ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Refactor playbooks and roles to enhance task organization and improve package management. Update development and local playbooks to include descriptive names, streamline APT tasks, and ensure consistent use of Ansible modules. Modify group variables for timezone and update role metadata for clarity. Improve error handling and user feedback in various roles, including applications, base, and snap, by utilizing built-in Ansible modules and adding necessary checks.

Browse Source
This commit is contained in:
ilia 2025-08-29 15:42:09 -04:00
parent 0ad062b911
commit 67a5caef36
36 changed files with 197 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.ansible/.lock Normal file
View File

9
dev-playbook.yml
View File

@ -1,4 +1,5 @@
- hosts: dev
- name: Configure development environment
hosts: dev
become: true
roles:
@ -14,11 +15,11 @@
pre_tasks:
- name: Update apt cache
apt:
update_cache: yes
ansible.builtin.apt:
update_cache: true
tasks:
# Additional tasks can be added here if needed
- name: Display completion message
debug:
ansible.builtin.debug:
msg: "Development environment setup completed successfully!"

2
group_vars/all.yml
View File

@ -1,6 +1,6 @@
---
# Common variables for all hosts
timezone: UTC
timezone: America/Toronto
locale: en_US.UTF-8
ansible_python_interpreter: /usr/bin/python3

9
local-playbook.yml
View File

@ -1,4 +1,5 @@
- hosts: localhost
- name: Setup local development environment
hosts: localhost
connection: local
become: true
@ -15,10 +16,10 @@
pre_tasks:
- name: Update apt cache
apt:
update_cache: yes
ansible.builtin.apt:
update_cache: true
tasks:
- name: Display completion message
debug:
ansible.builtin.debug:
msg: "Local development environment setup completed successfully!"

1
roles/applications/meta/main.yml
View File

@ -1,2 +1 @@
---
dependencies: []

39
roles/applications/tasks/main.yml
View File

@ -1,34 +1,35 @@
---
- name: Check if applications are already installed
package_facts:
ansible.builtin.package_facts:
manager: apt
- name: Check if Brave browser is installed
command: brave-browser --version
register: brave_check
ansible.builtin.command: brave-browser --version
register: applications_brave_check
ignore_errors: true
changed_when: false
failed_when: false
no_log: true
- name: Set installation conditions
set_fact:
desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}"
brave_needs_install: "{{ brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}"
ansible.builtin.set_fact:
applications_desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}"
applications_brave_needs_install: "{{ applications_brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}"
- name: Install desktop applications
apt:
ansible.builtin.apt:
name:
- redshift
- libreoffice
- evince
state: present
when: desktop_apps_needed
when: applications_desktop_apps_needed
- name: Brave browser installation
when: applications_brave_needs_install
block:
- name: Remove old Brave repository files
file:
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
@ -36,31 +37,29 @@
- /etc/apt/sources.list.d/brave-browser-release.sources
- name: Download Brave APT key
get_url:
ansible.builtin.get_url:
url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg
mode: '0644'
- name: Add Brave repository
apt_repository:
ansible.builtin.apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"
filename: brave-browser
state: present
- name: Install Brave browser
apt:
ansible.builtin.apt:
name: brave-browser
state: present
when: brave_needs_install
- name: Display application status
debug:
msg:
- "Desktop apps needed: {{ desktop_apps_needed }}"
- "Brave needed: {{ brave_needs_install }}"
ansible.builtin.debug:
msg:
- "Desktop apps needed: {{ applications_desktop_apps_needed }}"
- "Brave needed: {{ applications_brave_needs_install }}"
- "Redshift: {{ 'Installed' if 'redshift' in ansible_facts.packages else 'Missing' }}"
- "LibreOffice: {{ 'Installed' if 'libreoffice' in ansible_facts.packages else 'Missing' }}"
- "Evince: {{ 'Installed' if 'evince' in ansible_facts.packages else 'Missing' }}"
- "Brave: {{ brave_check.stdout if brave_check.rc == 0 else 'Not installed' }}"
when: ansible_debug_output | default(false) | bool
- "Brave: {{ applications_brave_check.stdout if applications_brave_check.rc == 0 else 'Not installed' }}"
when: ansible_debug_output | default(false) | bool

9
roles/base/handlers/main.yml
View File

@ -1,10 +1,11 @@
---
# handlers file for base
- name: restart fail2ban
systemd:
- name: Restart fail2ban
ansible.builtin.systemd:
name: fail2ban
state: restarted
- name: reload ufw
command: ufw reload
- name: Reload ufw
ansible.builtin.command: ufw reload
changed_when: false

51
roles/base/meta/main.yml
View File

@ -1,52 +1 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

10
roles/base/tasks/main.yml
View File

@ -1,6 +1,6 @@
---
- name: Install base system packages
apt:
ansible.builtin.apt:
name:
# Base utilities
- htop
@ -20,7 +20,7 @@
state: present
- name: Configure fail2ban
template:
ansible.builtin.template:
src: jail.local.j2
dest: /etc/fail2ban/jail.local
mode: '0644'
@ -29,10 +29,10 @@
# UFW enablement moved to ssh role to avoid lockout
- name: Set timezone
timezone:
community.general.timezone:
name: "{{ timezone | default('UTC') }}"
- name: Configure locale
locale_gen:
community.general.locale_gen:
name: "{{ locale | default('en_US.UTF-8') }}"
state: present
state: present

3
roles/base/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test base role
hosts: localhost
remote_user: root
roles:
- base

10
roles/development/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: Development tools and environment setup role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

6
roles/development/tasks/main.yml
View File

@ -1,13 +1,13 @@
---
- name: Install development packages
apt:
ansible.builtin.apt:
name:
# Development tools
- git
- nodejs
- npm
# Build tools
# Build tools
- build-essential
- python3
- python3-pip
state: present
state: present

3
roles/development/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test development role
hosts: localhost
remote_user: root
roles:
- development

10
roles/docker/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: Docker installation and configuration role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

45
roles/docker/tasks/main.yml
View File

@ -1,7 +1,7 @@
---
- name: Debug distribution information
debug:
msg:
ansible.builtin.debug:
msg:
- "Distribution: {{ ansible_facts['distribution'] }}"
- "Distribution Release: {{ ansible_facts['distribution_release'] }}"
- "Distribution Version: {{ ansible_facts['distribution_version'] }}"
@ -9,7 +9,7 @@
when: ansible_debug_output | default(false) | bool
- name: Check if Docker is already installed
command: docker --version
ansible.builtin.command: docker --version
register: docker_check
ignore_errors: true
changed_when: false
@ -17,19 +17,20 @@
no_log: true
- name: Check if Docker packages are installed via apt
package_facts:
ansible.builtin.package_facts:
manager: apt
register: docker_apt_check
changed_when: false
- name: Set installation condition
set_fact:
ansible.builtin.set_fact:
docker_needs_install: "{{ docker_check.rc != 0 or 'docker-ce' not in ansible_facts.packages }}"
- name: Docker installation tasks
when: docker_needs_install
block:
- name: Install Docker requirements
apt:
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
@ -39,7 +40,7 @@
state: present
- name: Remove old Docker repository files
file:
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
@ -47,19 +48,19 @@
- /etc/apt/sources.list.d/docker-ce.list
- name: Create keyrings directory
file:
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
- name: Setup Docker GPG key
include_tasks: setup_gpg_key.yml
ansible.builtin.include_tasks: setup_gpg_key.yml
- name: Setup Docker repository
include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml"
ansible.builtin.include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml"
- name: Install Docker CE
apt:
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
@ -69,27 +70,25 @@
state: present
- name: Start and enable Docker service
systemd:
ansible.builtin.systemd:
name: docker
state: started
enabled: yes
enabled: true
- name: Set target user variable
set_fact:
target_user: "{{ ansible_user | default(ansible_user_id) }}"
ansible.builtin.set_fact:
docker_target_user: "{{ ansible_user | default(ansible_user_id) }}"
- name: Add user to docker group
user:
name: "{{ target_user }}"
ansible.builtin.user:
name: "{{ docker_target_user }}"
groups: docker
append: yes
when: docker_needs_install
append: true
- name: Display Docker status
debug:
msg:
ansible.builtin.debug:
msg:
- "Docker already installed: {{ docker_check.stdout if docker_check.rc == 0 else 'Not found' }}"
- "Docker CE package installed: {{ 'Yes' if 'docker-ce' in ansible_facts.packages else 'No' }}"
- "Actions taken: {{ 'None - Docker already present' if not docker_needs_install else 'Docker installation/configuration performed' }}"
when: ansible_debug_output | default(false) | bool
when: ansible_debug_output | default(false) | bool

9
roles/docker/tasks/setup_gpg_key.yml
View File

@ -1,19 +1,20 @@
---
- name: Download Docker's official GPG key
get_url:
ansible.builtin.get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /tmp/docker.gpg
mode: '0644'
- name: Convert and install Docker GPG key
shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg
ansible.builtin.shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg
changed_when: false
- name: Set permissions on Docker GPG key
file:
ansible.builtin.file:
path: /etc/apt/keyrings/docker.gpg
mode: '0644'
- name: Clean up temporary GPG key file
file:
ansible.builtin.file:
path: /tmp/docker.gpg
state: absent

