49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
- name: Ensure latest apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
cache_valid_time: 3600 # 1 hour
|
|
|
|
- name: Upgrade all packages
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
|
|
- name: Install common packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- curl
|
|
- wget
|
|
- htop
|
|
- git
|
|
- rsync
|
|
- nfs-common # If you plan to mount NFS shares
|
|
state: present
|
|
|
|
- name: Create new admin user
|
|
ansible.builtin.user:
|
|
name: "{{ admin.name }}"
|
|
groups: "{{ admin.groups }}"
|
|
shell: "{{ admin.shell }}"
|
|
state: present
|
|
create_home: yes
|
|
append: yes # Ensures other groups don't get removed
|
|
when: admin.name is defined and admin.name | length > 0
|
|
|
|
- name: Add SSH keys for new admin user
|
|
ansible.posix.authorized_key:
|
|
user: "{{ admin.name }}"
|
|
state: present
|
|
key: "{{ item }}"
|
|
loop: "{{ admin.ssh_keys }}"
|
|
when:
|
|
- admin.name is defined
|
|
- admin.name | length > 0
|
|
- admin.ssh_keys is defined
|
|
- admin.ssh_keys | length > 0
|
|
# - name: Disable root SSH login (optional, but recommended)
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/ssh/sshd_config
|
|
# regexp: '^PermitRootLogin'
|
|
# line: 'PermitRootLogin no'
|
|
# state: present
|
|
# notify: Restart sshd
|
|
# when: new_admin_user is defined and new_admin_user | length > 0
|