72 lines
1.5 KiB
YAML
72 lines
1.5 KiB
YAML
---
|
|
- name: Ensure aptitude installed
|
|
ansible.builtin.apt:
|
|
name: "aptitude"
|
|
state: present
|
|
tags:
|
|
- apt
|
|
become: true
|
|
|
|
- name: Ensure OS upgraded
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
tags:
|
|
- apt
|
|
- update
|
|
- os
|
|
become: true
|
|
|
|
- name: Check if reboot is necessary
|
|
register: reboot_required_file
|
|
ansible.builtin.stat:
|
|
path: /var/run/reboot-required
|
|
get_checksum: false
|
|
tags:
|
|
- os
|
|
- reboot
|
|
notify: Reboot host
|
|
|
|
- name: All system packages updated
|
|
ansible.builtin.apt:
|
|
name: "*"
|
|
state: latest # noqa package-latest
|
|
tags:
|
|
- apt
|
|
- update
|
|
- packages
|
|
become: true
|
|
|
|
- name: Set correct timezone
|
|
community.general.timezone:
|
|
name: "{{ system_timezone }}"
|
|
when: "system_timezone"
|
|
become: true
|
|
|
|
- name: Create necessary groups
|
|
ansible.builtin.group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ system_users | map(attribute='groups') | flatten | unique }}"
|
|
when: "system_users"
|
|
become: true
|
|
|
|
- name: Set up system users
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
groups: "{{ item.groups }}"
|
|
append: "{{ item.append | default(true) }}"
|
|
create_home: "{{ item.create_home | default(false) }}"
|
|
shell: "{{ item.shell | default('/bin/bash') }}"
|
|
loop: "{{ system_users }}"
|
|
when: "system_users"
|
|
become: true
|
|
|
|
- name: Add authorized SSH keys
|
|
ansible.posix.authorized_key:
|
|
user: marty # FIXME: don't hardoce user
|
|
state: present
|
|
key: "{{ item }}"
|
|
loop: "{{ system_authorized_keys }}"
|
|
tags:
|
|
- ssh
|
|
become: true
|