Marty Oehme
6e30232057
Instead of installing authorized keys globally (same for everybody), we pass in the authorized_keys variable per user, and thus the installation also takes place per user. This makes much more sense and works with minimal refactoring.
73 lines
1.6 KiB
YAML
73 lines
1.6 KiB
YAML
---
|
|
- name: Ensure aptitude installed
|
|
ansible.builtin.apt:
|
|
name: "aptitude"
|
|
state: present
|
|
tags:
|
|
- apt
|
|
become: true
|
|
|
|
- name: Ensure OS upgraded
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
tags:
|
|
- apt
|
|
- update
|
|
- os
|
|
become: true
|
|
|
|
- name: Check if reboot is necessary
|
|
register: reboot_required_file
|
|
ansible.builtin.stat:
|
|
path: /var/run/reboot-required
|
|
get_checksum: false
|
|
tags:
|
|
- os
|
|
- reboot
|
|
notify: Reboot host
|
|
|
|
- name: All system packages updated
|
|
ansible.builtin.apt:
|
|
name: "*"
|
|
state: latest # noqa package-latest
|
|
tags:
|
|
- apt
|
|
- update
|
|
- packages
|
|
become: true
|
|
|
|
- name: Set correct timezone
|
|
community.general.timezone:
|
|
name: "{{ system_timezone }}"
|
|
when: "system_timezone"
|
|
become: true
|
|
|
|
- name: Create necessary groups
|
|
ansible.builtin.group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ system_users | map(attribute='groups') | flatten | unique }}"
|
|
when: "system_users"
|
|
become: true
|
|
|
|
- name: Set up system users
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
groups: "{{ item.groups }}"
|
|
append: "{{ item.append | default(true) }}"
|
|
create_home: "{{ item.create_home | default(false) }}"
|
|
shell: "{{ item.shell | default('/bin/bash') }}"
|
|
loop: "{{ system_users }}"
|
|
when: "system_users"
|
|
become: true
|
|
|
|
- name: Add authorized SSH keys
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.name }}"
|
|
state: present
|
|
key: "{{ item.authorized_keys }}"
|
|
loop: "{{ system_users }}"
|
|
when: system_users is defined and item.authorized_keys is defined
|
|
tags:
|
|
- ssh
|
|
become: true
|