80 lines
2.0 KiB
YAML
80 lines
2.0 KiB
YAML
---
|
|
# tasks file for roles/base_setup
|
|
- name: Update package cache
|
|
apt:
|
|
update_cache: yes
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Install basic packages
|
|
package:
|
|
name:
|
|
- git
|
|
- vim
|
|
- tmux
|
|
- python3
|
|
- python3-pip
|
|
- python3-venv
|
|
- curl
|
|
- wget
|
|
- build-essential
|
|
- rsync
|
|
- bash-completion
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
state: present
|
|
|
|
- name: Create user with or without password
|
|
block:
|
|
- name: Generate random password
|
|
command: openssl rand -base64 32
|
|
register: random_password
|
|
changed_when: false
|
|
when: generate_user_password | bool
|
|
|
|
- name: Set password fact
|
|
set_fact:
|
|
generated_password: "{{ random_password.stdout }}"
|
|
when: generate_user_password | bool
|
|
|
|
- name: Create user with password
|
|
user:
|
|
name: "{{ base_username }}"
|
|
password: "{{ random_password.stdout | password_hash('sha512') }}"
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
when: generate_user_password | bool
|
|
|
|
- name: Create user without password
|
|
user:
|
|
name: "{{ base_username }}"
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
when: not generate_user_password | bool
|
|
|
|
- name: Display generated password
|
|
debug:
|
|
msg: "Generated password for {{ base_username }} on {{ inventory_hostname }}: {{ random_password.stdout }}"
|
|
when: generate_user_password | bool
|
|
|
|
always:
|
|
- name: Ensure user is in sudo group
|
|
user:
|
|
name: "{{ base_username }}"
|
|
groups: sudo
|
|
append: yes
|
|
|
|
- name: Set up authorized key for user
|
|
authorized_key:
|
|
user: "{{ base_username }}"
|
|
key: "{{ lookup('file', base_ssh_keyfile) }}"
|
|
|
|
- name: Set timezone
|
|
timezone:
|
|
name: "{{ base_timezone }}"
|
|
|
|
- name: Ensure PATH is updated
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/bash.bashrc
|
|
line: 'export PATH=$HOME/.local/bin:$HOME/go/bin:/usr/sbin:$PATH'
|
|
create: yes |