134 lines
3.4 KiB
YAML
134 lines
3.4 KiB
YAML
---
|
|
- name: Hostname setzen
|
|
hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
|
|
- name: /etc/hosts aktualisieren
|
|
lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^127\.0\.1\.1'
|
|
line: "127.0.1.1 {{ inventory_hostname }}.local {{ inventory_hostname }}"
|
|
|
|
- name: SSH Public Key für Benutzer {{ base_user }} hinterlegen
|
|
ansible.posix.authorized_key:
|
|
user: "{{ base_user }}"
|
|
state: present
|
|
key: "{{ vault_ssh_pubkey }}"
|
|
|
|
- name: SSH Private Key für Benutzer {{ base_user }} deployen
|
|
copy:
|
|
content: "{{ vault_ssh_privkey }}\n"
|
|
dest: "/home/{{ base_user }}/.ssh/id_ed25519"
|
|
owner: "{{ base_user }}"
|
|
group: "{{ base_user }}"
|
|
mode: "0600"
|
|
|
|
- name: SSH Public Key Datei für Benutzer {{ base_user }} deployen
|
|
copy:
|
|
content: "{{ vault_ssh_pubkey }}\n"
|
|
dest: "/home/{{ base_user }}/.ssh/id_ed25519.pub"
|
|
owner: "{{ base_user }}"
|
|
group: "{{ base_user }}"
|
|
mode: "0644"
|
|
|
|
- name: SSH Key auch für root hinterlegen
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
state: present
|
|
key: "{{ vault_ssh_pubkey }}"
|
|
|
|
- name: SSH Private Key für root deployen
|
|
copy:
|
|
content: "{{ vault_ssh_privkey }}\n"
|
|
dest: /root/.ssh/id_ed25519
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
|
|
- name: Standard Debian Trixie Repositories setzen
|
|
copy:
|
|
dest: /etc/apt/sources.list
|
|
content: |
|
|
deb http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
|
|
deb-src http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
|
|
|
|
deb http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
|
|
deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
|
|
|
|
deb http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
|
|
deb-src http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: repo_status
|
|
|
|
- name: Apt Cache aktualisieren (falls Repos geändert wurden)
|
|
apt:
|
|
update_cache: yes
|
|
when: repo_status.changed
|
|
|
|
- name: Installiere benötigte Basis-Pakete
|
|
apt:
|
|
name:
|
|
- curl
|
|
- gnupg
|
|
- ca-certificates
|
|
- sudo
|
|
- wget
|
|
- vim
|
|
- mc
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Locales-Paket sicherstellen
|
|
apt:
|
|
name: locales
|
|
state: present
|
|
|
|
- name: en_US.UTF-8 Locale generieren
|
|
locale_gen:
|
|
name: en_US.UTF-8
|
|
state: present
|
|
|
|
- name: Systemweite Sprache auf en_US.UTF-8 setzen
|
|
debconf:
|
|
name: locales
|
|
question: locales/default_environment_locale
|
|
value: en_US.UTF-8
|
|
vtype: select
|
|
|
|
- name: Locale-Datei manuell schreiben (Sicherheitsnetz)
|
|
copy:
|
|
dest: /etc/default/locale
|
|
content: |
|
|
LANG=en_US.UTF-8
|
|
LC_ALL=en_US.UTF-8
|
|
|
|
- name: Gruppe sudo passwortloses sudo erlauben
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo'
|
|
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
|
validate: '/usr/sbin/visudo -cf %s'
|
|
|
|
- name: Benutzer {{ base_user }} zu sudo Gruppe hinzufügen
|
|
user:
|
|
name: "{{ base_user }}"
|
|
groups: sudo
|
|
append: yes
|
|
|
|
- name: Unnötige Pakete entfernen
|
|
apt:
|
|
autoremove: yes
|
|
|
|
- name: QEMU Guest Agent installieren
|
|
apt:
|
|
name: qemu-guest-agent
|
|
state: present
|
|
|
|
- name: QEMU Guest Agent aktivieren
|
|
service:
|
|
name: qemu-guest-agent
|
|
state: started
|
|
enabled: yes
|