57 lines
1.2 KiB
YAML
57 lines
1.2 KiB
YAML
- name: Determine whether initial setup is needed
|
|
set_fact:
|
|
initial_setup: yes
|
|
when:
|
|
ansible_user != admin_username
|
|
|
|
- name: Fallback to su
|
|
set_fact:
|
|
ansible_become_method: "su"
|
|
ansible_become_user: "root"
|
|
ansible_become_password: "root"
|
|
when:
|
|
initial_setup is defined
|
|
|
|
- setup:
|
|
|
|
- name: Install opendoas
|
|
community.general.pacman:
|
|
name: opendoas
|
|
state: present
|
|
|
|
- name: Configure doas
|
|
template:
|
|
src: doas.conf.j2
|
|
dest: /etc/doas.conf
|
|
|
|
- name: Create priviledged user
|
|
user:
|
|
name: "{{ admin_username }}"
|
|
groups: wheel
|
|
|
|
- name: Deploy SSH key to admin user
|
|
ansible.posix.authorized_key:
|
|
user: "{{ admin_username }}"
|
|
state: present
|
|
key: "{{ lookup('file', '~/.ssh/keys/{{ inventory_hostname }}.pub')}}"
|
|
|
|
- name: Reset variables to before fallback
|
|
set_fact:
|
|
ansible_become_method: "{{ escalation_method }}"
|
|
ansible_user: "{{ admin_username }}"
|
|
ansible_ssh_password: ""
|
|
when:
|
|
initial_setup is defined
|
|
|
|
- name: Reconnect as new administrator
|
|
wait_for_connection:
|
|
timeout: 10
|
|
when:
|
|
initial_setup is defined
|
|
|
|
- name: Delete initial user
|
|
user:
|
|
name: "alarm"
|
|
force: yes
|
|
state: absent
|