- name: Install hosts file template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644 notify: - Update motd - name: Install hosts.deny file template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644 - name: Write /etc/apt/sources.list template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 notify: - Reload apt cache - name: Write /etc/apt/apt.conf.d configuration files template: src=apt/apt-options.j2 dest=/etc/apt/apt.conf.d/90local owner=root group=root mode=0644 - name: Install apt key for custom Debian repositories apt_key: id: '{{ item.id }}' url: '{{ item.url }}' state: 'present' with_items: apt_keys when: apt_keys - name: Add apt sources for custom Debian repositories apt_repository: repo: 'deb {{ item.uri }} {{ item.suite }} {{ item.sections }}' state: 'present' with_items: apt_repositories when: apt_repositories - name: Remove deprecated apt options files file: path=/etc/apt/apt.conf.d/{{ item }} state=absent with_items: - local-recommends - local-pdiffs - name: Install base packages apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes with_items: - apticron - locales-all - locales - lsb-release - toilet - toilet-fonts - facter - zsh - git-core - tig - vim-nox - ccze - tree - pydf - htop - sudo - sysfsutils - tmux - rsync - ca-certificates - sysstat - etckeeper - sharutils - ncdu - name: Install additional packages apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes with_items: apt_additional_packages when: apt_additional_packages - name: Install ntp daemon apt: pkg=ntp install_recommends=no state=installed update_cache=yes when: with_ntp - name: Configure default locale and timezone debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}" with_items: - { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' } - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' } - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' } notify: - Reconfigure locales - Reconfigure timezone - name: Override logrotate configuration for rsyslog template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644 - name: Install kernel configuration (proc) template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644 with_items: - 10-increase-file-descriptors.conf notify: - Apply kernel configuration (proc) - name: Create sysfs configuration directory - /etc/sysfs.d file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755 - name: Install kernel configuration (sys) template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644 with_items: - 00-sysfs-prolog.conf notify: - Refresh sysfs configuration - name: Install kernel configuration (sys) for disks template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644 with_items: - 10-disks.conf notify: - Refresh sysfs configuration - name: Install sudo configuration template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440 - name: Install unprivileged user user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present with_items: admins when: admins - name: Install SSH key for unprivileged user authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present with_items: admins when: admins - name: Install SSH key for root authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present with_items: admins when: admins