58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
- name: Configure golden image
|
|
hosts: myhosts
|
|
tasks:
|
|
- name: Set authorized key taken from file
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
key: "{{ lookup('file', '../config/id_ed25519.pub') }}"
|
|
- name: Copy over SSHD config file
|
|
ansible.builtin.copy:
|
|
src: ../config/sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
- name: Restart SSHD
|
|
ansible.builtin.systemd_service:
|
|
name: sshd
|
|
state: reloaded
|
|
- name: Upgrade all packages
|
|
ansible.builtin.dnf:
|
|
name: "*"
|
|
state: latest
|
|
- name: Install wireguard-tools and qemu-guest-agent
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- wireguard-tools
|
|
- qemu-guest-agent
|
|
state: latest
|
|
- name: Enable QEMU guest agent service
|
|
ansible.builtin.systemd_service:
|
|
name: qemu-guest-agent
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Download gvisor
|
|
ansible.builtin.get_url:
|
|
url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
|
|
dest: /usr/local/bin/runsc
|
|
force: yes
|
|
mode: a+x
|
|
|
|
- name: Download gvisor containerd-shim
|
|
ansible.builtin.get_url:
|
|
url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1
|
|
dest: /usr/local/bin/containerd-shim-runsc-v1
|
|
force: yes
|
|
mode: a+x
|
|
|
|
|
|
- name: Copy over docker daemon.json config file
|
|
ansible.builtin.copy:
|
|
src: ../config/daemon.json
|
|
dest: /etc/docker/daemon.json
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: true
|
|
|