feat: add windows 11 build

ansible/roles/base/tasks/main.yml

@@ -20,4 +20,6 @@
   include_tasks: suse.yml
   when: "ansible_facts['distribution'] in ['openSUSE Leap', 'Suse']"
 
-...
+- name: "{{ base_task_name }}"
+  ansible.builtin.include_tasks: windows.yml
+  when: ansible_os_family == "Windows"

ansible/roles/base/tasks/windows.yml

@@ -0,0 +1,51 @@
+---
+# Microsoft Windows specific tasks.
+
+# Tasks for updating the operating system and installing additional packages.
+- name: Getting guest operating system information
+  ansible.builtin.debug:
+    msg: "OS: {{ ansible_os_name }}"
+
+- name: Ensure .NET Framework 4.8 requirement is satisfied for Chocolatey v2.0.0 and later
+  when: ansible_os_installation_type != "Server Core"
+  block:
+    - name: Install Chocolatey CLI
+      chocolatey.chocolatey.win_chocolatey:
+        name: chocolatey
+        state: present
+        version: 1.4.0
+
+    - name: Install Microsoft .NET Framework 4.8
+      chocolatey.chocolatey.win_chocolatey:
+        name: netfx-4.8
+        state: present
+
+    - name: Reboot the host to complete .NET Framework 4.8 install
+      ansible.windows.win_reboot:
+
+    - name: Install latest version of Chocolatey
+      chocolatey.chocolatey.win_chocolatey:
+        name: chocolatey
+        state: latest
+
+    - name: Installing additional packages using Chocolatey
+      chocolatey.chocolatey.win_chocolatey:
+        name:
+          - googlechrome
+          - putty
+        state: latest
+        ignore_checksums: true
+
+- name: Updating the operating system
+  ansible.windows.win_updates:
+    category_names:
+      - SecurityUpdates
+      - CriticalUpdates
+    reject_list:
+      - 5034439
+      - 5034441
+    reboot: true
+  register: win_updates
+  until: not win_updates.failed
+  retries: 5
+  delay: 300

ansible/roles/configure/tasks/main.yml

@@ -16,4 +16,6 @@
   include_tasks: suse.yml
   when: "ansible_facts['distribution'] in ['openSUSE Leap', 'Suse']"
 
-...
+- name: "{{ configure_task_name }}"
+  ansible.builtin.include_tasks: windows.yml
+  when: ansible_os_family == "Windows"

ansible/roles/configure/tasks/windows.yml

@@ -0,0 +1,133 @@
+---
+# Microsoft Windows specific tasks.
+
+# Set the Windows Explorer options.
+# ansible-lint: disable=line-length
+- name: Setting the Windows Explorer options...
+  when: ansible_os_installation_type != "Server Core"
+  block:
+    - name: Show hidden files.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: Hidden
+        data: 1
+        type: dword
+
+    - name: Show file extensions.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: HideFileExt
+        data: 0
+        type: dword
+
+    - name: Show drives with no media.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: HideDrivesWithNoMedia
+        data: 0
+        type: dword
+
+    - name: Disabling Sync Provider Notifications.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: ShowSyncProviderNotifications
+        data: 1
+        type: dword
+
+# Disable system hibernation.
+- name: Disabling System Hibernation...
+  block:
+    - name: Disabling Hibernation.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\Power
+        name: HibernateEnabled
+        data: 0
+        type: dword
+
+    - name: Setting HiberFileSizePercent to 0.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\Power
+        name: HiberFileSizePercent
+        data: 0
+        type: dword
+
+# Disable TLS 1.0.s
+- name: Disabling TLS 1.0 for Client...
+  block:
+    - name: Disabling TLS 1.0 for Client.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.0 for Client to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+    - name: Disabling TLS 1.0 for Server.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.0 for Server to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+# Disable TLS 1.1.
+- name: Disabling TLS 1.1 for Client...
+  block:
+    - name: Disabling TLS 1.1 for Client.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.1 for Client to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+    - name: Disabling TLS 1.1 for Server.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.1 for Server to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+# Disable Password Expiration for Administrator and Build Accounts
+- name: Disabling Local Administrator Password Expiration...
+  ansible.windows.win_user:
+    name: Administrator
+    password_never_expires: true
+
+- name: Disabling Password Expiration for "{{ build_username }}"
+  ansible.windows.win_user:
+    name: "{{ build_username }}"
+    password_never_expires: true
+
+# Enable Remote Desktop.
+- name: Enabling Remote Desktop...
+  ansible.windows.win_powershell:
+    script: |
+      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 | Out-Null
+      Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0
+      Enable-NetFirewallRule -Group '@FirewallAPI.dll,-28752'

ansible/windows-playbook.yml

@@ -0,0 +1,8 @@
+---
+- name: Playbook for Microsoft Windows
+  debugger: never
+  gather_facts: true
+  hosts: all
+  roles:
+    - base
+    - configure

ansible/windows-requirements.yml

@@ -0,0 +1,8 @@
+---
+collections:
+  - name: ansible.windows
+    version: 2.3.0
+  - name: chocolatey.chocolatey
+    version: 1.5.1
+  - name: community.general
+    version: 8.6.0