- hosts: image
  tasks:
    - shell: |
        echo "{{ host }}" > /etc/hostname
        sed -i '/^127\.0\.0.*localhost.*/s/.*/127.0.0.1 localhost {{ host }}/' \
          /etc/hosts
        sed -i '/^root:[^:]:/s//root::/' /etc/passwd
    - copy:
        content: |
          auto lo
          iface lo inet loopback

          auto eth0
          iface eth0 inet dhcp
        dest: /etc/network/interfaces
    - copy:
        content: |
          options kvm-intel nested=1
          options kvm-intel enable_shadow_vmcs=1
          options kvm-intel enable_apicv=1
          options kvm-intel ept=1
        dest: /etc/modprobe.d/kvm-nested.conf
    - apt:
        name:
          - ssh
          - sudo
          - qemu-system-x86
          - virtinst
          - libvirt-daemon-system
          - libvirt-clients
          - locales-all
          - jq
          - rsync
          - kpartx
    - name: "modify libvirt to use a non-standard IP range for guests"
      shell:
        sed -i 's/192\.168\.122\./192.168.99\./g' /etc/libvirt/qemu/networks/default.xml
    - user:
        comment: "Manager"
        name: manager
        shell: /bin/bash
        groups:
          - libvirt
    - authorized_key:
        user: manager
        key: "{{ user_pub }}"
    - copy:
        content: |
          manager ALL=(ALL:ALL) NOPASSWD: ALL
        dest: /etc/sudoers.d/manager
        owner: root
        group: root
        mode: 0600
    - file:
        state: directory
        path: /home/manager/.ssh
        owner: manager
        group: manager
        mode: 0700
    - copy:
        src: "{{ item }}"
        dest: "/home/manager/.ssh/{{ item }}"
        owner: manager
        group: manager
        mode: 0600
      with_items:
        - manager.key
        - manager.key.pub
    - copy:
        src: manager-ssh-config
        dest: /home/manager/.ssh/config
        owner: manager
        group: manager
        mode: 0600
  vars:
    host: contractor
    ansible_python_interpreter: /usr/bin/python3
    user_pub: |
      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50