64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
- name: Install packages on all servers
|
|
ansible.builtin.apt:
|
|
package: "{{ item.list }}"
|
|
state: present
|
|
loop: "{{ base_config_packages }}"
|
|
|
|
- name: Change hostname to inventory name
|
|
ansible.builtin.hostname:
|
|
name: "{{ ansible_facts['hostname'] }}"
|
|
use: systemd
|
|
|
|
- name: Change /etc/hosts
|
|
ansible.builtin.template:
|
|
src: templates/hostname.j2
|
|
dest: /etc/hostname
|
|
mode: "0755"
|
|
|
|
- name: Create groups that are missing
|
|
ansible.builtin.group:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
system: "{{ item.system }}"
|
|
loop: "{{ base_config_group }}"
|
|
|
|
- name: Allow 'sudo' group to have passwordless sudo
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: "^%sudo"
|
|
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
|
validate: "visudo -cf %s"
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
user: "{{ item.user }}"
|
|
expires: false
|
|
system: "{{ item.system | default(false) }}"
|
|
groups: "{{ item.groups | default([]) }}"
|
|
state: "{{ item.state | default(absent) }}"
|
|
remove: "{{ item.remove | default(false) }}"
|
|
shell: "{{ item.shell | default([]) }}"
|
|
create_home: "{{ item.create_home | default(true) }}"
|
|
loop: "{{ base_config_user }}"
|
|
|
|
- name: Create custom sudoers file
|
|
ansible.builtin.file:
|
|
dest: /etc/sudoers.d/custom
|
|
state: present
|
|
mode: "0755"
|
|
|
|
- name: Create ansible User for future rollouts
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.name | default([]) }}"
|
|
key: "{{ item.sshkey | default([]) }}"
|
|
exclusive: "{{ item.exclusive | default(true) }}"
|
|
loop: "{{ base_config_user }}"
|
|
|
|
- name: Change SSH Config to just take SSH Keys
|
|
ansible.builtin.template:
|
|
src: tempalates/custom.conf.j2
|
|
dest: '/etc/ssh/sshd_config.d/custom.conf'
|
|
mode: '0644'
|
|
notify: SSH_Handler
|