Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Bootstrap a new Hetzner cloud VM. Before running this playbook, create the
# VM in the Hetzner admin interface or have someone create it for you. Then
# add the hostname or IP address of the new machine to the `inventory` file.
#
# Currently, the playbook assumes that the new machine is running Debian
# and e.g. will not consider using anything else but APT.
#
# In order to run this playbook, you will need your SSH account added to the
# machine on creation.
#
# If this has not been done, you need to have the current root password at
# hand. If the password is still the initial root password that has to be
# changed at the first login, please use SSH to log in as root once and change
# the password to something else (you will only need the new password for this
# playbook, root login will be disabled later). You can then either add your
# SSH key manually to `/root/.ssh/authorized_keys` on the new machine or use
# `sshpass` on your local machine and run the playbook with `--ask-pass`.
#
# Please run this playbook for the machine in question only using the `-l`
# command line parameter. The playbook is designed to be run only once.
# Running it again after the initial setup has been done will fail.
#
# By default, Hetzner deploys the machines with ECDSA keys for SSH. Our
# configuration changes the keys to ED25519 only, so be advised that you
# will encounter a changed host identification after running this playbook.
- name: initial bootstrapping of the new VM
hosts: hetzner
remote_user: root
tasks:
- name: make sure we have python-apt (just to be really sure)
command: "/usr/bin/apt-get install python-apt"
args:
creates: "/usr/lib/python2.7/dist-packages/apt"
- include_role:
name: users
- name: lock out root
hosts: hetzner
become: yes
tasks:
- name: disable the root user
user:
name: root
password: "!"
shell: "/usr/sbin/nologin"
- include_role:
name: ssh