diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..15457ba --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,4 @@ +--- +exclude_paths: + - site.yml + - tasks/linux/software.yml diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml new file mode 100644 index 0000000..619379d --- /dev/null +++ b/.github/workflows/ghcr.yml @@ -0,0 +1,59 @@ +--- +name: Build and publish Docker container image to GitHub's container registry + +on: + workflow_dispatch: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + branches: + - 'main' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + name: Build image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 0000000..02869d1 --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,52 @@ +--- +name: Molecule Tests and Linting + +on: + push: + branches: + - main + +jobs: + molecule: + name: Run Molecule Tests + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: '3.x' + cache: pip + - name: Cache pip dependencies + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + - run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements.txt + - run: ansible-playbook molecule/default/prepare.yml --syntax-check + - run: molecule test + + lint: + name: Lint Ansible Role + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: '3.x' + cache: pip + - name: Cache pip dependencies + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + - run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements.txt + - run: yamllint . + - run: ansible-lint . diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..18beb5a --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.retry +.idea/ +.kitchen/ +*.vault_pass +*.ssh_private_key +*.key +ansible-env/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3cad340 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +ARG ANSIBLE_VERSION="<11>" + +FROM python:3.12 AS base + +RUN apt-get update -y \ + && apt-get full-upgrade -y \ + && apt-get install -y \ + sshpass \ +&& apt-get clean \ +&& rm -rf /var/lib/apt/lists/* + +RUN pip install --no-cache-dir \ + "ansible${ANSIBLE_VERSION}" \ + passlib + +ENV PATH="/root/.local/bin:${PATH}" + +COPY ./ /ansible_role_client_base/ + +WORKDIR /ansible_role_client_base \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..d60b23f --- /dev/null +++ b/README.md @@ -0,0 +1,259 @@ +# Client-Base Ansible Role + +This Ansible role provides a basic setup for Linux based clients. + +Currently supported platforms: + +- Ubuntu 24.04 LTS Noble Numbat +- Ubuntu 22.04 LTS Jammy Jellyfish + +What does this role do? +- installs certificates +- installs to trusted browser certificate store +- set **IOT** number as **hostname** +- adds **admin** user account +- adds **user** account +- installs **standard software** packages and flatpaks + +## Requirements +Ansible >= 2.16.0 + +## Role Variables + +| Name | Default Value | Description | +| -------------- | ------------- | -----------------------------------| +| `hostname` | `iot-xx` | Desired client hostname. | +| `domainname` | `example.com` | Client's domain name to get the FQDN. | +| `adminname` | `admin` | Desired admin name. | +| `adminpassword` | `Newpassword123$` | Client's administrator password. | +| `username` | `newuser` | Name for the new user. | +| `userpassword` | `newuserpassword` | Password for the new user. | +| `force_libssl_downgrade` | `false` | To determine if uninstalling the libssl-dev package is forced. | +| `skip_check_prompts` | `false` | To skip user prompts. Only set to true in the testplaybook. | + + +## Applying the role + +### 1. Apply the Role Directly on the Target Machine + +You can apply the Ansible role directly on the target machine by running the playbook locally. Ensure that the target machine is accessible and the necessary dependencies are installed on the local machine. + +#### Prerequisites: +- Install Git and Ansible on your local machine. + ```bash + pip install git ansible + ``` + +#### Steps: +1. Clone `ansible_role_client_base` - Gitlab token required + ```bash + cd ~ + git clone https://git.netresearch.de/provision/ansible_role_client_base.git + ``` + +2. Navigate to the directory containing your `site.yml` playbook: + ```bash + cd ~/ansible_role_client_base + ``` + +3. Run the playbook locally to apply the `ansible_role_client_base` role to the target machine: + ```bash + ansible-playbook site.yml + ``` + +### 2. Apply the Role Remotely via SSH + +#### Prerequisites: +- Ansible, git and sshpass installed on your local machine. + ```bash + sudo apt install sshpass python3 + pip install ansible git + ``` +- The initial user account on the target Ubuntu machine should be **admin1** +- Ensure that SSH password authentication is enabled on the target Ubuntu machine + ```bash + sudo nano /etc/ssh/sshd_config + + PasswordAuthentication yes + ``` + +- Don't forget to disable it after the role is applied + ```bash + sudo nano /etc/ssh/sshd_config + + #PasswordAuthentication yes + ``` + +#### Steps: + +1. Clone `ansible_role_client_base` + ```bash + cd ~ + git clone https://github.com/netresearch/ansible_role_client_base + +2. Navigate to the directory containing your `site.yml` playbook: + ```bash + cd ~/ansible_role_client_base + ``` + +3. Edit the `site.yml` file (if necessary) to specify the correct `hosts` and `become` settings for your remote machine. + +4. Run the playbook remotely by specifying the target machine's IP address or hostname in the `-i` option: + ```bash + ansible-playbook site.yml -i --ask-become-pass --ask-pass + ``` + + Replace `your_target_machine_ip` with the actual IP or hostname of the target machine. + The `--ask-become-pass` flag will prompt you for the password if you are using `sudo` (become). + The `--ask-pass` flag will prompt you for **admin1** user password. + + This will connect to the target machine over SSH and apply the role. + +### 3. Container Usage + +An example playbook site.yml is included here for testing purposes. + +The initial user account on the target Ubuntu machine should be **admin1** + +To run the Ansible role from a Docker container, use the following command: + +```bash +docker run -it -e ANSIBLE_HOST_KEY_CHECKING=false ghcr.io/netresearch/ansible_role_client_base:latest ansible-playbook site.yml -i , --ask-pass --ask-become-pass + +``` + Replace `your_target_machine_ip` with the actual IP or hostname of the target machine. + The `--ask-become-pass` flag will prompt you for the password if you are using `sudo` (become). + The `--ask-pass` flag will prompt you for **admin1** user password. + + This will connect to the target machine over SSH and apply the role. + +## Testing + +### Testing with Molecule + +#### Prerequisites + +* **Python**: Ensure Python is installed. +* **Docker**: Required for Molecule tests with Docker. + * https://docs.docker.com/engine/install/ +* **Ansible**: Ansible must be installed for running playbooks + +```bash +sudo apt install sshpass python3 +``` + +#### Running the tests + +1. Create a Python Virtual Environment and activate it + ```bash + python -m venv ansible-env + source ansible-env/bin/activate + pip install --upgrade pip + ``` + +2. Install the necessary Python packages in your virtual environment: + ```bash + pip install -r requirements.txt + ``` + +3. Run Molecule Commands + ```bash + # Create: Sets up Docker containers for testing. + molecule create + + # Converge: Applies the role to the test containers. + molecule converge + + # Destroy: Removes Docker containers after testing. + molecule destroy + + # Test: Runs the complete test lifecycle, including create, converge, verify, and destroy. + molecule test + ``` + +## Ubuntu Software List for Custom Installation + +A curated list of essential software for Ubuntu, categorized into **General Tools/Utilities** and **Developer Tools**, with brief descriptions and relevance notes. + +## General Tools/Utilities + +1. **`wget`** + **Description**: Command-line tool for downloading files from the internet via HTTP, HTTPS, and FTP. + **Relevance**: Essential for scripting and downloading files in a Linux environment. + +2. **`curl`** + **Description**: Command-line tool for transferring data using URL syntax, supporting various protocols. + **Relevance**: Crucial for interacting with APIs and downloading content. + +3. **`p7zip-full`** + **Description**: A high-compression file archiver that supports multiple formats (7z, ZIP, TAR, GZ, etc.). + **Relevance**: Essential for handling compressed files. + +4. **`chromium`** + **Description**: A fast, secure web browser with excellent web standards support. + **Relevance**: Popular choice for those who need Google account synchronization. + +5. **`firefox`** + **Description**: Privacy-focused, open-source web browser with customizable features. + **Relevance**: Default browser on Ubuntu and widely supported. + +6. **`bitwarden`** + **Description**: Open-source password manager for secure login credentials management. + **Relevance**: Highly recommended for secure password storage. + +7. **`libreoffice`** + **Description**: Free, open-source office suite with tools for word processing, spreadsheets, and presentations. + **Relevance**: Essential for office tasks on Linux. + +8. **`flameshot`** + **Description**: Modern screenshot tool for taking and annotating screenshots. + **Relevance**: Superior alternative to basic screenshot tools. + +9. **`vlc`** + **Description**: A versatile media player supporting a wide range of audio and video formats. + **Relevance**: One of the best options for media playback. + +10. **`element`** + **Description**: Secure messaging platform built on the Matrix protocol for decentralized communication. + **Relevance**: Essential for privacy-conscious teams. + +11. **`rclone`** + **Description**: Command-line tool for managing cloud storage services, including Google Drive. + **Relevance**: Modern, robust alternative to older tools for managing cloud storage. + +12. **`cifs-utils`** + **Description**: Utilities for mounting and managing SMB/CIFS network shares. + **Relevance**: Needed for connecting to legacy systems using SMB. + +--- + +## Developer Tools + +1. **`git`** + **Description**: Distributed version control system for tracking changes in source code. + **Relevance**: Fundamental tool for developers. + +2. **`python3`** + **Description**: Python programming language for scripting, automation, and application development. + **Relevance**: Necessary for most development work on Ubuntu. + +3. **`code` (Visual Studio Code)** + **Description**: Lightweight, extensible code editor supporting multiple programming languages and extensions. + **Relevance**: Essential for most developers. + +4. **`phpstorm`** + **Description**: A powerful IDE for PHP development with advanced features like debugging and version control integration. + **Relevance**: Recommended for PHP developers; optional for others. + +5. **`filezilla`** + **Description**: Open-source FTP client for transferring files between local machines and remote servers. + **Relevance**: A must-have for developers working with remote servers. + +6. **`docker`** + **Description:** Platform for developing, deploying, and managing containerized applications. + **Relevance:** Crucial for developers working with microservices or containerized environments. + **Note:** This role does not install Docker. It is recommended to use the [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) role to install Docker. + +8. **`wireguard`** + **Description**: A modern, fast, and secure VPN protocol. + **Relevance**: Useful for developers needing secure remote access or networking. \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..a579014 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,34 @@ +--- +domainname: "local" +hostname: "xyz" +adminname: admin +adminpassword: "Newpassword123$" +username: "newuser" +userpassword: "newuserpassword" +skip_check_prompts: false + +ca_helper_package: + - libnss3-tools + +certificate_urls: [] +apt: + - wget + - curl + - p7zip-full + - vlc + - rclone + - cifs-utils + - git + - filezilla + - flameshot + - wireguard + - flatpak + +flatpak_apps: + - {id: "org.mozilla.firefox", name: "Firefox"} + - {id: "com.bitwarden.desktop", name: "Bitwarden"} + - {id: "com.visualstudio.code", name: "VS Code"} + - {id: "com.getpostman.Postman", name: "Postman"} + - {id: "org.chromium.Chromium", name: "Chromium"} + - {id: "im.riot.Riot", name: "Element Desktop"} + - {id: "com.jetbrains.PhpStorm", name: "PhpStorm"} diff --git a/files/cert_trust_store_installer.sh b/files/cert_trust_store_installer.sh new file mode 100644 index 0000000..0298ab8 --- /dev/null +++ b/files/cert_trust_store_installer.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +### Script installs root.cert.pem to certificate trust store of applications using NSS +### (e.g. Firefox, Thunderbird, Chromium) +### Mozilla uses cert8, Chromium and Chrome use cert9 + +### Requirement: apt install libnss3-tools +### +### Input: Certificate URL is passed as environment variable CERTIFICATE_PATH. + +# Validate input +if [[ -z "$CERTIFICATE_PATH" ]]; then + echo "ERROR: No certificate file provided. Pass a certificate file path." + exit 1 +fi + +# Validate certificate file exists +if [[ ! -f "$CERTIFICATE_PATH" ]]; then + echo "ERROR: Certificate file does not exist: $CERTIFICATE_PATH" + exit 1 +fi + +echo "Processing certificate: $CERTIFICATE_PATH" + +# For cert8 (legacy - DBM) +for certDB in $(find ~/ -name "cert8.db"); do + certdir=$(dirname ${certDB}) + certname=$(basename ${CERTIFICATE_PATH}) + echo "Importing certificate to Firefox trust store at: ${certdir}" + certutil -A -n "$certname" -t "TCu,Cu,Tu" -i "${CERTIFICATE_PATH}" -d dbm:${certdir} +done + +# For cert9 (SQL) +for certDB in $(find ~/ -name "cert9.db"); do + certdir=$(dirname ${certDB}) + certname=$(basename ${CERTIFICATE_PATH}) + echo "Importing certificate to Chromium/Chrome trust store at: ${certdir}" + certutil -A -n "$certname" -t "TCu,Cu,Tu" -i "${CERTIFICATE_PATH}" -d sql:${certdir} +done + +echo "Certificate import completed." diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..48a79f0 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: Update CA certificates + ansible.builtin.command: + cmd: /usr/sbin/update-ca-certificates + register: result + changed_when: result.rc != 0 + +- name: Restart udev and snapd services + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + loop: + - udev + - snapd diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..a1fb222 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Mikhail Sarnov + description: > + This Ansible role provides a base setup for Linux based client operating + systems. + license: BSD + min_ansible_version: "2.16.0" + platforms: + - name: Ubuntu + versions: + - noble + - jammy + galaxy_tags: [] + role_name: ansible_role_client_base + namespace: netresearch diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..b30816e --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: all + become: true + gather_facts: true + tasks: + - name: Testing role + ansible.builtin.include_role: + name: ansible_role_client_base diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..1ced6e4 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy +driver: + name: docker + config_options: + defaults: + remote_user: ubuntu + interpreter_python: /opt/ansible-venv/bin/python + +platforms: + - name: instance-ubuntu22 + image: geerlingguy/docker-ubuntu2404-ansible:latest + privileged: true + pre_build_image: true + cgroupns: host + cgroupns_mode: host + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - name: instance-ubuntu24 + image: geerlingguy/docker-ubuntu2404-ansible:latest + privileged: true + pre_build_image: true + cgroupns: host + cgroupns_mode: host + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + become: true + options: + diff: true +lint: + yamllint +scenario: + name: default +verifier: + name: ansible diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..5939d64 --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,58 @@ +--- +- name: Prepare the Docker instance + hosts: all + remote_user: root + gather_facts: false + + tasks: + - name: Install Python 3 (if not happened, yet) + ansible.builtin.raw: > + bash -c 'test -e /usr/bin/python3 || + (apt -qqy update && apt install -qqy python3-minimal)' + register: output + changed_when: output.stdout != "" + + - name: Set Python 3 as default + ansible.builtin.raw: > + bash -c 'test -e /usr/bin/python3 && + update-alternatives --install /usr/bin/python + python /usr/bin/python3 99' + register: output + changed_when: output.stdout != "" + + - name: Install Python standard version if none existing + ansible.builtin.raw: > + bash -c 'test -e /usr/bin/python || + (apt -qqy update && apt install -qqy python-minimal)' + register: output + changed_when: output.stdout != "" + + # NRS-2831 Python changed its behaviour regarding system packages + # and encourages to use venv https://peps.python.org/pep-0668/ + - name: Install Python 3 venv module + ansible.builtin.raw: > + bash -c 'apt -qqy update && + apt install --upgrade -qqy python3-venv python3-packaging' + register: venv_install + changed_when: > + venv_install.stdout.find( + '0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.' + ) == -1 + + - name: Setup venv and update pip/setuptools + ansible.builtin.raw: > + bash -c 'python3 -m venv /opt/ansible-venv --upgrade-deps --upgrade' + register: upgrade_deps + changed_when: > + upgrade_deps.stdout.find("Successfully installed") != -1 + + - name: Ensure pip is installed in the virtual environment + ansible.builtin.raw: > + bash -c '/opt/ansible-venv/bin/python -m ensurepip --upgrade' + register: pip_installed + changed_when: pip_installed.stdout != "" + + - name: Install sudo + ansible.builtin.apt: + name: sudo + state: present diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..fe17560 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,6 @@ +ansible +molecule +ansible-lint +yamllint +molecule-plugins[docker] +passlib \ No newline at end of file diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..439b34f --- /dev/null +++ b/requirements.yml @@ -0,0 +1,7 @@ +--- +roles: + - src: geerlingguy.docker + - src: geerlingguy.pip + +collections: + - name: community.docker diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..9290b84 --- /dev/null +++ b/site.yml @@ -0,0 +1,34 @@ +--- +- name: This playbook applies the client-base role + hosts: all + become: true + remote_user: admin1 + vars: + ansible_extra_ssh_args: "-o PasswordAuthentication=yes" + domainname: + - "local" + certificate_urls: + - "https://letsencrypt.org/certs/isrgrootx1.pem" + + vars_prompt: + - name: hostname + prompt: "Please enter the iot-number of your Host" + default: "{{ hostname | default('default-hostname') }}" + private: false + - name: adminpassword + prompt: "Please enter a new administrator password" + confirm: true + private: true + - name: username + prompt: "Please enter a new username" + default: "{{ username | default('default-username') }}" + private: