klal

roles/init/tasks/main.yml

@@ -0,0 +1,53 @@
+- name: Init
+  become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
+  become_method: su
+  block:
+    - name: Include vault
+      ansible.builtin.include_vars:
+        file: jaydee.yml
+    - name: Change password for jd
+      ansible.builtin.user:
+        name: jd
+        password: "{{ jd_password | password_hash('sha512') }}"
+    - name: Ensure deploy user exists
+      ansible.builtin.user:
+        name: jd
+        shell: /bin/bash
+        groups: sudo
+        append: true
+    - name: Give deploy sudo access
+      ansible.builtin.copy:
+        dest: /etc/sudoers.d/jd
+        content: "jd ALL=(ALL:ALL) ALL\n"
+        owner: root
+        group: root
+        mode: '0440'
+
+    - name: Change password for root
+      ansible.builtin.user:
+        name: root
+        password: "{{ jd_password | password_hash('sha512') }}"
+    - name: Update become password for subsequent tasks
+      ansible.builtin.set_fact:
+        ansible_become_password: "{{ jd_password }}"
+
+    - name: Add authorized SSH key
+      ansible.posix.authorized_key:
+        user: "jd"
+        key: "{{ lookup('file', 'id_rsa.pub') }}"
+        state: present
+
+    - name: Set timezone to Europe/Bratislava
+      ansible.builtin.command:
+        cmd: timedatectl set-timezone Europe/Bratislava
+      args:
+        creates: /etc/timezone
+    - name: Set hostname
+      ansible.builtin.hostname:
+        name: "{{ inventory_hostname }}"
+    - name: Add host entry to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        regexp: "^127.0.0.1 .*"
+        line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname.split('.')[0] }}"
+        state: present