- name: Setup system for the service provider setup hosts: "{{ target_host }}" environment: GNUPGHOME: /home/{{ ansible_user }}/.gnupg vars_files: - vars/k8s-vars.yml - vars/dns-vars.yml - vars/gpg-vars.yml - vars/user-vars.yml become: yes become_user: "{{username}}" tasks: - name: Install required packages apt: name: - doas - zsh - tmux - git - jq - acl - curl - wget - netcat-traditional - fping - rsync - htop - iotop - iftop - tar - less - firewalld - sshguard - wireguard - iproute2 - iperf3 - zfsutils-linux - net-tools - ca-certificates - gnupg - sshpass - apache2-utils state: latest update_cache: true become: yes - name: Set unique hostname hostname: name: "{{ inventory_hostname }}" when: ansible_hostname != inventory_hostname - name: Verify status of firewalld and enable sshguard systemd: name: "{{ item }}" enabled: yes state: started loop: - firewalld - sshguard ignore_errors: yes - name: Disable and remove snapd block: - name: Disable snapd services systemd: name: "{{ item }}" enabled: no state: stopped loop: - snapd.service - snapd.socket - snapd.seeded - snapd.snap-repair.timer ignore_errors: yes - name: Purge snapd apt: name: snapd state: absent - name: Remove snap directories file: path: "{{ item }}" state: absent loop: - "{{ ansible_env.HOME }}/snap" - /snap - /var/snap - /var/lib/snapd become: yes ignore_errors: yes - name: Ensure GPG directory exists file: path: "{{ ansible_env.HOME }}/.gnupg" state: directory mode: '0700' - name: Create GPG key parameters file copy: dest: /tmp/gpg_key_params.txt content: | Key-Type: RSA Key-Length: 4096 Subkey-Type: RSA Name-Real: {{ gpg_user_name }} Name-Email: {{ gpg_user_email }} Expire-Date: 0 Passphrase: {{ gpg_passphrase }} %no-protection %commit mode: '0600' - name: Generate GPG key using the parameter file command: gpg --batch --gen-key /tmp/gpg_key_params.txt become_user: "{{ ansible_user }}" register: gpg_keygen_output ignore_errors: yes - name: Show GPG key generation output debug: var: gpg_keygen_output.stdout - name: Fetch the Key ID of the most recently created GPG key shell: gpg --list-secret-keys --keyid-format=long | grep 'sec' | tail -n 1 | awk -F'/' '{print $2}' | awk '{print $1}' register: gpg_key_output - name: Set the GPG key ID to a variable set_fact: sec_key_id: "{{ gpg_key_output.stdout }}" - name: Show GPG Key ID debug: msg: "GPG Key ID: {{ sec_key_id }}"