add roles to get startedHEAD master

author: Devan Carpenter <git@dvn.me> 2020-05-13 16:11:54 +0100
committer: Devan Carpenter <git@dvn.me> 2020-05-13 16:11:54 +0100
commit: efaaee0ebe8c2f7fe715894c2941282cd29913e7 (patch)
tree: ffc070e43b85e5a2852875967fa2fd4523dc194c
download: ansible-basic-master.tar.gz
ansible-basic-master.zip
14 files changed, 222 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..072476e
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,10 @@
+stages:
+  - test
+test:
+  stage: test
+  image: python:latest
+  before_script:
+    - pip install ansible==2.6.2
+  script:
+    - ansible-playbook --syntax-check -v local.yml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8ea0c17
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# Ansible Basic Stuff
+An `ansible-pull` compatible repo to do some basic things that I like all of my boxes to have.
diff --git a/local.yml b/local.yml
new file mode 100644
index 0000000..bcf72dc
--- /dev/null
+++ b/local.yml
@@ -0,0 +1,13 @@
+---
+- hosts: localhost
+  vars:
+    additional_playbooks:
+      runner0.gitlab.gnunet.org:
+        - name: gitlab-runner
+  roles:
+    - role: buster-upgrade
+      when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")
+    - basic
+    - ansible-pull
+    - users
+    - unattended-upgrades
diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml
new file mode 100644
index 0000000..7414bd9
--- /dev/null
+++ b/roles/ansible-pull/tasks/main.yml
@@ -0,0 +1,33 @@
+- name: Update apt cache
+  apt: update_cache=yes
+- name: Install depends
+  apt:
+    name: [python3-pip, ansible]
+    state: present
+- name: Ensure /etc/ansible/facts.d exists
+  file:
+    path: /etc/ansible/facts.d
+    state: directory
+    recurse: yes
+- name: Make /etc/ansible/facts.d/pull.fact
+  template:
+    src: pull.fact
+    dest: /etc/ansible/facts.d/pull.fact
+- name: recollect facts
+  setup:
+- name: Install the ansible-pull script
+  template: src=ansible-pull.sh dest=/usr/sbin/run-ansible-pull mode=0755 owner=root group=root
+- name: Install cronjob
+  cron: name="Ansible Pull" minute="{{ ansible_local.pull.minute | default(59 | random) }}" job="/usr/sbin/run-ansible-pull"
+- name: ensure ansible-pull is run on reboot
+  cron:
+    name: run ansible on reboot
+    job: /usr/sbin/run-ansible-pull
+    special_time: reboot
diff --git a/roles/ansible-pull/templates/ansible-pull.sh b/roles/ansible-pull/templates/ansible-pull.sh
new file mode 100644
index 0000000..56dcb9a
--- /dev/null
+++ b/roles/ansible-pull/templates/ansible-pull.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+if [ "$1" == "nodisown" ]; then
+  # Sometimes the $PATH gets messed up in cron, so lets start by setting the record straight
+  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  if [[ -d /usr/ansible ]]; then rm -rf /usr/ansible; fi
+  ansible-pull -U {{ ansible_local.pull.repo }} -C {{ ansible_local.pull.branch }} -d /var/run/ansible/basic &> /var/log/ansible.log
+  code=$?
+  if [[ "$code" -ne "0" ]]; then
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull failed.'  nick=ansible-$RANDOM color=red timeout=60"
+    exit 1
+  fi
+{% if ansible_fqdn in additional_playbooks %}
+{% for playbook in additional_playbooks[ansible_fqdn] %}
+  ansible-pull -U {{ playbooks[playbook.name] }} {% if 'branch' in playbook %}-C {{ playbook.branch}} {% endif %} -d /var/run/ansible/{{playbook.name}}&> /var/log/ansible-{{ playbook.name }}.log
+  code=$?
+  if [[ "$code" -ne "0" ]]; then
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] ansible-pull failed with additional playbook {{ playbook.name }}'  nick=ansible-$RANDOM color=red"
+    exit 1
+  fi
+{% endfor %}
+{% endif %}
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull successfully ran'  nick=ansible-$RANDOM color=green"
+else
+  $0 nodisown & disown
+fi
diff --git a/roles/ansible-pull/templates/pull.fact b/roles/ansible-pull/templates/pull.fact
new file mode 100644
index 0000000..ac87804
--- /dev/null
+++ b/roles/ansible-pull/templates/pull.fact
@@ -0,0 +1,13 @@
+{
+{% if ansible_local is defined and ansible_local.pull is defined and ansible_local.pull is mapping %}
+  "repo": "{% if ansible_local.pull.repo %}{{ ansible_local.pull.repo }}{% else %}https://git.gnunet.org/ansible-basic.git{% endif %}",
+  "branch": "{% if ansible_local.pull.branch %}{{ ansible_local.pull.branch }}{% else %}master{% endif %}",
+  "minute": {% if ansible_local.pull.minute %}{{ ansible_local.pull.minute }}{% else %}{{ 59 | random }}{% endif %}
+{% else %}
+  "repo": "https://git.gnunet.org/ansible-basic.git",
+  "branch": "master",
+  "minute": "{{ 59 | random }}"
+{% endif %}
+}
diff --git a/roles/ansible-pull/vars/main.yaml b/roles/ansible-pull/vars/main.yaml
new file mode 100644
index 0000000..8b856a6
--- /dev/null
+++ b/roles/ansible-pull/vars/main.yaml
@@ -0,0 +1,2 @@
+playbooks:
+  gitlab-runner: https://git.gnunet.org/ansible-gitlab-runner.git
diff --git a/roles/basic/handlers/main.yml b/roles/basic/handlers/main.yml
