From: Ullli <ullli@freie-schul-it.de>
Date: Mon, 24 Nov 2025 14:54:18 +0000 (+0100)
Subject: config fuer bootstrapping und inventory
X-Git-Url: https://freie-schul-it.de/gitweb/fsit_smgt.git/commitdiff_plain/HEAD?ds=sidebyside

config fuer bootstrapping und inventory
---

diff --git a/files/apt-unattended-upgrades_10periodic b/files/apt-unattended-upgrades_10periodic
new file mode 100644
index 0000000..1692b9c
--- /dev/null
+++ b/files/apt-unattended-upgrades_10periodic
@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "0";
diff --git a/files/sudo_ansible b/files/sudo_ansible
new file mode 100644
index 0000000..638d93d
--- /dev/null
+++ b/files/sudo_ansible
@@ -0,0 +1 @@
+ansible  ALL=(ALL) NOPASSWD:ALL
diff --git a/tasks/bootstrap.yml b/tasks/bootstrap.yml
new file mode 100644
index 0000000..e6dd0c4
--- /dev/null
+++ b/tasks/bootstrap.yml
@@ -0,0 +1,67 @@
+---
+- name: Remove apt-config-file derived from preseeding
+  ansible.builtin.file:
+    path: /etc/apt/apt.conf
+    state: absent
+  when: ("baremetal" in group_names)
+- name: Create apt-proxy config file
+  ansible.builtin.template:
+    src: apt-proxy_01proxy.j2
+    dest: /etc/apt/apt.conf.d/01proxy
+  when: ("DMZ" not in group_names)
+- name: Remove apt-config-file only for aptproxy
+  ansible.builtin.file:
+    path: /etc/apt/apt.conf.d/01proxy
+    state: absent
+  when: ("aptproxy" in inventory_hostname)
+- name: Copy apt-unattended-upgrades config file
+  ansible.builtin.copy:
+    src: apt-unattended-upgrades_10periodic
+    dest: /etc/apt/apt.conf.d/10periodic
+- name: Update and upgrade apt packages
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: true
+    autoremove: true
+- name: Install core-packages
+  ansible.builtin.apt:
+    pkg:
+      - sudo
+      - gnupg
+      - htop
+      - ncdu
+      - vim
+      - tmux
+      - gnupg2
+      - nethogs
+      - iftop
+      - rsync
+      - ripgrep
+- name: Install core-packages for bare-metal-server
+  ansible.builtin.apt:
+    pkg:
+      - inxi
+  when: ("baremetal" in group_names)
+- name: Install core-packages for server in DMZ
+  ansible.builtin.apt:
+    pkg:
+      - fail2ban
+  when: ("DMZ" in group_names)
+- name: Add ansible user to server
+  ansible.builtin.user:
+    name: ansible
+    shell: /bin/bash
+- name: Allow "ansible"-user to have passwordless sudo
+  ansible.builtin.copy:
+    src: sudo_ansible
+    dest: /etc/sudoers.d/ansible
+    owner: root
+    group: root
+    mode: "0440"
+- name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
+  ansible.posix.authorized_key:
+    user: ansible
+    state: present
+    manage_dir: true
+    key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
+
diff --git a/tasks/inventory.yml b/tasks/inventory.yml
new file mode 100644
index 0000000..40441de
--- /dev/null
+++ b/tasks/inventory.yml
@@ -0,0 +1,10 @@
+---
+- name: Install packages
+  ansible.builtin.apt:
+    pkg:
+      - fusioninventory-agent
+- name: Copy fusioninventory-agent cfg-file
+  ansible.builtin.template:
+    src: fusioninventory_01server.cfg.j2
+    dest: /etc/fusioninventory/conf.d/01server.cfg
+  notify: start fusioninventory-client