From 99581b2bc109c12d3480cb54e59173310a931eb6 Mon Sep 17 00:00:00 2001 From: Ullli Date: Fri, 24 Apr 2026 18:28:28 +0200 Subject: [PATCH] mit block versuchen --- tasks/bootstrap.yml | 133 ++++++++++++++++++++++---------------------- tasks/main.yml | 1 - 2 files changed, 67 insertions(+), 67 deletions(-) diff --git a/tasks/bootstrap.yml b/tasks/bootstrap.yml index e6dd0c4..c5e37da 100644 --- a/tasks/bootstrap.yml +++ b/tasks/bootstrap.yml @@ -1,67 +1,68 @@ --- -- name: Remove apt-config-file derived from preseeding - ansible.builtin.file: - path: /etc/apt/apt.conf - state: absent - when: ("baremetal" in group_names) -- name: Create apt-proxy config file - ansible.builtin.template: - src: apt-proxy_01proxy.j2 - dest: /etc/apt/apt.conf.d/01proxy - when: ("DMZ" not in group_names) -- name: Remove apt-config-file only for aptproxy - ansible.builtin.file: - path: /etc/apt/apt.conf.d/01proxy - state: absent - when: ("aptproxy" in inventory_hostname) -- name: Copy apt-unattended-upgrades config file - ansible.builtin.copy: - src: apt-unattended-upgrades_10periodic - dest: /etc/apt/apt.conf.d/10periodic -- name: Update and upgrade apt packages - ansible.builtin.apt: - update_cache: true - upgrade: true - autoremove: true -- name: Install core-packages - ansible.builtin.apt: - pkg: - - sudo - - gnupg - - htop - - ncdu - - vim - - tmux - - gnupg2 - - nethogs - - iftop - - rsync - - ripgrep -- name: Install core-packages for bare-metal-server - ansible.builtin.apt: - pkg: - - inxi - when: ("baremetal" in group_names) -- name: Install core-packages for server in DMZ - ansible.builtin.apt: - pkg: - - fail2ban - when: ("DMZ" in group_names) -- name: Add ansible user to server - ansible.builtin.user: - name: ansible - shell: /bin/bash -- name: Allow "ansible"-user to have passwordless sudo - ansible.builtin.copy: - src: sudo_ansible - dest: /etc/sudoers.d/ansible - owner: root - group: root - mode: "0440" -- name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file - ansible.posix.authorized_key: - user: ansible - state: present - manage_dir: true - key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}" - +- block: + - name: Remove apt-config-file derived from preseeding + ansible.builtin.file: + path: /etc/apt/apt.conf + state: absent + when: ("baremetal" in group_names) + - name: Create apt-proxy config file + ansible.builtin.template: + src: apt-proxy_01proxy.j2 + dest: /etc/apt/apt.conf.d/01proxy + when: ("DMZ" not in group_names) + - name: Remove apt-config-file only for aptproxy + ansible.builtin.file: + path: /etc/apt/apt.conf.d/01proxy + state: absent + when: ("aptproxy" in inventory_hostname) + - name: Copy apt-unattended-upgrades config file + ansible.builtin.copy: + src: apt-unattended-upgrades_10periodic + dest: /etc/apt/apt.conf.d/10periodic + - name: Update and upgrade apt packages + ansible.builtin.apt: + update_cache: true + upgrade: true + autoremove: true + - name: Install core-packages + ansible.builtin.apt: + pkg: + - sudo + - gnupg + - htop + - ncdu + - vim + - tmux + - gnupg2 + - nethogs + - iftop + - rsync + - ripgrep + - name: Install core-packages for bare-metal-server + ansible.builtin.apt: + pkg: + - inxi + when: ("baremetal" in group_names) + - name: Install core-packages for server in DMZ + ansible.builtin.apt: + pkg: + - fail2ban + when: ("DMZ" in group_names) + - name: Add ansible user to server + ansible.builtin.user: + name: ansible + shell: /bin/bash + - name: Allow "ansible"-user to have passwordless sudo + ansible.builtin.copy: + src: sudo_ansible + dest: /etc/sudoers.d/ansible + owner: root + group: root + mode: "0440" + - name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file + ansible.posix.authorized_key: + user: ansible + state: present + manage_dir: true + key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}" + remote_user: root diff --git a/tasks/main.yml b/tasks/main.yml index 15c15c0..77e8842 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: Include bootstrap ansible.builtin.include_tasks: bootstrap.yml - remote_user: root - name: OpenLDAP-Server ansible.builtin.include_tasks: openldap.yml when: ldap in group_names -- 2.39.5