- name: Configure system hosts: "{{ target_host }}" become: yes vars_files: - vars/user-vars.yml tasks: - name: Set unique hostname hostname: name: "{{ inventory_hostname }}" when: ansible_hostname != inventory_hostname # TODO: Move installation to k8s playbook - name: Install additional packages apt: name: - doas - zsh - tmux - git - jq - acl - curl - wget - netcat-traditional - fping - rsync - htop - iotop - iftop - tar - less - firewalld - sshguard - wireguard - iproute2 - iperf3 - zfsutils-linux - net-tools - ca-certificates - gnupg - sshpass state: latest update_cache: true - name: Verify status of firewalld and enable sshguard systemd: name: "{{ item }}" enabled: yes state: started loop: - firewalld - sshguard - name: Disable and remove snapd block: - name: Disable snapd services systemd: name: "{{ item }}" enabled: no state: stopped loop: - snapd.service - snapd.socket - snapd.seeded - snapd.snap-repair.timer - name: Purge snapd apt: name: snapd state: absent - name: Remove snap directories file: path: "{{ item }}" state: absent loop: - "{{ ansible_env.HOME }}/snap" - /snap - /var/snap - /var/lib/snapd become: yes - name: Create a user user: name: "{{ username }}" password: "{{ '{{ password }}' | password_hash('sha512') }}" shell: /bin/bash state: present - name: Add user to sudoers group user: name: "{{ username }}" groups: sudo append: yes - name: Ensure .ssh directory exists for user file: path: /home/"{{ username }}"/.ssh state: directory owner: "{{ username }}" group: "{{ username }}" mode: '0700' - name: Copy SSH public key to authorized_keys copy: src: "{{ path_to_ssh_key }}" dest: /home/{{ username }}/.ssh/authorized_keys owner: "{{ username }}" group: "{{ username }}" mode: '0600' - name: Add user to sudoers for passwordless sudo lineinfile: path: /etc/sudoers state: present regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL' line: '{{ username }} ALL=(ALL) NOPASSWD:ALL' validate: 'visudo -cf %s'