78 lines
1.8 KiB
YAML
78 lines
1.8 KiB
YAML
---
|
|
|
|
- name: Install misc software
|
|
pacman:
|
|
name:
|
|
- htop
|
|
- less
|
|
- net-tools
|
|
- openssl
|
|
- rsync
|
|
- sudo
|
|
- vim
|
|
- zsh
|
|
- logrotate
|
|
|
|
- name: Configure misc software
|
|
copy: src={{ item.src }} dest={{ item.dest }}
|
|
diff: no
|
|
with_items:
|
|
- { src: ".zshrc", dest: "/root/.zshrc" }
|
|
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
|
|
|
|
- name: Set shell for root user
|
|
user: name=root shell=/bin/zsh
|
|
|
|
- name: Prevent normal users from running su
|
|
lineinfile:
|
|
path: /etc/pam.d/su
|
|
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
|
|
line: "auth required pam_wheel.so"
|
|
|
|
- name: Configure journald retention
|
|
lineinfile:
|
|
path: "/etc/systemd/journald.conf"
|
|
state: "present"
|
|
regexp: "^#?MaxRetentionSec=.*"
|
|
line: "MaxRetentionSec=7day"
|
|
notify: Restart journald
|
|
|
|
- name: Set logrotate.conf to daily
|
|
replace:
|
|
path: "/etc/logrotate.conf"
|
|
regexp: "(?:weekly|monthly)"
|
|
replace: "daily"
|
|
|
|
- name: Set logrotate.conf rotation to 7
|
|
replace:
|
|
path: "/etc/logrotate.conf"
|
|
regexp: "rotate [0-9]+"
|
|
replace: "rotate 7"
|
|
|
|
- name: Find logrotate.d configuration files
|
|
find:
|
|
paths: "/etc/logrotate.d/"
|
|
register: "logrotateconfigs"
|
|
|
|
- name: Convert found files to path list
|
|
set_fact:
|
|
alllogrotateconfigpaths: "{{ logrotateconfigs.files | map(attribute='path') | list }}"
|
|
|
|
- name: Exclude files from ansible management
|
|
set_fact:
|
|
logrotateconfigpaths: "{{ alllogrotateconfigpaths | difference(logrotate_excludes) }}"
|
|
|
|
- name: "Set logrotate.d/* to daily"
|
|
replace:
|
|
path: "{{ item }}"
|
|
regexp: "(?:weekly|monthly)"
|
|
replace: "daily"
|
|
loop: "{{ logrotateconfigpaths }}"
|
|
|
|
- name: "Set /etc/logrotate.d/* rotation to 7"
|
|
replace:
|
|
path: "{{ item }}"
|
|
regexp: "rotate [0-9]+"
|
|
replace: "rotate 7"
|
|
loop: "{{ logrotateconfigpaths }}"
|