diff --git a/01_infra_setup.md b/01_infra_setup.md index 1642d40..b34549e 100644 --- a/01_infra_setup.md +++ b/01_infra_setup.md @@ -22,7 +22,7 @@ This describes how to prepare each machine before deploying services on them. ### Source the VPS -* The guide is agnostic to which provider you pick, but has been tested with VMs from https://lnvps.net. +* The guide is agnostic to which provider you pick, but has been tested with VMs from https://99stack.com and contains some operations that are specifically relevant to their VPSs. * The expectations are that the VPS ticks the following boxes: + Runs Debian 12 bookworm. + Has a public IP4 and starts out with SSH listening on port 22. diff --git a/ansible/infra/01_user_and_access_setup_playbook.yml b/ansible/infra/01_user_and_access_setup_playbook.yml index ed8918b..a812242 100644 --- a/ansible/infra/01_user_and_access_setup_playbook.yml +++ b/ansible/infra/01_user_and_access_setup_playbook.yml @@ -29,7 +29,7 @@ - name: Copy current user's authorized_keys to new user copy: - src: "/home/{{ ansible_user }}/.ssh/authorized_keys" + src: "{{ (ansible_user == 'root') | ternary('/root/.ssh/authorized_keys', '/home/' + ansible_user + '/.ssh/authorized_keys') }}" dest: "/home/{{ new_user }}/.ssh/authorized_keys" owner: "{{ new_user }}" group: "{{ new_user }}" @@ -58,8 +58,15 @@ line: "PasswordAuthentication no", } + - name: Ensure PasswordAuthentication is set to no in cloud-init config + lineinfile: + path: /etc/ssh/sshd_config.d/50-cloud-init.conf + regexp: "^PasswordAuthentication" + line: "PasswordAuthentication no" + create: yes + backup: yes + - name: Restart SSH service: name: ssh state: restarted - diff --git a/ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml.yml b/ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml similarity index 100% rename from ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml.yml rename to ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml