--- # tasks file for ansible_bootstrap - name: Detect debian ansible.builtin.raw: cat /etc/os-release|grep Debian||true register: debian - name: Detect Rocky ansible.builtin.raw: cat /etc/os-release|grep rocky||true register: rocky - name: Detect arch ansible.builtin.raw: cat /etc/os-release|grep Arch||true register: arch - name: Install python for rocky ansible.builtin.raw: dnf install python3 --assumeyes when: rocky.stdout - name: Install python for debian ansible.builtin.raw: apt install python3 --assume-yes when: debian.stdout - name: Install python on arch ansible.builtin.raw: pacman -Sy python --noconfirm when: arch.stdout - name: Add local repo to mirrorlist become: true lineinfile: path: /etc/pacman.d/mirrorlist line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch" state: present insertbefore: BOF when: system_arch_local_mirror is defined and arch.stdout - name: Update archlinux-keyring community.general.pacman: state: latest name: archlinux-keyring become: true when: arch.stdout - name: Upgrade system for arch pacman: state: latest # not required. choices: absent;latest;present. Desired state of the package. upgrade: true # not required. Whether or not to upgrade whole system. force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases. update_cache: true become: true register: upgrade_arch when: arch.stdout - name: Upgrade system for debian apt: update_cache: yes # not required. Run the equivalent of C(apt-get update) before the operation. Can be run as part of the package installation or as a separate step. only_upgrade: yes # not required. Only upgrade a package if it is already installed. upgrade: full # not required. choices: dist;full;no;safe;yes. If yes or safe, performs an aptitude safe-upgrade.,If full, performs an aptitude full-upgrade.,If dist, performs an apt-get dist-upgrade.,Note: This does not upgrade a specific package, use state=latest for that.,Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present. state: latest # not required. choices: absent;build-dep;latest;present. Indicates the desired package state. C(latest) ensures that the latest version is installed. C(build-dep) ensures the package build dependencies are installed. become: true when: debian.stdout register: upgrade_debian - name: Reboot updates to apply reboot: reboot_timeout: 3600 when: (arch.stdout and (upgrade_arch.changed and "linux" in upgrade_arch.packages)) or (debian.stdout and upgrade_debian.changed) become: true - name: Collect only selected facts ansible.builtin.setup: filter: - 'ansible_distribution' - 'ansible_os_family' - name: Zsh install package: state: present name: zsh update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step. - name: Inetutils install package: state: present name: inetutils when: arch.stdout - name: Sudoers install package: state: present # not required. choices: absent;latest;present. Desired state of the package. name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove. - name: Create profil user: name: "ansible" # required. Name of the user to create, remove or modify. create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5. system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users. state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. shell: /bin/bash - name: Set sudoers right lineinfile: dest: "/etc/sudoers.d/ansible" regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: "present" create: True owner: "root" group: "root" mode: "0440" validate: 'visudo -cf "%s"' with_items: - regexp: '^ansible\s' line: "ansible ALL = (ALL) NOPASSWD:ALL" - name: Ensure /etc/sudoers includes /etc/sudoers.d lineinfile: dest: "/etc/sudoers" regexp: '^#includedir\s+/etc/sudoers.d$' line: "#includedir /etc/sudoers.d" state: "present" validate: 'visudo -cf "%s"' - name: Set authorized key taken from file authorized_key: user: "ansible" state: present key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"