ansible/roles/common/tasks/Debian.yml

84 lines
2.0 KiB
YAML
Raw Normal View History

---
- name: Install misc software
apt:
name:
- apt-transport-https
- dnsutils
- gnupg2
- htop
- less
- net-tools
- openssl
- psmisc
- pydf
- rsync
- sudo
- vim
- zsh
- name: Configure misc software
copy: src={{ item.src }} dest={{ item.dest }}
diff: no
with_items:
- { src: ".zshrc", dest: "/root/.zshrc" }
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
- { src: "motd", dest: "/etc/motd" }
- { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
- name: Set shell for root user
user: name=root shell=/bin/zsh
- name: Prevent normal users from running su
lineinfile:
path: /etc/pam.d/su
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
line: "auth required pam_wheel.so"
- name: Configure journald retention
lineinfile:
path: "/etc/systemd/journald.conf"
state: "present"
regexp: "^#?MaxRetentionSec=.*"
line: "MaxRetentionSec=7day"
notify: Restart journald
- name: Set logrotate.conf to daily
replace:
path: "/etc/logrotate.conf"
regexp: "(?:weekly|monthly)"
replace: "daily"
- name: Set logrotate.conf rotation to 7
replace:
path: "/etc/logrotate.conf"
regexp: "rotate [0-9]+"
replace: "rotate 7"
- name: Find logrotate.d configuration files
find:
paths: "/etc/logrotate.d/"
register: "logrotateconfigs"
- name: Convert found files to path list
set_fact:
alllogrotateconfigpaths: "{{ logrotateconfigs.files | map(attribute='path') | list }}"
- name: Exclude files from ansible management
set_fact:
logrotateconfigpaths: "{{ alllogrotateconfigpaths | difference(logrotate_excludes) }}"
- name: "Set logrotate.d/* to daily"
replace:
path: "{{ item }}"
regexp: "(?:weekly|monthly)"
replace: "daily"
loop: "{{ logrotateconfigpaths }}"
- name: "Set /etc/logrotate.d/* rotation to 7"
replace:
path: "{{ item }}"
regexp: "rotate [0-9]+"
replace: "rotate 7"
loop: "{{ logrotateconfigpaths }}"