4
roles/docker/tasks/setup_repo_debian.yml
View File

@ -1,6 +1,6 @@
---
- name: Add Docker repository for Debian
apt_repository:
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
update_cache: true

14
roles/docker/tasks/setup_repo_linux_mint.yml
View File

@ -1,10 +1,14 @@
---
- name: Set Ubuntu codename for Linux Mint
set_fact:
ubuntu_codename: "{{ 'jammy' if ansible_distribution_version is version('22', '>=') else 'focal' if ansible_distribution_version is version('21', '>=') else 'focal' if ansible_distribution_version is version('20', '>=') else 'bionic' }}"
ansible.builtin.set_fact:
docker_ubuntu_codename: >
{{ 'jammy' if ansible_distribution_version is version('22', '>=') else
'focal' if ansible_distribution_version is version('21', '>=') else
'focal' if ansible_distribution_version is version('20', '>=') else
'bionic' }}
- name: Add Docker repository for Linux Mint (using Ubuntu base)
apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ubuntu_codename }} stable"
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable"
state: present
update_cache: yes
update_cache: true

4
roles/docker/tasks/setup_repo_ubuntu.yml
View File

@ -1,6 +1,6 @@
---
- name: Add Docker repository for Ubuntu
apt_repository:
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
update_cache: true

3
roles/docker/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test docker role
hosts: localhost
remote_user: root
roles:
- docker

10
roles/maintenance/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: System maintenance and updates role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

20
roles/maintenance/tasks/main.yml
View File

@ -1,25 +1,25 @@
---
- name: Upgrade all packages
apt:
ansible.builtin.apt:
upgrade: dist
- name: Autoremove unused packages
apt:
autoremove: yes
ansible.builtin.apt:
autoremove: true
- name: Clean apt cache
apt:
autoclean: yes
ansible.builtin.apt:
autoclean: true
- name: Check if reboot is required
stat:
ansible.builtin.stat:
path: /var/run/reboot-required
register: reboot_required
register: maintenance_reboot_required
- name: Reboot if required
reboot:
ansible.builtin.reboot:
msg: "Reboot triggered by Ansible after system changes."
when:
- ansible_facts['pkg_mgr'] == "apt"
- reboot_required.stat.exists
- skip_reboot | default(false) | bool == false
- maintenance_reboot_required.stat.exists
- not (skip_reboot | default(false) | bool)

3
roles/maintenance/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test maintenance role
hosts: localhost
remote_user: root
roles:
- maintenance

10
roles/shell/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: Shell configuration and setup role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

33
roles/shell/tasks/main.yml
View File

@ -1,40 +1,41 @@
---
- name: Set target user variable
set_fact:
target_user: "{{ ansible_user | default(ansible_user_id) }}"
ansible.builtin.set_fact:
shell_target_user: "{{ ansible_user | default(ansible_user_id) }}"
- name: Install shell packages
apt:
ansible.builtin.apt:
name:
- zsh
- tmux
state: present
- name: Set zsh as default shell for user
user:
name: "{{ target_user }}"
ansible.builtin.user:
name: "{{ shell_target_user }}"
shell: /usr/bin/zsh
- name: Install Oh My Zsh for user
become: true
become_user: "{{ target_user }}"
shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended
become_user: "{{ shell_target_user }}"
ansible.builtin.shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended
args:
creates: "/home/{{ target_user }}/.oh-my-zsh"
creates: "/home/{{ shell_target_user }}/.oh-my-zsh"
- name: Clone Powerlevel10k theme
git:
ansible.builtin.git:
repo: https://github.com/romkatv/powerlevel10k.git
dest: "/home/{{ target_user }}/.oh-my-zsh/custom/themes/powerlevel10k"
dest: "/home/{{ shell_target_user }}/.oh-my-zsh/custom/themes/powerlevel10k"
version: master
depth: 1
update: no
update: false
become: true
become_user: "{{ target_user }}"
become_user: "{{ shell_target_user }}"
- name: Deploy .zshrc for user
copy:
ansible.builtin.copy:
src: files/.zshrc
dest: "/home/{{ target_user }}/.zshrc"
owner: "{{ target_user }}"
group: "{{ target_user }}"
dest: "/home/{{ shell_target_user }}/.zshrc"
owner: "{{ shell_target_user }}"
group: "{{ shell_target_user }}"
mode: '0644'

3
roles/shell/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test shell role
hosts: localhost
remote_user: root
roles:
- shell

4
roles/snap/handlers/main.yml
View File

@ -1,5 +1,5 @@
---
- name: restart snapd
systemd:
- name: Restart snapd
ansible.builtin.systemd:
name: snapd
state: restarted

