--- - name: Install misc software apt: name={{ item }} loop: - dnsutils - htop - less - net-tools - openssl - psmisc - pydf - rsync - sudo - vim-nox - zsh - name: Install software on KVM VMs apt: name={{ item }} loop: - acpid - qemu-guest-agent when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" - name: Configure misc software copy: src={{ item.src }} dest={{ item.dest }} diff: no loop: - { src: '.zshrc', dest: '/root/.zshrc' } - { src: '.zshrc.local', dest: '/root/.zshrc.local' } - { src: 'motd', dest: '/etc/motd' } - { src: 'vimrc.local', dest: '/etc/vim/vimrc.local' } - name: Set shell for root user user: name=root shell=/bin/zsh - name: Create LDAP client config template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=0644 - name: Disable hibernation/resume copy: src=resume dest=/etc/initramfs-tools/conf.d/resume notify: update-initramfs # TODO template /etc/network/interfaces - name: Fix network interface names copy: src={{ item }} dest=/etc/systemd/network/{{ item }} loop: - 50-virtio-kernel-names.link - 99-default.link notify: update-initramfs - name: Prevent normal users from running su lineinfile: path: /etc/pam.d/su regexp: '^.*auth\s+required\s+pam_wheel.so$' line: 'auth required pam_wheel.so' - name: Configure journald retention lineinfile: path: "/etc/systemd/journald.conf" state: "present" regexp: "^#?MaxRetentionSec=.*" line: "MaxRetentionSec=7day" notify: Restart journald - name: Set logrotate.conf to daily replace: path: "/etc/logrotate.conf" regexp: "(?:weekly|monthly)" replace: "daily" - name: Set logrotate.conf rotation to 7 replace: path: "/etc/logrotate.conf" regexp: "rotate [0-9]+" replace: "rotate 7" - name: Find logrotate.d configuration files find: paths: "/etc/logrotate.d/" register: "logrotateconfigs" - name: Convert found files to path list set_fact: alllogrotateconfigpaths: "{{ logrotateconfigs.files | map(attribute='path') | list }}" - name: Exclude files from ansible management set_fact: logrotateconfigpaths: "{{ alllogrotateconfigpaths | difference(logrotate_excludes) }}" - name: 'Set logrotate.d/* to daily' replace: path: "{{ item }}" regexp: "(?:weekly|monthly)" replace: "daily" loop: "{{ logrotateconfigpaths }}" - name: 'Set /etc/logrotate.d/* rotation to 7' replace: path: "{{ item }}" regexp: "rotate [0-9]+" replace: "rotate 7" loop: "{{ logrotateconfigpaths }}"