diff options
Diffstat (limited to 'ansible/roles/dc02/tasks')
| -rw-r--r-- | ansible/roles/dc02/tasks/cleanup.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/init.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/install_software.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/main.yaml | 36 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/populate_ad.yaml | 7 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/reboot.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/set_hostname.yaml | 2 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/setup_defender_gpo.yaml | 7 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/setup_domain.yaml | 2 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/setup_tree_domain.yaml | 9 | ||||
| -rw-r--r-- | ansible/roles/dc02/tasks/wait_for_ready.yaml | 3 |
11 files changed, 78 insertions, 0 deletions
diff --git a/ansible/roles/dc02/tasks/cleanup.yaml b/ansible/roles/dc02/tasks/cleanup.yaml new file mode 100644 index 0000000..0e59407 --- /dev/null +++ b/ansible/roles/dc02/tasks/cleanup.yaml @@ -0,0 +1,3 @@ +- name: execute cleanup.ps1 + ansible.windows.win_powershell: + script: C:\scripts\cleanup.ps1 diff --git a/ansible/roles/dc02/tasks/init.yaml b/ansible/roles/dc02/tasks/init.yaml new file mode 100644 index 0000000..84b3c3e --- /dev/null +++ b/ansible/roles/dc02/tasks/init.yaml @@ -0,0 +1,3 @@ +- name: execute init.ps1 + ansible.windows.win_powershell: + script: C:\scripts\init.ps1 diff --git a/ansible/roles/dc02/tasks/install_software.yaml b/ansible/roles/dc02/tasks/install_software.yaml new file mode 100644 index 0000000..a5018a8 --- /dev/null +++ b/ansible/roles/dc02/tasks/install_software.yaml @@ -0,0 +1,3 @@ +- name: execute install-software.ps1 + ansible.windows.win_powershell: + script: C:\scripts\install-software.ps1 diff --git a/ansible/roles/dc02/tasks/main.yaml b/ansible/roles/dc02/tasks/main.yaml new file mode 100644 index 0000000..8cdafa8 --- /dev/null +++ b/ansible/roles/dc02/tasks/main.yaml @@ -0,0 +1,36 @@ +- name: wait for winrm to be available + ansible.builtin.wait_for: + host: "{{ ansible_host }}" + port: "{{ ansible_port }}" + timeout: 300 + delegate_to: localhost + +- name: execute init.ps1 + import_tasks: init.yaml + +- name: set hostname + import_tasks: set_hostname.yaml + +- name: reboot after hostname change + import_tasks: reboot.yaml + +- name: execute setup-tree-domain.ps1 + import_tasks: setup_tree_domain.yaml + +- name: reboot after domain setup + import_tasks: reboot.yaml + +- name: execute dc-wait-for-ready.ps1 + import_tasks: wait_for_ready.yaml + +- name: execute setup-defender-gpo.ps1 as domain admin + import_tasks: setup_defender_gpo.yaml + +- name: reboot after gpo setup + import_tasks: reboot.yaml + +- name: execute install-software.ps1 + import_tasks: install_software.yaml + +- name: execute cleanup.ps1 + import_tasks: cleanup.yaml diff --git a/ansible/roles/dc02/tasks/populate_ad.yaml b/ansible/roles/dc02/tasks/populate_ad.yaml new file mode 100644 index 0000000..e65ab64 --- /dev/null +++ b/ansible/roles/dc02/tasks/populate_ad.yaml @@ -0,0 +1,7 @@ +- name: execute populate-ad.ps1 + ansible.windows.win_powershell: + script: C:\scripts\populate-ad.ps1 + parameters: + DomainName: "{{ main_domain_name }}" + UserPassword: "{{ default_win_user_password }}" + SvcPassword: "{{ default_win_svc_password }}" diff --git a/ansible/roles/dc02/tasks/reboot.yaml b/ansible/roles/dc02/tasks/reboot.yaml new file mode 100644 index 0000000..f36b168 --- /dev/null +++ b/ansible/roles/dc02/tasks/reboot.yaml @@ -0,0 +1,3 @@ +- name: reboot + ansible.windows.win_reboot: + reboot_timeout: 3600 diff --git a/ansible/roles/dc02/tasks/set_hostname.yaml b/ansible/roles/dc02/tasks/set_hostname.yaml new file mode 100644 index 0000000..d279485 --- /dev/null +++ b/ansible/roles/dc02/tasks/set_hostname.yaml @@ -0,0 +1,2 @@ +- name: set hostname + win_shell: Rename-Computer -NewName "{{ tree_dc02_hostname }}" -Force diff --git a/ansible/roles/dc02/tasks/setup_defender_gpo.yaml b/ansible/roles/dc02/tasks/setup_defender_gpo.yaml new file mode 100644 index 0000000..18d8042 --- /dev/null +++ b/ansible/roles/dc02/tasks/setup_defender_gpo.yaml @@ -0,0 +1,7 @@ +- name: execute setup-defender-gpo.ps1 as domain admin + ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ tree_domain_name }}" + become: yes + become_method: runas + become_user: "{{ tree_domain_name }}\\Administrator" + vars: + ansible_become_password: "{{ default_win_password }}" diff --git a/ansible/roles/dc02/tasks/setup_domain.yaml b/ansible/roles/dc02/tasks/setup_domain.yaml new file mode 100644 index 0000000..ef8a541 --- /dev/null +++ b/ansible/roles/dc02/tasks/setup_domain.yaml @@ -0,0 +1,2 @@ +- name: execute setup-main-domain.ps1 + ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-main-domain.ps1 -DomainName "{{ tree_domain_name }}" -SafeModePassword "P4ssw0rd1234!" diff --git a/ansible/roles/dc02/tasks/setup_tree_domain.yaml b/ansible/roles/dc02/tasks/setup_tree_domain.yaml new file mode 100644 index 0000000..2067844 --- /dev/null +++ b/ansible/roles/dc02/tasks/setup_tree_domain.yaml @@ -0,0 +1,9 @@ +- name: execute setup-tree-domain.ps1 + ansible.windows.win_shell: > + powershell.exe -ExecutionPolicy Bypass + -File C:\scripts\setup-tree-domain.ps1 + -ParentForestRootDomain "{{ main_domain_name }}" + -NewTreeDomainName "{{ tree_domain_name }}" + -SafeModePassword "P4ssw0rd1234!" + -Username Administrator + -Password "{{ default_win_password }}" diff --git a/ansible/roles/dc02/tasks/wait_for_ready.yaml b/ansible/roles/dc02/tasks/wait_for_ready.yaml new file mode 100644 index 0000000..b077e07 --- /dev/null +++ b/ansible/roles/dc02/tasks/wait_for_ready.yaml @@ -0,0 +1,3 @@ +- name: execute dc-wait-for-ready.ps1 + ansible.windows.win_powershell: + script: C:\scripts\dc-wait-for-ready.ps1 |