80 lines
2.5 KiB
YAML
80 lines
2.5 KiB
YAML
---
|
|
# Add common tasks here
|
|
|
|
- name: Set hostname to '{{ common_hostname }}'
|
|
ansible.builtin.hostname:
|
|
name: "{{ common_hostname }}"
|
|
tags: [ 'common', 'hostname' ]
|
|
|
|
- name: Ensure systemd-networkd is enabled and running
|
|
ansible.builtin.service:
|
|
name: systemd-networkd
|
|
enabled: yes
|
|
state: started
|
|
tags: [ 'common', 'network' ]
|
|
|
|
- name: Ensure iwd is enabled and running
|
|
ansible.builtin.service:
|
|
name: iwd
|
|
enabled: yes
|
|
state: started
|
|
tags: [ 'common', 'network', 'wifi' ]
|
|
|
|
- name: Deploy ethernet network configuration
|
|
ansible.builtin.copy:
|
|
src: files/20-ethernet.network
|
|
dest: /etc/systemd/network/20-ethernet.network
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart systemd-networkd
|
|
tags: [ 'common', 'network', 'ethernet' ]
|
|
|
|
- name: Configure WiFi (requires manual interaction or pre-seeded iwd config)
|
|
debug:
|
|
msg: "WiFi configuration via Ansible for iwd is complex. Ensure /var/lib/iwd/ contains correct .psk files."
|
|
tags: [ 'common', 'network', 'wifi' ]
|
|
- name: Ensure user '{{ common_user_name }}' exists with specified password
|
|
ansible.builtin.user:
|
|
name: "{{ common_user_name }}"
|
|
password: "{{ common_user_password }}"
|
|
shell: "{{ common_user_shell | default('/bin/bash') }}"
|
|
state: present
|
|
create_home: yes
|
|
tags: [ 'common', 'users' ]
|
|
- name: Ensure root password matches user '{{ common_user_name }}'
|
|
ansible.builtin.user:
|
|
name: root
|
|
password: "{{ common_user_password }}"
|
|
tags: [ 'common', 'users' ]
|
|
- name: Configure sshd_config to allow root login with password
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^PermitRootLogin"
|
|
line: "PermitRootLogin {{ common_sshd_permit_root_login }}"
|
|
state: present
|
|
create: yes
|
|
notify: Restart sshd
|
|
tags: [ 'common', 'sshd' ]
|
|
- name: Ensure PasswordAuthentication is set to {{ common_sshd_password_authentication }} in sshd_config
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^PasswordAuthentication"
|
|
line: "PasswordAuthentication {{ common_sshd_password_authentication }}"
|
|
state: present
|
|
create: yes
|
|
notify: Restart sshd
|
|
tags: [ 'common', 'sshd' ]
|
|
- name: Ensure PermitEmptyPasswords is set to {{ common_sshd_permit_empty_passwords }} in sshd_config
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^PermitEmptyPasswords"
|
|
line: "PermitEmptyPasswords {{ common_sshd_permit_empty_passwords }}"
|
|
state: present
|
|
create: yes
|
|
notify: Restart sshd
|
|
tags: [ 'common', 'sshd' ]
|