new file mode 100644
index 0000000..6e1840d
--- /dev/null
+++ b/roles/basic/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Locale Gen
+  command: locale-gen
diff --git a/roles/basic/tasks/main.yml b/roles/basic/tasks/main.yml
new file mode 100644
index 0000000..b845a43
--- /dev/null
+++ b/roles/basic/tasks/main.yml
@@ -0,0 +1,32 @@
+- name: Install things from apt
+  apt:
+    name: [git, htop, mosh, tmux, ca-certificates, xtail, vim, python3-pip]
+    state: latest
+    update_cache: yes
+- name: Install qemu-guest-agent
+  apt:
+    name: qemu-guest-agent
+    state: latest
+  when: ansible_system_vendor == "QEMU"
+- name: Start qemu-guest-agent
+  service:
+    name: qemu-guest-agent
+    state: started
+  when: ansible_system_vendor == "QEMU"
+- name: Enable UTF-8 in the locale file
+  lineinfile: line="en_US.UTF-8 UTF-8" dest=/etc/locale.gen
+  notify:
+    - Locale Gen
+- name: Set timezone to Europe/Berlin
+  timezone:
+    name: Europe/Berlin
+    hwclock: UTC
+- name: Install things from pip
+  pip:
+    name: ipcalc
+    executable: pip3
diff --git a/roles/buster-upgrade/tasks/main.yml b/roles/buster-upgrade/tasks/main.yml
new file mode 100644
index 0000000..4e0edf0
--- /dev/null
+++ b/roles/buster-upgrade/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Preliminary update of apt repo and cache
+  apt: update_cache=yes cache_valid_time=3600
+- name: Preliminary package upgrade
+  apt: upgrade=dist
+- name: Ensure apt sources are set to Buster
+  template:
+    src: sources.list
+    dest: /etc/apt/sources.list
+- name: Update apt repo and cache from new source list
+  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+- name: Upgrade to Buster
+  apt: upgrade=dist force_apt_get=yes
diff --git a/roles/buster-upgrade/templates/sources.list b/roles/buster-upgrade/templates/sources.list
new file mode 100644
index 0000000..fdbb297
--- /dev/null
+++ b/roles/buster-upgrade/templates/sources.list
@@ -0,0 +1,11 @@
+# main repos
+deb http://ftp.us.debian.org/debian/ buster main
+deb-src http://ftp.us.debian.org/debian/ buster main
+# security updates
+deb http://security.debian.org/debian-security buster/updates main
+deb-src http://security.debian.org/debian-security buster/updates main
+# buster-updates, previously known as 'volatile'
+deb http://ftp.us.debian.org/debian/ buster-updates main
+deb-src http://ftp.us.debian.org/debian/ buster-updates main
diff --git a/roles/unattended-upgrades/tasks/main.yml b/roles/unattended-upgrades/tasks/main.yml
new file mode 100644
index 0000000..93b7fab
--- /dev/null
+++ b/roles/unattended-upgrades/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: Install unattended-upgrades
+  apt:
+    name: unattended-upgrades
+    state: present
+- name: Configure unattended-upgrades
+  template:
+    src: unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
diff --git a/roles/unattended-upgrades/templates/unattended-upgrades b/roles/unattended-upgrades/templates/unattended-upgrades
new file mode 100644
index 0000000..f27d85e
--- /dev/null
+++ b/roles/unattended-upgrades/templates/unattended-upgrades
@@ -0,0 +1,24 @@
+Unattended-Upgrade::Origins-Pattern {
+        "origin=Debian,codename=buster,label=Debian";
+        "codename=buster-backports";
+        "origin=Debian,codename=buster,label=Debian-Security";
+};
+Unattended-Upgrade::Package-Blacklist {
+};
+// Remove unused automatically installed kernel-related packages
+// (kernel images, kernel headers and kernel version locked tools).
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+// Do automatic removal of newly unused dependencies after the upgrade
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+// Do automatic removal of unused packages after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+// Automatically reboot *WITHOUT CONFIRMATION* if
+//  the file /var/run/reboot-required is found after the upgrade
+// Unattended-Upgrade::Automatic-Reboot "true";
diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
new file mode 100644
index 0000000..fe4e289
--- /dev/null
+++ b/roles/users/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Configure users
+  user:
+    name: "{{ item }}"
+    groups: adm,sudo
+    shell: /bin/bash
+  with_items:
+    - devan
+- name: Configure SSH keys
+  authorized_key:
+    user: "{{ item.name }}"
+    state: present
+    key: "{{ item.key }}"
+  with_items:
+    - name: dvn
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILL6PhAcMxsc4GhRuQYRMwchcig5qTDQQFZBQzxFTmxI
+- name: Ensure passwordless sudo
+  lineinfile:
+    line: "%sudo        ALL=(ALL:ALL) NOPASSWD:ALL"
+    dest: /etc/sudoers
+    regexp: "^%sudo     ALL=\\(ALL:ALL\\).*"
author	Devan Carpenter <git@dvn.me>	2020-05-13 16:11:54 +0100
committer	Devan Carpenter <git@dvn.me>	2020-05-13 16:11:54 +0100
commit	efaaee0ebe8c2f7fe715894c2941282cd29913e7 (patch)
tree	ffc070e43b85e5a2852875967fa2fd4523dc194c
download	ansible-basic-master.tar.gz ansible-basic-master.zip

