initial pfannkuchen

roles/base/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+base_user: sascha

roles/base/tasks/main.yml

@@ -0,0 +1,134 @@
+---
+- name: Hostname setzen
+  hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: /etc/hosts aktualisieren
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.1\.1'
+    line: "127.0.1.1  {{ inventory_hostname }}.local {{ inventory_hostname }}"
+
+- name: SSH Public Key für Benutzer {{ base_user }} hinterlegen
+  ansible.posix.authorized_key:
+    user: "{{ base_user }}"
+    state: present
+    key: "{{ vault_ssh_pubkey }}"
+
+- name: SSH Private Key für Benutzer {{ base_user }} deployen
+  copy:
+    content: "{{ vault_ssh_privkey }}\n"
+    dest: "/home/{{ base_user }}/.ssh/id_ed25519"
+    owner: "{{ base_user }}"
+    group: "{{ base_user }}"
+    mode: "0600"
+
+- name: SSH Public Key Datei für Benutzer {{ base_user }} deployen
+  copy:
+    content: "{{ vault_ssh_pubkey }}\n"
+    dest: "/home/{{ base_user }}/.ssh/id_ed25519.pub"
+    owner: "{{ base_user }}"
+    group: "{{ base_user }}"
+    mode: "0644"
+
+- name: SSH Key auch für root hinterlegen
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: "{{ vault_ssh_pubkey }}"
+
+- name: SSH Private Key für root deployen
+  copy:
+    content: "{{ vault_ssh_privkey }}\n"
+    dest: /root/.ssh/id_ed25519
+    owner: root
+    group: root
+    mode: "0600"
+
+- name: Standard Debian Trixie Repositories setzen
+  copy:
+    dest: /etc/apt/sources.list
+    content: |
+      deb http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
+      deb-src http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
+
+      deb http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
+      deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
+
+      deb http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
+      deb-src http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
+    owner: root
+    group: root
+    mode: '0644'
+  register: repo_status
+
+- name: Apt Cache aktualisieren (falls Repos geändert wurden)
+  apt:
+    update_cache: yes
+  when: repo_status.changed
+
+- name: Installiere benötigte Basis-Pakete
+  apt:
+    name:
+      - curl
+      - gnupg
+      - ca-certificates
+      - sudo
+      - wget
+      - vim
+      - mc
+    state: present
+    update_cache: yes
+
+- name: Locales-Paket sicherstellen
+  apt:
+    name: locales
+    state: present
+
+- name: en_US.UTF-8 Locale generieren
+  locale_gen:
+    name: en_US.UTF-8
+    state: present
+
+- name: Systemweite Sprache auf en_US.UTF-8 setzen
+  debconf:
+    name: locales
+    question: locales/default_environment_locale
+    value: en_US.UTF-8
+    vtype: select
+
+- name: Locale-Datei manuell schreiben (Sicherheitsnetz)
+  copy:
+    dest: /etc/default/locale
+    content: |
+      LANG=en_US.UTF-8
+      LC_ALL=en_US.UTF-8
+
+- name: Gruppe sudo passwortloses sudo erlauben
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo   ALL=(ALL:ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+- name: Benutzer {{ base_user }} zu sudo Gruppe hinzufügen
+  user:
+    name: "{{ base_user }}"
+    groups: sudo
+    append: yes
+
+- name: Unnötige Pakete entfernen
+  apt:
+    autoremove: yes
+
+- name: QEMU Guest Agent installieren
+  apt:
+    name: qemu-guest-agent
+    state: present
+
+- name: QEMU Guest Agent aktivieren
+  service:
+    name: qemu-guest-agent
+    state: started
+    enabled: yes