- name: 'Install hosts file'
template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
notify:
- 'Update motd'
- name: 'Install hosts.deny file'
template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
- name: 'Write /etc/apt/sources.list'
template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
notify:
- 'Reload apt cache'
- name: 'Remove deprecated apt options files'
file:
path: '/etc/apt/apt.conf.d/{{ item }}'
state: 'absent'
with_items:
- '90local'
- name: 'Write /etc/apt/apt.conf.d configuration files'
template:
src: 'apt/apt-{{ item }}.j2'
dest: '/etc/apt/apt.conf.d/99{{ item }}'
owner: 'root'
group: 'root'
mode: '0644'
with_items:
- 'nopdiffs'
- 'norecommends'
- 'progressbar'
- name: 'Install apt key for custom Debian repositories'
apt_key:
id: '{{ item.id }}'
url: '{{ item.url }}'
state: 'present'
with_items: '{{ apt_keys }}'
when: apt_keys
- name: 'Add apt sources for custom Debian repositories'
apt_repository:
repo: 'deb {{ item.uri }} {{ ansible_lsb.codename }} {{ item.sections }}'
state: 'present'
with_items: '{{ apt_repositories }}'
when: apt_repositories
- name: 'Install base packages'
apt: pkg={{ item }} install_recommends=no state=installed
with_items:
- 'apt-transport-https'
- 'apticron'
- 'locales-all'
- 'locales'
- 'lsb-release'
- 'toilet'
- 'toilet-fonts'
- 'facter'
- 'zsh'
- 'git-core'
- 'tig'
- 'vim-nox'
- 'ccze'
- 'tree'
- 'pydf'
- 'htop'
- 'sudo'
- 'sysfsutils'
- 'tmux'
- 'rsync'
- 'ca-certificates'
- 'sysstat'
- 'etckeeper'
- 'sharutils'
- 'ncdu'
- name: 'Install additional packages'
apt: pkg={{ item }} install_recommends=no state=installed
with_items: '{{ apt_additional_packages }}'
when: apt_additional_packages
- name: 'Install ntp daemon'
apt: pkg=ntp install_recommends=no state=installed
when: with_ntp
- name: 'Configure default locale and timezone'
debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
with_items:
- { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
- { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
- { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
notify:
- 'Reconfigure locales'
- 'Reconfigure timezone'
- name: 'Override logrotate configuration for rsyslog'
template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
- name: 'Install kernel configuration (proc)'
template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
with_items:
- '05-ipv6.conf'
- '10-increase-file-descriptors.conf'
notify:
- 'Apply kernel configuration (proc)'
tags:
- 'ipv6'
- name: 'Create sysfs configuration directory - /etc/sysfs.d'
file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
- name: 'Install kernel configuration (sys)'
template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
with_items:
- '00-sysfs-prolog.conf'
notify:
- 'Refresh sysfs configuration'
- name: 'Install kernel configuration (sys) for disks'
template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
with_items:
- '10-disks.conf'
notify:
- 'Refresh sysfs configuration'
- name: 'Install sudo configuration'
template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
- name: 'Install unprivileged user'
user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
with_items: '{{ admins }}'
when: admins
- name: 'Install SSH key for unprivileged user'
authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
with_items: '{{ admins }}'
when: admins
- name: 'Install SSH key for root'
authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
with_items: '{{ admins }}'
when: admins