You've already forked RekomenciBackend
78 lines
1.9 KiB
YAML
78 lines
1.9 KiB
YAML
---
|
|
- name: Include optimization tasks
|
|
include_tasks: optimization.yaml
|
|
tags: optimization
|
|
|
|
- name: Install essential packages
|
|
ansible.builtin.apt:
|
|
name: "{{ system_packages.essential }}"
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
tags: packages
|
|
|
|
- name: Set hostname and FQDN
|
|
block:
|
|
- name: Set hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ hostname | default(inventory_hostname) }}"
|
|
|
|
- name: Configure FQDN in hosts file
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^127\.0\.1\.1.*'
|
|
line: "127.0.1.1 {{ fqdn | default(hostname) }} {{ hostname | default(inventory_hostname) }}"
|
|
state: present
|
|
tags: system
|
|
|
|
- name: Deploy MOTD template
|
|
template:
|
|
src: motd.j2
|
|
dest: /etc/motd
|
|
mode: '0644'
|
|
|
|
- name: Configure timezone
|
|
community.general.timezone:
|
|
name: "{{ timezone }}"
|
|
tags: system, ntp
|
|
|
|
- name: Install and configure NTP
|
|
include_role:
|
|
name: geerlingguy.ntp
|
|
tags: system, ntp
|
|
|
|
- name: Deploy SSH configuration
|
|
ansible.builtin.template:
|
|
src: sshd_config.j2
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: Restart ssh
|
|
|
|
- name: Create admin users with proper SSH keys
|
|
block:
|
|
- name: Ensure user exists
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell | default('/bin/bash') }}"
|
|
groups: "{{ item.groups }}"
|
|
append: true
|
|
state: "{{ item.state | default('present') }}"
|
|
create_home: true
|
|
home: "/home/{{ item.name }}"
|
|
loop: "{{ admin_users }}"
|
|
tags: users
|
|
|
|
- name: Deploy SSH authorized keys
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
state: present
|
|
key: "{{ item.1 }}"
|
|
manage_dir: true
|
|
with_subelements:
|
|
- "{{ admin_users }}"
|
|
- ssh_keys
|
|
tags: users, ssh
|