ansible_bootstrap/tasks/main.yml

---
# tasks file for ansible_bootstrap

- name: Detect debian
  ansible.builtin.raw: cat /etc/os-release|grep Debian||true
  changed_when: false
  register: debian

- name: Detect Rocky
  ansible.builtin.raw: cat /etc/os-release|grep rocky||true
  changed_when: false
  register: rocky

- name: Detect arch
  ansible.builtin.raw: cat /etc/os-release|grep Arch||true
  changed_when: false
  register: arch

#- name: Install python for rocky
  #  ansible.builtin.raw: dnf install python3 --assumeyes
  #changed_when: false
  #when: rocky.stdout

#- name: Install python for debian
  #  ansible.builtin.raw: apt install python3 --assume-yes
  #changed_when: false
  #when: debian.stdout

- name: Install python  on arch
  ansible.builtin.raw: pacman -Sy python --noconfirm
  changed_when: false
  when: arch.stdout is match(".*Arch Linux.*")

- name: Add local repo to mirrorlist
  become: true
  ansible.builtin.lineinfile:
    path: /etc/pacman.d/mirrorlist
    line: 'Server= {{ system_arch_local_mirror }}/$repo/os/$arch'
    state: present
    insertbefore: BOF
  when: system_arch_local_mirror is defined and arch.stdout is match(".*Arch Linux.*")


- name: Update archlinux-keyring
  community.general.pacman:
    state: latest
    name: archlinux-keyring
  become: true
  when: arch.stdout is match(".*Arch Linux.*")

- name: Upgrade system for arch
  community.general.pacman:
    state: latest
    upgrade: true
    force: true
    update_cache: true
  become: true
  register: upgrade_arch
  when: arch.stdout is match(".*Arch Linux.*")


- name: Upgrade system for debian
  ansible.builtin.apt:
    update_cache: true
    only_upgrade: true
    upgrade: full
  become: true
  when: debian.stdout is match(".*Debian.*")
  register: upgrade_debian

- name: Reboot  updates to apply
  ansible.builtin.reboot:
    reboot_timeout: 3600
  when:
    (arch.stdout is match(".*Arch Linux.*") and (upgrade_arch.changed and upgrade_arch.packages is defined and "linux" in upgrade_arch.packages))
    or (debian.stdout is match(".*Debian.*") and upgrade_debian.changed)
  become: true

- name: Collect only selected facts
  ansible.builtin.setup:
    filter:
      - 'ansible_distribution'
      - 'ansible_os_family'

- name: Zsh install
  ansible.builtin.package:
    state: present
    name: zsh
    update_cache: true

- name: Inetutils install
  ansible.builtin.package:
    state: present
    name: inetutils
  when: ansible_os_family == "Archlinux"

- name: Iptable install
  ansible.builtin.package:
    state: present
    name: iptables
  when: ansible_os_family == "Debian"

- name: Sudoers install
  ansible.builtin.package:
    state: present
    name: sudo

- name: Create profil
  ansible.builtin.user:
    name: 'ansible'
    create_home: true
    system: false
    state: present
    ssh_key_file: .ssh/id_rsa
    shell: /bin/bash

- name: Set sudoers right
  ansible.builtin.lineinfile:
    dest: '/etc/sudoers.d/ansible'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    state: 'present'
    create: true
    owner: 'root'
    group: 'root'
    mode: '0440'
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^ansible\s'
      line: 'ansible ALL = (ALL) NOPASSWD:ALL'

- name: Ensure /etc/sudoers includes /etc/sudoers.d
  ansible.builtin.lineinfile:
    dest: '/etc/sudoers'
    regexp: '^#includedir\s+/etc/sudoers.d$'
    line: '#includedir /etc/sudoers.d'
    state: 'present'
    validate: 'visudo -cf "%s"'

