lab-ansible/roles/virt-common/tasks/main.yml

126 lines
2.6 KiB
YAML
Raw Permalink Normal View History

2023-11-25 17:40:00 +00:00
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Copy hosts file
ansible.builtin.template:
src: hosts.j2
dest: /etc/hosts
owner: root
2024-01-30 18:15:51 +00:00
group: root
2023-11-25 17:40:00 +00:00
mode: u=rw,g=r,o=r
2023-12-29 16:43:18 +00:00
- name: Copy MOTD file
ansible.builtin.template:
src: motd.j2
dest: /etc/motd.d/10-ansible
owner: root
2024-01-30 18:15:51 +00:00
group: root
2023-12-29 16:43:18 +00:00
mode: u=rw,g=r,o=r
2023-11-25 17:40:00 +00:00
- name: Add users
ansible.builtin.user:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
groups: "{{ item.groups }}"
shell: /bin/bash
state: present
loop: "{{ users }}"
- name: Add SSH keys to users
ansible.posix.authorized_key:
user: "{{ item.name }}"
key: "{{ item.ssh_keys | join('\n') }}"
exclusive: true
loop: "{{ users }}"
- name: Allow passwordless sudo
community.general.sudoers:
name: passwordless
2023-12-24 23:58:55 +00:00
group: wheel
2023-11-25 17:40:00 +00:00
host: ALL
commands: ALL
nopassword: true
state: present
- name: Copy sshd_config
ansible.builtin.copy:
src: sshd_config
dest: /etc/ssh/sshd_config
owner: root
2024-01-30 18:15:51 +00:00
group: root
2023-11-25 17:40:00 +00:00
mode: u=rw,g=r,o=r
validate: /usr/sbin/sshd -t -f %s
notify: Restart sshd
- name: Enable extra repositories
ansible.builtin.dnf:
name:
- epel-release
- rocky-release-security
state: present
2023-12-28 17:33:05 +00:00
notify: Upgrade system packages
2023-11-25 17:40:00 +00:00
- name: Install system packages
ansible.builtin.dnf:
name:
2023-12-28 15:30:11 +00:00
- bind-utils
2023-11-25 17:40:00 +00:00
- firewalld
- htop
- jq
- logrotate
2023-12-28 17:33:05 +00:00
- lsof
2023-11-25 17:40:00 +00:00
- mtr
- rsyslog
2023-12-28 15:30:11 +00:00
- telnet
2023-12-24 20:37:05 +00:00
- vim
2023-11-25 17:40:00 +00:00
update_cache: true
state: present
- name: Ensure services are enabled and running
ansible.builtin.service:
name: "{{ item }}"
enabled: true
state: started
loop:
- firewalld
- rsyslog
2024-04-14 17:15:20 +00:00
- name: Services for non-LXC instances
2024-02-09 18:25:01 +00:00
when: instance_type != 'lxc'
2023-11-25 17:40:00 +00:00
block:
2024-01-28 17:51:13 +00:00
- name: Install haveged
2023-11-25 17:40:00 +00:00
ansible.builtin.dnf:
2024-01-28 17:51:13 +00:00
name: haveged
2023-11-25 17:40:00 +00:00
state: present
2024-01-28 17:51:13 +00:00
- name: Ensure haveged is enabled and running
2023-11-25 17:40:00 +00:00
ansible.builtin.service:
2024-01-28 17:51:13 +00:00
name: haveged
2023-11-25 17:40:00 +00:00
enabled: true
state: started
2024-04-14 17:15:20 +00:00
- name: Services for QEMU instances
when: instance_type == 'qemu'
block:
- name: Ensure fstrim systemd timer is enabled
ansible.builtin.systemd_service:
name: fstrim.timer
enabled: true
state: started
2024-02-04 14:31:18 +00:00
- name: Create directory '{{ data_fs }}'
ansible.builtin.file:
path: "{{ data_fs }}"
owner: root
group: root
mode: u=rwx,g=rx,o=rx
seuser: system_u
serole: object_r
setype: unlabeled_t
selevel: s0
state: directory
when: instance_type == 'vps'
2023-11-25 17:40:00 +00:00
- name: Configure firewall
ansible.builtin.import_tasks: firewall.yml