Commit | Line | Data |
---|---|---|
d82e5cee KS |
1 | --- |
2 | ||
3 | - name: Install OpenSSH | |
4 | ansible.windows.win_feature: | |
5 | name: OpenSSH | |
6 | state: present | |
7 | # This depends on Get-WindowsFeature, provided by RSAT. Not currently available on arm | |
8 | when: ansible_architecture != 'ARM 64-bit Processor' | |
9 | - name: Run OpenSSH automatically | |
10 | ansible.windows.win_service: | |
11 | name: sshd | |
12 | start_mode: auto | |
13 | state: started | |
4955549e KS |
14 | - name: Allow Terminal Server connections |
15 | ansible.windows.win_regedit: | |
16 | path: 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' | |
17 | name: 'fDenyTSConnections' | |
18 | data: '0' | |
19 | type: 'dword' | |
20 | - name: Run RDP automatically | |
21 | ansible.windows.win_service: | |
22 | name: 'TermService' | |
23 | start_mode: 'auto' | |
24 | state: 'started' | |
d82e5cee KS |
25 | - name: Turn off standy |
26 | ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change standby-timeout-ac 0' | |
27 | - name: Turn off hibernation | |
28 | ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /hibernate off' | |
29 | - name: Turn off disk timeouts | |
30 | ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change disk-timeout-ac 0' | |
31 | - name: Install powershell | |
32 | ansible.windows.win_package: | |
33 | path: 'https://github.com/PowerShell/PowerShell/releases/download/v7.3.4/PowerShell-7.3.4-win-x64.msi' | |
34 | state: 'present' | |
35 | # get-wmiobject Win32_Product | |
36 | product_id: '{11479679-5C7F-477F-869F-3ED956CE684D}' | |
37 | - name: Set powershell 7 as the default shell for OpenSSH | |
38 | ansible.windows.win_regedit: | |
39 | path: 'HKLM:\SOFTWARE\OpenSSH' | |
40 | name: 'DefaultShell' | |
41 | data: 'c:/progra~1/powershell/7/pwsh.exe' | |
42 | - name: Join domain | |
43 | ansible.windows.win_domain_membership: | |
44 | dns_domain_name: 'internal.efficios.com' | |
45 | hostname: "{{ansible_hostname}}" | |
46 | domain_ou_path: 'DC=internal,DC=efficios,DC=com' | |
47 | state: 'domain' | |
48 | domain_admin_user: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='username')[0] }}" | |
49 | domain_admin_password: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='password')[0] }}" | |
50 | register: domain_state | |
51 | - name: Install python | |
52 | ansible.windows.win_package: | |
53 | path: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-arm64.exe' | |
54 | state: 'present' | |
55 | arguments: | |
56 | - '/InstallAllUsers=1' | |
57 | - '/SimpleInstall' | |
58 | - '/quiet' | |
59 | creates_path: 'C:\Windows\py.exe' | |
60 | - name: Set administrator authorized keys | |
61 | ansible.windows.win_template: | |
62 | src: 'authorized_keys.j2' | |
63 | dest: 'c:\ProgramData\ssh\administrators_authorized_keys' | |
4955549e KS |
64 | # c.f. https://galaxy.ansible.com/ui/repo/published/community/windows/content/module/win_firewall_rule/ |
65 | - name: Firewall rule to alloc ICMP v4 on all type codes | |
66 | community.windows.win_firewall_rule: | |
67 | name: ICMP Allow incoming V4 echo request | |
68 | enabled: true | |
69 | state: present | |
70 | profiles: | |
71 | - domain | |
72 | - private | |
73 | - public | |
74 | action: allow | |
75 | direction: in | |
76 | protocol: icmpv4 | |
77 | icmp_type_code: '*' | |
78 | - name: Firewall rule to allow RDP on TCP port 3389 | |
79 | community.windows.win_firewall_rule: | |
80 | name: Remote Desktop | |
81 | localport: 3389 | |
82 | action: allow | |
83 | direction: in | |
84 | protocol: tcp | |
85 | profiles: | |
86 | - domain | |
87 | - private | |
88 | state: present | |
89 | enabled: true | |
d82e5cee KS |
90 | - name: Reboot if domain changed |
91 | when: domain_state.reboot_required | |
92 | ansible.windows.win_reboot: |