12
roles/snap/meta/main.yml
View File

@ -1,2 +1,12 @@
---
galaxy_info:
author: ansible-user
description: Snap package manager configuration role
company: Personal
license: MIT
min_ansible_version: "2.9"
galaxy_tags: []
dependencies: []

34
roles/snap/tasks/main.yml
View File

@ -1,76 +1,78 @@
---
- name: Enable 'universe' repo (Ubuntu and Mint only)
command: add-apt-repository universe
ansible.builtin.command: add-apt-repository universe
when: ansible_facts['distribution'] in ["Ubuntu", "Linux Mint"]
changed_when: false
ignore_errors: true
failed_when: false
- name: Remove Mint's nosnap.pref block (Mint only)
file:
ansible.builtin.file:
path: /etc/apt/preferences.d/nosnap.pref
state: absent
when: ansible_facts['distribution'] == "Linux Mint"
- name: Install Snap daemon
apt:
ansible.builtin.apt:
name: snapd
state: present
when: ansible_facts['os_family'] == "Debian"
notify: restart snapd
- name: Enable snapd socket on Debian
systemd:
ansible.builtin.systemd:
name: snapd.socket
enabled: true
state: started
when: ansible_facts['distribution'] == "Debian"
- name: Force Ansible to reload facts
setup:
ansible.builtin.setup:
- name: Wait for snapd to be ready
command: snap wait system seed.loaded
ansible.builtin.command: snap wait system seed.loaded
register: snap_wait_result
until: snap_wait_result.rc == 0
retries: 10
delay: 5
when: ansible_facts['os_family'] == "Debian"
ignore_errors: true
failed_when: false
changed_when: false
- name: Check if snap is working
command: snap list
ansible.builtin.command: snap list
register: snap_check
when: ansible_facts['os_family'] == "Debian"
ignore_errors: true
failed_when: false
changed_when: false
- name: Install VSCode IDE (Snap, all distros)
community.general.snap:
name: code
classic: true
state: present
when:
when:
- ansible_facts['os_family'] == "Debian"
- snap_check is defined
- snap_check.rc == 0
ignore_errors: true
failed_when: false
- name: Install Cursor (Snap, all distros)
community.general.snap:
name: cursor
state: present
when:
when:
- ansible_facts['os_family'] == "Debian"
- snap_check is defined
- snap_check.rc == 0
ignore_errors: true
failed_when: false
- name: Display snap installation status
debug:
ansible.builtin.debug:
msg: |
Snap check result: {{ snap_check.rc if snap_check is defined else 'not defined' }}
VSCode and Cursor installation may have failed if snap is not properly configured.
You may need to manually install these applications or troubleshoot snap on this host.
when:
when:
- ansible_facts['os_family'] == "Debian"
- snap_check is defined
- snap_check.rc != 0

6
roles/ssh/handlers/main.yml
View File

@ -1,5 +1,5 @@
---
- name: restart ssh
systemd:
- name: Restart ssh
ansible.builtin.systemd:
name: ssh
state: restarted
state: restarted

10
roles/ssh/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: SSH configuration and security role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

11
roles/ssh/tasks/main.yml
View File

@ -1,23 +1,22 @@
---
- name: Ensure SSH server installed
apt:
ansible.builtin.apt:
name: openssh-server
state: present
- name: Configure firewalls - allow SSH port
ufw:
community.general.ufw:
rule: allow
port: '22'
proto: tcp
- name: Configure firewalls - allow SSH by name (backup)
ufw:
community.general.ufw:
rule: allow
name: OpenSSH
ignore_errors: true
failed_when: false
- name: Enable UFW with deny default policy
ufw:
community.general.ufw:
state: enabled
policy: deny

3
roles/ssh/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test ssh role
hosts: localhost
remote_user: root
roles:
- ssh

10
roles/user/meta/main.yml
View File

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: ansible-user
description: User account management role
company: Personal
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,9 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: MIT
min_ansible_version: 2.1
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

8
roles/user/tasks/main.yml
View File

@ -1,10 +1,10 @@
---
- name: Set target user variable
set_fact:
target_user: "{{ ansible_user | default(ansible_user_id) }}"
ansible.builtin.set_fact:
user_target_user: "{{ ansible_user | default(ansible_user_id) }}"
- name: Ensure user exists
user:
name: "{{ target_user }}"
ansible.builtin.user:
name: "{{ user_target_user }}"
state: present
when: ansible_connection != 'local'

3
roles/user/tests/test.yml
View File

@ -1,5 +1,6 @@
---
- hosts: localhost
- name: Test user role
hosts: localhost
remote_user: root
roles:
- user