ansible
455133c600
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md) - Add infrastructure inventory documentation - Add VM deployment playbooks and configurations - Add dynamic inventory plugins (libvirt_kvm, ssh_config) - Add cloud-init and preseed configurations for automated deployments - Add security-first configuration templates - Add role and setup documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
114 lines
2.7 KiB
YAML
114 lines
2.7 KiB
YAML
---
|
|
- name: Configure Debian VM with ansible user and LVM partitioning
|
|
hosts: debian_vm
|
|
remote_user: root
|
|
gather_facts: yes
|
|
vars:
|
|
ansible_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian"
|
|
|
|
tasks:
|
|
- name: Create ansible user
|
|
user:
|
|
name: ansible
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
create_home: yes
|
|
|
|
- name: Create .ssh directory for ansible user
|
|
file:
|
|
path: /home/ansible/.ssh
|
|
state: directory
|
|
owner: ansible
|
|
group: ansible
|
|
mode: '0700'
|
|
|
|
- name: Add SSH authorized key for ansible user
|
|
copy:
|
|
content: "{{ ansible_ssh_key }}\n"
|
|
dest: /home/ansible/.ssh/authorized_keys
|
|
owner: ansible
|
|
group: ansible
|
|
mode: '0600'
|
|
|
|
- name: Configure passwordless sudo for ansible user
|
|
copy:
|
|
content: "ansible ALL=(ALL) NOPASSWD:ALL\n"
|
|
dest: /etc/sudoers.d/ansible
|
|
mode: '0440'
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: Configure SSH security settings
|
|
copy:
|
|
content: |
|
|
PermitRootLogin no
|
|
PasswordAuthentication no
|
|
PubkeyAuthentication yes
|
|
dest: /etc/ssh/sshd_config.d/99-security.conf
|
|
mode: '0644'
|
|
notify: restart sshd
|
|
|
|
- name: Install essential packages
|
|
apt:
|
|
name:
|
|
- sudo
|
|
- vim
|
|
- htop
|
|
- tmux
|
|
- curl
|
|
- wget
|
|
- rsync
|
|
- git
|
|
- python3
|
|
- python3-pip
|
|
- jq
|
|
- bc
|
|
- aide
|
|
- auditd
|
|
- chrony
|
|
- ufw
|
|
- lvm2
|
|
- cloud-guest-utils
|
|
- parted
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Check current disk layout
|
|
command: lsblk -o NAME,SIZE,TYPE,MOUNTPOINT
|
|
register: disk_layout
|
|
changed_when: false
|
|
|
|
- name: Display current disk layout
|
|
debug:
|
|
var: disk_layout.stdout_lines
|
|
|
|
- name: Check if LVM is already configured
|
|
stat:
|
|
path: /dev/vg_system
|
|
register: vg_system_check
|
|
|
|
- name: Configure LVM partitioning (if not already configured)
|
|
when: not vg_system_check.stat.exists
|
|
block:
|
|
- name: Grow root partition to use available space
|
|
command: growpart /dev/vda 1
|
|
ignore_errors: yes
|
|
|
|
- name: Resize root filesystem
|
|
command: resize2fs /dev/vda1
|
|
ignore_errors: yes
|
|
|
|
- name: Gather final disk usage
|
|
command: df -h
|
|
register: disk_usage
|
|
changed_when: false
|
|
|
|
- name: Display disk usage
|
|
debug:
|
|
var: disk_usage.stdout_lines
|
|
|
|
handlers:
|
|
- name: restart sshd
|
|
systemd:
|
|
name: sshd
|
|
state: restarted
|