Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3f5e12c1f3
Branches Tags
ansible-playboo...
/
roles
/
common
/
tasks
/
base.yml

base.yml 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. - name: Install hosts file
    2. 

  2.   template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
    3. 

  3.   notify:
    4. 

  4.     - Update motd
    5. 

  5. 

  6. - name: Install hosts.deny file
    7. 

  7.   template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
    8. 

  8. 

  9. - name: Write /etc/apt/sources.list
    10. 

  10.   template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
    11. 

  11.   notify:
    12. 

  12.     - Reload apt cache
    13. 

  13. 

  14. - name: Write /etc/apt/apt.conf.d configuration files
    15. 

  15.   template: src=apt/apt-options.j2 dest=/etc/apt/apt.conf.d/90local owner=root group=root mode=0644
    16. 

  16. 

  17. - name: Install apt key for custom Debian repositories
    18. 

  18.   apt_key:
    19. 

  19.     id: '{{ item.id }}'
    20. 

  20.     url: '{{ item.url }}'
    21. 

  21.     state: 'present'
    22. 

  22.   with_items: apt_keys
    23. 

  23.   when: apt_keys
    24. 

  24. 

  25. - name: Add apt sources for custom Debian repositories
    26. 

  26.   apt_repository:
    27. 

  27.     repo: 'deb {{ item.uri }} {{ item.suite }} {{ item.sections }}'
    28. 

  28.     state: 'present'
    29. 

  29.   with_items: apt_repositories
    30. 

  30.   when: apt_repositories
    31. 

  31. 

  32. - name: Remove deprecated apt options files
    33. 

  33.   file: path=/etc/apt/apt.conf.d/{{ item }} state=absent
    34. 

  34.   with_items:
    35. 

  35.     - local-recommends
    36. 

  36.     - local-pdiffs
    37. 

  37. 

  38. - name: Install base packages
    39. 

  39.   apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
    40. 

  40.   with_items:
    41. 

  41.     - apticron
    42. 

  42.     - locales-all
    43. 

  43.     - locales
    44. 

  44.     - lsb-release
    45. 

  45.     - toilet
    46. 

  46.     - toilet-fonts
    47. 

  47.     - facter
    48. 

  48.     - zsh
    49. 

  49.     - git-core
    50. 

  50.     - tig
    51. 

  51.     - vim-nox
    52. 

  52.     - ccze
    53. 

  53.     - tree
    54. 

  54.     - pydf
    55. 

  55.     - htop
    56. 

  56.     - sudo
    57. 

  57.     - sysfsutils
    58. 

  58.     - tmux
    59. 

  59.     - rsync
    60. 

  60.     - ca-certificates
    61. 

  61.     - sysstat
    62. 

  62.     - etckeeper
    63. 

  63.     - sharutils
    64. 

  64.     - ncdu
    65. 

  65. 

  66. - name: Install additional packages
    67. 

  67.   apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
    68. 

  68.   with_items: apt_additional_packages
    69. 

  69.   when: apt_additional_packages
    70. 

  70. 

  71. - name: Install ntp daemon
    72. 

  72.   apt: pkg=ntp install_recommends=no state=installed update_cache=yes
    73. 

  73.   when: with_ntp
    74. 

  74. 

  75. - name: Configure default locale and timezone
    76. 

  76.   debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
    77. 

  77.   with_items:
    78. 

  78.     - { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
    79. 

  79.     - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
    80. 

  80.     - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
    81. 

  81.   notify:
    82. 

  82.     - Reconfigure locales
    83. 

  83.     - Reconfigure timezone
    84. 

  84. 

  85. - name: Override logrotate configuration for rsyslog
    86. 

  86.   template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
    87. 

  87. 

  88. - name: Install kernel configuration (proc)
    89. 

  89.   template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
    90. 

  90.   with_items:
    91. 

  91.       - 10-increase-file-descriptors.conf
    92. 

  92.   notify:
    93. 

  93.     - Apply kernel configuration (proc)
    94. 

  94. 

  95. - name: Create sysfs configuration directory - /etc/sysfs.d
    96. 

  96.   file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
    97. 

  97. 

  98. - name: Install kernel configuration (sys)
    99. 

  99.   template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
    100. 

  100.   with_items:
    101. 

  101.       - 00-sysfs-prolog.conf
    102. 

  102.   notify:
    103. 

  103.     - Refresh sysfs configuration
    104. 

  104. 

  105. - name: Install kernel configuration (sys) for disks
    106. 

  106.   template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
    107. 

  107.   with_items:
    108. 

  108.       - 10-disks.conf
    109. 

  109.   notify:
    110. 

  110.     - Refresh sysfs configuration
    111. 

  111. 

  112. - name: Install sudo configuration
    113. 

  113.   template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
    114. 

  114. 

  115. - name: Install unprivileged user
    116. 

  116.   user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
    117. 

  117.   with_items: admins
    118. 

  118.   when: admins
    119. 

  119. 

  120. - name: Install SSH key for unprivileged user
    121. 

  121.   authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
    122. 

  122.   with_items: admins
    123. 

  123.   when: admins
    124. 

  124. 

  125. - name: Install SSH key for root
    126. 

  126.   authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
    127. 

  127.   with_items: admins
    128. 

  128.   when: admins
    129. 

  129.