homelab/roles/base/tasks/system.yml

- name: Install useful software
  ansible.builtin.apt:
    name: "{{ packages }}"
    state: present
    update_cache: true

- name: Install GPG
  ansible.builtin.apt:
    name: gpg
    state: present

- name: Check for existing GPG keys
  ansible.builtin.command: "gpg --list-keys {{ item.id }} 2>/dev/null"
  register: gpg_check
  loop: "{{ root_gpgkeys }}"
  failed_when: false
  changed_when: false
  when: root_gpgkeys is defined

- name: Import GPG keys
  ansible.builtin.command:
    "gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
  register: gpg_check_import
  loop: "{{ gpg_check.results }}"
  loop_control:
    label: "{{ item.item }}"
  changed_when: false
  when: root_gpgkeys is defined and item.rc != 0

- name: Check GPG key imports
  ansible.builtin.fail:
    msg: "{{ item.stderr }}"
  loop: "{{ gpg_check_import.results }}"
  loop_control:
    label: "{{ item.item.item }}"
  when: root_gpgkeys is defined and (not item.skipped | default(false)) and ('imported' not in item.stderr)

- name: Install NTPsec
  ansible.builtin.apt:
    name: ntpsec
    state: present

- name: Install locales
  ansible.builtin.apt:
    name: locales
    state: present

- name: Generate locale
  community.general.locale_gen:
    name: "{{ locale_default }}"
    state: present
  notify: reconfigure_locales

- name: Set the default locale
  ansible.builtin.lineinfile:
    path: /etc/default/locale
    regexp: "^LANG="
    line: "LANG={{ locale_default }}"

- name: Manage root authorized_keys
  ansible.builtin.template:
    src: authorized_keys.j2
    dest: /root/.ssh/authorized_keys
    mode: "400"
  when: authorized_keys is defined

- name: Create system user groups
  ansible.builtin.group:
    name: "{{ item.key }}"
    gid: "{{ item.value.gid }}"
    state: present
  loop: "{{ users | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: users is defined

- name: Create system users
  ansible.builtin.user:
    name: "{{ item.key }}"
    state: present
    uid: "{{ item.value.uid }}"
    group: "{{ item.value.gid }}"
    shell: "{{ item.value.shell | default('/bin/bash') }}"
    create_home: "{{ item.value.home | default(false) }}"
    system: "{{ item.value.system | default(false) }}"
  loop: "{{ users | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: users is defined

- name: Set authorized_keys for system users
  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    key: "{{ item.value.key }}"
    state: present
  loop: "{{ users | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: users is defined and item.value.key is defined

- name: Manage filesystem mounts
  ansible.posix.mount:
    path: "{{ item.path }}"
    src: "UUID={{ item.uuid }}"
    fstype: "{{ item.fstype }}"
    state: mounted
  loop: "{{ mounts }}"
  when: mounts is defined
Move ansible role into base role 2020-07-10 01:54:15 +00:00			`- name: Install useful software`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.apt:`
Add default packages 2020-08-15 22:14:45 +00:00			`name: "{{ packages }}"`
Move ansible role into base role 2020-07-10 01:54:15 +00:00			`state: present`
Update cache on installing useful software 2020-09-21 21:41:32 +00:00			`update_cache: true`
Update dockerbox playbook and manage SSH keys 2020-07-29 05:09:46 +00:00
Add external compose support in the docker role - Use ansible.posix.synchronize for compose.yml - Set fact for compose service restarts - Introduce plain Docker dev host - Optionally verify repos via GPG before sync - Hide docker_repos_path in .folder - Tweak .env for conciseness - Add --diff to Ansible in Vagrantfile - Clean output with loop_control - Embed GPG in base role 2023-10-10 03:47:49 +00:00			`- name: Install GPG`
			`ansible.builtin.apt:`
			`name: gpg`
			`state: present`

Import PGP key and verify git commits 2023-10-19 06:56:36 +00:00			`- name: Check for existing GPG keys`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`ansible.builtin.command: "gpg --list-keys {{ item.id }} 2>/dev/null"`
Import PGP key and verify git commits 2023-10-19 06:56:36 +00:00			`register: gpg_check`
			`loop: "{{ root_gpgkeys }}"`
			`failed_when: false`
			`changed_when: false`
			`when: root_gpgkeys is defined`

			`- name: Import GPG keys`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`ansible.builtin.command:`
			`"gpg --keyserver {{ item.item.server \| default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"`
Verify successful GPG imports 2023-10-19 17:37:35 +00:00			`register: gpg_check_import`
Simplify the "Import GPG keys" loop 2023-10-19 18:09:10 +00:00			`loop: "{{ gpg_check.results }}"`
Verify successful GPG imports 2023-10-19 17:37:35 +00:00			`loop_control:`
Slight tweaks on Ansible output 2023-10-19 20:36:05 +00:00			`label: "{{ item.item }}"`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`changed_when: false`
Simplify the "Import GPG keys" loop 2023-10-19 18:09:10 +00:00			`when: root_gpgkeys is defined and item.rc != 0`
Verify successful GPG imports 2023-10-19 17:37:35 +00:00
			`- name: Check GPG key imports`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`ansible.builtin.fail:`
Verify successful GPG imports 2023-10-19 17:37:35 +00:00			`msg: "{{ item.stderr }}"`
			`loop: "{{ gpg_check_import.results }}"`
			`loop_control:`
Slight tweaks on Ansible output 2023-10-19 20:36:05 +00:00			`label: "{{ item.item.item }}"`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`when: root_gpgkeys is defined and (not item.skipped \| default(false)) and ('imported' not in item.stderr)`
Import PGP key and verify git commits 2023-10-19 06:56:36 +00:00
Install ntpsec 2023-10-19 05:27:31 +00:00			`- name: Install NTPsec`
			`ansible.builtin.apt:`
			`name: ntpsec`
			`state: present`

