mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2026-03-13 13:42:47 +01:00
jaydee
b241425b21
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Has been cancelled
81 lines
2.2 KiB
YAML
Executable File
81 lines
2.2 KiB
YAML
Executable File
- name: Init
|
|
become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
|
|
block:
|
|
|
|
- name: Include vault
|
|
ansible.builtin.include_vars:
|
|
file: init.yml
|
|
- name: Change password for jd
|
|
ansible.builtin.user:
|
|
name: jd
|
|
password: "{{ jd_password | password_hash('sha512') }}"
|
|
- name: "Ensure sudo binary exist"
|
|
stat:
|
|
path: /usr/bin/sudo
|
|
register: sudo_binary
|
|
- name: "Install sudo if not present"
|
|
package:
|
|
name: sudo
|
|
state: present
|
|
when: not sudo_binary.stat.exists
|
|
|
|
- name: Check if group exists
|
|
getent:
|
|
database: group
|
|
key: sudo
|
|
register: group_check
|
|
ignore_errors: true
|
|
|
|
- name: Ensure deploy user exists
|
|
ansible.builtin.user:
|
|
name: jd
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
append: true
|
|
when: group_check is succeeded
|
|
- name: Ensure directory sudoers.d exists
|
|
file:
|
|
path: /etc/sudoers.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Give jd passwordless sudo
|
|
copy:
|
|
dest: /etc/sudoers.d/jd
|
|
content: "jd ALL=(ALL) NOPASSWD:ALL\n"
|
|
owner: root
|
|
group: root
|
|
mode: '0440'
|
|
|
|
- name: Change password for root
|
|
ansible.builtin.user:
|
|
name: root
|
|
password: "{{ jd_password | password_hash('sha512') }}"
|
|
|
|
- name: Update become password for subsequent tasks
|
|
ansible.builtin.set_fact:
|
|
ansible_become_password: "{{ jd_password }}"
|
|
|
|
- name: Add authorized SSH key
|
|
ansible.posix.authorized_key:
|
|
user: "jd"
|
|
key: "{{ lookup('file', 'id_rsa.pub') }}"
|
|
state: present
|
|
|
|
- name: Set timezone to Europe/Bratislava
|
|
ansible.builtin.command:
|
|
cmd: timedatectl set-timezone Europe/Bratislava
|
|
args:
|
|
creates: /etc/timezone
|
|
- name: Set hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
- name: Add host entry to /etc/hosts
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: "^127.0.0.1 .*"
|
|
line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname.split('.')[0] }}"
|
|
state: present
|