https://github.com/cdriehuys/ansible-role-security
Ansible role for securing a server.
https://github.com/cdriehuys/ansible-role-security
ansible-role devops security
Last synced: 3 months ago
JSON representation
Ansible role for securing a server.
- Host: GitHub
- URL: https://github.com/cdriehuys/ansible-role-security
- Owner: cdriehuys
- License: mit
- Created: 2017-02-10T18:32:34.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-03-20T19:59:15.000Z (about 8 years ago)
- Last Synced: 2025-01-07T07:44:22.423Z (5 months ago)
- Topics: ansible-role, devops, security
- Size: 23.4 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Security
=========
Ansible role to perform the "first 5 minute tasks" done on every server.
Tasks:
- Perform a safe upgrade of all packages
- Create deployment user
- Has no password and can only be accessed through SSH.
- User is added to sudoers.
- Create any required groups
Requirements
------------
There are no additional requirements.
Role Variables
--------------
Listed below are all the configuration options for the role along with their defaults.
```YAML
apt_cache_time: 0
deploy_user: 'deploy'
deploy_user_shell: '/bin/bash'
# The SSH keys to assign to the deploy user. This is required as the deployment
# user has no password, so this is the only way to login.
deploy_user_public_keys: [] # Raw SSH keys
deploy_user_public_key_files: [] # Include keys using files, eg: ~/.ssh/id_rsa.pub
# These groups will be created
deploy_groups: []
```
Example Playbook
----------------
This role should be run as the root user of the remote system.
- hosts: servers
become: yes
become_user: root
remote_user: root
roles:
- { role: cdriehuys.ansible-role-security, deploy_user: sysadmin}
License
-------
MIT