141 lines
4 KiB
YAML
141 lines
4 KiB
YAML
---
|
|
- name: Basis-Konfiguration für Debian VMs
|
|
hosts: all
|
|
become: yes
|
|
vars:
|
|
# Pfad auf dem Ansible-LXC (Quelle)
|
|
source_folder: "/ansible/komodo/"
|
|
# Pfad auf der Ziel-VM (Ziel)
|
|
dest_folder: "/app-config/komodo/"
|
|
|
|
tasks:
|
|
- name: SSH Key für Benutzer sascha hinterlegen
|
|
ansible.posix.authorized_key:
|
|
user: chris
|
|
state: present
|
|
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
- name: Standard Debian Trixie Repositories setzen
|
|
copy:
|
|
dest: /etc/apt/sources.list
|
|
content: |
|
|
deb http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
|
|
deb-src http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
|
|
|
|
deb http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
|
|
deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
|
|
|
|
deb http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
|
|
deb-src http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: repo_status
|
|
|
|
- name: Apt Cache aktualisieren (falls Repos geändert wurden)
|
|
apt:
|
|
update_cache: yes
|
|
when: repo_status.changed
|
|
|
|
- name: Installiere benötigte Basis-Pakete
|
|
apt:
|
|
name:
|
|
- curl
|
|
- gnupg
|
|
- ca-certificates
|
|
- sudo
|
|
- wget
|
|
- vim
|
|
- mc
|
|
state: present
|
|
update_cache: yes
|
|
- name: Locales-Paket sicherstellen
|
|
apt:
|
|
name: locales
|
|
state: present
|
|
|
|
- name: en_US.UTF-8 Locale generieren
|
|
locale_gen:
|
|
name: en_US.UTF-8
|
|
state: present
|
|
|
|
- name: Systemweite Sprache auf en_US.UTF-8 setzen
|
|
debconf:
|
|
name: locales
|
|
question: locales/default_environment_locale
|
|
value: en_US.UTF-8
|
|
vtype: select
|
|
|
|
- name: Locale-Datei manuell schreiben (Sicherheitsnetz)
|
|
copy:
|
|
dest: /etc/default/locale
|
|
content: |
|
|
LANG=en_US.UTF-8
|
|
LC_ALL=en_US.UTF-8
|
|
|
|
- name: Verzeichnis für Keyrings erstellen
|
|
file:
|
|
path: /etc/apt/keyrings
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Docker GPG Key herunterladen (Modern)
|
|
get_url:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
dest: /etc/apt/keyrings/docker.asc
|
|
mode: '0644'
|
|
|
|
- name: Docker Repository Datei erstellen
|
|
copy:
|
|
dest: /etc/apt/sources.list.d/docker.list
|
|
content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable"
|
|
mode: '0644'
|
|
register: docker_repo
|
|
|
|
- name: Paketliste aktualisieren
|
|
apt:
|
|
update_cache: yes
|
|
when: docker_repo.changed
|
|
|
|
- name: Docker Engine installieren
|
|
apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-compose-plugin
|
|
state: present
|
|
- name: Zielverzeichnis auf der VM erstellen
|
|
file:
|
|
path: "{{ dest_folder }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
# 2. Sudoers anpassen (Ohne Passwort-Abfrage für die Gruppe sudo)
|
|
- name: Gruppe sudo passwortloses sudo erlauben
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo'
|
|
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
|
validate: '/usr/sbin/visudo -cf %s'
|
|
|
|
# 3. Sascha in Gruppen stecken
|
|
- name: Benutzer sascha zu sudo und docker Gruppen hinzufügen
|
|
user:
|
|
name: sascha
|
|
groups: sudo,docker
|
|
append: yes
|
|
|
|
- name: Unnötige Pakete entfernen
|
|
apt:
|
|
autoremove: yes
|
|
|
|
- name: QEMU Guest Agent installieren und starten
|
|
apt:
|
|
name: qemu-guest-agent
|
|
state: present
|
|
- name: Agent Dienst aktivieren
|
|
service:
|
|
name: qemu-guest-agent
|
|
state: started
|
|
enabled: yes
|