---- hosts: all become: true vars: created_username: my_username

1. ---
2. - hosts: all
3.   become: true
4.  
5.   vars:
6.     created_username: my_username
7.     ssh_key_path: "/home/my_local_username/.ssh/id_ed25519.pub"
8.     arch: amd64
9.  
10.   tasks:
11.     - name: Setup passwordless sudo
12.       lineinfile:
13.         path: /etc/sudoers
14.         state: present
15.         regexp: '^%sudo'
16.         line: '%sudo ALL=(ALL) NOPASSWD: ALL'
17.         validate: '/usr/sbin/visudo -cf %s'
18.  
19.     - name: Create a new regular user with sudo privileges
20.       user:
21.         name: "{{ created_username }}"
22.         state: present
23.         groups: sudo
24.         append: true
25.         create_home: true
26.         shell: /usr/bin/bash
27.  
28.     - name: Set authorized key for remote user
29.       ansible.posix.authorized_key:
30.         user: "{{ created_username }}"
31.         state: present
32.         key: "{{ lookup('file', ssh_key_path) }}"
33.  
34.     - name: Disable password login
35.       lineinfile:
36.         path: /etc/ssh/sshd_config
37.         state: present
38.         regexp: "{{ item.regexp }}"
39.         line: "{{ item.line }}"
40.       loop:
41.         - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no'}
42.         - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no'}
43.       register: sshd_conf
44.  
45.     - name: Update apt and install required system packages
46.       apt:
47.         pkg:
48.          - curl
49.           - ufw
50.         state: latest
51.         update_cache: true
52.  
53.     - name: UFW - Allow SSH connections
54.       community.general.ufw:
55.         rule: allow
56.         name: OpenSSH
57.  
58.     - name: UFW - Enable and deny by default
59.       community.general.ufw:
60.         state: enabled
61.         default: deny
62.  
63.     - name: UFW - Enable systemd service
64.       service:
65.         name: ufw
66.         enabled: true
67.         state: started
68.  
69.     - name: Restart sshd
70.       service:
71.         name: sshd
72.         state: restarted
73.       when: sshd_conf.changed
74.  
75.     - name: Download 3x-ui bundle
76.       get_url:
77.         url: https://github.com/MHSanaei/3x-ui/releases/latest/download/x-ui-linux-{{ arch }}.tar.gz
78.         dest: /tmp
79.  
80.     - name: Clean previous installation
81.       file:
82.         path: '{{ item }}'
83.         state: absent
84.       become: true
85.       loop:
86.        - x-ui/
87.         - /usr/local/x-ui/
88.         - /usr/bin/x-ui
89.         - /etc/systemd/system/x-ui.service
90.  
91.     - name: Unarchive
92.       unarchive:
93.         src: /tmp/x-ui-linux-{{ arch }}.tar.gz
94.         dest: /tmp
95.         remote_src: yes
96.  
97.     - name: Make executable
98.       file:
99.         path: '/tmp/{{ item }}'
100.         mode: 0755
101.       loop:
102.        - x-ui/x-ui
103.         - x-ui/bin/xray-linux-{{ arch }}
104.         - x-ui/x-ui.sh
105.  
106.     - name: Copy the files
107.       copy:
108.         src: '/tmp/{{ item.src }}'
109.         dest: '{{ item.dest }}'
110.         remote_src: true
111.         mode: preserve
112.       become: true
113.       loop:
114.         - {src: x-ui/x-ui.sh, dest: /usr/bin/x-ui}
115.         - {src: x-ui/x-ui.service, dest: /etc/systemd/system}
116.         - {src: x-ui, dest: /usr/local}
117.  
118.     - name: Enable and start systemd service
119.       systemd_service:
120.         name: x-ui
121.         enabled: true
122.         state: restarted
123.         daemon_reload: true
124.       become: true
125.  
126.     - name: Clean up
127.       file:
128.         path: '/tmp/{{ item }}'
129.         state: absent
130.       loop:
131.        - x-ui
132.         - x-ui-linux-{{ arch }}.tar.gz