initial commit, here be dragons

roles/bootstrap/files/Krabat_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3QNn/uO/cRQcSbWHndnAhNhFOyamQvSxxmeDE9uCeH chris@Krabat

roles/bootstrap/files/LinTron2_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEE9UlErchhdMODrVFLZWwk+Qm7O8hmWrR92K3omMYg7 LinTron2

roles/bootstrap/tasks/logrotate.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Install logrotate
+  ansible.builtin.apt:
+    name: "logrotate"
+
+- name: Configure logrotate to rotate monthly
+  ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^weekly", line: "monthly" }
+
+- name: Configure logrotate to keep 12 months
+  ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^rotate 4", line: "rotate 12" }
+
+- name: Configure logrotate to compress
+  ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^#compress", line: "compress" }
+

roles/bootstrap/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+
+- name: Create users
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    groups: "sudo"
+    state: present
+  loop:
+    - { name: "chris", shell: "/bin/bash" }
+
+- name: Add authorized keys
+  ansible.posix.authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ lookup('file', '{{ item.keyfile }}') }}"
+    state: present
+  loop:
+    - { name: "chris", keyfile: "Krabat_ed25519.pub" }
+    - { name: "chris", keyfile: "LinTron2_ed25519.pub" }
+
+- name: Set swappiness via sysctl
+  ansible.posix.sysctl:
+    name: vm.swappiness
+    value: '20'
+    sysctl_file: /etc/sysctl.d/99-swappiness.conf
+    state: present
+    reload: yes
+
+- name: Set timezone
+  community.general.timezone: { name: "Europe/Berlin" }
+
+- name: Setup static network
+  ansible.builtin.template:
+    src: 00-static-config.yaml.j2
+    dest: /etc/netplan/00-static-config.yaml
+
+- name: Apply netplan configuration
+  ansible.builtin.command:
+    cmd: netplan apply
+  changed_when: false
+
+- name: Setup sudoers to sudo without password
+  ansible.builtin.lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: ^%sudo\s
+    line: "%sudo ALL=(ALL) NOPASSWD: ALL"
+
+- name: Install common software
+  ansible.builtin.apt:
+    name: "{{ packages }}"
+    update_cache: yes
+  vars:
+    packages:
+      - htop
+      - rsync
+      - nano
+      - tmux
+      - byobu
+      - iotop
+      - iftop
+      - colordiff
+      - ncdu
+
+- name: Include logroate
+  ansible.builtin.include_tasks: logrotate.yml

roles/bootstrap/templates/00-static-config.yaml.j2

@@ -0,0 +1,15 @@
+network:
+  version: 2
+  ethernets:
+    {{ ansible_default_ipv4.interface }}:
+      addresses:
+        - 10.42.0.20/22
+        - fe80::2/64
+      dhcp4: no
+      dhcp6: no
+      gateway4: 192.168.178.1
+      gateway6: fe80::1
+      nameservers:
+        addresses:
+          - 2620:fe::fe # quad9
+          - 9.9.9.9 # quad9