From f4b6b2a8ba021cf252d71588e8978a35cdd8f1b3 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 5 Nov 2023 19:08:26 +0100 Subject: [PATCH] Simplify even more stuff --- group_vars/all/vars.yml | 10 +++++++++- roles/common/tasks/base.yml | 10 ---------- roles/common/tasks/main.yml | 6 +++--- roles/common/tasks/users.yml | 4 +--- roles/docker/handlers/main.yml | 2 +- roles/docker/tasks/main.yml | 2 +- 6 files changed, 15 insertions(+), 19 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 4bd7f0e..f0a0709 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -4,4 +4,12 @@ encrypted_fs: /data hostname: "{{ inventory_hostname }}" timezone: Europe/Copenhagen -username: lab_admin + +users: + - name: lab_admin + comment: System administrator + groups: + - sudo + ssh_keys: + - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332 diff --git a/roles/common/tasks/base.yml b/roles/common/tasks/base.yml index 355a379..d68a727 100644 --- a/roles/common/tasks/base.yml +++ b/roles/common/tasks/base.yml @@ -25,11 +25,6 @@ state: present notify: Restart systemd-resolved -- name: Upgrade system packages - ansible.builtin.apt: - update_cache: true - upgrade: full - - name: Install packages via apt ansible.builtin.apt: name: "{{ pkgs }}" @@ -37,10 +32,5 @@ vars: pkgs: - apparmor - - curl - - git - haveged - - needrestart - - python3-pip - ufw - - unattended-upgrades diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 0d34968..5ecff15 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,14 +1,14 @@ # vim: ft=yaml.ansible # code: language=ansible --- -- name: Configure user accounts - ansible.builtin.import_tasks: users.yml - - name: Configure system base ansible.builtin.import_tasks: base.yml - name: Configure firewall ansible.builtin.import_tasks: firewall.yml +- name: Configure user accounts + ansible.builtin.import_tasks: users.yml + - name: Configure SSH ansible.builtin.import_tasks: ssh.yml diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml index 54a5bb4..089b5d3 100644 --- a/roles/common/tasks/users.yml +++ b/roles/common/tasks/users.yml @@ -5,12 +5,10 @@ ansible.builtin.user: name: "{{ item.name }}" comment: "{{ item.comment }}" - password: "{{ item.password }}" groups: "{{ item.groups }}" shell: /bin/bash - update_password: always + state: present loop: "{{ users }}" - no_log: true - name: Add ssh authorized_keys ansible.posix.authorized_key: diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 032afa2..a7f8dfa 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -4,4 +4,4 @@ - name: Restart Docker daemon ansible.builtin.service: name: docker - state: restarted + state: reloaded diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1ce3e8a..aecf354 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -28,7 +28,7 @@ dest: /etc/docker/daemon.json owner: root mode: u=rw,g=r,o=r - notify: Restart Docker daemon + notify: Reload Docker daemon - name: Ensure Docker daemon is enabled and running ansible.builtin.service: