Simplify even more stuff
This commit is contained in:
parent
c02389c7ec
commit
f4b6b2a8ba
GPG Key ID:
CBBBE7371E81C4EA
|
|
@ -4,4 +4,12 @@
|
|||
encrypted_fs: /data
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
timezone: Europe/Copenhagen
|
||||
username: lab_admin
|
||||
|
||||
users:
|
||||
- name: lab_admin
|
||||
comment: System administrator
|
||||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||
|
|
|
|||
|
|
@ -25,11 +25,6 @@
|
|||
state: present
|
||||
notify: Restart systemd-resolved
|
||||
|
||||
- name: Upgrade system packages
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
upgrade: full
|
||||
|
||||
- name: Install packages via apt
|
||||
ansible.builtin.apt:
|
||||
name: "{{ pkgs }}"
|
||||
|
|
@ -37,10 +32,5 @@
|
|||
vars:
|
||||
pkgs:
|
||||
- apparmor
|
||||
- curl
|
||||
- git
|
||||
- haveged
|
||||
- needrestart
|
||||
- python3-pip
|
||||
- ufw
|
||||
- unattended-upgrades
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Configure user accounts
|
||||
ansible.builtin.import_tasks: users.yml
|
||||
|
||||
- name: Configure system base
|
||||
ansible.builtin.import_tasks: base.yml
|
||||
|
||||
- name: Configure firewall
|
||||
ansible.builtin.import_tasks: firewall.yml
|
||||
|
||||
- name: Configure user accounts
|
||||
ansible.builtin.import_tasks: users.yml
|
||||
|
||||
- name: Configure SSH
|
||||
ansible.builtin.import_tasks: ssh.yml
|
||||
|
|
|
|||
|
|
@ -5,12 +5,10 @@
|
|||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
comment: "{{ item.comment }}"
|
||||
password: "{{ item.password }}"
|
||||
groups: "{{ item.groups }}"
|
||||
shell: /bin/bash
|
||||
update_password: always
|
||||
state: present
|
||||
loop: "{{ users }}"
|
||||
no_log: true
|
||||
|
||||
- name: Add ssh authorized_keys
|
||||
ansible.posix.authorized_key:
|
||||
|
|
|
|||
|
|
@ -4,4 +4,4 @@
|
|||
- name: Restart Docker daemon
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: restarted
|
||||
state: reloaded
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
dest: /etc/docker/daemon.json
|
||||
owner: root
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Restart Docker daemon
|
||||
notify: Reload Docker daemon
|
||||
|
||||
- name: Ensure Docker daemon is enabled and running
|
||||
ansible.builtin.service:
|
||||
|
|
|
|||
Loading…
Reference in New Issue