- name: Install useful software ansible.builtin.apt: name: "{{ packages }}" state: present update_cache: true - name: Install GPG ansible.builtin.apt: name: gpg state: present - name: Check for existing GPG keys command: "gpg --list-keys {{ item.id }} 2>/dev/null" register: gpg_check loop: "{{ root_gpgkeys }}" failed_when: false changed_when: false when: root_gpgkeys is defined - name: Import GPG keys command: "gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}" register: gpg_check_import loop: "{{ gpg_check.results }}" loop_control: label: "{{ item.item }}" when: root_gpgkeys is defined and item.rc != 0 - name: Check GPG key imports fail: msg: "{{ item.stderr }}" loop: "{{ gpg_check_import.results }}" loop_control: label: "{{ item.item.item }}" when: root_gpgkeys is defined and (item.skipped | default(false) == false) and ('imported' not in item.stderr) - name: Install NTPsec ansible.builtin.apt: name: ntpsec state: present - name: Install locales ansible.builtin.apt: name: locales state: present - name: Generate locale community.general.locale_gen: name: "{{ locale_default }}" state: present register: locale_gen_output - name: Set the default locale ansible.builtin.lineinfile: path: /etc/default/locale regexp: "^LANG=" line: "LANG={{ locale_default }}" - name: Reconfigure locales ansible.builtin.command: dpkg-reconfigure -f noninteractive locales when: locale_gen_output.changed - name: Manage root authorized_keys ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys mode: 0400 when: authorized_keys is defined - name: Create system users ansible.builtin.user: name: "{{ item.name }}" state: present shell: "{{ item.shell | default('/bin/bash') }}" create_home: "{{ item.home | default(false) }}" loop: "{{ users }}" when: users is defined - name: Set authorized_keys for system users ansible.posix.authorized_key: user: "{{ item.key }}" key: "{{ item.value.key }}" state: present loop: "{{ users }}" when: users is defined and item.value.key is defined - name: Manage filesystem mounts ansible.posix.mount: path: "{{ item.path }}" src: "UUID={{ item.uuid }}" fstype: "{{ item.fstype }}" state: mounted loop: "{{ mounts }}" when: mounts is defined