- name: Allow CouchDB Infra access authorized_key: user: "{{ ansible_user_id }}" state: present key: "{{ item }}" with_items: - https://github.com/davisp.keys - https://github.com/kocolosk.keys - https://github.com/nickva.keys - https://github.com/wohali.keys - https://github.com/big-r81.keys - https://github.com/janl.keys - name: Lock root account become: yes user: name: root password_lock: true - name: Disable password authentication become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?PasswordAuthentication' line: "PasswordAuthentication no" state: present notify: restart sshd - name: Disable empty password login become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?PermitEmptyPasswords' line: 'PermitEmptyPasswords no' notify: restart sshd - name: Disable challenge response authentication become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?ChallengeResponseAuthentication' line: 'ChallengeResponseAuthentication no' notify: restart sshd - name: Install basic ubiquitous packages become: yes apt: name: "{{ packages }}" state: latest update_cache: yes cache_valid_time: 3600 vars: packages: - apt-transport-https - atop - ca-certificates - curl - git - gnupg2 - iftop - iperf3 - mtr-tiny - nload - ntp - python3 - runit - runit-systemd - screen - software-properties-common - strace - sudo - tcpdump - tmux - vim - emacs-nox - wget