--- - name: Install packages become: true ansible.builtin.apt: name: - sudo - vim - bash-completion - mutt state: present - name: Get unix accounts become: true ansible.builtin.getent: database: passwd - name: Copy bash aliases for accounts using bash become: true loop: "{{ ansible_facts.getent_passwd | dict2items }}" ansible.builtin.template: src: bash_aliases.j2 dest: "{{ item.value.4 }}/.bash_aliases" owner: "{{ item.key }}" group: "{{ item.key }}" mode: "644" when: item.key in ('root', ansible_user_id) - name: Copy bashrc for accounts using bash become: true loop: "{{ ansible_facts.getent_passwd | dict2items }}" ansible.builtin.template: src: bashrc.j2 dest: "{{ item.value.4 }}/.bashrc" owner: "{{ item.key }}" group: "{{ item.key }}" mode: "644" when: item.key in ('root', ansible_user_id) - name: Setup etckeeper ansible.builtin.include_role: name: etckeeper - name: Copy sshd_config become: true ansible.builtin.template: src: sshd_config.j2 dest: /etc/ssh/sshd_config.d/00-common.conf mode: "644" owner: root group: root notify: Restart sshd service - name: Copy sudoers file for root without password become: true ansible.builtin.copy: content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL" dest: "/etc/sudoers.d/{{ ansible_user_id }}" owner: root group: root mode: 0440 validate: 'visudo -cf %s'