diff --git a/README.md b/README.md index 34a797a..6e74940 100644 --- a/README.md +++ b/README.md @@ -12,26 +12,16 @@ Role Variables Defaults: ``` -hostname: "{{ inventory_hostname }}" -update_hostname: yes +hostname: {{ inventory_hostname }} +update_hostname: no locales_gen: - en_US.UTF-8 - de_DE.UTF-8 locales_default: de_DE.UTF-8 -x11_keymap: de users: - vagrant sudoers: - vagrant -enable_ansible: no -# Will install a specific Ansible version on the target host -ensure_ansible_version: 2.10.3 -# Allow sudo with a password (applied to group sudo) -enable_sudo: yes -# Allow passwordless sudo (applied to group wheel) -enable_passwordless_sudo: yes -# Skip provisioning of the firewall -skip_firewall: no ``` Dependencies @@ -43,8 +33,7 @@ Example Playbook License ------- -- BSD-3-Clause -- MIT +MIT Author Information ------------------ diff --git a/defaults/main.yml b/defaults/main.yml index d8197fa..395c009 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,6 @@ --- # defaults file for common -hostname: "{{ inventory_hostname }}" +hostname: '{{ inventory_hostname }}' update_hostname: yes locales_gen: - en_US.UTF-8 @@ -11,13 +11,5 @@ users: - vagrant sudoers: - vagrant -enable_ansible: no -# Will install a specific Ansible version on the target host ensure_ansible_version: 2.10.3 -# Allow sudo with a password (applied to group sudo) -enable_sudo: yes -# Allow passwordless sudo (applied to group wheel) -enable_passwordless_sudo: yes -# Skip provisioning of the firewall -skip_firewall: no -authorized_keys_are_exclusive: false # Be careful, this will delete non-Ansible-managed authorized keys from the target! +authorized_keys_are_exclusive: false # Be careful, this will delete non-Ansible-managed authorized keys from the target! \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml index 9b1bb07..3a212a9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: jotbe - description: Common packages and configuration - company: "" + author: your name + description: your description + company: your company (optional) # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,7 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: - - BSD-3-Clause - - MIT + license: license (GPL-2.0-or-later, MIT, etc) min_ansible_version: 2.4 diff --git a/tasks/ansible-debian.yml b/tasks/ansible-debian.yml index 0be6fde..4182ce1 100644 --- a/tasks/ansible-debian.yml +++ b/tasks/ansible-debian.yml @@ -1,4 +1,4 @@ --- - name: Install Ansible - raw: which ansible || python3 -m pip install ansible + raw: which ansible || pip3 install ansible changed_when: false diff --git a/tasks/main.yml b/tasks/main.yml index 8935201..cd239a5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,13 +12,10 @@ import_role: name: geerlingguy.firewall tags: firewall - when: not skip_firewall - include: locales-debian.yml become: true - when: - - ansible_facts['os_family'] == 'Debian' - - not ansible_is_chroot + when: ansible_facts['os_family'] == 'Debian' - include: users.yml become: true @@ -31,12 +28,10 @@ pacman: name: "{{ packages }}" state: present - update_cache: yes + #update_cache: yes vars: packages: - python-pip - - python-setuptools - - python-virtualenv - htop - tmux become: yes @@ -49,9 +44,6 @@ #update_cache: yes vars: packages: - - python3-pip - - python3-setuptools - - python3-virtualenv - apt-transport-https - htop - tmux @@ -60,11 +52,4 @@ - name: Install Ansible pip: - name: ansible=={{ ensure_ansible_version }} - when: enable_ansible - -- name: Install tmuxp - pip: - name: - - tmuxp - state: present + name: ansible=={{ ensure_ansible_version }} \ No newline at end of file diff --git a/tasks/users.yml b/tasks/users.yml index 8dfd11a..f3a88b9 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -5,40 +5,31 @@ - sudo when: ansible_facts['os_family'] == 'FreeBSD' +- name: 'Allow wheel group to do passwordless sudo' + lineinfile: + dest: /usr/local/etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD:ALL' + validate: visudo -cf %s + when: ansible_facts['os_family'] == 'FreeBSD' + +- name: 'Allow wheel group to do passwordless sudo' + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD:ALL' + validate: visudo -cf %s + when: + - ansible_facts['os_family'] in ['Debian', 'Archlinux'] + - name: 'Create users with corresponding groups' user: name: "{{ item }}" groups: users with_items: "{{ users }}" -- block: - - name: 'Ensure that sudo group is existing' - group: - name: sudo - state: present - - - name: 'Allow sudo group to do sudo' - lineinfile: - dest: "{{ lookup('first_found', files, errors='ignore') }}" - state: present - regexp: '^#?\s*%sudo' - line: '%sudo ALL=(ALL) ALL' - validate: visudo -cf %s - vars: - files: - - /etc/sudoers - - /usr/local/etc/sudoers # e.g. FreeBSD - - - name: 'Add sudoers user to sudo group' - user: - name: "{{ item }}" - groups: sudo - append: yes - with_items: "{{ sudoers }}" - when: - - enable_sudo - - not enable_passwordless_sudo - - name: 'Add corresponding authorized_keys to each user' authorized_key: user: "{{ item }}" @@ -48,33 +39,17 @@ with_items: "{{ users }}" ignore_errors: true -- block: - - name: 'Ensure that wheel group is existing' - group: - name: wheel - state: present +- name: 'Ensure that wheel group is existing' + group: + name: wheel + state: present - - name: 'Add sudoers user to wheel group' - user: - name: "{{ item }}" - groups: wheel - append: yes - with_items: "{{ sudoers }}" - - - name: 'Allow wheel group to do passwordless sudo' - lineinfile: - dest: "{{ lookup('first_found', files, errors='ignore') }}" - state: present - regexp: '^%wheel' - line: '%wheel ALL=(ALL) NOPASSWD:ALL' - validate: visudo -cf %s - vars: - files: - - /etc/sudoers - - /usr/local/etc/sudoers # e.g. FreeBSD - when: - - enable_sudo - - enable_passwordless_sudo +- name: 'Add sudoers user to wheel group' + user: + name: "{{ item }}" + groups: wheel + append: yes + with_items: "{{ sudoers }}" - name: Copy tmux config copy: