92 lines
1.8 KiB
YAML
92 lines
1.8 KiB
YAML
# vim: ft=yaml.ansible
|
|
# code: language=ansible
|
|
---
|
|
- name: Copy hosts file
|
|
ansible.builtin.template:
|
|
src: hosts.j2
|
|
dest: /etc/hosts
|
|
owner: root
|
|
mode: u=rw,g=r,o=r
|
|
|
|
- name: Add users
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
comment: "{{ item.comment }}"
|
|
groups: "{{ item.groups }}"
|
|
shell: /bin/bash
|
|
state: present
|
|
loop: "{{ users }}"
|
|
|
|
- name: Add SSH keys to users
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.name }}"
|
|
key: "{{ item.ssh_keys | join('\n') }}"
|
|
exclusive: true
|
|
loop: "{{ users }}"
|
|
|
|
- name: Allow passwordless sudo
|
|
community.general.sudoers:
|
|
name: passwordless
|
|
group: wheel
|
|
host: ALL
|
|
commands: ALL
|
|
nopassword: true
|
|
state: present
|
|
|
|
- name: Copy sshd_config
|
|
ansible.builtin.copy:
|
|
src: sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
mode: u=rw,g=r,o=r
|
|
validate: /usr/sbin/sshd -t -f %s
|
|
notify: Restart sshd
|
|
|
|
- name: Enable extra repositories
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- epel-release
|
|
- rocky-release-security
|
|
state: present
|
|
|
|
- name: Install system packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- firewalld
|
|
- haveged
|
|
- htop
|
|
- jq
|
|
- logrotate
|
|
- mtr
|
|
- rsyslog
|
|
- vim
|
|
update_cache: true
|
|
state: present
|
|
|
|
- name: Ensure services are enabled and running
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
state: started
|
|
loop:
|
|
- firewalld
|
|
- haveged
|
|
- rsyslog
|
|
|
|
- name: LKRG installation
|
|
when: virt_type == 'kvm'
|
|
block:
|
|
- name: Install LKRG package
|
|
ansible.builtin.dnf:
|
|
name: lkrg
|
|
state: present
|
|
|
|
- name: Ensure LKRG is enabled and running
|
|
ansible.builtin.service:
|
|
name: lkrg
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Configure firewall
|
|
ansible.builtin.import_tasks: firewall.yml
|