# vim: ft=yaml.ansible # code: language=ansible --- - name: Set hostname ansible.builtin.hostname: name: "{{ hostname }}" - name: Set timezone community.general.timezone: name: "{{ timezone }}" - name: Copy hosts file ansible.builtin.template: src: hosts.j2 dest: /etc/hosts owner: root mode: u=rw,g=r,o=r - name: Add users ansible.builtin.user: name: "{{ item.name }}" comment: "{{ item.comment }}" groups: "{{ item.groups }}" shell: /bin/bash state: present loop: "{{ users }}" - name: Add SSH keys to users ansible.posix.authorized_key: user: "{{ item.name }}" key: "{{ item.ssh_keys | join('\n') }}" exclusive: true loop: "{{ users }}" - name: Allow passwordless sudo community.general.sudoers: name: passwordless group: wheel host: ALL commands: ALL nopassword: true state: present - name: Copy sshd_config ansible.builtin.copy: src: sshd_config dest: /etc/ssh/sshd_config owner: root mode: u=rw,g=r,o=r validate: /usr/sbin/sshd -t -f %s notify: Restart sshd - name: Enable extra repositories ansible.builtin.dnf: name: - epel-release - rocky-release-security state: present - name: Install system packages ansible.builtin.dnf: name: - firewalld - haveged - htop - jq - logrotate - mtr - rsyslog - vim update_cache: true state: present - name: Ensure services are enabled and running ansible.builtin.service: name: "{{ item }}" enabled: true state: started loop: - firewalld - haveged - rsyslog - name: LKRG installation when: virt_type == 'kvm' block: - name: Install LKRG package ansible.builtin.dnf: name: lkrg state: present - name: Ensure LKRG is enabled and running ansible.builtin.service: name: lkrg enabled: true state: started - name: Configure firewall ansible.builtin.import_tasks: firewall.yml