blaine
/
infra


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							---
- name: Enable crb on CentOS 9
  shell:
    cmd: dnf config-manager --set-enabled crb
  changed_when: false
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "9"

- name: Enable EPEL Repo on CentOS 7/8
  package:
    name: epel-release
    state: present
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version|int > 9

- name: Check for EPEL Repo on CentOS 9
  shell:
    cmd: rpm -q epel-release
  changed_when: false
  failed_when: false
  register: epel_check
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "9"

- name: Enable EPEL Repo on CentOS 9
  dnf:
    name:
      - https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/e/epel-release-9-4.el9.noarch.rpm
      - https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/e/epel-next-release-9-4.el9.noarch.rpm
    state: present
    disable_gpg_check: yes
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "9"
    - epel_check.rc|int == 1

- name: Enable PowerTools on CentOS 8
  lineinfile:
    path: /etc/yum.repos.d/CentOS-{% if ansible_lsb.id == 'CentOSStream' %}Stream-{% endif %}PowerTools.repo
    regexp: '^enabled='
    line: 'enabled=1'
  when:
    - ansible_distribution == 'CentOS'
    - ansible_distribution_major_version == "8"

- name: Check for RPMFusion rpms
  shell:
    cmd: rpm -q rpmfusion-free-release
  failed_when: false
  changed_when: false
  register: rpmfusion_check

- name: Download RPMFusion .rpms 
  get_url:
    url: "{{ item }}"
    dest: /home/ansible/{{ item | basename }}
    owner: ansible
    group: ansible
    mode: '0644'
  loop:
    - https://download1.rpmfusion.org/free/{{ 'el' if ansible_distribution == 'CentOS' else 'fedora' }}/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm 
    - https://download1.rpmfusion.org/nonfree/{{ 'el' if ansible_distribution == 'CentOS' else 'fedora' }}/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm 
  loop_control:
    label: "{{ item | basename }}"
  register: rpmfusion_repos
  when:
    - ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora'
    - ansible_distribution_major_version != "9" # no RPMFusion yet for CentOS Stream 9
    - rpmfusion_check.rc != "0"


- name: Install RPMFusion .rpms
  yum:
    name: 
      - /home/ansible/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm
      - /home/ansible/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm
    disable_gpg_check: yes
    state: present
  when:
    - rpmfusion_repos is defined
    - rpmfusion_repos.changed
    - ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora'
    - ansible_distribution_major_version != "9" # no RPMFusion yet for CentOS Stream 9


- name: Combine Packages (RPM)
  set_fact:
    all_pkgs: "{{ all_pkgs | default([]) | union(item) }}"
  loop:
    - "{{ common_pkgs }}"
    - "{{ common_pkgs_rpm }}"
    - "{{ host_pkgs | default([]) }}"
  loop_control:
    label: "{{ all_pkgs | default([]) | length }} Packages"
  when:
    - ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora'

- name: Combine Packages (DEB)
  set_fact:
    all_pkgs: "{{ all_pkgs | default([]) | union(item) }}"
  loop:
    - "{{ common_pkgs }}"
    - "{{ common_pkgs_deb }}"
    - "{{ host_pkgs | default([]) }}"
  when:
    - ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

- name: Install packages
  package:
    name: "{{ all_pkgs }}"
    state: present
  when:
    - all_pkgs is defined

- name: Install ansible SSH keys
  authorized_key:
    user: ansible
    state: present
    exclusive: yes
    key: "{{ ssh_ansible_keys | join('\n') }}"
  when:
    - ansible_os_family != 'LibreELEC'
  tags: ssh


- name: Install root SSH keys
  authorized_key:
    user: root
    state: present
    exclusive: yes
    key: "{{ ssh_root_keys | union(host_ssh_root_keys) | join('\n') }}"
  tags: ssh


- name: Create additional users
  user:
    name: "{{ item.name }}"
    uid: "{{ item.uid }}"
    state: present
    shell: "{{ item.shell | default('/bin/bash') }}"
    create_home: "{{ item.create_home | default('yes') }}"
  with_items:
    - "{{ users }}"
  when:
    - item.name is defined
    - item.uid is defined


- name: Add Bash aliases for root user
  lineinfile:
    dest: /root/.bashrc
    create: yes
    mode: '0644'
    line: "alias {{ item.alias }}='{{ item.command }}'"
    regexp: "^alias {{ item.alias }}="
  with_items:
    - "{{ common_bash_aliases | default('') }}"
    - "{{ host_bash_aliases | default('') }}"
  when:
    - (item.user is not defined or item.user == 'root')
    - item.alias is defined
    - item.command is defined
    - ansible_os_family != 'LibreELEC'
  tags: aliases


- name: Add bash aliases for non-root users
  lineinfile:
    dest: /home/{{ item.user }}/.bashrc
    create: no
    mode: '0644'
    line: "alias {{ item.alias }}='{{ item.command }}'"
    regexp: "^alias {{ item.alias }}="
  register: create_alias
  failed_when:
    - create_alias.rc is defined
    - create_alias.rc != 257
  with_items:
    - "{{ common_bash_aliases | default('') }}"
    - "{{ host_bash_aliases | default('') }}"
  when:
    - item.user is defined
    - item.user != 'root'
    - item.alias is defined
    - item.command is defined
    - ansible_os_family != 'LibreELEC'
  tags: aliases