123 lines
3.9 KiB
YAML
123 lines
3.9 KiB
YAML
---
|
|
- name: bootstrap
|
|
hosts: managed
|
|
# remote_user: ansible
|
|
# remote_user: root
|
|
gather_facts: false
|
|
# become: true
|
|
|
|
vars:
|
|
authorized_ssh_keys:
|
|
|
|
pre_tasks:
|
|
# - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
|
|
- setup: # aka gather_facts
|
|
- name: Creates .ssh directory
|
|
file: path=~/.ssh state=directory mode=700
|
|
|
|
- debug: var=ansible_os_family
|
|
run_once: true
|
|
|
|
- debug: var=ansible_architecture
|
|
run_once: true
|
|
|
|
tasks:
|
|
- name: ping
|
|
ansible.builtin.ping:
|
|
|
|
- name: Ensure group "ssh" exists
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "{{item}}"
|
|
state: present
|
|
with_items:
|
|
- ssh
|
|
- _ssh
|
|
|
|
- name: Add the user 'ansible'
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: ansible
|
|
state: present
|
|
shell: /bin/bash
|
|
create_home: yes
|
|
password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
|
|
# uid: "1001"
|
|
groups:
|
|
- sudo
|
|
- ssh
|
|
- _ssh
|
|
|
|
- name: Add the authorized key for 'ansible'
|
|
become: true
|
|
ansible.posix.authorized_key:
|
|
user: ansible
|
|
state: present
|
|
exclusive: yes
|
|
key: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
64646433313163316163633030333230653437336365363433656332323463376233306162316139
|
|
6531393536343433653164666162373930393630376564310a393232323031633037313335356432
|
|
62323763663334393339366537393931613161323537323030623234633631613030623864663162
|
|
3331373335326664310a313233306233373932323138343866623836646132363135653064636635
|
|
35616130343963663633623634626434633366393862376562393963343935623236313736656635
|
|
39343033306163343337313365393635306364653234343031373432346238366162313864616264
|
|
35313263646331303939376232383062323138373535633739393935396434313230613764363536
|
|
62346364326130386636353435626162636530353634316234386633613333626266353665356239
|
|
34626339333733333530373830623764613136363337653061663436633639346532306663303930
|
|
33313638363939373364373739396330666332353232663661373263373036636634323765633032
|
|
64346134356161383333313665356463363332613237313032656236303130323936333266333732
|
|
39656435356234353262373430633331316265316236386564326364616565666364666535353864
|
|
66313031366566396339333338333338386161303130303361396263396562623231313463623864
|
|
62666132613033633733336434373161316664626531336363306664373131303937383066363066
|
|
636534343631376365633666316534663932
|
|
|
|
- name: add ansible to sudoers
|
|
become: true
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: '^ansible ALL='
|
|
line: 'ansible ALL=(ALL) NOPASSWD: ALL'
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: Add the user 'richard'
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: richard
|
|
state: present
|
|
shell: /bin/bash
|
|
create_home: yes
|
|
password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
|
|
# uid: "1000"
|
|
groups:
|
|
- sudo
|
|
- ssh
|
|
- _ssh
|
|
|
|
- name: Add the authorized key for 'richard'
|
|
become: true
|
|
ansible.posix.authorized_key:
|
|
user: richard
|
|
state: present
|
|
# key: "{{ lookup('file', '/home/richard/.ssh/id_rsa.pub') }}"
|
|
key: "{{ item }}"
|
|
with_file:
|
|
- '/home/richard/.ssh/id_rsa.pub'
|
|
|
|
- name: remove {{item}} user if it exists
|
|
command: userdel -rf {{item}}
|
|
become: true
|
|
args:
|
|
removes: /home/{{item}}/.bashrc
|
|
loop:
|
|
- debian
|
|
- ubuntu
|
|
|
|
- name: fix bullseye-security
|
|
ansible.builtin.replace:
|
|
path: /etc/apt/sources.list
|
|
regexp: '(\s+)bullseye\/updates(\s+.*)?$'
|
|
replace: '\1bullseye-security/updates\2'
|
|
become: true
|