kolter
/
ansible-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							- name: 'Install hosts file'
  template: src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644
  notify:
    - 'Update motd'

- name: 'Install hosts.deny file'
  template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644

- name: 'Write /etc/apt/sources.list'
  template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
  register: apt_sources

- name: 'Refresh apt cache'
  apt:
    update_cache: yes
  when: apt_sources.changed

- name: 'Remove deprecated apt options files'
  file:
    path: '/etc/apt/apt.conf.d/{{ item }}'
    state: 'absent'
  with_items:
    - '90local'

- name: 'Write /etc/apt/apt.conf.d configuration files'
  template:
    src: 'apt/apt-{{ item }}.j2'
    dest: '/etc/apt/apt.conf.d/99{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - 'nopdiffs'
    - 'norecommends'
    - 'progressbar'

- name: 'Install apt key for custom Debian repositories'
  apt_key:
    id: '{{ item.id }}'
    url: '{{ item.url }}'
    state: 'present'
  with_items: '{{ apt_keys }}'
  when: apt_keys

- name: 'Add apt sources for custom Debian repositories'
  apt_repository:
    repo: 'deb {{ item.uri }} {{ ansible_lsb.codename }} {{ item.sections }}'
    state: 'present'
  with_items: '{{ apt_repositories }}'
  when: apt_repositories

- name: 'Install base packages'
  apt: pkg={{ item }} install_recommends=no state=installed
  with_items:
    - 'apt-transport-https'
    - 'apticron'
    - 'locales-all'
    - 'locales'
    - 'lsb-release'
    - 'toilet'
    - 'toilet-fonts'
    - 'facter'
    - 'zsh'
    - 'git-core'
    - 'tig'
    - 'vim-nox'
    - 'ccze'
    - 'tree'
    - 'pydf'
    - 'htop'
    - 'sudo'
    - 'sysfsutils'
    - 'tmux'
    - 'rsync'
    - 'ca-certificates'
    - 'sysstat'
    - 'etckeeper'
    - 'sharutils'
    - 'ncdu'

- name: 'Install additional packages'
  apt: pkg={{ item }} install_recommends=no state=installed
  with_items: '{{ apt_additional_packages }}'
  when: apt_additional_packages

- name: 'Install ntp daemon'
  apt: pkg=ntp install_recommends=no state=installed
  when: with_ntp

- name: 'Configure default locale and timezone'
  debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
  with_items:
    - { name: 'locales', question: 'locales/default_environment_locale', value: '{{ locale }}', vtype: 'select' }
    - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
    - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
  notify:
    - 'Reconfigure locales'
    - 'Reconfigure timezone'

- name: 'Override logrotate configuration for rsyslog'
  template: src=logrotate/rsyslog.j2 dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644

- name: 'Install kernel configuration (proc)'
  template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
  with_items:
      - '05-ipv6.conf'
      - '10-increase-file-descriptors.conf'
  notify:
    - 'Apply kernel configuration (proc)'
  tags:
      - 'ipv6'

- name: 'Create sysfs configuration directory - /etc/sysfs.d'
  file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755

- name: 'Install kernel configuration (sys)'
  template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
  with_items:
      - '00-sysfs-prolog.conf'
  notify:
    - 'Refresh sysfs configuration'

- name: 'Install kernel configuration (sys) for disks'
  template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
  with_items:
      - '10-disks.conf'
  notify:
    - 'Refresh sysfs configuration'

- name: 'Install sudo configuration'
  template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440

- name: 'Install unprivileged user'
  user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
  with_items: '{{ admins }}'
  when: admins

- name: 'Install SSH key for unprivileged user'
  authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/sshkey.pub')}}" state=present
  with_items: '{{ admins }}'
  when: admins

- name: 'Install SSH key for root'
  authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/sshkey.pub')}}" state=present
  with_items: '{{ admins }}'
  when: admins