base.yml 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. - name: Install hosts file
  2. template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
  3. notify:
  4. - Update motd
  5. - name: Install hosts.deny file
  6. template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
  7. - name: Write /etc/apt/sources.list
  8. template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
  9. notify:
  10. - Reload apt cache
  11. - name: Write /etc/apt/apt.conf.d configuration files
  12. template: src=apt/apt-options.j2 dest=/etc/apt/apt.conf.d/90local owner=root group=root mode=0644
  13. - name: Remove deprecated apt options files
  14. file: path=/etc/apt/apt.conf.d/{{ item }} state=absent
  15. with_items:
  16. - local-recommends
  17. - local-pdiffs
  18. - name: Install base packages
  19. apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
  20. with_items:
  21. - apticron
  22. - locales-all
  23. - locales
  24. - lsb-release
  25. - toilet
  26. - toilet-fonts
  27. - facter
  28. - zsh
  29. - git-core
  30. - tig
  31. - vim-nox
  32. - ccze
  33. - tree
  34. - pydf
  35. - htop
  36. - sudo
  37. - sysfsutils
  38. - tmux
  39. - rsync
  40. - ca-certificates
  41. - sysstat
  42. - etckeeper
  43. - sharutils
  44. - name: Install ntp daemon
  45. apt: pkg=ntp install_recommends=no state=installed update_cache=yes
  46. when: with_ntp
  47. - name: Configure default locale and timezone
  48. debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
  49. with_items:
  50. - { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
  51. - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
  52. - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
  53. notify:
  54. - Reconfigure locales
  55. - Reconfigure timezone
  56. - name: Override logrotate configuration for rsyslog
  57. template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
  58. - name: Install kernel configuration (proc)
  59. template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
  60. with_items:
  61. - 10-increase-file-descriptors.conf
  62. notify:
  63. - Apply kernel configuration (proc)
  64. - name: Create sysfs configuration directory - /etc/sysfs.d
  65. file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
  66. - name: Install kernel configuration (sys)
  67. template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
  68. with_items:
  69. - 00-sysfs-prolog.conf
  70. notify:
  71. - Refresh sysfs configuration
  72. - name: Install kernel configuration (sys) for disks
  73. template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
  74. with_items:
  75. - 10-disks.conf
  76. notify:
  77. - Refresh sysfs configuration
  78. when: sysfs_disk_settings
  79. - name: Install sudo configuration
  80. template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
  81. - name: Install unprivileged user
  82. user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
  83. with_items: admins
  84. when: admins
  85. - name: Install SSH key for unprivileged user
  86. authorized_key: user="{{item.user}}" key="{{lookup('file', '../data/users/' + item.user + '/id_rsa.pub')}}" state=present
  87. with_items: admins
  88. when: admins
  89. - name: Install SSH key for root
  90. authorized_key: user=root key="{{lookup('file', '../data/users/' + item.user + '/id_rsa.pub')}}" state=present
  91. with_items: admins
  92. when: admins