Simplify even more stuff

2023-11-05 19:08:26 +01:00 · 2023-11-05 19:08:26 +01:00 · f4b6b2a8ba
parent c02389c7ec
commit f4b6b2a8ba
6 changed files with 15 additions and 19 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -4,4 +4,12 @@
 encrypted_fs: /data
 hostname: "{{ inventory_hostname }}"
 timezone: Europe/Copenhagen
-username: lab_admin
+
+users:
+  - name: lab_admin
+    comment: System administrator
+    groups:
+      - sudo
+    ssh_keys:
+      - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
--- a/roles/common/tasks/base.yml
+++ b/roles/common/tasks/base.yml
@ -25,11 +25,6 @@
    state: present
  notify: Restart systemd-resolved

- name: Upgrade system packages
-  ansible.builtin.apt:
-    update_cache: true
-    upgrade: full
-
 - name: Install packages via apt
  ansible.builtin.apt:
    name: "{{ pkgs }}"
@ -37,10 +32,5 @@
  vars:
    pkgs:
      - apparmor
-      - curl
-      - git
      - haveged
-      - needrestart
-      - python3-pip
      - ufw
-      - unattended-upgrades
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,14 +1,14 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
- name: Configure user accounts
-  ansible.builtin.import_tasks: users.yml
-
 - name: Configure system base
  ansible.builtin.import_tasks: base.yml

 - name: Configure firewall
  ansible.builtin.import_tasks: firewall.yml

+- name: Configure user accounts
+  ansible.builtin.import_tasks: users.yml
+
 - name: Configure SSH
  ansible.builtin.import_tasks: ssh.yml
--- a/roles/common/tasks/users.yml
+++ b/roles/common/tasks/users.yml
@ -5,12 +5,10 @@
  ansible.builtin.user:
    name: "{{ item.name }}"
    comment: "{{ item.comment }}"
-    password: "{{ item.password }}"
    groups: "{{ item.groups }}"
    shell: /bin/bash
-    update_password: always
+    state: present
  loop: "{{ users }}"
-  no_log: true

 - name: Add ssh authorized_keys
  ansible.posix.authorized_key:
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@ -4,4 +4,4 @@
 - name: Restart Docker daemon
  ansible.builtin.service:
    name: docker
-    state: restarted
+    state: reloaded
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -28,7 +28,7 @@
    dest: /etc/docker/daemon.json
    owner: root
    mode: u=rw,g=r,o=r
-  notify: Restart Docker daemon
+  notify: Reload Docker daemon

 - name: Ensure Docker daemon is enabled and running
  ansible.builtin.service: