123 lines
2.9 KiB
YAML
Raw Permalink Normal View History

2015-12-13 18:54:49 +01:00
---
- name: Install misc software
2020-11-13 17:39:47 +01:00
apt:
name:
- apt-transport-https
2024-11-20 18:15:36 +01:00
- debian-goodies
2020-11-13 17:39:47 +01:00
- dnsutils
2022-04-22 15:18:33 +02:00
- fdisk
- gnupg2
2020-11-13 17:39:47 +01:00
- htop
- less
- net-tools
- openssl
- psmisc
- pydf
- rsync
- sudo
2024-11-20 18:15:36 +01:00
- unattended-upgrades
2020-11-13 17:39:47 +01:00
- vim-nox
2023-07-17 16:24:50 +02:00
- wget
2020-11-13 17:39:47 +01:00
- zsh
2015-12-13 18:54:49 +01:00
- name: Install software on KVM VMs
2020-11-13 17:39:47 +01:00
apt:
name:
- acpid
- qemu-guest-agent
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
2018-05-01 11:47:57 +02:00
2024-11-20 18:15:36 +01:00
- name: Configure unattended upgrades
template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
with_items:
- 02periodic
- 50unattended-upgrades
2015-12-13 18:54:49 +01:00
- name: Configure misc software
copy: src={{ item.src }} dest={{ item.dest }}
diff: no
2015-12-13 18:54:49 +01:00
with_items:
2021-11-03 18:29:04 +01:00
- { src: ".zshrc", dest: "/root/.zshrc" }
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
- { src: "motd", dest: "/etc/motd" }
- { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
2015-12-13 18:54:49 +01:00
- name: Set shell for root user
user: name=root shell=/bin/zsh
2016-03-03 08:09:26 +01:00
- name: Disable hibernation/resume
copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
notify: update-initramfs
- name: Enable serial console on KVM VMs
lineinfile:
path: "/etc/default/grub"
state: "present"
regexp: "^#?GRUB_CMDLINE_LINUX=.*"
line: "GRUB_CMDLINE_LINUX=\"console=ttyS0,115200 console=tty0\""
notify: update-grub
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
- name: Prevent normal users from running su
lineinfile:
path: /etc/pam.d/su
2021-11-03 18:29:04 +01:00
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
line: "auth required pam_wheel.so"
- name: Configure journald retention
lineinfile:
path: "/etc/systemd/journald.conf"
state: "present"
regexp: "^#?MaxRetentionSec=.*"
line: "MaxRetentionSec=7day"
notify: Restart journald
- name: Set logrotate.conf to daily
replace:
path: "/etc/logrotate.conf"
regexp: "(?:weekly|monthly)"
replace: "daily"
- name: Set logrotate.conf rotation to 7
replace:
path: "/etc/logrotate.conf"
regexp: "rotate [0-9]+"
replace: "rotate 7"
- name: Find logrotate.d configuration files
find:
paths: "/etc/logrotate.d/"
register: "logrotateconfigs"
- name: Convert found files to path list
set_fact:
alllogrotateconfigpaths: "{{ logrotateconfigs.files | map(attribute='path') | list }}"
- name: Exclude files from ansible management
set_fact:
logrotateconfigpaths: "{{ alllogrotateconfigpaths | difference(logrotate_excludes) }}"
2021-11-03 18:29:04 +01:00
- name: "Set logrotate.d/* to daily"
replace:
path: "{{ item }}"
regexp: "(?:weekly|monthly)"
replace: "daily"
loop: "{{ logrotateconfigpaths }}"
2021-11-03 18:29:04 +01:00
- name: "Set /etc/logrotate.d/* rotation to 7"
replace:
path: "{{ item }}"
regexp: "rotate [0-9]+"
replace: "rotate 7"
loop: "{{ logrotateconfigpaths }}"
2022-09-02 14:53:05 +02:00
2024-01-22 17:15:28 +01:00
- name: Configure sshd
2022-09-02 14:53:05 +02:00
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
2022-08-01 21:30:33 +02:00
owner: root
group: root
mode: '0644'
2022-09-02 14:53:05 +02:00
notify: Restart sshd