- name: Setup an alpine machine hosts: homelab user: root vars: # alpine_version: v3.19 alpine_version: latest-stable robo: authorized_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPiEGbVaaSJq/9hGaou3gd6m4Jzyj4AIgCL5wGTxVz1" allowed_commands: - "docker ps" vars_files: ../../variables/secrets.yaml tasks: - name: Change login message template: src: ../../files/alpine/motd.j2 dest: /etc/motd owner: root group: root mode: 0644 backup: yes - name: Update repositories template: src: ../../files/alpine/repositories.j2 dest: /etc/apk/repositories owner: root group: root mode: 0644 backup: yes - name: Update all packages command: /sbin/apk upgrade -U -a - name: Be sure python is installed command: /sbin/apk add python3 args: creates: /usr/bin/python3 - name: Disable password authentication for SSH become: true notify: Restart sshd ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: '^#?PasswordAuthentication' line: 'PasswordAuthentication no' state: present - name: Allow users of the weel group to use doas command become: true ansible.builtin.lineinfile: path: /etc/doas.conf regexp: '^#\s*permit persist :wheel' line: 'permit persist :wheel' state: present - name: Create a user group named docker ansible.builtin.group: name: docker - name: Setup users ansible.builtin.user: state: present name: aleidk password: "{{ users.aleidk.password | password_hash('sha512') }}" groups: - wheel - docker - name: Create a user for executing remote commands ansible.builtin.user: name: robo system: true create_home: true groups: nogroup state: present - name: Add SSH public key for robo user ansible.posix.authorized_key: user: robo state: present key: "{{ robo.authorized_key }}" key_options: "command=\"{{ robo.allowed_commands | join('; ') }}\"" - name: Install packages ansible.builtin.package: state: present name: - docker - name: Start docker service ansible.builtin.service: name: docker state: started enabled: true handlers: - name: Restart sshd ansible.builtin.service: name: sshd state: restarted