ansible-playbooks/tasks/golden_image.yaml

- name: Configure golden image
  hosts: myhosts
  tasks:
   - name: Set authorized key taken from file
     ansible.posix.authorized_key:
       user: root
       key: "{{  lookup('file', '../config/id_ed25519.pub')  }}"
   - name: Copy over SSHD config file
     ansible.builtin.copy:
       src: ../config/sshd_config
       dest: /etc/ssh/sshd_config
       owner: root
       group: root
       mode: "0600"
   - name: Restart SSHD
     ansible.builtin.systemd_service:
       name: sshd
       state: reloaded
   - name: Upgrade all packages
     ansible.builtin.dnf:
       name: "*"
       state: latest
   - name: Install wireguard-tools and qemu-guest-agent
     ansible.builtin.dnf:
       name:
         - wireguard-tools
         - qemu-guest-agent
       state: latest
   - name: Uninstall cockpit
     ansible.builtin.dnf:
       name: cockpit
       state: absent
       autoremove: yes
   - name: Enable QEMU guest agent service
     ansible.builtin.systemd_service:
       name: qemu-guest-agent
       enabled: true
       state: started

   - name: Download gvisor
     ansible.builtin.get_url:
       url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
       dest: /usr/local/bin/runsc
       force: yes
       mode: a+x

   - name: Download gvisor containerd-shim
     ansible.builtin.get_url:
       url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1
       dest: /usr/local/bin/containerd-shim-runsc-v1
       force: yes
       mode: a+x


   - name: check if docker repo is installed
     stat:
       path: "/etc/yum.repos.d/docker-ce.repo"
     register: docker_repo
   - name: debug_msg
     debug:
       msg: "Docker repo already present"
     when: docker_repo.stat.exists
   - name: Ensure distro docker is not installed
     ansible.builtin.dnf:
       name:
         - docker
         - docker-client
         - docker-client-latest
         - docker-common
         - docker-latest
         - docker-latest-logrotate
         - docker-logrotate
         - docker-selinux
         - docker-engine-selinux
         - docker-engine
       state: absent
     when: not docker_repo.stat.exists
   - name: Install dnf-plugins-core
     ansible.builtin.dnf:
       name: dnf-plugins-core
       state: latest
   - name: Download Docker dnf repo
     ansible.builtin.get_url:
       url: https://download.docker.com/linux/fedora/docker-ce.repo
       dest: /etc/yum.repos.d/docker-ce.repo
       mode: 0644
       force: yes
   - name: Install Docker packages
     ansible.builtin.dnf:
       name:
         - docker-ce
         - docker-ce-cli
         - containerd.io
         - docker-buildx-plugin
         - docker-compose-plugin


   - name: Copy over docker daemon.json config file
     ansible.builtin.copy:
       src: ../config/daemon.json
       dest: /etc/docker/daemon.json
       owner: root
       group: root
       mode: "0644"
       force: true

   - name: Enable Docker systemd service
     ansible.builtin.systemd_service:
       name: docker
       enabled: true
       state: reloaded