- name: Set authorized key taken from file
  ansible.posix.authorized_key:
    user: 'ansible'
    state: present
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
init bootstrap 2018-12-01 19:56:20 +00:00			`---`
			`# tasks file for ansible_bootstrap`

style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Detect debian`
			`ansible.builtin.raw: cat /etc/os-release\|grep Debian\|\|true`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`changed_when: false`
adapt bootstrap for debian 2019-09-18 20:24:19 +00:00			`register: debian`
add sssd role import and python install 2021-10-24 09:18:05 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Detect Rocky`
			`ansible.builtin.raw: cat /etc/os-release\|grep rocky\|\|true`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`changed_when: false`
adapt for rocky linux 2022-05-29 15:31:46 +00:00			`register: rocky`

style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Detect arch`
			`ansible.builtin.raw: cat /etc/os-release\|grep Arch\|\|true`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`changed_when: false`
adapt for rocky linux 2022-05-29 15:31:46 +00:00			`register: arch`

fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`#- name: Install python for rocky`
			`# ansible.builtin.raw: dnf install python3 --assumeyes`
			`#changed_when: false`
			`#when: rocky.stdout`
adapt for rocky linux 2022-05-29 15:31:46 +00:00
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`#- name: Install python for debian`
			`# ansible.builtin.raw: apt install python3 --assume-yes`
			`#changed_when: false`
			`#when: debian.stdout`
adapt bootstrap for debian 2019-09-18 20:24:19 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Install python on arch`
			`ansible.builtin.raw: pacman -Sy python --noconfirm`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`changed_when: false`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: arch.stdout is match(".Arch Linux.")`
add sssd role import and python install 2021-10-24 09:18:05 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Add local repo to mirrorlist`
			`become: true`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.lineinfile:`
add local arch mirror to bootstrap 2021-02-26 17:58:25 +00:00			`path: /etc/pacman.d/mirrorlist`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`line: 'Server= {{ system_arch_local_mirror }}/$repo/os/$arch'`
add local arch mirror to bootstrap 2021-02-26 17:58:25 +00:00			`state: present`
			`insertbefore: BOF`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: system_arch_local_mirror is defined and arch.stdout is match(".Arch Linux.")`

add local arch mirror to bootstrap 2021-02-26 17:58:25 +00:00
fix: install archlinux keyring before upgrade 2023-08-24 13:03:40 +00:00			`- name: Update archlinux-keyring`
			`community.general.pacman:`
			`state: latest`
			`name: archlinux-keyring`
			`become: true`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: arch.stdout is match(".Arch Linux.")`
fix: install archlinux keyring before upgrade 2023-08-24 13:03:40 +00:00
			`- name: Upgrade system for arch`
fix: upgrade reboot condition 2023-08-25 07:00:38 +00:00			`community.general.pacman:`
			`state: latest`
			`upgrade: true`
			`force: true`
fixe trailling issue 2021-08-18 16:11:58 +00:00			`update_cache: true`
fix: install archlinux keyring before upgrade 2023-08-24 13:03:40 +00:00			`become: true`
fix: post upgrade reboot 2023-08-24 16:35:48 +00:00			`register: upgrade_arch`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: arch.stdout is match(".Arch Linux.")`

