all repos — proxmox-ansible @ master

tasks/essential.yml (view raw)

 1- name: Remove pacman db.lck
 2  become: yes
 3  ansible.builtin.file:
 4    path: "/var/lib/pacman/db.lck"
 5    state: absent
 6
 7- name: Update packages
 8  community.general.pacman:
 9    update_cache: true
10    upgrade: true
11
12- name: Install essential packages
13  package:
14    name: "{{ packages }}"
15    state: latest
16
17- name: Create the `aur_builder` user
18  become: yes
19  ansible.builtin.user:
20    name: aur_builder
21    create_home: yes
22    group: wheel
23
24- name: Allow the `aur_builder` user to run `sudo pacman` without a password
25  become: yes
26  ansible.builtin.lineinfile:
27    path: /etc/sudoers.d/11-install-aur_builder
28    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
29    create: yes
30    validate: 'visudo -cf %s'
31
32- name: Remove devel.json file
33  ansible.builtin.file:
34    path: "/home/{{ username }}/.cache/paru/devel.json"
35    state: absent
36
37- name: Upgrade the system using paru, only act on AUR packages.
38  become: no
39  kewlfft.aur.aur:
40    upgrade: yes
41    aur_only: yes
42
43- name: Enable passwordless sudo for {{ username }}
44  lineinfile:
45    dest: /etc/sudoers
46    regexp: "^%wheel"
47    line: "{{ username }} ALL=(ALL) NOPASSWD: ALL"
48    validate: "/usr/sbin/visudo -cf %s"
49
50- name: "Ensure bootable"
51  ansible.builtin.include_role:
52    name: aisbergg.mkinitcpio
53  vars:
54    mkinitcpio_config:
55      HOOKS:
56        - base
57        - udev
58        - autodetect
59        - keyboard
60        - keymap
61        - modconf
62        - block
63        - filesystems
64        - fsck
65    mkinitcpio_force_create: false
66    mkinitcpio_disable_fallback_preset: true
67
68- name: Check to see if grub has been configured
69  stat: path=/boot/grub/grub.cfg
70  register: grub_config
71
72- name: Write grub configuration file
73  command: grub-mkconfig -o /boot/grub/grub.cfg
74  when: grub_config.stat.exists == False
75
76- name: Write grub to MBR
77  command: grub-install /dev/vda1
78  when: grub_config.stat.exists == False
79
80- name: Enable and start ufw service
81  ansible.builtin.service:
82    name: "ufw"
83    enabled: yes
84    state: started
85
86- name: Allow SSH traffic
87  ufw:
88    rule: allow
89    name: SSH
90
91- name: Allow web traffic
92  ufw:
93    rule: allow
94    name: WWW Full
95
96- name: Deny everything else and enable UFW
97  ufw:
98    state: enabled
99    policy: deny