Revert - Putting this in its own playbook instead

linux/compliance.yaml

@@ -11,13 +11,17 @@
       user:
         name: ansible
         state: present
+        # add to sudo
+        groups: sudo
+        append: yes
 
     # Ansible user SSH pub key
+    # This is a really stupid way to do it, but alas.
+    # This uses an environment variable named ansiblesvc_key in Semaphore which has the ssh-rsa pubkey.
     - name: Add deployment user's SSH key.
-      ansible.posix.authorized_key:
-        user: ansible
-        state: present
-        key: "{{ ansiblesvc_key }}"
+      shell:
+        cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
+        creates: /home/ansible/.ssh/authorized_keys
 
     # Give ansible sudo rights with no password required.
     - name: Add sudo rights with no password for deployment user.
@@ -47,7 +51,7 @@
         append: yes
 
     # SSH config updating
-    - name: Update SSH configuration to be more secure.
+    - name: Update SSH configuration to disallow root login.
       lineinfile:
         dest: /etc/ssh/sshd_config
         regexp: "{{ item.regexp }}"
@@ -60,17 +64,8 @@
       notify: restart ssh
 
     # Delete our network ansible key from the root user.
-    - name: Delete our network ansible key from the root user.
+    - name: Delete our network ansible key (and other keys) from the root user.
       ansible.builtin.file:
         path: /root/.ssh/authorized_keys
         state: absent
-        ignore_errors: yes
-    
-    # New 04/28/24: Do not use the DHCP Client ID as our MAC Address.
-    - name: Configure dhclient to use the MAC address of the system instead of Client ID.
-      blockinfile:
-        state: present
-        insertafter: EOF
-        dest: /etc/dhclient/dhclient.conf
-        marker: "# Changed by ansible playbook: Use MAC address instead of DHCP Client ID"
-        content: 
+        ignore_errors: yes