-
Notifications
You must be signed in to change notification settings - Fork 114
/
win-simple.yml
148 lines (125 loc) · 5.13 KB
/
win-simple.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
- name: Configure host
hosts: all
vars:
# renovate: datasource=github-tags depName=bleachbit/bleachbit
bleachbit_version: 4.6.2
# renovate: datasource=github-tags depName=PowerShell/Win32-OpenSSH versioning=regex:^v?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)(\..*)?$
openssh_version: 9.5.0.0p1-Beta
roles:
- role: ansible-role-virtio-win
virtio_win_iso_path: 'E:\\virtio-win\\'
when: ansible_system_vendor == "QEMU"
tasks:
- name: Enable Remote Desktop
ansible.windows.win_regedit:
path: 'HKLM:\System\CurrentControlSet\Control\Terminal Server'
name: fDenyTSConnections
data: 0
type: dword
- name: Allow connections from computers running any version of Remote Desktop (less secure)
ansible.windows.win_regedit:
path: 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'
name: UserAuthentication
data: 0
type: dword
- name: Enable Firewall Inbound Rules Group
ansible.windows.win_shell: Enable-NetFirewallRule -DisplayGroup "{{ item }}"
loop:
- Remote Desktop
- Windows Remote Management
- name: Use the plaintext WinRM transport and force it to use basic authentication
ansible.windows.win_shell: winrm set winrm/config/service '@{AllowUnencrypted="true"}'
- name: Enable Administrator account
ansible.windows.win_user:
name: Administrator
account_disabled: false
when: ansible_distribution is search("Microsoft Windows 10")
- name: Remove all current pagefiles
community.windows.win_pagefile:
remove_all: true
automatic: false
state: absent
- name: Disable Hibernate Mode
ansible.windows.win_command: powercfg -h off
changed_when: false
when: ansible_distribution is search("Microsoft Windows 10")
- name: Download BleachBit
ansible.windows.win_get_url:
url: https://download.bleachbit.org/BleachBit-{{ bleachbit_version }}-portable.zip
dest: "%HOMEDRIVE%\\BleachBit-portable.zip"
register: result
until: result is succeeded
- name: Download OpenSSH
ansible.windows.win_get_url:
url: https://github.com/PowerShell/Win32-OpenSSH/releases/download/v{{ openssh_version }}/OpenSSH-Win64.zip
dest: "%HOMEDRIVE%\\OpenSSH-portable.zip"
register: result
until: result is succeeded
- name: Unzip downloaded OpenSSH
community.windows.win_unzip:
src: "%HOMEDRIVE%\\OpenSSH-portable.zip"
dest: "%HOMEDRIVE%\\"
delete_archive: true
- name: Install OpenSSH
ansible.windows.win_shell: "C:\\OpenSSH-Win64\\install-sshd.ps1"
- name: Set OpenSSH Service to automatic startup and ensure it is up
ansible.windows.win_service:
name: sshd
start_mode: auto
state: started
- name: Enable Firewall for OpenSSH
ansible.windows.win_shell: New-NetFirewallRule -DisplayName "ssh" -Direction Inbound -Action Allow -Protocol "TCP" -LocalPort "22"
- name: Add Vagrant key
ansible.windows.win_get_url:
url: https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub
dest: "%PROGRAMDATA%\\ssh\\administrators_authorized_keys"
- name: Unzip downloaded BleachBit
community.windows.win_unzip:
src: "%HOMEDRIVE%\\BleachBit-portable.zip"
dest: "%HOMEDRIVE%\\"
delete_archive: true
- name: Get latest UltraDefrag url
ansible.windows.win_uri:
url: https://sourceforge.net/projects/ultradefrag/rss?path=/stable-release
return_content: true
register: ultradefrag_url_output
until: ultradefrag_url_output is succeeded
- name: Set UltraDefrag url
ansible.builtin.set_fact:
ultradefrag_url: "{{ ultradefrag_url_output.content | regex_search('<link>(.*ultradefrag-portable.*amd64.zip.*)</link>', '\\1') | first }}"
# ultradefrag_url: "https://altushost-swe.dl.sourceforge.net/project/ultradefrag/stable-release/7.1.4/ultradefrag-portable-7.1.4.bin.amd64.zip"
- name: Download UltraDefrag from {{ ultradefrag_url }}
ansible.windows.win_get_url:
url: "{{ ultradefrag_url }}"
dest: "%HOMEDRIVE%\\ultradefrag-portable.bin.amd64.zip"
follow_redirects: all
register: result
until: result is succeeded
- name: Unzip downloaded Ultra Defrag
community.windows.win_unzip:
src: "%HOMEDRIVE%\\ultradefrag-portable.bin.amd64.zip"
dest: "%HOMEDRIVE%\\"
delete_archive: true
- name: Install windows updates
ansible.windows.win_updates:
category_names:
- Application
- Connectors
- CriticalUpdates
- DefinitionUpdates
- DeveloperKits
- FeaturePacks
- Guidance
- SecurityUpdates
- ServicePacks
- Tools
- UpdateRollups
- Updates
reboot: true
reboot_timeout: 10000
register: windows_updates
- name: Windows reboot
ansible.windows.win_reboot:
reboot_timeout: 10000
when: windows_updates.reboot_required and allow_windows_reboot_during_win_updates