3 - name: Install OpenSSH
4 ansible.windows.win_feature:
7 # This depends on Get-WindowsFeature, provided by RSAT. Not currently available on arm
8 when: ansible_architecture != 'ARM 64-bit Processor'
9 - name: Run OpenSSH automatically
10 ansible.windows.win_service:
14 - name: Allow Terminal Server connections
15 ansible.windows.win_regedit:
16 path: 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'
17 name: 'fDenyTSConnections'
20 - name: Run RDP automatically
21 ansible.windows.win_service:
25 - name: Turn off standy
26 ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change standby-timeout-ac 0'
27 - name: Turn off hibernation
28 ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /hibernate off'
29 - name: Turn off disk timeouts
30 ansible.windows.win_command: 'C:\Windows\system32\powercfg.exe /change disk-timeout-ac 0'
31 - name: Install powershell
32 ansible.windows.win_package:
33 path: 'https://github.com/PowerShell/PowerShell/releases/download/v7.3.4/PowerShell-7.3.4-win-x64.msi'
35 # get-wmiobject Win32_Product
36 product_id: '{11479679-5C7F-477F-869F-3ED956CE684D}'
37 - name: Set powershell 7 as the default shell for OpenSSH
38 ansible.windows.win_regedit:
39 path: 'HKLM:\SOFTWARE\OpenSSH'
41 data: 'c:/progra~1/powershell/7/pwsh.exe'
43 ansible.windows.win_domain_membership:
44 dns_domain_name: 'internal.efficios.com'
45 hostname: "{{ansible_hostname}}"
46 domain_ou_path: 'DC=internal,DC=efficios,DC=com'
48 domain_admin_user: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='username')[0] }}"
49 domain_admin_password: "{{ lookup('community.general.bitwarden', '2443aefa-0b85-497d-aa0e-aef6011295c4', search='id', field='password')[0] }}"
50 register: domain_state
51 - name: Install python
52 ansible.windows.win_package:
53 path: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-arm64.exe'
56 - '/InstallAllUsers=1'
59 creates_path: 'C:\Windows\py.exe'
60 - name: Set administrator authorized keys
61 ansible.windows.win_template:
62 src: 'authorized_keys.j2'
63 dest: 'c:\ProgramData\ssh\administrators_authorized_keys'
64 # c.f. https://galaxy.ansible.com/ui/repo/published/community/windows/content/module/win_firewall_rule/
65 - name: Firewall rule to alloc ICMP v4 on all type codes
66 community.windows.win_firewall_rule:
67 name: ICMP Allow incoming V4 echo request
78 - name: Firewall rule to allow RDP on TCP port 3389
79 community.windows.win_firewall_rule:
90 - name: Reboot if domain changed
91 when: domain_state.reboot_required
92 ansible.windows.win_reboot: