2015-12-13 18:54:49 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Install misc software
|
2020-11-13 17:39:47 +01:00
|
|
|
apt:
|
|
|
|
name:
|
2021-08-02 12:04:14 +02:00
|
|
|
- apt-transport-https
|
2024-11-20 18:15:36 +01:00
|
|
|
- debian-goodies
|
2020-11-13 17:39:47 +01:00
|
|
|
- dnsutils
|
2022-04-22 15:18:33 +02:00
|
|
|
- fdisk
|
2021-08-16 17:17:16 +02:00
|
|
|
- gnupg2
|
2020-11-13 17:39:47 +01:00
|
|
|
- htop
|
|
|
|
- less
|
|
|
|
- net-tools
|
|
|
|
- openssl
|
|
|
|
- psmisc
|
|
|
|
- pydf
|
|
|
|
- rsync
|
|
|
|
- sudo
|
2024-11-20 18:15:36 +01:00
|
|
|
- unattended-upgrades
|
2020-11-13 17:39:47 +01:00
|
|
|
- vim-nox
|
2023-07-17 16:24:50 +02:00
|
|
|
- wget
|
2020-11-13 17:39:47 +01:00
|
|
|
- zsh
|
2015-12-13 18:54:49 +01:00
|
|
|
|
2019-09-12 12:00:59 +02:00
|
|
|
- name: Install software on KVM VMs
|
2020-11-13 17:39:47 +01:00
|
|
|
apt:
|
|
|
|
name:
|
|
|
|
- acpid
|
|
|
|
- qemu-guest-agent
|
2018-05-02 12:11:31 +02:00
|
|
|
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
|
2018-05-01 11:47:57 +02:00
|
|
|
|
2024-11-20 18:15:36 +01:00
|
|
|
- name: Configure unattended upgrades
|
|
|
|
template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
|
|
|
|
with_items:
|
|
|
|
- 02periodic
|
|
|
|
- 50unattended-upgrades
|
|
|
|
|
2015-12-13 18:54:49 +01:00
|
|
|
- name: Configure misc software
|
|
|
|
copy: src={{ item.src }} dest={{ item.dest }}
|
2020-01-20 15:56:29 +01:00
|
|
|
diff: no
|
2015-12-13 18:54:49 +01:00
|
|
|
with_items:
|
2021-11-03 18:29:04 +01:00
|
|
|
- { src: ".zshrc", dest: "/root/.zshrc" }
|
|
|
|
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
|
|
|
|
- { src: "motd", dest: "/etc/motd" }
|
|
|
|
- { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
|
2015-12-13 18:54:49 +01:00
|
|
|
|
|
|
|
- name: Set shell for root user
|
|
|
|
user: name=root shell=/bin/zsh
|
2016-03-03 08:09:26 +01:00
|
|
|
|
2017-07-03 09:48:25 +02:00
|
|
|
- name: Disable hibernation/resume
|
|
|
|
copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
|
|
|
|
notify: update-initramfs
|
2018-06-13 14:43:13 +02:00
|
|
|
|
2021-07-31 00:12:22 +02:00
|
|
|
- name: Enable serial console on KVM VMs
|
|
|
|
lineinfile:
|
|
|
|
path: "/etc/default/grub"
|
|
|
|
state: "present"
|
|
|
|
regexp: "^#?GRUB_CMDLINE_LINUX=.*"
|
|
|
|
line: "GRUB_CMDLINE_LINUX=\"console=ttyS0,115200 console=tty0\""
|
|
|
|
notify: update-grub
|
|
|
|
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
|
|
|
|
|
2018-06-13 14:43:13 +02:00
|
|
|
- name: Prevent normal users from running su
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/pam.d/su
|
2021-11-03 18:29:04 +01:00
|
|
|
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
|
|
|
|
line: "auth required pam_wheel.so"
|
2020-01-27 20:35:23 +01:00
|
|
|
|
|
|
|
- name: Configure journald retention
|
|
|
|
lineinfile:
|
|
|
|
path: "/etc/systemd/journald.conf"
|
|
|
|
state: "present"
|
|
|
|
regexp: "^#?MaxRetentionSec=.*"
|
|
|
|
line: "MaxRetentionSec=7day"
|
|
|
|
notify: Restart journald
|
2020-02-02 20:57:28 +01:00
|
|
|
|
2020-02-03 19:37:43 +01:00
|
|
|
- name: Set logrotate.conf to daily
|
|
|
|
replace:
|
|
|
|
path: "/etc/logrotate.conf"
|
|
|
|
regexp: "(?:weekly|monthly)"
|
|
|
|
replace: "daily"
|
|
|
|
|
|
|
|
- name: Set logrotate.conf rotation to 7
|
|
|
|
replace:
|
|
|
|
path: "/etc/logrotate.conf"
|
|
|
|
regexp: "rotate [0-9]+"
|
|
|
|
replace: "rotate 7"
|
|
|
|
|
|
|
|
- name: Find logrotate.d configuration files
|
|
|
|
find:
|
|
|
|
paths: "/etc/logrotate.d/"
|
|
|
|
register: "logrotateconfigs"
|
|
|
|
|
2020-02-04 15:01:13 +01:00
|
|
|
- name: Convert found files to path list
|
|
|
|
set_fact:
|
|
|
|
alllogrotateconfigpaths: "{{ logrotateconfigs.files | map(attribute='path') | list }}"
|
|
|
|
|
|
|
|
- name: Exclude files from ansible management
|
|
|
|
set_fact:
|
|
|
|
logrotateconfigpaths: "{{ alllogrotateconfigpaths | difference(logrotate_excludes) }}"
|
|
|
|
|
2021-11-03 18:29:04 +01:00
|
|
|
- name: "Set logrotate.d/* to daily"
|
2020-02-03 19:37:43 +01:00
|
|
|
replace:
|
|
|
|
path: "{{ item }}"
|
|
|
|
regexp: "(?:weekly|monthly)"
|
|
|
|
replace: "daily"
|
2020-02-04 15:01:13 +01:00
|
|
|
loop: "{{ logrotateconfigpaths }}"
|
2020-02-03 19:37:43 +01:00
|
|
|
|
2021-11-03 18:29:04 +01:00
|
|
|
- name: "Set /etc/logrotate.d/* rotation to 7"
|
2020-02-03 19:37:43 +01:00
|
|
|
replace:
|
|
|
|
path: "{{ item }}"
|
|
|
|
regexp: "rotate [0-9]+"
|
|
|
|
replace: "rotate 7"
|
2020-02-04 15:01:13 +01:00
|
|
|
loop: "{{ logrotateconfigpaths }}"
|
2022-09-02 14:53:05 +02:00
|
|
|
|
2024-01-22 17:15:28 +01:00
|
|
|
- name: Configure sshd
|
2022-09-02 14:53:05 +02:00
|
|
|
template:
|
|
|
|
src: sshd_config.j2
|
|
|
|
dest: /etc/ssh/sshd_config
|
2022-08-01 21:30:33 +02:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2022-09-02 14:53:05 +02:00
|
|
|
notify: Restart sshd
|