ansible/linux/compliance_Debian.yaml

---
## Checks/deploys a Debian Linux system to be managed with Ansible.

# Add sudo package
- name: Install sudo if not already installed.
# Looking at you LXCs. >.>
  ansible.builtin.package:
    name:
      - sudo
    state: present

# APT Cacher-NG Configuration
- name: Add APT-Cacher-NG Configuration
  copy:
    content: "{{ aptcacher_config }}"
    dest: /etc/apt/apt.conf.d/proxy
- name: Remove redundant APT configuration
  file:
    path: /etc/apt/apt.conf
    state: absent

# Update apt package lists after adding our proxy
- name: Update apt repo package lists from cacher
  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
    
# Add required packages because Debian is lame
- name: Install standard packages if not already installed.
  ansible.builtin.package:
    name:
      - curl
      - net-tools
      - wget
      - iftop
      - htop
    state: present

# Give ansible sudo rights with no password required.
- name: Add sudo rights with no password for deployment user.
  lineinfile:
    dest: /etc/sudoers
    regexp: '^ansible'
    line: 'ansible ALL=(ALL) NOPASSWD: ALL'
    state: present
    validate: 'visudo -cf %s'

- name: Add nhadmin to sudo group.
  user:
    name: nhadmin
    groups: sudo
    append: yes
  when: "'sudo' in ansible_facts.getent_group"

- name: Add nhadmin to systemd-journal group.
  user:
    name: nhadmin
    groups: systemd-journal
    append: yes
  when: "'systemd-journal' in ansible_facts.getent_group"