library/bootstrap.yml

   1 ---
   2 - name: remove apt-config-file derived from preseeding
   3   ansible.builtin.file:
   4     path: /etc/apt/apt.conf
   5     state: absent
   6   when: ("baremetal" in group_names)
   7 - name: create apt-proxy config file
   8   ansible.builtin.template:
   9     src: fsit-smgt/templates/apt-proxy_01proxy.j2
  10     dest: /etc/apt/apt.conf.d/01proxy
  11   when: ("DMZ" not in group_names)
  12 - name: remove apt-config-file only for aptproxy
  13   ansible.builtin.file:
  14     path: /etc/apt/apt.conf.d/01proxy
  15     state: absent
  16   when: ("aptproxy" in inventory_hostname)
  17 - name: copy apt-unattended-upgrades config file
  18   ansible.builtin.copy:
  19     src: fsit-smgt/files/apt-unattended-upgrades_10periodic
  20     dest: /etc/apt/apt.conf.d/10periodic
  21 - name: Update and upgrade apt packages
  22   ansible.builtin.apt:
  23     update_cache: yes
  24     upgrade: yes
  25     autoremove: true
  26 - name: install core-packages
  27   ansible.builtin.apt:
  28 #    update_cache: yes
  29     pkg:
  30     - sudo
  31     - gnupg
  32     - htop
  33     - ncdu
  34     - vim
  35     - tmux
  36     - gnupg2
  37 - name: install core-packages for bare-metal-server
  38   ansible.builtin.apt:
  39     pkg:
  40     - inxi
  41   when: ("baremetal" in group_names)
  42 - name: add ansible user to server
  43   ansible.builtin.user:
  44     name: ansible
  45     shell: /bin/bash
  46 - name: allow "ansible"-user to have passwordless sudo
  47   ansible.builtin.copy:
  48     src: fsit-smgt/files/sudo_ansible
  49     dest: /etc/sudoers.d/ansible
  50     owner: root
  51     group: root
  52     mode: 0440
  53 - name: add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
  54   ansible.builtin.authorized_key:
  55     user: ansible
  56     state: present
  57     manage_dir: yes
  58     key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
  59 ...