playbook.yml

---
- hosts: localhost
  connection: local
  gather_facts: true
  vars:
    sysctl_rhel_config:
      kernel.exec-shield: 1
      net.ipv4.tcp_syncookies: 1
    git_install_from_source_dependencies:
    - gcc
  pre_tasks:
  # - name: import ssh authorized key
  #   ansible.posix.authorized_key:
  #     user: "hutchic"
  #     state: present
  #     key: "{{ lookup('url', 'https://keybase.io/hutchic/pgp_keys.asc?fingerprint=2456905d58033cb18166454aef080fc8d67f84bc', split_lines=False) }}"

  # - name: Install 1password
  #   include: install-1password.yml

  - name: Upgrade via apt
    become: yes
    become_user: root
    apt:
      upgrade: dist
      update_cache: yes

  - name: Touch required file for dev-sec
    become: yes
    become_user: root
    file:
      path: /etc/security/limits.d/10.hardcore.conf
      state: touch

  - name: Install zsh
    apt:
      name: zsh
    become: yes

  - name: Install gh-cli
    include: install-gh-cli.yml

  - name: Check if slack is installed
    shell: dpkg -l | grep -E '^ii' | grep slack
    register: slack_installed
    ignore_errors: yes

  - name: Install slack
    apt:
      deb: https://downloads.slack-edge.com/releases/linux/4.29.149/prod/x64/slack-desktop-4.29.149-amd64.deb
    become: yes
    when: slack_installed.rc != 0

  - name: Check if vscode is installed
    shell: dpkg -l | grep -E '^ii' | grep code
    register: vscode_installed
    ignore_errors: yes

  - name: Install vscode
    apt:
      deb: https://code.visualstudio.com/sha/download?build=stable&os=linux-deb-x64
    become: yes
    when: vscode_installed.rc != 0

  - name: Check if docker-ce is installed
    shell: dpkg -l | grep -E '^ii' | grep docker-ce
    register: docker_installed
    ignore_errors: yes

  - name: Install docker-ce
    include: install-docker.yml
    when: docker_installed.rc != 0

  - name: Make sure the docker cli plugin directory exists
    ansible.builtin.file:
      path: "{{ lookup('env','HOME') }}/.docker/cli-plugins/"
      state: directory
      mode: '0755'

  - name: Install docker-compose cli plugin
    get_url:
      url: https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-x86_64
      dest: "{{ lookup('env','HOME') }}/.docker/cli-plugins/docker-compose"
      mode: '0755'

  - name: Install ngrok
    become: yes
    ansible.builtin.unarchive:
      src: https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.tgz
      dest: /usr/local/bin
      remote_src: yes
      mode: '0755'

  - name: Check if keybase is installed
    shell: dpkg -l | grep -E '^ii' | grep keybase
    register: keybase_installed
    ignore_errors: yes

  - name: Install keybase
    include: install-keybase.yml
    when: keybase_installed.rc != 0

  - name: Check if yubico is installed
    shell: dpkg -l | grep -q '[y]ubi'
    register: yubico_installed
    ignore_errors: yes

  - name: Install yubico
    include: install-yubico.yml
    when: yubico_installed.rc != 0

  - name: Check if zoom is installed
    shell: dpkg -l | grep -E '^ii' | grep zoom
    register: zoom_installed
    ignore_errors: yes

  - name: Install zoom
    include: install-zoom.yml
    when: zoom_installed.rc != 0

  - name: Install various packages via apt
    become: yes
    apt:
      name: '{{ item }}'
    with_items: '{{ apt_things_to_install }}'

  - name: Setup yubikey u2f
    become: yes
    get_url:
      url: https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules
      dest: /etc/udev/rules.d/70-u2f.rules
      checksum: sha1:8ed233dc60fe89569410907f1b830945853af2bb

  - name: set timezone to America/Toronto
    become: yes
    timezone:
      name: America/Toronto

  roles:
  - {role: vcabourdin.chrome, become: yes}
  - {role: jnv.unattended-upgrades, become: yes}
  - {role: geerlingguy.nfs, become: yes}
  - {role: geerlingguy.ntp, become: yes}
  - {role: badpacketsllc.aws_cli, become: yes}
  - {role: artis3n.tailscale, tailscale_up_skip: true, become: yes}
  - {role: arillso.sshd, become: yes}