--- # tasks file for ansible_bootstrap - name: Detect debian ansible.builtin.raw: cat /etc/os-release|grep Debian||true changed_when: false register: debian - name: Detect Rocky ansible.builtin.raw: cat /etc/os-release|grep rocky||true changed_when: false register: rocky - name: Detect arch ansible.builtin.raw: cat /etc/os-release|grep Arch||true changed_when: false register: arch - name: Install python for rocky ansible.builtin.raw: dnf install python3 --assumeyes changed_when: false when: rocky.stdout - name: Install python for debian ansible.builtin.raw: apt install python3 --assume-yes changed_when: false when: debian.stdout - name: Install python on arch ansible.builtin.raw: pacman -Sy python --noconfirm changed_when: false when: arch.stdout - name: Add local repo to mirrorlist become: true ansible.builtin.lineinfile: path: /etc/pacman.d/mirrorlist line: 'Server= {{ system_arch_local_mirror }}/$repo/os/$arch' state: present insertbefore: BOF when: system_arch_local_mirror is defined and arch.stdout - name: Update archlinux-keyring community.general.pacman: state: latest name: archlinux-keyring become: true when: arch.stdout - name: Upgrade system for arch community.general.pacman: state: latest upgrade: true force: true update_cache: true become: true register: upgrade_arch when: arch.stdout - name: Upgrade system for debian ansible.builtin.apt: update_cache: true only_upgrade: true upgrade: full become: true when: debian.stdout register: upgrade_debian - name: Reboot updates to apply ansible.builtin.reboot: reboot_timeout: 3600 when: (arch.stdout and (upgrade_arch.changed and upgrade_arch.packages is defined and "linux" in upgrade_arch.packages)) or (debian.stdout and upgrade_debian.changed) become: true - name: Collect only selected facts ansible.builtin.setup: filter: - 'ansible_distribution' - 'ansible_os_family' - name: Zsh install ansible.builtin.package: state: present name: zsh update_cache: true - name: Inetutils install ansible.builtin.package: state: present name: inetutils when: arch.stdout - name: Sudoers install ansible.builtin.package: state: present name: sudo - name: Create profil ansible.builtin.user: name: 'ansible' create_home: true system: false state: present ssh_key_file: .ssh/id_rsa shell: /bin/bash - name: Set sudoers right ansible.builtin.lineinfile: dest: '/etc/sudoers.d/ansible' regexp: '{{ item.regexp }}' line: '{{ item.line }}' state: 'present' create: true owner: 'root' group: 'root' mode: '0440' validate: 'visudo -cf "%s"' with_items: - regexp: '^ansible\s' line: 'ansible ALL = (ALL) NOPASSWD:ALL' - name: Ensure /etc/sudoers includes /etc/sudoers.d ansible.builtin.lineinfile: dest: '/etc/sudoers' regexp: '^#includedir\s+/etc/sudoers.d$' line: '#includedir /etc/sudoers.d' state: 'present' validate: 'visudo -cf "%s"' - name: Set authorized key taken from file ansible.posix.authorized_key: user: 'ansible' state: present key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"