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..072476e --- /dev/null +++ b/.gitlab-ci.yml
@@ -0,0 +1,10 @@
	1	stages:
	2	- test
	3
	4	test:
	5	stage: test
	6	image: python:latest
	7	before_script:
	8	- pip install ansible==2.6.2
	9	script:
	10	- ansible-playbook --syntax-check -v local.yml


diff --git a/README.md b/README.md new file mode 100644 index 0000000..8ea0c17 --- /dev/null +++ b/README.md
@@ -0,0 +1,3 @@
	1	# Ansible Basic Stuff
	2
	3	An `ansible-pull` compatible repo to do some basic things that I like all of my boxes to have.


diff --git a/local.yml b/local.yml new file mode 100644 index 0000000..bcf72dc --- /dev/null +++ b/local.yml
@@ -0,0 +1,13 @@
	1	---
	2	- hosts: localhost
	3	vars:
	4	additional_playbooks:
	5	runner0.gitlab.gnunet.org:
	6	- name: gitlab-runner
	7	roles:
	8	- role: buster-upgrade
	9	when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")
	10	- basic
	11	- ansible-pull
	12	- users
	13	- unattended-upgrades


diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml new file mode 100644 index 0000000..7414bd9 --- /dev/null +++ b/roles/ansible-pull/tasks/main.yml
@@ -0,0 +1,33 @@
	1	- name: Update apt cache
	2	apt: update_cache=yes
	3
	4	- name: Install depends
	5	apt:
	6	name: [python3-pip, ansible]
	7	state: present
	8
	9	- name: Ensure /etc/ansible/facts.d exists
	10	file:
	11	path: /etc/ansible/facts.d
	12	state: directory
	13	recurse: yes
	14
	15	- name: Make /etc/ansible/facts.d/pull.fact
	16	template:
	17	src: pull.fact
	18	dest: /etc/ansible/facts.d/pull.fact
	19
	20	- name: recollect facts
	21	setup:
	22
	23	- name: Install the ansible-pull script
	24	template: src=ansible-pull.sh dest=/usr/sbin/run-ansible-pull mode=0755 owner=root group=root
	25
	26	- name: Install cronjob
	27	cron: name="Ansible Pull" minute="{{ ansible_local.pull.minute \| default(59 \| random) }}" job="/usr/sbin/run-ansible-pull"
	28
	29	- name: ensure ansible-pull is run on reboot
	30	cron:
	31	name: run ansible on reboot
	32	job: /usr/sbin/run-ansible-pull
	33	special_time: reboot


