technolog/ansible
1
0
Fork 0
Code Issues Pull Requests Activity

hosts all conflicts with gather_facts - Alpine

Browse Source
This commit is contained in:
iRaven
2025-11-30 17:27:55 -06:00
parent 6b7957ff23
commit 4fa0182002
1 changed files with 114 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
linux/compliance_Alpine.yaml
View File

@@ -1,13 +1,10 @@
--- ---
## Checks/deploys a Linux system to be managed with Ansible. ## Checks/deploys a Linux system to be managed with Ansible.
- hosts: all gather_facts: yes
gather_facts: yes become: yes
become: yes become_method: doas
become_method: doas tasks:
tasks:
# Gather system groups # Gather system groups
- name: Gather all system groups - name: Gather all system groups
ansible.builtin.getent: ansible.builtin.getent:
@@ -42,16 +39,12 @@
state: directory state: directory
owner: ansible owner: ansible
group: ansible group: ansible
- name: Add deployment user's SSH key. - name: Add deployment user's SSH key.
copy: copy:
content: "{{ ansiblesvc_key }}" content: "{{ ansiblesvc_key }}"
dest: /home/ansible/.ssh/authorized_keys dest: /home/ansible/.ssh/authorized_keys
owner: ansible owner: ansible
group: ansible group: ansible
# shell:
# cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
# creates: /home/ansible/.ssh/authorized_keys
# Add required packages because Debian is lame # Add required packages because Debian is lame
- name: Install standard packages if not already installed. - name: Install standard packages if not already installed.
@@ -90,21 +83,6 @@
append: yes append: yes
when: "'wheel' in ansible_facts.getent_group" when: "'wheel' in ansible_facts.getent_group"
- name: Add nhadmin to sudo group.
user:
name: nhadmin
groups: sudo
append: yes
when: "'sudo' in ansible_facts.getent_group"
- name: Add nhadmin to systemd-journal group.
user:
name: nhadmin
groups: systemd-journal
append: yes
when: "'systemd-journal' in ansible_facts.getent_group"
# Sysadmin user SSH pub key # Sysadmin user SSH pub key
# This is a really stupid way to do it, but alas. # This is a really stupid way to do it, but alas.
# This uses an environment variable named nhadmin_key in Semaphore which has the ssh-rsa pubkey. # This uses an environment variable named nhadmin_key in Semaphore which has the ssh-rsa pubkey.
@@ -120,9 +98,6 @@
dest: /home/nhadmin/.ssh/authorized_keys dest: /home/nhadmin/.ssh/authorized_keys
owner: nhadmin owner: nhadmin
group: nhadmin group: nhadmin
# shell:
# cmd: echo "{{ nhadmin_key }}" > /home/nhadmin/.ssh/authorized_keys
# creates: /home/nhadmin/.ssh/authorized_keys
# SSH config updating # SSH config updating
- name: Update SSH configuration to disallow root login and disable password authentication. - name: Update SSH configuration to disallow root login and disable password authentication.
@@ -149,8 +124,3 @@
file: file:
path: /root/.ssh/authorized_keys path: /root/.ssh/authorized_keys
state: absent state: absent
# Upgrade all apt packages for good measure.
- name: Upgrade all apt packages
apt: upgrade=dist force_apt_get=yes
when: aptfolder.stat.exists