trixie/roles/lmn_security/tasks/main.yml

---
- name: Deploy SSH keys
  ansible.posix.authorized_key:
    user: ansible
    key: "{{ item }}"
  loop: "{{ keys2deploy }}"

- name: Allow sudo access without password
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/95-lmn-ansible
    line: 'ansible ALL=(root) NOPASSWD: ALL'
    create: True
    owner: root
    group: root
    mode: '0700'

- name: Disable ansible user login
  ansible.builtin.user:
    name: ansible
    password_lock: True
Make systems production ready. 2023-09-06 10:07:16 +02:00			`---`
			`- name: Deploy SSH keys`
			`ansible.posix.authorized_key:`
			`user: ansible`
			`key: "{{ item }}"`
			`loop: "{{ keys2deploy }}"`

			`- name: Allow sudo access without password`
			`ansible.builtin.lineinfile:`
			`path: /etc/sudoers.d/95-lmn-ansible`
			`line: 'ansible ALL=(root) NOPASSWD: ALL'`
			`create: True`
			`owner: root`
			`group: root`
			`mode: '0700'`

			`- name: Disable ansible user login`
			`ansible.builtin.user:`
			`name: ansible`
			`password_lock: True`