Create role to setup ubuntu server
This commit is contained in:
14
roles/ubuntu/tasks/main.yml
Normal file
14
roles/ubuntu/tasks/main.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Install Updates
|
||||
ansible.builtin.include_tasks: upgrades.yml
|
||||
|
||||
- name: Disable Services
|
||||
ansible.builtin.include_tasks: services.yml
|
||||
|
||||
- name: Install Packages
|
||||
ansible.builtin.include_tasks: packages.yml
|
||||
|
||||
- name: Setup Users
|
||||
ansible.builtin.include_tasks: users.yml
|
||||
15
roles/ubuntu/tasks/packages.yml
Normal file
15
roles/ubuntu/tasks/packages.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Install Packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ ubuntu_install_packages }}"
|
||||
notify:
|
||||
- Clean apt cache
|
||||
- Reboot Server
|
||||
13
roles/ubuntu/tasks/services.yml
Normal file
13
roles/ubuntu/tasks/services.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Disable Services
|
||||
ansible.builtin.systemd_service:
|
||||
enabled: false
|
||||
masked: true
|
||||
name: "{{ item }}"
|
||||
loop: "{{ ubuntu_disable_services }}"
|
||||
|
||||
- name: Reload SystemD
|
||||
ansible.builtin.systemd_service:
|
||||
daemon_reload: true
|
||||
21
roles/ubuntu/tasks/upgrades.yml
Normal file
21
roles/ubuntu/tasks/upgrades.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Update existing packages to latest version
|
||||
ansible.builtin.apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
notify:
|
||||
- Reboot Server
|
||||
|
||||
- name: Upgrade the OS (apt-get dist-upgrade)
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
notify:
|
||||
- Clean apt cache
|
||||
- Reboot Server
|
||||
|
||||
34
roles/ubuntu/tasks/users.yml
Normal file
34
roles/ubuntu/tasks/users.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
|
||||
- name: "Setup {{ ubuntu_passwordless_sudo_group }} group"
|
||||
ansible.builtin.group:
|
||||
state: present
|
||||
name: "{{ ubuntu_passwordless_sudo_group }}"
|
||||
|
||||
- name: "Add {{ ubuntu_passwordless_sudo_group }} group to sudoers"
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: "^%{{ ubuntu_passwordless_sudo_group }}"
|
||||
line: "%{{ ubuntu_passwordless_sudo_group }} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- name: Setup Groups
|
||||
ansible.builtin.group:
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
loop: "{{ ubuntu_groups }}"
|
||||
|
||||
- name: Setup Users
|
||||
ansible.builtin.user:
|
||||
state: present
|
||||
name: "{{ item.name }}"
|
||||
groups: "{{ item.groups }}"
|
||||
loop: "{{ ubuntu_users }}"
|
||||
|
||||
- name: Set Authorized ssh key
|
||||
ansible.posix.authorized_key:
|
||||
state: present
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.ssh_key }}"
|
||||
loop: "{{ ubuntu_users }}"
|
||||
Reference in New Issue
Block a user