20251216T011536CET

provision.yml

@@ -1,6 +1,7 @@
 - name: provision debian image
   hosts: localhost
   connection: local
+  become: true
   
-  tasks:
-    - ping:
+  roles:
+    - role: setup-user

roles/setup-user/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+users:
+  - { name: ghost, home_dir: /home/ghost }
+  - { name: root, home_dir: /root }

roles/setup-user/files/banner

@@ -0,0 +1,6 @@
+------------------------------------------------------------------------------
+* WARNING                                                                    *
+* You are accessing a secured system and your actions will be logged along   *
+* with identifying information. Disconnect immediately if you are not an     *
+* authorized user of this system.                                            *
+------------------------------------------------------------------------------

roles/setup-user/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: set banner
+  ansible.builtin.copy:
+    src: banner
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: setup bash
+  ansible.builtin.template:
+    src: .bashrc.j2
+    dest: "{{ item.home_dir }}/.bashrc"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: "0644"
+  loop: "{{ users }}"

roles/setup-user/templates/.bashrc.j2

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# If not running interactively, don't do anything
+case $- in
+  *i*) ;;
+  *) return;;
+esac
+
+HISTCONTROL=ignoreboth
+shopt -s histappend
+shopt -s checkwinsize
+shopt -s globstar
+HISTSIZE=5000
+HISTFILESIZE=10000
+STARTDIR=$HOME
+
+# Set start directory
+cd $STARTDIR || return
+
+# Set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+  debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# Set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+  xterm-color) color_prompt=yes;;
+esac
+
+force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+  if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+    # We have color support; assume it's compliant with Ecma-48
+    # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+    # a case would tend to support setf rather than setaf.)
+    color_prompt=yes
+  else
+    color_prompt=
+  fi
+fi
+
+NORMAL="\[\e[0m\]"
+RED="\[\e[1;31m\]"
+BLUE="\[\e[1;34m\]"
+
+if [ "$color_prompt" = yes ]; then
+  if [ "$USER" = root ]; then
+    PS1="$RED\u@\h [$NORMAL\w$RED] # $NORMAL"
+  else
+    PS1="$BLUE\u@\h [$NORMAL\w$BLUE] \$ $NORMAL"
+  fi
+else
+  PS1='\u@\h [\w] \$ '
+fi
+unset color_prompt force_color_prompt
+
+# Enable color support of ls
+if [ -x /usr/bin/dircolors ]; then
+  test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+fi
+
+# Colored GCC warnings and errors
+export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+[ -f ~/.bash_aliases ] && . ~/.bash_aliases
+
+# Enable programmable completion features (you don't need to
+# enable this, if it's already enabled in /etc/bash.bashrc
+# and /etc/profile sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi

user-data

@@ -19,18 +19,9 @@ packages:
 - pwgen
 - git
 
-ansible:
-  package_name: ansible-core
-  install_method: pip
-  # run_user: ghost
-  pull:
-    accept_host_key: true
-    url: https://git.svdb.dev/svdb/debian.git
-    playbook_name: provision.yml
-
 runcmd:
 - ps -u ghost
-- deluser --remove-all-files linuxuser
+- deluser --quiet --remove-all-files linuxuser
 - usermod --uid 1000 ghost
 - groupmod --gid 1000 ghost
 - git clone https://git.svdb.dev/svdb/debian.git /tmp/debian
@@ -42,3 +33,4 @@ runcmd:
 - uv cache clean
 - rm --recursive --force $(uv python dir)
 - rm --recursive --force $(uv tool dir)
+- rm --recursive --force /tmp/debian