermitRootLogin "
|
||||||
notify: Restart sshd
|
notify: Restart sshd
|
||||||
|
when: root_sshkeys is defined
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue