kolter
/
ansible-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251
							- name: 'Install hosts file'
  template:
    src: 'hosts.j2'
    dest: '/etc/hosts'
    owner: 'root'
    group: 'root'
    mode: '0644'
  when: with_hosts|bool
  tags:
    - 'base'

- name: 'Install hosts.deny file'
  template:
    src: 'hosts.deny.j2'
    dest: '/etc/hosts.deny'
    owner: 'root'
    group: 'root'
    mode: '0644'
  when: with_hostsdeny|bool
  tags:
    - 'base'

- name: 'Write /etc/apt/sources.list'
  template:
    src: 'apt/sources.{{ ansible_lsb.codename }}.list.j2'
    dest: '/etc/apt/sources.list'
    owner: 'root'
    group: 'root'
    mode: '0644'
  register: apt_sources
  tags:
    - 'base'

- name: 'Refresh apt cache'
  apt:
    update_cache: yes
  when: apt_sources.changed
  tags:
    - 'base'

- name: 'Write /etc/apt/apt.conf.d configuration files'
  template:
    src: 'apt/apt-{{ item }}.j2'
    dest: '/etc/apt/apt.conf.d/99{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - 'nopdiffs'
    - 'norecommends'
    - 'progressbar'
  tags:
    - 'base'

- name: 'Install apt key for custom Debian repositories'
  apt_key:
    id: '{{ item.id }}'
    url: '{{ item.url }}'
    state: 'present'
  with_items: '{{ apt_keys }}'
  when: apt_keys|length > 0
  tags:
    - 'base'

- name: 'Add apt sources for custom Debian repositories'
  apt_repository:
    repo: 'deb {{ item.uri }} {{ ansible_lsb.codename }} {{ item.sections }}'
    state: 'present'
  with_items: '{{ apt_repositories }}'
  when: apt_repositories|length > 0
  tags:
    - 'base'

- name: 'Install base packages'
  apt:
    pkg:
      - 'apt-transport-https'
      - 'apticron'
      - 'locales-all'
      - 'locales'
      - 'lsb-release'
      - 'facter'
      - 'zsh'
      - 'git-core'
      - 'tig'
      - 'vim-nox'
      - 'ccze'
      - 'tree'
      - 'pydf'
      - 'htop'
      - 'sudo'
      - 'sysfsutils'
      - 'tmux'
      - 'rsync'
      - 'ca-certificates'
      - 'sysstat'
      - 'etckeeper'
      - 'sharutils'
      - 'ncdu'
    install_recommends: 'no'
    state: 'present'
  tags:
    - 'base'

- name: 'Install additional packages'
  apt:
    pkg: '{{ apt_additional_packages }}'
    install_recommends: 'no'
    state: 'present'
  when: apt_additional_packages|length > 0
  tags:
    - 'base'

- name: 'Install ntp daemon'
  apt:
    pkg: 'ntp'
    install_recommends: 'no'
    state: 'present'
  when: with_ntp|bool
  tags:
    - 'base'

- name: 'Configure default locale ({{ locale }})'
  command: update-locale 'LANG={{ locale }}'
  changed_when: False
  when: locale is defined and locale|length > 0
  tags:
    - 'base'

- name: 'Configure default timezone'
  debconf:
    name: '{{ item.name }}'
    question: '{{ item.question }}'
    value: '{{ item.value }}'
    vtype: '{{ item.vtype }}'
  with_items:
    - { name: 'tzdata', question: 'tzdata/Areas', value: '{{ timezone_area }}', vtype: 'select' }
    - { name: 'tzdata', question: 'tzdata/Zones/{{ timezone_area }}', value: '{{ timezone_city }}', vtype: 'select' }
  notify:
    - 'Reconfigure timezone'
  tags:
    - 'base'

- name: 'Override logrotate configuration for rsyslog'
  template:
    src: 'logrotate/rsyslog.j2'
    dest: '/etc/logrotate.d/rsyslog'
    owner: 'root'
    group: 'root'
    mode: '0644'
  tags:
    - 'base'

- name: 'Install kernel configuration (proc)'
  template:
    src: 'kernel/sysctl.d/{{ item }}.j2'
    dest: '/etc/sysctl.d/{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - '05-ipv6.conf'
    - '10-increase-file-descriptors.conf'
  notify:
    - 'Apply kernel configuration (proc)'
  tags:
    - 'base'
    - 'ipv6'

- name: 'Create sysfs configuration directory - /etc/sysfs.d'
  file:
    path: '/etc/sysfs.d'
    state: 'directory'
    owner: 'root'
    group: 'root'
    mode: '0755'
  tags:
    - 'base'

- name: 'Install kernel configuration (sys)'
  template:
    src: 'kernel/sysfs.d/{{ item }}.j2'
    dest: '/etc/sysfs.d/{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - '00-sysfs-prolog.conf'
  notify:
    - 'Refresh sysfs configuration'
  tags:
    - 'base'

- name: 'Install kernel configuration (sys) for disks'
  template:
    src: 'kernel/sysfs.d/{{ item }}.j2'
    dest: '/etc/sysfs.d/{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - '10-disks.conf'
  notify:
    - 'Refresh sysfs configuration'
  tags:
    - 'base'

- name: 'Install sudo configuration'
  template:
    src: 'sudo/local-admin.j2'
    dest: '/etc/sudoers.d/local-admin'
    owner: 'root'
    group: 'root'
    mode: '0440'
  tags:
    - 'base'

- name: 'Install unprivileged user'
  user:
    name: '{{ item.user }}'
    comment: '{{ item.fullname }}'
    groups: 'adm,operator,sudo'
    append: 'yes'
    shell: '/bin/zsh'
    state: 'present'
  with_items: '{{ admins }}'
  when: admins|length > 0
  tags:
    - 'base'

- name: 'Install SSH key for unprivileged user'
  authorized_key:
    user: '{{ item.user }}'
    key: "{{ lookup('file', 'data/users/' + item.user + '/sshkey.pub') }}"
    state: 'present'
  with_items: '{{ admins }}'
  when: admins|length > 0
  tags:
    - 'base'

- name: 'Install SSH key for root'
  authorized_key:
    user: 'root'
    key: "{{ lookup('file', 'data/users/' + item.user + '/sshkey.pub') }}"
    state: 'present'
  with_items: '{{ admins }}'
  when: admins|length > 0
  tags:
    - 'base'

# vim: ft=yaml.ansible