[fsit_smgt.git] / tasks / bootstrap.yml

---
- block:
  - name: Remove apt-config-file derived from preseeding
    ansible.builtin.file:
      path: /etc/apt/apt.conf
      state: absent
    when: ("baremetal" in group_names)
  - name: Create apt-proxy config file
    ansible.builtin.template:
      src: apt-proxy_01proxy.j2
      dest: /etc/apt/apt.conf.d/01proxy
    when: ("DMZ" not in group_names)
  - name: Remove apt-config-file only for aptproxy
    ansible.builtin.file:
      path: /etc/apt/apt.conf.d/01proxy
      state: absent
    when: ("aptproxy" in inventory_hostname)
  - name: Copy apt-unattended-upgrades config file
    ansible.builtin.copy:
      src: apt-unattended-upgrades_10periodic
      dest: /etc/apt/apt.conf.d/10periodic
  - name: Update and upgrade apt packages
    ansible.builtin.apt:
      update_cache: true
      upgrade: true
      autoremove: true
  - name: Install core-packages
    ansible.builtin.apt:
      pkg:
        - sudo
        - gnupg
        - htop
        - ncdu
        - vim
        - tmux
        - gnupg2
        - nethogs
        - iftop
        - rsync
        - ripgrep
  - name: Install core-packages for bare-metal-server
    ansible.builtin.apt:
      pkg:
        - inxi
    when: ("baremetal" in group_names)
  - name: Install core-packages for server in DMZ
    ansible.builtin.apt:
      pkg:
        - fail2ban
    when: ("DMZ" in group_names)
  - name: Add ansible user to server
    ansible.builtin.user:
      name: ansible
      shell: /bin/bash
  - name: Allow "ansible"-user to have passwordless sudo
    ansible.builtin.copy:
      src: sudo_ansible
      dest: /etc/sudoers.d/ansible
      owner: root
      group: root
      mode: "0440"
  - name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
    ansible.posix.authorized_key:
      user: ansible
      state: present
      manage_dir: true
      key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
  remote_user: root