--- - name: First setup of new VPS gather_facts: false port: 22 remote_user: root hosts: vps vars: - ssh_user: ssh_login vars_prompt: - name: new_root_pw prompt: "What should be the new root password?" private: yes encrypt: "sha512_crypt" confirm: yes salt_size: 7 - name: new_user_password prompt: "Password of the SSH login user" private: yes encrypt: "sha512_crypt" confirm: yes salt_size: 7 - name: ssh_key prompt: "public SSH key file location for new SSH login user" private: no tasks: - name: update the package list apt: update_cache: yes cache_valid_time: 3600 - name: upgrade a server with apt apt: upgrade: dist register: upgrade - name: updates password of root user user: name: root password: {{ new_root_pw }} - name: create ssh login user user: name: {{ ssh_user }} password: {{ new_user_password }} append: yes groups: - sudo - name: add authorized key to SSH login user authorized_key: key: "{{ item }}" user: "{{ new_user_name }}" with_file: - "{{ ssh_key }}" - name: set up SSH properly block: - name: disable root SSH login lineinfile: path: /etc/ssh/sshd_config line: 'PermitRootLogin no' state: present insertafter: EOF - name: disable password authentication lineinfile: path: /etc/ssh/sshd_config line: 'PasswordAuthentication no' state: present insertafter: EOF - name: set modern host key lineinfile: dest: /etc/ssh/sshd_config line: 'HostKey /etc/ssh/ssh_host_ed25519_key' insertafter: EOF state: present - name: generate missing host keys command: ssh-keygen -A - name: restart ssh service: name: ssh state: restarted