| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 |
- ---
- - name: Install Python without using Ansible modules
- raw: >
- bash -c "test -e /usr/bin/python3 ||
- (test -e /usr/bin/yum && yum install -y python3) ||
- (apt install -y python3 python-apt) ||
- grep -i LibreELEC /etc/os-release"
- changed_when: false
- - name: Gather facts now that Python is installed
- setup:
- - name: Install sudo and lsb (RPM)
- package:
- name:
- - sudo
- - "{% if ansible_distribution_major_version != '9' %}redhat-lsb-core{% else %}python3-libselinux{% endif %}"
- state: present
- when:
- - ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora'
- - name: Install sudo and lsb (DEB)
- package:
- name:
- - sudo
- - lsb-release
- state: present
- when:
- - ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- - name: Install SELinux Python Modules (Fedora)
- package:
- name:
- - python3-libselinux
- state: present
- when:
- - ansible_distribution == 'Fedora'
- - name: Gather facts again now that lsb is installed
- setup:
- - name: Creating ansible user
- user:
- name: ansible
- state: present
- shell: /bin/bash
- create_home: yes
- when:
- - ansible_os_family != 'LibreELEC'
- - name: Adding ansible as a sudoer
- copy:
- src: 10_ansible
- dest: /etc/sudoers.d/10_ansible
- owner: root
- group: root
- mode: '0640'
- when:
- - ansible_os_family != 'LibreELEC'
- - import_role:
- name: common
- - name: Ensure only key-based SSH logins are allowed
- lineinfile:
- path: /etc/ssh/sshd_config
- regexp: '^PasswordAuthentication'
- line: 'PasswordAuthentication no'
- state: present
- notify:
- - Restart sshd
- when:
- - ansible_os_family != 'LibreELEC' # / is mounted RO in LibreELEC
|
