hosts all conflicts with gather_facts - Alpine

2025-11-30 17:27:55 -06:00
parent 6b7957ff23
commit 4fa0182002
1 changed files with 114 additions and 144 deletions
--- a/linux/compliance_Alpine.yaml
+++ b/linux/compliance_Alpine.yaml
@@ -1,13 +1,10 @@
 ---
 ## Checks/deploys a Linux system to be managed with Ansible.

- hosts: all
-  gather_facts: yes
-  become: yes
-  become_method: doas
-
-  tasks:
-
+gather_facts: yes
+become: yes
+become_method: doas
+tasks:
  # Gather system groups
  - name: Gather all system groups
    ansible.builtin.getent:
@@ -42,16 +39,12 @@
      state: directory
      owner: ansible
      group: ansible
-
  - name: Add deployment user's SSH key.
    copy:
      content: "{{ ansiblesvc_key }}"
      dest: /home/ansible/.ssh/authorized_keys
      owner: ansible
      group: ansible
-      # shell:
-        # cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
-        # creates: /home/ansible/.ssh/authorized_keys

  # Add required packages because Debian is lame
  - name: Install standard packages if not already installed.
@@ -90,21 +83,6 @@
      append: yes
    when: "'wheel' in ansible_facts.getent_group"

-    - name: Add nhadmin to sudo group.
-      user:
-        name: nhadmin
-        groups: sudo
-        append: yes
-      when: "'sudo' in ansible_facts.getent_group"
-
-    - name: Add nhadmin to systemd-journal group.
-      user:
-        name: nhadmin
-        groups: systemd-journal
-        append: yes
-      when: "'systemd-journal' in ansible_facts.getent_group"
-
-      
  # Sysadmin user SSH pub key
  # This is a really stupid way to do it, but alas.
  # This uses an environment variable named nhadmin_key in Semaphore which has the ssh-rsa pubkey.
@@ -120,9 +98,6 @@
      dest: /home/nhadmin/.ssh/authorized_keys
      owner: nhadmin
      group: nhadmin
-      # shell:
-        # cmd: echo "{{ nhadmin_key }}" > /home/nhadmin/.ssh/authorized_keys
-        # creates: /home/nhadmin/.ssh/authorized_keys

  # SSH config updating
  - name: Update SSH configuration to disallow root login and disable password authentication.
@@ -149,8 +124,3 @@
    file:
      path: /root/.ssh/authorized_keys
      state: absent
-
-    # Upgrade all apt packages for good measure.
-    - name: Upgrade all apt packages
-      apt: upgrade=dist force_apt_get=yes
-      when: aptfolder.stat.exists