Merge pull request 'sdsad' (#5) from Staging into main

Reviewed-on: #5

.vscode/settings.json

@@ -0,0 +1,8 @@
+{
+    "yaml.schemas": {
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/playbook": [
+            "file:///root/ansible/test.yml",
+            "file:///root/ansible/update.yml"
+        ]
+    }
+}

setup.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+# Basic VM/LXC Setup Script for root environments
+# Creates 'beer' user if missing, sets up SSH, installs basic tools.
+
+# === CONFIGURE PUBLIC KEY ===
+SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxZomUDtOt7Kh1mfZleJrv/IZrdFZ6j80RIpyTWd5R+ beer@bwsttv.com" # Paste your SSH public key here
+USERNAME="beer"
+
+# Ensure script runs as root
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root."
+  exit 1
+fi
+
+# === UPDATE SYSTEM ===
+echo "Updating system..."
+apt update && apt upgrade -y
+
+# === CREATE USER IF NOT EXISTS ===
+if id "$USERNAME" &>/dev/null; then
+    echo "User '$USERNAME' already exists."
+else
+    echo "Creating user '$USERNAME'..."
+    adduser --disabled-password --gecos "" "$USERNAME"
+    usermod -aG sudo "$USERNAME"
+fi
+
+# === SET UP SSH FOR USER ===
+echo "Configuring SSH for '$USERNAME'..."
+mkdir -p /home/$USERNAME/.ssh
+echo "$SSH_PUBLIC_KEY" > /home/$USERNAME/.ssh/authorized_keys
+chmod 700 /home/$USERNAME/.ssh
+chmod 600 /home/$USERNAME/.ssh/authorized_keys
+chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh
+
+# === HARDEN SSH ===
+echo "Updating SSH security settings..."
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+systemctl restart ssh || service ssh restart
+
+# === INSTALL BASIC UTILITIES ===
+echo "Installing base packages..."
+apt install -y curl wget vim git ufw wamerican
+
+# === FIREWALL CONFIGURATION ===
+echo "Configuring firewall..."
+ufw allow OpenSSH
+ufw --force enable
+
+# === HARDEN SSH: Disable root login via SSH ===
+echo "Disabling root SSH login..."
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+systemctl restart ssh || service ssh restart
+
+# === ENSURE beer CAN USE SUDO ===
+usermod -aG sudo beer
+
+# Make sure /usr/share/dict/words exists, or replace with your own file path or word array
+WORDLIST="/usr/share/dict/words"
+
+# Pick 5 random words, capitalize first letter
+PASSWORD_WORDS=$(shuf -n 5 "$WORDLIST" | sed 's/.*/\L&/' | sed 's/^./\u&/' | tr '\n' ' ')
+
+# Generate 4 random digits
+PASSWORD_NUMBERS=$(shuf -i 1000-9999 -n 1)
+
+# Combine words and numbers
+GENERATED_PASS="${PASSWORD_WORDS}${PASSWORD_NUMBERS}"
+
+# Remove trailing spaces if any
+GENERATED_PASS=$(echo "$GENERATED_PASS" | xargs)
+
+# Set password for user beer
+echo "beer:$GENERATED_PASS" | chpasswd
+
+# Show the generated password
+echo "--------------------------------------------------"
+echo "Generated password for user 'beer':"
+echo "$GENERATED_PASS"
+echo "Please save this password securely!"
+echo "--------------------------------------------------"
+
+
+echo "Setup complete! You can now SSH into the container/VM as '$USERNAME'."

test.yml

@@ -12,4 +12,3 @@
     - name: Show result
       debug:
         var: whoami_result.stdout
-