add some common programs and main playbook

ansible/README.md

@@ -1,5 +1,8 @@
 # Ansible MicroOS VM setup
 
+<!--
+Unfortunately, the devsec hardening role does not play well with MicroOS.
+
 1. Install devsec hardening collection
 ```shell
 ansible-galaxy collection install devsec.hardening
@@ -9,6 +12,7 @@ ansible-galaxy collection install devsec.hardening
 ```shell
 ansible-playbook -i inventory.txt hardening.yml
 ```
+-->
 4. Run the custom_hardening playbook. This mostly sets SSH parameters to best practice values.
 ```shell
 ansible-playbook -i inventory.txt custom_hardening.yml

ansible/common_programs.yml

@@ -0,0 +1,13 @@
+---
+- name: install commonly used programs
+  hosts: all
+  become: yes
+  tasks:
+    - name: install borgbackup, tmux with zypper and transactional-update
+      community.general.zypper:
+        name: "borgbackup tmux"
+        state: present
+      register: zypper_result
+    - name: reboot if borgbackup or tmux was installed
+      ansible.builtin.reboot:
+      when: zypper_result.changed

ansible/main.yml

@@ -0,0 +1,11 @@
+---
+- name: apply custom hardening for ssh
+  import_playbook: custom_hardening.yml
+- name: install commonly used programs
+  import_playbook: common_programs.yml
+- name: allow privileged ports for rootless containers
+  import_playbook: allow_privileged_ports_rootless.yml
+- name: deploy services
+  import_playbook: deploy_services.yml
+- name: deploy traefik configuration
+  import_playbook: deploy_traefik_config.yml

ignition/README.md

@@ -3,7 +3,11 @@
 1. Configure ssh public key in ignition-config.yml
 2. Run butane to generate the ignition file
 ```shell
-podman run --interactive --rm quay.io/coreos/butane:release --pretty --strict < ignition-config.yml > disk/ignition/config.ign
+podman run --interactive --rm \
+  quay.io/coreos/butane:release \
+  --pretty --strict \
+  < ignition-config.yml \
+  > disk/ignition/config.ign
 ```
 3. Create the disk image
 ```shell