- hosts: all become: yes tags: [never, init] vars_files: - "vars/vault.yml" collections: - ansible.builtin.apt - ansible.builtin.git - ansible.builtin.group - ansible.builtin.hostname - ansible.builtin.reboot - ansible.builtin.user - ansible.posix.authorized_key - ansible.builtin.lineinfile - ansible.builtin.git pre_tasks: - name: Ensure groups exists register: group_exist ansible.builtin.group: name: "{{ item.groupname }}" gid: "{{ item.gid | default(None) }}" state: present loop: "{{ users }}" - name: Add users ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(None) }}" group: "{{ item.groupname | default(item.username) }}" shell: /bin/bash move_home: "{{ item.home | default(None) }}" password: "{{ item.password | default(None) }}" loop: "{{ users }}" - name: Add a ssh key ansible.posix.authorized_key: user: "{{ users.0.username }}" key: "https://github.com/{{ users.0.github }}.keys" - name: Change hostname when: "set_hostname is defined" register: new_hostname ansible.builtin.hostname: name: "{{ set_hostname }}" - name: Change hostname in hosts when: new_hostname.changed ansible.builtin.lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1 localhost' line: "127.0.0.1 localhost {{ set_hostname }}" owner: root group: root mode: "0644" - name: Reboot the server ansible.builtin.reboot: msg: "Reboot initiated by Ansible due to hostname change" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 2 post_reboot_delay: 30 test_command: uptime when: new_hostname.changed roles: - role: geerlingguy.ntp - role: geerlingguy.security tasks: - name: Install packages ansible.builtin.apt: name: "{{ item.name | default(omit) }}" state: latest default_release: "{{ item.default_release | default(omit) }}" with_items: - "{{package_list}}" - hosts: piholes vars_files: - "vars/vault.yml" pre_tasks: - name: Checkout pihole tags: [never, init, pihole] ansible.builtin.git: repo: "https://github.com/pi-hole/pi-hole.git" clone: yes dest: "/home/{{ users.0.username }}/pihole" depth: 1 - name: Checkout pihole_updatelist tags: [never, init, pihole] ansible.builtin.git: repo: "https://github.com/jacklul/pihole-updatelists.git" clone: yes dest: "/home/{{ users.0.username }}/pihole_updatelist" depth: 1 - name: Get dependencies become: yes tags: [never, init, pihole] ansible.builtin.apt: name: [ "dns-root-data", "idn2", "lighttpd", "php-cgi", "php-cli", "php-curl", "php-intl", "php-sqlite3", "php-xml", "sqlite3", "unzip", ] state: latest roles: - role: pi_updatelist tags: [update] - role: pi_dnsmasq - hosts: all become: yes tags: [update] vars_files: - "vars/vault.yml" tasks: # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/ - name: Update packages ansible.builtin.apt: update_cache: yes force_apt_get: yes cache_valid_time: 3600 upgrade: yes - name: Remove ubuntu motd spam ansible.builtin.file: path: "/etc/update-motd.d/{{ item }}" state: absent loop: - 10-help-text - 50-landscape-sysinfo - 50-motd-news - 80-livepatch - 95-hwe-eol when: ansible_distribution == 'Ubuntu' - name: Check if a reboot is needed for Debian and Ubuntu boxes register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the server ansible.builtin.reboot: msg: "Reboot initiated by Ansible due to kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exists