- name: Configure system hosts: "{{ target_host }}" become: yes tasks: - name: Set unique hostname hostname: name: "{{ inventory_hostname }}" when: ansible_hostname != inventory_hostname - name: Install additional packages apt: name: - doas - zsh - tmux - git - jq - acl - curl - wget - netcat-traditional - fping - rsync - htop - iotop - iftop - tar - less - firewalld - sshguard - wireguard - iproute2 - iperf3 - zfsutils-linux - net-tools - ca-certificates - gnupg - sshpass state: latest update_cache: true - name: Verify status of firewalld and enable sshguard systemd: name: "{{ item }}" enabled: yes state: started loop: - firewalld - sshguard - name: Disable and remove snapd block: - name: Disable snapd services systemd: name: "{{ item }}" enabled: no state: stopped loop: - snapd.service - snapd.socket - snapd.seeded - snapd.snap-repair.timer - name: Purge snapd apt: name: snapd state: absent - name: Remove snap directories file: path: "{{ item }}" state: absent loop: - "{{ ansible_env.HOME }}/snap" - /snap - /var/snap - /var/lib/snapd become: yes - name: Create a user named 'so' user: name: so password: "{{ 'so-service-provider' | password_hash('sha512') }}" shell: /bin/zsh state: present - name: Add 'so' user to sudoers group user: name: so groups: sudo append: yes - name: Ensure .ssh directory exists for 'so' user file: path: /home/so/.ssh state: directory owner: so group: so mode: '0700'