diff --git a/roles/ansible-pull/templates/ansible-pull.sh b/roles/ansible-pull/templates/ansible-pull.sh new file mode 100644 index 0000000..56dcb9a --- /dev/null +++ b/roles/ansible-pull/templates/ansible-pull.sh
@@ -0,0 +1,31 @@
	1	#!/bin/bash
	2
	3	if [ "$1" == "nodisown" ]; then
	4	# Sometimes the $PATH gets messed up in cron, so lets start by setting the record straight
	5	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	6	if [[ -d /usr/ansible ]]; then rm -rf /usr/ansible; fi
	7	ansible-pull -U {{ ansible_local.pull.repo }} -C {{ ansible_local.pull.branch }} -d /var/run/ansible/basic &> /var/log/ansible.log
	8	code=$?
	9
	10	if [[ "$code" -ne "0" ]]; then
	11	# ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull failed.' nick=ansible-$RANDOM color=red timeout=60"
	12	exit 1
	13	fi
	14
	15	{% if ansible_fqdn in additional_playbooks %}
	16	{% for playbook in additional_playbooks[ansible_fqdn] %}
	17	ansible-pull -U {{ playbooks[playbook.name] }} {% if 'branch' in playbook %}-C {{ playbook.branch}} {% endif %} -d /var/run/ansible/{{playbook.name}}&> /var/log/ansible-{{ playbook.name }}.log
	18	code=$?
	19
	20	if [[ "$code" -ne "0" ]]; then
	21	# ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] ansible-pull failed with additional playbook {{ playbook.name }}' nick=ansible-$RANDOM color=red"
	22	exit 1
	23	fi
	24
	25	{% endfor %}
	26	{% endif %}
	27	# ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull successfully ran' nick=ansible-$RANDOM color=green"
	28
	29	else
	30	$0 nodisown & disown
	31	fi


diff --git a/roles/ansible-pull/templates/pull.fact b/roles/ansible-pull/templates/pull.fact new file mode 100644 index 0000000..ac87804 --- /dev/null +++ b/roles/ansible-pull/templates/pull.fact
@@ -0,0 +1,13 @@
	1	{
	2	{% if ansible_local is defined and ansible_local.pull is defined and ansible_local.pull is mapping %}
	3	"repo": "{% if ansible_local.pull.repo %}{{ ansible_local.pull.repo }}{% else %}https://git.gnunet.org/ansible-basic.git{% endif %}",
	4	"branch": "{% if ansible_local.pull.branch %}{{ ansible_local.pull.branch }}{% else %}master{% endif %}",
	5	"minute": {% if ansible_local.pull.minute %}{{ ansible_local.pull.minute }}{% else %}{{ 59 \| random }}{% endif %}
	6
	7	{% else %}
	8	"repo": "https://git.gnunet.org/ansible-basic.git",
	9	"branch": "master",
	10	"minute": "{{ 59 \| random }}"
	11
	12	{% endif %}
	13	}


diff --git a/roles/ansible-pull/vars/main.yaml b/roles/ansible-pull/vars/main.yaml new file mode 100644 index 0000000..8b856a6 --- /dev/null +++ b/roles/ansible-pull/vars/main.yaml
@@ -0,0 +1,2 @@
	1	playbooks:
	2	gitlab-runner: https://git.gnunet.org/ansible-gitlab-runner.git


diff --git a/roles/basic/handlers/main.yml b/roles/basic/handlers/main.yml new file mode 100644 index 0000000..6e1840d --- /dev/null +++ b/roles/basic/handlers/main.yml
@@ -0,0 +1,2 @@
	1	- name: Locale Gen
	2	command: locale-gen


diff --git a/roles/basic/tasks/main.yml b/roles/basic/tasks/main.yml new file mode 100644 index 0000000..b845a43 --- /dev/null +++ b/roles/basic/tasks/main.yml
@@ -0,0 +1,32 @@
	1	- name: Install things from apt
	2	apt:
	3	name: [git, htop, mosh, tmux, ca-certificates, xtail, vim, python3-pip]
	4	state: latest
	5	update_cache: yes
	6
	7	- name: Install qemu-guest-agent
	8	apt:
	9	name: qemu-guest-agent
	10	state: latest
	11	when: ansible_system_vendor == "QEMU"
	12
	13	- name: Start qemu-guest-agent
	14	service:
	15	name: qemu-guest-agent
	16	state: started
	17	when: ansible_system_vendor == "QEMU"
	18
	19	- name: Enable UTF-8 in the locale file
	20	lineinfile: line="en_US.UTF-8 UTF-8" dest=/etc/locale.gen
	21	notify:
	22	- Locale Gen
	23
	24	- name: Set timezone to Europe/Berlin
	25	timezone:
	26	name: Europe/Berlin
	27	hwclock: UTC
	28
	29	- name: Install things from pip
	30	pip:
	31	name: ipcalc
	32	executable: pip3


