proxmox ansible bootstrapping

roles/common/tasks/main.yml

@@ -0,0 +1,49 @@
+- name: Ensure latest apt cache
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 3600 # 1 hour
+
+- name: Upgrade all packages
+  ansible.builtin.apt:
+    upgrade: dist
+
+- name: Install common packages
+  ansible.builtin.apt:
+    name:
+      - curl
+      - wget
+      - htop
+      - git
+      - rsync
+      - nfs-common # If you plan to mount NFS shares
+    state: present
+
+- name: Create new admin user
+  ansible.builtin.user:
+    name: "{{ admin.name }}"
+    groups: "{{ admin.groups }}"
+    shell: "{{ admin.shell }}"
+    state: present
+    create_home: yes
+    append: yes # Ensures other groups don't get removed
+  when: admin.name is defined and admin.name | length > 0
+
+- name: Add SSH keys for new admin user
+  ansible.posix.authorized_key:
+    user: "{{ admin.name }}"
+    state: present
+    key: "{{ item }}"
+  loop: "{{ admin.ssh_keys }}"
+  when:
+    - admin.name is defined
+    - admin.name | length > 0
+    - admin.ssh_keys is defined
+    - admin.ssh_keys | length > 0
+# - name: Disable root SSH login (optional, but recommended)
+#   ansible.builtin.lineinfile:
+#     path: /etc/ssh/sshd_config
+#     regexp: '^PermitRootLogin'
+#     line: 'PermitRootLogin no'
+#     state: present
+#   notify: Restart sshd
+#   when: new_admin_user is defined and new_admin_user | length > 0