123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 |
- - name: Install hosts file
- template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
- notify:
- - Update motd
- - name: Install hosts.deny file
- template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
- - name: Write /etc/apt/sources.list
- template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
- notify:
- - Reload apt cache
- - name: Write /etc/apt/apt.conf.d configuration files
- template: src=apt/apt-options.j2 dest=/etc/apt/apt.conf.d/90local owner=root group=root mode=0644
- - name: Remove deprecated apt options files
- file: path=/etc/apt/apt.conf.d/{{ item }} state=absent
- with_items:
- - local-recommends
- - local-pdiffs
- - name: Install base packages
- apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
- with_items:
- - apticron
- - locales-all
- - locales
- - lsb-release
- - toilet
- - toilet-fonts
- - facter
- - zsh
- - git-core
- - tig
- - vim-nox
- - ccze
- - tree
- - pydf
- - htop
- - sudo
- - sysfsutils
- - tmux
- - rsync
- - ca-certificates
- - sysstat
- - etckeeper
- - sharutils
- - name: Install ntp daemon
- apt: pkg=ntp install_recommends=no state=installed update_cache=yes
- when: with_ntp
- - name: Configure default locale and timezone
- debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
- with_items:
- - { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
- - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
- - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
- notify:
- - Reconfigure locales
- - Reconfigure timezone
- - name: Override logrotate configuration for rsyslog
- template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
- - name: Install kernel configuration (proc)
- template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
- with_items:
- - 10-increase-file-descriptors.conf
- notify:
- - Apply kernel configuration (proc)
- - name: Create sysfs configuration directory - /etc/sysfs.d
- file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
- - name: Install kernel configuration (sys)
- template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
- with_items:
- - 00-sysfs-prolog.conf
- notify:
- - Refresh sysfs configuration
- - name: Install kernel configuration (sys) for disks
- template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
- with_items:
- - 10-disks.conf
- notify:
- - Refresh sysfs configuration
- when: sysfs_disk_settings
- - name: Install sudo configuration
- template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
- - name: Install unprivileged user
- user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
- with_items: admins
- when: admins
- - name: Install SSH key for unprivileged user
- authorized_key: user="{{item.user}}" key="{{lookup('file', '../data/users/' + item.user + '/id_rsa.pub')}}" state=present
- with_items: admins
- when: admins
- - name: Install SSH key for root
- authorized_key: user=root key="{{lookup('file', '../data/users/' + item.user + '/id_rsa.pub')}}" state=present
- with_items: admins
- when: admins
|