diff --git a/roles/buster-upgrade/tasks/main.yml b/roles/buster-upgrade/tasks/main.yml new file mode 100644 index 0000000..4e0edf0 --- /dev/null +++ b/roles/buster-upgrade/tasks/main.yml
@@ -0,0 +1,17 @@
	1	- name: Preliminary update of apt repo and cache
	2	apt: update_cache=yes cache_valid_time=3600
	3
	4	- name: Preliminary package upgrade
	5	apt: upgrade=dist
	6
	7	- name: Ensure apt sources are set to Buster
	8	template:
	9	src: sources.list
	10	dest: /etc/apt/sources.list
	11
	12	- name: Update apt repo and cache from new source list
	13	apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
	14
	15	- name: Upgrade to Buster
	16	apt: upgrade=dist force_apt_get=yes
	17


diff --git a/roles/buster-upgrade/templates/sources.list b/roles/buster-upgrade/templates/sources.list new file mode 100644 index 0000000..fdbb297 --- /dev/null +++ b/roles/buster-upgrade/templates/sources.list
@@ -0,0 +1,11 @@
	1	# main repos
	2	deb http://ftp.us.debian.org/debian/ buster main
	3	deb-src http://ftp.us.debian.org/debian/ buster main
	4
	5	# security updates
	6	deb http://security.debian.org/debian-security buster/updates main
	7	deb-src http://security.debian.org/debian-security buster/updates main
	8
	9	# buster-updates, previously known as 'volatile'
	10	deb http://ftp.us.debian.org/debian/ buster-updates main
	11	deb-src http://ftp.us.debian.org/debian/ buster-updates main


diff --git a/roles/unattended-upgrades/tasks/main.yml b/roles/unattended-upgrades/tasks/main.yml new file mode 100644 index 0000000..93b7fab --- /dev/null +++ b/roles/unattended-upgrades/tasks/main.yml
@@ -0,0 +1,9 @@
	1	- name: Install unattended-upgrades
	2	apt:
	3	name: unattended-upgrades
	4	state: present
	5
	6	- name: Configure unattended-upgrades
	7	template:
	8	src: unattended-upgrades
	9	dest: /etc/apt/apt.conf.d/50unattended-upgrades


diff --git a/roles/unattended-upgrades/templates/unattended-upgrades b/roles/unattended-upgrades/templates/unattended-upgrades new file mode 100644 index 0000000..f27d85e --- /dev/null +++ b/roles/unattended-upgrades/templates/unattended-upgrades
@@ -0,0 +1,24 @@
	1	Unattended-Upgrade::Origins-Pattern {
	2	"origin=Debian,codename=buster,label=Debian";
	3	"codename=buster-backports";
	4	"origin=Debian,codename=buster,label=Debian-Security";
	5
	6	};
	7
	8	Unattended-Upgrade::Package-Blacklist {
	9	};
	10
	11	// Remove unused automatically installed kernel-related packages
	12	// (kernel images, kernel headers and kernel version locked tools).
	13	Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
	14
	15	// Do automatic removal of newly unused dependencies after the upgrade
	16	Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
	17
	18	// Do automatic removal of unused packages after the upgrade
	19	// (equivalent to apt-get autoremove)
	20	Unattended-Upgrade::Remove-Unused-Dependencies "true";
	21
	22	// Automatically reboot WITHOUT CONFIRMATION if
	23	// the file /var/run/reboot-required is found after the upgrade
	24	// Unattended-Upgrade::Automatic-Reboot "true";


diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml new file mode 100644 index 0000000..fe4e289 --- /dev/null +++ b/roles/users/tasks/main.yml
@@ -0,0 +1,22 @@
	1	- name: Configure users
	2	user:
	3	name: "{{ item }}"
	4	groups: adm,sudo
	5	shell: /bin/bash
	6	with_items:
	7	- devan
	8
	9	- name: Configure SSH keys
	10	authorized_key:
	11	user: "{{ item.name }}"
	12	state: present
	13	key: "{{ item.key }}"
	14	with_items:
	15	- name: dvn
	16	key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILL6PhAcMxsc4GhRuQYRMwchcig5qTDQQFZBQzxFTmxI
	17
	18	- name: Ensure passwordless sudo
	19	lineinfile:
	20	line: "%sudo ALL=(ALL:ALL) NOPASSWD:ALL"
	21	dest: /etc/sudoers
	22	regexp: "^%sudo ALL=\\(ALL:ALL\\).*"