adapt bootstrap for debian 2019-09-18 20:24:19 +00:00
fix: install archlinux keyring before upgrade 2023-08-24 13:03:40 +00:00			`- name: Upgrade system for debian`
fix: upgrade reboot condition 2023-08-25 07:00:38 +00:00			`ansible.builtin.apt:`
			`update_cache: true`
			`only_upgrade: true`
			`upgrade: full`
fix: install archlinux keyring before upgrade 2023-08-24 13:03:40 +00:00			`become: true`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: debian.stdout is match(".Debian.")`
fix: post upgrade reboot 2023-08-24 16:35:48 +00:00			`register: upgrade_debian`
adapt bootstrap for debian 2019-09-18 20:24:19 +00:00
add upgrade system to bootstrap 2019-04-15 18:14:02 +00:00			`- name: Reboot updates to apply`
fix: upgrade reboot condition 2023-08-25 07:00:38 +00:00			`ansible.builtin.reboot:`
fixe trailling issue 2021-08-18 16:11:58 +00:00			`reboot_timeout: 3600`
fix: upgrade reboot condition 2023-08-25 07:00:38 +00:00			`when:`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`(arch.stdout is match(".Arch Linux.") and (upgrade_arch.changed and upgrade_arch.packages is defined and "linux" in upgrade_arch.packages))`
			`or (debian.stdout is match(".Debian.") and upgrade_debian.changed)`
style: fix some syntax 2023-08-24 13:04:13 +00:00			`become: true`
add upgrade system to bootstrap 2019-04-15 18:14:02 +00:00
add gather fact 2022-10-30 17:11:47 +00:00			`- name: Collect only selected facts`
			`ansible.builtin.setup:`
			`filter:`
			`- 'ansible_distribution'`
fix fact 2022-10-30 17:14:42 +00:00			`- 'ansible_os_family'`
add gather fact 2022-10-30 17:11:47 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Zsh install`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.package:`
add zsh install 2021-08-18 16:10:30 +00:00			`state: present`
			`name: zsh`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`update_cache: true`
adapt bootstrap for debian 2019-09-18 20:24:19 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Inetutils install`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.package:`
add inetutils add inetutils 2021-10-23 19:11:53 +00:00			`state: present`
			`name: inetutils`
fix: issue with OS detection 2023-10-24 20:45:58 +00:00			`when: ansible_os_family == "Archlinux"`
add inetutils add inetutils 2021-10-23 19:11:53 +00:00
add iptable install for debian (fot wiregaurd) 2023-10-29 14:38:24 +00:00			`- name: Iptable install`
			`ansible.builtin.package:`
			`state: present`
			`name: iptables`
			`when: ansible_os_family == "Debian"`

style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Sudoers install`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.package:`
			`state: present`
			`name: sudo`
adapt bootstrap for debian 2019-09-18 20:24:19 +00:00
style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Create profil`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.user:`
			`name: 'ansible'`
			`create_home: true`
			`system: false`
			`state: present`
			`ssh_key_file: .ssh/id_rsa`
adapt role for LDAP 2021-08-18 16:11:16 +00:00			`shell: /bin/bash`

style: fix some syntax 2023-08-24 13:04:13 +00:00			`- name: Set sudoers right`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.lineinfile:`
			`dest: '/etc/sudoers.d/ansible'`
			`regexp: '{{ item.regexp }}'`
			`line: '{{ item.line }}'`
			`state: 'present'`
			`create: true`
			`owner: 'root'`
			`group: 'root'`
			`mode: '0440'`
add sudo code to bootstrap 2018-12-01 20:01:35 +00:00			`validate: 'visudo -cf "%s"'`
			`with_items:`
dedicated ansible user and put out sssd role 2022-11-06 18:11:42 +00:00			`- regexp: '^ansible\s'`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`line: 'ansible ALL = (ALL) NOPASSWD:ALL'`
add sudo code to bootstrap 2018-12-01 20:01:35 +00:00
			`- name: Ensure /etc/sudoers includes /etc/sudoers.d`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.builtin.lineinfile:`
			`dest: '/etc/sudoers'`
add sudo code to bootstrap 2018-12-01 20:01:35 +00:00			`regexp: '^#includedir\s+/etc/sudoers.d$'`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`line: '#includedir /etc/sudoers.d'`
			`state: 'present'`
add sudo code to bootstrap 2018-12-01 20:01:35 +00:00			`validate: 'visudo -cf "%s"'`
finalize bootstrap init 2018-12-02 20:02:00 +00:00
improve ssh key managemnt 2020-03-01 20:06:02 +00:00			`- name: Set authorized key taken from file`
style: fix formatting warning 2023-08-25 07:01:09 +00:00			`ansible.posix.authorized_key:`
			`user: 'ansible'`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00			`state: present`
dedicated ansible user and put out sssd role 2022-11-06 18:11:42 +00:00			`key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"`