false + - name: userpassword + prompt: "Please enter a password for the new user" + confirm: true + private: true + + tasks: + - name: Applying role + ansible.builtin.include_role: + name: ansible_role_client_base diff --git a/tasks/linux.yml b/tasks/linux.yml new file mode 100644 index 0000000..cdc7f80 --- /dev/null +++ b/tasks/linux.yml @@ -0,0 +1,20 @@ +--- +- name: Setup hostname + ansible.builtin.include_tasks: + file: linux/hostname.yml + +- name: Setup administrator account + ansible.builtin.include_tasks: + file: linux/adminaccount.yml + +- name: Setup user account + ansible.builtin.include_tasks: + file: linux/useraccount.yml + +- name: Install certificates + ansible.builtin.include_tasks: + file: linux/certificates.yml + +- name: Install software + ansible.builtin.include_tasks: + file: linux/software.yml diff --git a/tasks/linux/adminaccount.yml b/tasks/linux/adminaccount.yml new file mode 100644 index 0000000..3c115d4 --- /dev/null +++ b/tasks/linux/adminaccount.yml @@ -0,0 +1,12 @@ +--- +- name: Create Administrator Account + ansible.builtin.user: + name: "{{ adminname }}" + password: "{{ adminpassword | password_hash('sha512') }}" + groups: + - sudo + state: present + shell: /bin/bash + system: false + createhome: true + update_password: on_create diff --git a/tasks/linux/certificates.yml b/tasks/linux/certificates.yml new file mode 100644 index 0000000..7ca283b --- /dev/null +++ b/tasks/linux/certificates.yml @@ -0,0 +1,29 @@ +--- +- name: "Certificates | Download and install trusted CAs" + ansible.builtin.get_url: + url: "{{ item }}" + dest: "/tmp/{{ item | basename }}" + owner: "root" + mode: '0644' + validate_certs: false + loop: "{{ certificate_urls | default([]) }}" + notify: "Update CA certificates" + +- name: "CA helper package | Install libnss3-tools for certificate import" + ansible.builtin.package: + name: "{{ ca_helper_package | default('libnss3-tools') }}" + state: present + +- name: "CA import | Import downloaded CAs to browser certificate trust store" + ansible.builtin.script: files/cert_trust_store_installer.sh + args: + executable: /bin/bash + with_items: "{{ certificate_urls | default([]) }}" + loop_control: + loop_var: certificate_url + extended: true + environment: + CERTIFICATE_PATH: "/tmp/{{ certificate_url | basename }}" + when: certificate_urls | length > 0 + become: true + changed_when: false diff --git a/tasks/linux/hostname.yml b/tasks/linux/hostname.yml new file mode 100644 index 0000000..536a2e1 --- /dev/null +++ b/tasks/linux/hostname.yml @@ -0,0 +1,22 @@ +--- +# https://github.com/ansible/ansible/issues/19681#issuecomment-450425779 +# do not fail while testing. see link above +- name: "Hostname | Set hostname" + ansible.builtin.hostname: + name: "{{ hostname }}.{{ domainname }}" + when: > + ansible_facts.virtualization_type not in + [ + 'docker', + 'container', + 'containerd' + ] + +- name: "Hostname | Add to /etc/hosts" + ansible.builtin.lineinfile: + dest: /etc/hosts + regexp: '^127\.0\.1\.1' + insertafter: '^127\.0\.0\.1[ \t]*' + line: '127.0.1.1 {{ hostname }}.{{ domainname }} {{ hostname }}' + state: present + unsafe_writes: "{{ lookup('env', 'MOLECULE_FILE') is not none }}" diff --git a/tasks/linux/software.yml b/tasks/linux/software.yml new file mode 100644 index 0000000..2e7538b --- /dev/null +++ b/tasks/linux/software.yml @@ -0,0 +1,29 @@ +--- +- name: Purge snapd package and dependencies + ansible.builtin.apt: + name: snapd + state: absent + purge: true + +- name: Install standard software + ansible.builtin.package: + name: "{{ apt }}" + state: present + +- name: Add Flathub repository if not already added + ansible.builtin.shell: | + /bin/bash -c 'set -o pipefail && \ + flatpak remote-list | grep -q flathub || \ + flatpak remote-add --if-not-exists \ + flathub https://flathub.org/repo/flathub.flatpakrepo' + become: true + changed_when: false + +- name: Install flatpak applications + community.general.flatpak: + name: "{{ item.id }}" + state: present + remote: flathub + loop: "{{ flatpak_apps }}" + loop_control: + label: "{{ item.name }}" diff --git a/tasks/linux/useraccount.yml b/tasks/linux/useraccount.yml new file mode 100644 index 0000000..20bb50a --- /dev/null +++ b/tasks/linux/useraccount.yml @@ -0,0 +1,12 @@ +--- +- name: Create user account + ansible.builtin.user: + name: "{{ username }}" + password: "{{ userpassword | password_hash('sha512') }}" + groups: + - sudo + state: present + shell: /bin/bash # Defaults to /bin/bash + system: "no" # Defaults to no + createhome: "yes" # Defaults to yes + update_password: on_create diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..666f604 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Include tasks for setting up the Linux environment + ansible.builtin.include_tasks: linux.yml