M README.org => README.org +9 -0
@@ 3,6 3,15 @@ Ansible Playbook I use to provision my Alpine Linux server
* Requirements
- ~ansible~ (~ansible-core~ is not enough, as I'm using ~community~ packages)
+- ~ssh~
+- ~py3-passlib~ (on Alpine Linux,
+ because the ~crypt~ module will be deprecated from python 3.13 onward)
+
+Because the ~system~ role will disable ~password-ssh-login~,
+you should copy your ssh key to your new machine
+#+begin_src bash
+ssh-copy-id root@<hostname/ip>
+#+end_src
* Running
As you might have noticed, from the ~.gitignore~,
M roles/system/tasks/user.yml => roles/system/tasks/user.yml +12 -0
@@ 17,6 17,18 @@
shell: "{{ shell }}"
update_password: on_create
+- name: Make sure the user has a .ssh directory
+ ansible.builtin.file:
+ path: "/home/{{ username }}/.ssh"
+ state: directory
+ recurse: true
+- name: Copy the root authorized ssh keys to user
+ ansible.builtin.copy:
+ src: /root/.ssh/authorized_keys
+ dest: "/home/{{ username }}/.ssh/authorized_keys"
+ remote_src: true
+ mode: "0644"
+
- name: Enable passwordless doas for created user
ansible.builtin.lineinfile:
create: true