no-secrets-athq-ansible/roles/base/tasks/main.yaml

- name: Install packages
  apt:
    pkg:
        - rsync
        - zsh
        - net-tools
        - tcpdump
        - git
        - apt-file
        - htop
        - ncdu
        - gpg

- name: Ensure Opt dir exists and accessible
  file:
    name: /opt/
    state: directory
    mode: 0711

- name: Ensure backup info dir exists and accessible
  file:
    name: /opt/backup-info/
    state: directory
    mode: 0700

- name: Copy Backup Helper script
  copy:
    src: check_dir_size_for_backup.py
    dest: /opt/check_dir_size_for_backup.py
    mode: 0755

- name: Create sheppy .ssh dir
  file:
    path: /home/sheppy/.ssh/
    state: directory
    owner: sheppy
    group: sheppy
    mode: 0700

- name: Template Sheppy authorized keys
  template:
    src: authorized_keys_sheppy.j2
    dest: /home/sheppy/.ssh/authorized_keys
    owner: sheppy
    group: sheppy
    mode: 0600

- name: Add extra root keys
  lineinfile:
    path: /root/.ssh/authorized_keys
    line: "{{ item }}"
  loop: "{{ extra_root_keys }}"

- name: Add journalctl cleanup
  ansible.builtin.cron:
    name: "check dirs"
    minute: "0"
    hour: "0"
    job: "/usr/bin/journalctl --vacuum-time=7d"