homeserver/playbooks/1_bootstrap.yml
Grote e732ebf535
All checks were successful
ci/woodpecker/push/gitleaks Pipeline was successful
ci/woodpecker/push/ansible-lint Pipeline was successful
redeployment forgejo + setup ldap (#1)
Reviewed-on: #1
2024-04-04 09:48:09 +02:00

49 lines
1.5 KiB
YAML

---
- hosts: all
gather_facts: false
roles:
- role: ansible-role-bootstrap
tags: "bootstrap"
become: true
- role: mgrote_apt_manage_sources
tags: "apt_sources"
- role: mgrote_qemu_guest_agent
- role: mgrote_apt_update_packages
tags: "updates"
- role: mgrote_users
tags: "user"
become: true
- role: mgrote_netplan
tags: "netplan"
post_tasks:
- name: Change user password
become: true
ansible.builtin.user:
name: mg
update_password: always
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
vars:
### reobertdebock.bootstrap
bootstrap_user: mg
bootstrap_wait_for_host: false
bootstrap_timeout: 1
### ansible
ansible_user: "mg"
ansible_password: hallowelt
ansible_become_password: hallowelt
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
### mgrote_user
users:
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
allow_sudo: true
allow_passwordless_sudo: true
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.