Make systems production ready.

roles/lmn_security/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Deploy SSH keys
+  ansible.posix.authorized_key:
+    user: ansible
+    key: "{{ item }}"
+  loop: "{{ keys2deploy }}"
+
+- name: Allow sudo access without password
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers.d/95-lmn-ansible
+    line: 'ansible ALL=(root) NOPASSWD: ALL'
+    create: True
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Disable ansible user login
+  ansible.builtin.user:
+    name: ansible
+    password_lock: True