SSH aufgeräumt + neu deployed (#72)

* bootstrap rolle bugfix: https://github.com/robertdebock/ansible-role-bootstrap/issues/43

* on-off Playbook - delete_ssh

* KeepassDB in git aufgenommen

* Variable wird nicht mehr genutzt

.gitignore

@@ -1,6 +1,5 @@
 .git/
 vault-pass.yml
-keepass_db.kdbx
 id_rsa_ansible_user
 id_rsa_ansible_user_pub
 # https://www.atlassian.com/git/tutorials/saving-changes/gitignore

playbooks/base/1_bootstrap.yml

@@ -18,7 +18,6 @@
       bootstrap_user: mg
       bootstrap_wait_for_host: no
       bootstrap_timeout: 1
-      bootstrap_retries: 1
       ### ansible
       ansible_user: "mg"
       ansible_password: "hallowelt"

playbooks/on-off/delete_ssh.yml

@@ -0,0 +1,26 @@
+---
+- hosts: all
+  tasks:
+    - name: delete /home/mg/.ssh/authorized_keys
+      become: yes
+      ansible.builtin.file:
+        name: /home/mg/.ssh/authorized_keys
+        state: absent
+    - name: delete /home/ansible-user/.ssh/authorized_keys
+      become: yes
+      ansible.builtin.file:
+        name: /home/ansible-user/.ssh/authorized_keys
+        state: absent
+    - name: prohibit ssh login with password
+      become: yes
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: 'PasswordAuthentication no'
+        line: 'PasswordAuthentication yes'
+        state: present
+    - name: restart_sshd
+      become: yes
+      systemd:
+        name: sshd
+        enabled: yes
+        state: restarted

roles/robertdebock.bootstrap

@@ -1 +1 @@
-Subproject commit ed3d238492b0bc546e9830b7896c07610c1bf5ee
+Subproject commit f61cc3e94af8ea88a63cf1bbce3ac2a6b49de7fe