- name: Install hosts file
template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
notify:
- Update motd
- name: Install hosts.deny file
template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
- name: Write /etc/apt/sources.list
template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
notify:
- Reload apt cache
- name: Write /etc/apt/apt.conf.d configuration files
template: src=apt/apt-options.j2 dest=/etc/apt/apt.conf.d/90local owner=root group=root mode=0644
- name: Install apt key for custom Debian repositories
apt_key:
id: '{{ item.id }}'
url: '{{ item.url }}'
state: 'present'
with_items: '{{ apt_keys }}'
when: apt_keys
- name: Add apt sources for custom Debian repositories
apt_repository:
repo: 'deb {{ item.uri }} {{ item.suite }} {{ item.sections }}'
state: 'present'
with_items: '{{ apt_repositories }}'
when: apt_repositories
- name: Remove deprecated apt options files
file: path=/etc/apt/apt.conf.d/{{ item }} state=absent
with_items:
- local-recommends
- local-pdiffs
- name: Install base packages
apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
with_items:
- apticron
- locales-all
- locales
- lsb-release
- toilet
- toilet-fonts
- facter
- zsh
- git-core
- tig
- vim-nox
- ccze
- tree
- pydf
- htop
- sudo
- sysfsutils
- tmux
- rsync
- ca-certificates
- sysstat
- etckeeper
- sharutils
- ncdu
- name: Install additional packages
apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
with_items: '{{ apt_additional_packages }}'
when: apt_additional_packages
- name: Install ntp daemon
apt: pkg=ntp install_recommends=no state=installed update_cache=yes
when: with_ntp
- name: Configure default locale and timezone
debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
with_items:
- { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
- { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
- { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
notify:
- Reconfigure locales
- Reconfigure timezone
- name: Override logrotate configuration for rsyslog
template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
- name: Install kernel configuration (proc)
template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
with_items:
- 10-increase-file-descriptors.conf
notify:
- Apply kernel configuration (proc)
- name: Create sysfs configuration directory - /etc/sysfs.d
file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
- name: Install kernel configuration (sys)
template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
with_items:
- 00-sysfs-prolog.conf
notify:
- Refresh sysfs configuration
- name: Install kernel configuration (sys) for disks
template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
with_items:
- 10-disks.conf
notify:
- Refresh sysfs configuration
- name: Install sudo configuration
template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
- name: Install unprivileged user
user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
with_items: '{{ admins }}'
when: admins
- name: Install SSH key for unprivileged user
authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
with_items: '{{ admins }}'
when: admins
- name: Install SSH key for root
authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
with_items: '{{ admins }}'
when: admins