Add locale configuration tasks to base role 2023-10-18 20:32:09 +00:00			`- name: Install locales`
			`ansible.builtin.apt:`
			`name: locales`
			`state: present`

			`- name: Generate locale`
			`community.general.locale_gen:`
			`name: "{{ locale_default }}"`
			`state: present`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`notify: reconfigure_locales`
Add locale configuration tasks to base role 2023-10-18 20:32:09 +00:00
			`- name: Set the default locale`
			`ansible.builtin.lineinfile:`
			`path: /etc/default/locale`
			`regexp: "^LANG="`
			`line: "LANG={{ locale_default }}"`

Update dockerbox playbook and manage SSH keys 2020-07-29 05:09:46 +00:00			`- name: Manage root authorized_keys`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.template:`
Update dockerbox playbook and manage SSH keys 2020-07-29 05:09:46 +00:00			`src: authorized_keys.j2`
			`dest: /root/.ssh/authorized_keys`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`mode: "400"`
Update dockerbox playbook and manage SSH keys 2020-07-29 05:09:46 +00:00			`when: authorized_keys is defined`
Manage mounts in base role 2020-09-01 16:56:27 +00:00
Update Gitea role for docker_compose_deploy - Add MariaDB to dev playbook - Set Git user in "users:" - Define Gitea external compose project - Forward SSH port in forwarding script - Create user groups with system users - Install python3-pymysql for Ansible - Strip old Gitea deployment methods - Bind MariaDB to docker0 for Docker access 2023-10-20 19:41:44 +00:00			`- name: Create system user groups`
			`ansible.builtin.group:`
			`name: "{{ item.key }}"`
			`gid: "{{ item.value.gid }}"`
			`state: present`
			`loop: "{{ users \| dict2items }}"`
			`loop_control:`
			`label: "{{ item.key }}"`
			`when: users is defined`

Adding samba and general user management 2023-06-07 06:12:17 +00:00			`- name: Create system users`
			`ansible.builtin.user:`
Update Gitea role for docker_compose_deploy - Add MariaDB to dev playbook - Set Git user in "users:" - Define Gitea external compose project - Forward SSH port in forwarding script - Create user groups with system users - Install python3-pymysql for Ansible - Strip old Gitea deployment methods - Bind MariaDB to docker0 for Docker access 2023-10-20 19:41:44 +00:00			`name: "{{ item.key }}"`
Adding samba and general user management 2023-06-07 06:12:17 +00:00			`state: present`
Update Gitea role for docker_compose_deploy - Add MariaDB to dev playbook - Set Git user in "users:" - Define Gitea external compose project - Forward SSH port in forwarding script - Create user groups with system users - Install python3-pymysql for Ansible - Strip old Gitea deployment methods - Bind MariaDB to docker0 for Docker access 2023-10-20 19:41:44 +00:00			`uid: "{{ item.value.uid }}"`
			`group: "{{ item.value.gid }}"`
			`shell: "{{ item.value.shell \| default('/bin/bash') }}"`
			`create_home: "{{ item.value.home \| default(false) }}"`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`system: "{{ item.value.system \| default(false) }}"`
Update Gitea role for docker_compose_deploy - Add MariaDB to dev playbook - Set Git user in "users:" - Define Gitea external compose project - Forward SSH port in forwarding script - Create user groups with system users - Install python3-pymysql for Ansible - Strip old Gitea deployment methods - Bind MariaDB to docker0 for Docker access 2023-10-20 19:41:44 +00:00			`loop: "{{ users \| dict2items }}"`
			`loop_control:`
			`label: "{{ item.key }}"`
Adding samba and general user management 2023-06-07 06:12:17 +00:00			`when: users is defined`

			`- name: Set authorized_keys for system users`
			`ansible.posix.authorized_key:`
			`user: "{{ item.key }}"`
			`key: "{{ item.value.key }}"`
			`state: present`
Update Gitea role for docker_compose_deploy - Add MariaDB to dev playbook - Set Git user in "users:" - Define Gitea external compose project - Forward SSH port in forwarding script - Create user groups with system users - Install python3-pymysql for Ansible - Strip old Gitea deployment methods - Bind MariaDB to docker0 for Docker access 2023-10-20 19:41:44 +00:00			`loop: "{{ users \| dict2items }}"`
			`loop_control:`
			`label: "{{ item.key }}"`
Adding samba and general user management 2023-06-07 06:12:17 +00:00			`when: users is defined and item.value.key is defined`

Manage mounts in base role 2020-09-01 16:56:27 +00:00			`- name: Manage filesystem mounts`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.posix.mount:`
Manage mounts in base role 2020-09-01 16:56:27 +00:00			`path: "{{ item.path }}"`
			`src: "UUID={{ item.uuid }}"`
			`fstype: "{{ item.fstype }}"`
			`state: mounted`
			`loop: "{{ mounts }}"`
			`when: mounts is defined`