provisioning/managed_setup.yml

# playbook for all managed hosts

# ansible-playbook managed_setup.yml -v --ask-become -u richard --ask-pass


- hosts: managed
#  remote_user: ansible
  gather_facts: yes
  become: true

  vars:
    - users:
      - name: "ansible"
        state: present
        shell: /bin/bash
        createhome: yes
        generate_ssh_key: yes
        password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
        ssh_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
        uid: "1001"
        groups:
          - sudo
      - name: "richard"
        state: present
        shell: /bin/bash
        createhome: yes
        generate_ssh_key: yes
        password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
        ssh_keys:
          - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024
        uid: "1000"
        groups:
          - sudo
    - users_groups:

    - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
    - datadog_checks:
        system:
          init_config: []
          instances: []
        disk:
          init_config:
          instances:
              - use_mount: yes
                excluded_filesystems:
                  - sysfs
                  - cgroup
                  - tracefs
                  - debugfs
                  - proc
                  - securityfs
                  - shm
                excluded_mountpoint_re: /[media/richard|run/user].*


    - rsyslog:
        user: root
        group: root
        service: rsyslog
        configs:
          - 48-ship2papertrail

  # prepare python for ansible
  pre_tasks:
    - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
    - setup: # aka gather_facts
    - name: Creates .ssh directory
      file: path=~/.ssh state=directory mode=600

    - name: remove ubuntu user if it exists
      command: userdel -rf ubuntu
      args:
        removes: /home/ubuntu/.bashrc

    - debug: var=ansible_os_family
      run_once: true

  roles:
    - novuso.users
    - user-richard
    - rsyslog
    - motd
    - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
    - { role: ddagent_source, when: ansible_architecture == 'armv7l' }

  tasks:
    - name: add ansible to sudoers
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: '^ansible ALL='
        line: 'ansible ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'