ansible_bootstrap/tasks/main.yml

---
# tasks file for ansible_bootstrap

- name: Detect debian
  ansible.builtin.raw: cat /etc/os-release|grep Debian||true
  register: debian

- name: Detect Rocky
  ansible.builtin.raw: cat /etc/os-release|grep rocky||true
  register: rocky

- name: Detect arch
  ansible.builtin.raw: cat /etc/os-release|grep Arch||true
  register: arch

- name: Install python for rocky
  ansible.builtin.raw: dnf install python3 --assumeyes
  when: rocky.stdout

- name: Install python for debian
  ansible.builtin.raw: apt install python3 --assume-yes
  when: debian.stdout

- name: Install python  on arch
  ansible.builtin.raw: pacman -Sy python --noconfirm
  when: arch.stdout

- name: Add local repo to mirrorlist
  become: true
  lineinfile:
    path: /etc/pacman.d/mirrorlist
    line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
    state: present
    insertbefore: BOF
  when: system_arch_local_mirror is defined and arch.stdout

- name: Update archlinux-keyring
  community.general.pacman:
    state: latest
    name: archlinux-keyring
  become: true
  when: arch.stdout

- name: Upgrade system for arch
  community.general.pacman:
    state: latest
    upgrade: true
    force: true
    update_cache: true
  become: true
  register: upgrade_arch
  when: arch.stdout

- name: Upgrade system for debian
  ansible.builtin.apt:
    update_cache: true
    only_upgrade: true
    upgrade: full
  become: true
  when: debian.stdout
  register: upgrade_debian

- name: Reboot  updates to apply
  ansible.builtin.reboot:
    reboot_timeout: 3600
  when:
    (arch.stdout and (upgrade_arch.changed and upgrade_arch.packages is defined and "linux" in upgrade_arch.packages))
    or (debian.stdout and upgrade_debian.changed)
  become: true

- name: Collect only selected facts
  ansible.builtin.setup:
    filter:
      - 'ansible_distribution'
      - 'ansible_os_family'

- name: Zsh install
  package:
    state: present
    name: zsh
    update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step.

- name: Inetutils install
  package:
    state: present
    name: inetutils
  when: arch.stdout

- name: Sudoers install
  package:
    state: present # not required. choices: absent;latest;present. Desired state of the package.
    name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove.

- name: Create profil
  user:
    name: "ansible" # required. Name of the user to create, remove or modify.
    create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
    system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
    state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
    ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
    shell: /bin/bash

- name: Set sudoers right
  lineinfile:
    dest: "/etc/sudoers.d/ansible"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: "present"
    create: True
    owner: "root"
    group: "root"
    mode: "0440"
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^ansible\s'
      line: "ansible ALL = (ALL) NOPASSWD:ALL"

- name: Ensure /etc/sudoers includes /etc/sudoers.d
  lineinfile:
    dest: "/etc/sudoers"
    regexp: '^#includedir\s+/etc/sudoers.d$'
    line: "#includedir /etc/sudoers.d"
    state: "present"
    validate: 'visudo -cf "%s"'

- name: Set authorized key taken from file
  authorized_key:
    user: "ansible"
    state: present
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"