Add playbooks to role os-linux-prep-default

ansible/roles/os-linux-prep-default/tasks/add-users-admins.yml

@@ -0,0 +1,60 @@
+---
+
+- include_vars: vars/os-creds-admins.yml
+
+- name: Set host facts group for use sudo
+  set_fact: os_group_for_sudo="sudo"
+  when: ansible_os_family == "Debian"
+
+- name: Set host facts group for use sudo
+  set_fact: os_group_for_sudo="wheel"
+  when: ansible_os_family == "RedHat"
+
+- name: Change default for add user create params perm 755 to 700 (Debian)
+  block:
+    - name: Edit options in /etc/adduser.conf
+      lineinfile:
+        path: /etc/adduser.conf
+        line: "{{ item }}"
+      loop:
+        - DIR_MODE=0700
+        - SYS_DIR_MODE=0700
+      when: ansible_os_family == "Debian"
+    - name: Edit options in /etc/login.defs
+      lineinfile:
+        path: /etc/login.defs
+        line: "{{ item }}"
+      loop:
+        - HOME_MODE 0700
+  when: ansible_os_family == "Debian"
+
+- name: Add admins users
+  user:
+    name: "{{ item.username }}"
+    shell: /bin/bash
+    groups: "{{ os_group_for_sudo }}"
+    password: "{{ item.password }}"
+    comment: "{{ item.comment }}"
+    append: yes
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true
+
+- name: Add SSH keys for admins users
+  authorized_key:
+    user:  "{{ item.username }}"
+    state: present
+    key: "{{ item.ssh_key }}"
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true
+
+- name: Add admins users to /etc/sudoers.d/
+  copy:
+    dest: "/etc/sudoers.d/{{ item.username }}"
+    content: |
+      {{ item.username }} ALL=(ALL) NOPASSWD:ALL
+
+    owner: root
+    group: root
+    mode: '0444'
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true

ansible/roles/os-linux-prep-default/tasks/ipv6-disable.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Disable IPv6
+  block:
+  - name: Add to /etc/default/grub option ipv6.disable=1
+    ansible.builtin.lineinfile:
+      path: /etc/default/grub
+      regexp: '^GRUB_CMDLINE_LINUX="'
+      line: GRUB_CMDLINE_LINUX="ipv6.disable=1"
+    notify:
+      - Update config grub on Debian like
+  when: ansible_os_family == "Debian"

ansible/roles/os-linux-prep-default/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+#- name: Ping
+#  import_tasks: ping.yml
+
+- name: Upload sctipts for first starting system
+  import_tasks: scripts-first-start.yml
+
+- name: IPv6 disable
+  import_tasks: ipv6-disable.yml
+
+- name: Add admins users
+  import_tasks: add-users-admins.yml
+
+- name: Install basic pkg
+  import_tasks: pkg-install.yml

ansible/roles/os-linux-prep-default/tasks/ping.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Prepare default config for OS type of Debian
+  block:
+    - name: Debug
+      debug:
+        msg: '{{ role_path }}'
+  when: ansible_os_family == "Debian"

ansible/roles/os-linux-prep-default/tasks/pkg-install.yml

@@ -0,0 +1,14 @@
+---
+
+- include_vars: os-pkg-list.yml
+
+- name: Install from list of packages for Debian
+  block:
+  - name: Install from list of packages for Debian
+    apt:
+      state: latest
+      pkg: "{{ debian_install_pkg_list }}"
+  - name: Run "apt-get clean"
+    apt:
+      clean: yes
+  when: ansible_distribution == "Debian"

ansible/roles/os-linux-prep-default/tasks/scripts-first-start.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Prepare scripts for custom VMs (First start)
+  block:
+  - name: Copy files to remote system
+    ansible.builtin.copy:
+      src: files/first_start.sh
+      dest: /root/first_start.sh
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Edit /etc/rc.local
+    ansible.builtin.lineinfile:
+      path: /etc/rc.local
+      regexp: '^(exit 0.*)$'
+      line: |
+        /root/first_start.sh &
+        $(sleep 2; chmod 755 /root/first_start.sh |  sed '/chmod 755 \/root\/first_start.sh/d' -i /etc/rc.local) &
+        exit 0
+
+  when: ansible_os_family == "Debian"