# OS Base Role Configures fundamental system settings for Debian-based systems including hostname, user accounts, SSH keys, package management, and sudo access. ## What it does This role performs the following system configuration tasks: - **System Identity**: Sets hostname, domain, and FQDN - **User Management**: Creates system and regular users with specified UIDs, groups, and home directories - **SSH Access**: Deploys authorized SSH keys for users - **Package Management**: Configures APT preferences and installs base packages - **Sudo Configuration**: Sets up wheel group with passwordless sudo access - **Security Groups**: Ensures wheel and sudo groups exist ## Variables ### Required Variables | Variable | Type | Description | Default | |----------|------|-------------|---------| | `system_accounts` | list | List of user accounts to create | `[]` | | `system_packages` | list | List of packages to install | `[]` | ### Optional Variables | Variable | Type | Description | Default | |----------|------|-------------|---------| | `system_hostname` | string | System hostname | `inventory_hostname` first part | | `system_domain` | string | System domain name | `inventory_hostname` remaining parts | | `system_fqdn` | string | Full qualified domain name | `system_hostname.system_domain` | | `system_packages_norecommend` | bool | Disable APT recommended packages | `false` | | `system_packages_nosuggest` | bool | Disable APT suggested packages | `false` | ### System Account Configuration Each account in `system_accounts` supports these properties: | Property | Type | Description | Default | |----------|------|-------------|---------| | `name` | string | Username (required) | - | | `state` | string | User state: present/absent | `present` | | `system` | bool | Create as system user | `false` | | `uid` | int | User ID | auto-assigned | | `groups` | list | User groups | `[]` | | `comment` | string | User description | - | | `shell` | string | Login shell | `/bin/bash` | | `home` | string | Home directory | `/home/{{ name }}` | | `create_home` | bool | Create home directory | `true` | | `sshkey_state` | string | SSH key state: present/absent | `present` | | `sshkeys` | list | List of SSH public keys | `[]` | | `permissions` | list | Special permissions | `[]` | ### Supported Permissions - `sudo`: Add user to sudo group (password required) - `sudo_nopass`: Add user to wheel group (passwordless sudo) - `libvirt`: Add user to libvirt group ## Examples ### Basic Configuration ```yaml system_accounts: - name: admin uid: 1000 groups: [sudo, wheel] comment: "System Administrator" sshkeys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... admin@workstation system_packages: - htop - vim - git - curl ``` ### Advanced User Setup ```yaml system_accounts: - name: sysmaint state: present system: true uid: 1000 groups: [sudo, wheel] comment: "Maintenance user" sshkey_state: present sshkeys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... maint@jumpbox permissions: &maint_permissions - sudo - sudo_nopass - libvirt - name: john uid: 1001 groups: [sudo, wheel] comment: "Primary admin" sshkeys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... john@laptop - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... john@desktop permissions: *maint_permissions system_packages: - htop - vim - ncdu - git - iftop - rsync - bash system_packages_norecommend: true system_packages_nosuggest: true ``` ### Custom Hostname Configuration ```yaml system_hostname: "webserver" system_domain: "example.com" system_fqdn: "webserver.example.com" system_accounts: - name: webadmin uid: 1000 groups: [sudo] comment: "Web server administrator" sshkeys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... webadmin@deploy system_packages: - nginx - certbot - fail2ban ```