a few things

01_infra_setup.md

@@ -22,7 +22,7 @@ This describes how to prepare each machine before deploying services on them.
 
 ### Source the VPS
 
-* The guide is agnostic to which provider you pick, but has been tested with VMs from https://lnvps.net.
+* The guide is agnostic to which provider you pick, but has been tested with VMs from https://99stack.com and contains some operations that are specifically relevant to their VPSs.
 * The expectations are that the VPS ticks the following boxes:
   + Runs Debian 12 bookworm.
   + Has a public IP4 and starts out with SSH listening on port 22.

ansible/infra/01_user_and_access_setup_playbook.yml

@@ -29,7 +29,7 @@
 
     - name: Copy current user's authorized_keys to new user
       copy:
-        src: "/home/{{ ansible_user }}/.ssh/authorized_keys"
+        src: "{{ (ansible_user == 'root') | ternary('/root/.ssh/authorized_keys', '/home/' + ansible_user + '/.ssh/authorized_keys') }}"
         dest: "/home/{{ new_user }}/.ssh/authorized_keys"
         owner: "{{ new_user }}"
         group: "{{ new_user }}"
@@ -58,8 +58,15 @@
             line: "PasswordAuthentication no",
           }
 
+    - name: Ensure PasswordAuthentication is set to no in cloud-init config
+      lineinfile:
+        path: /etc/ssh/sshd_config.d/50-cloud-init.conf
+        regexp: "^PasswordAuthentication"
+        line: "PasswordAuthentication no"
+        create: yes
+        backup: yes
+
     - name: Restart SSH
       service:
         name: ssh
         state: restarted
-