ansible_bootstrap/tasks/main.yml
vincent 6b9d15fd17
Some checks failed
continuous-integration/drone/push Build is failing
add iptable install for debian (fot wiregaurd)
2023-10-29 15:38:24 +01:00

145 lines
3.5 KiB
YAML

---
# tasks file for ansible_bootstrap
- name: Detect debian
ansible.builtin.raw: cat /etc/os-release|grep Debian||true
changed_when: false
register: debian
- name: Detect Rocky
ansible.builtin.raw: cat /etc/os-release|grep rocky||true
changed_when: false
register: rocky
- name: Detect arch
ansible.builtin.raw: cat /etc/os-release|grep Arch||true
changed_when: false
register: arch
#- name: Install python for rocky
# ansible.builtin.raw: dnf install python3 --assumeyes
#changed_when: false
#when: rocky.stdout
#- name: Install python for debian
# ansible.builtin.raw: apt install python3 --assume-yes
#changed_when: false
#when: debian.stdout
- name: Install python on arch
ansible.builtin.raw: pacman -Sy python --noconfirm
changed_when: false
when: arch.stdout is match(".*Arch Linux.*")
- name: Add local repo to mirrorlist
become: true
ansible.builtin.lineinfile:
path: /etc/pacman.d/mirrorlist
line: 'Server= {{ system_arch_local_mirror }}/$repo/os/$arch'
state: present
insertbefore: BOF
when: system_arch_local_mirror is defined and arch.stdout is match(".*Arch Linux.*")
- name: Update archlinux-keyring
community.general.pacman:
state: latest
name: archlinux-keyring
become: true
when: arch.stdout is match(".*Arch Linux.*")
- name: Upgrade system for arch
community.general.pacman:
state: latest
upgrade: true
force: true
update_cache: true
become: true
register: upgrade_arch
when: arch.stdout is match(".*Arch Linux.*")
- name: Upgrade system for debian
ansible.builtin.apt:
update_cache: true
only_upgrade: true
upgrade: full
become: true
when: debian.stdout is match(".*Debian.*")
register: upgrade_debian
- name: Reboot updates to apply
ansible.builtin.reboot:
reboot_timeout: 3600
when:
(arch.stdout is match(".*Arch Linux.*") and (upgrade_arch.changed and upgrade_arch.packages is defined and "linux" in upgrade_arch.packages))
or (debian.stdout is match(".*Debian.*") and upgrade_debian.changed)
become: true
- name: Collect only selected facts
ansible.builtin.setup:
filter:
- 'ansible_distribution'
- 'ansible_os_family'
- name: Zsh install
ansible.builtin.package:
state: present
name: zsh
update_cache: true
- name: Inetutils install
ansible.builtin.package:
state: present
name: inetutils
when: ansible_os_family == "Archlinux"
- name: Iptable install
ansible.builtin.package:
state: present
name: iptables
when: ansible_os_family == "Debian"
- name: Sudoers install
ansible.builtin.package:
state: present
name: sudo
- name: Create profil
ansible.builtin.user:
name: 'ansible'
create_home: true
system: false
state: present
ssh_key_file: .ssh/id_rsa
shell: /bin/bash
- name: Set sudoers right
ansible.builtin.lineinfile:
dest: '/etc/sudoers.d/ansible'
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
state: 'present'
create: true
owner: 'root'
group: 'root'
mode: '0440'
validate: 'visudo -cf "%s"'
with_items:
- regexp: '^ansible\s'
line: 'ansible ALL = (ALL) NOPASSWD:ALL'
- name: Ensure /etc/sudoers includes /etc/sudoers.d
ansible.builtin.lineinfile:
dest: '/etc/sudoers'
regexp: '^#includedir\s+/etc/sudoers.d$'
line: '#includedir /etc/sudoers.d'
state: 'present'
validate: 'visudo -cf "%s"'
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: 'ansible'
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"