forked from FF-RGB/ansible
77 lines
1.7 KiB
YAML
77 lines
1.7 KiB
YAML
---
|
|
|
|
- name: Install misc software
|
|
apt:
|
|
name:
|
|
- ca-certificates
|
|
- dnsutils
|
|
- git
|
|
- htop
|
|
- less
|
|
- mtr-tiny
|
|
- net-tools
|
|
- openssl
|
|
- psmisc
|
|
- pydf
|
|
- rsync
|
|
- sudo
|
|
- vim-nox
|
|
- zsh
|
|
- fail2ban
|
|
|
|
- name: Install software on KVM VMs
|
|
apt:
|
|
name:
|
|
- acpid
|
|
- qemu-guest-agent
|
|
when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
|
|
|
|
- name: Configure misc software
|
|
copy: src={{ item.src }} dest={{ item.dest }}
|
|
diff: no
|
|
with_items:
|
|
- { src: ".zshrc", dest: "/root/.zshrc" }
|
|
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
|
|
- { src: "motd", dest: "/etc/motd" }
|
|
- { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
|
|
|
|
- name: Set shell for root user
|
|
user: name=root shell=/bin/zsh
|
|
|
|
- name: Disable hibernation/resume
|
|
copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
|
|
notify: update-initramfs
|
|
|
|
- name: use new-style network interface names
|
|
file: path=/etc/systemd/network/{{ item }} state=absent
|
|
with_items:
|
|
- 50-virtio-kernel-names.link
|
|
- 99-default.link
|
|
notify: update-initramfs
|
|
|
|
- name: Prevent normal users from running su
|
|
lineinfile:
|
|
path: /etc/pam.d/su
|
|
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
|
|
line: "auth required pam_wheel.so"
|
|
|
|
- name: Configure journald retention
|
|
lineinfile:
|
|
path: "/etc/systemd/journald.conf"
|
|
state: "present"
|
|
regexp: "^#?MaxRetentionSec=.*"
|
|
line: "MaxRetentionSec=7day"
|
|
notify: Restart journald
|
|
|
|
- name: Set logrotate.conf to daily
|
|
replace:
|
|
path: "/etc/logrotate.conf"
|
|
regexp: "(?:weekly|monthly)"
|
|
replace: "daily"
|
|
|
|
- name: Set logrotate.conf rotation to 7
|
|
replace:
|
|
path: "/etc/logrotate.conf"
|
|
regexp: "rotate [0-9]+"
|
|
replace: "rotate 7"
|