127 lines
3.0 KiB
YAML
127 lines
3.0 KiB
YAML
|
# All hosts are debian 10
|
||
|
---
|
||
|
# remote
|
||
|
- hosts: remote
|
||
|
become: yes
|
||
|
handlers:
|
||
|
- import_tasks: handlers.yml
|
||
|
tasks:
|
||
|
# Core
|
||
|
- name: Install common packages
|
||
|
apt:
|
||
|
name:
|
||
|
- apt-listchanges
|
||
|
- apt-transport-https
|
||
|
- ca-certificates
|
||
|
- chrony
|
||
|
- curl
|
||
|
- git
|
||
|
- gnupg2
|
||
|
- htop
|
||
|
- iperf3
|
||
|
- mosh
|
||
|
- nmap
|
||
|
- oidentd
|
||
|
- software-properties-common
|
||
|
- speedtest-cli
|
||
|
- tmux
|
||
|
- unattended-upgrades
|
||
|
- vim
|
||
|
- weechat
|
||
|
- zsh
|
||
|
force_apt_get: yes
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Disable MOTDs
|
||
|
command: chmod -x /etc/update-motd.d/10-uname
|
||
|
args:
|
||
|
warn: false
|
||
|
|
||
|
- name: Set MOTD
|
||
|
copy:
|
||
|
src: files/motd
|
||
|
dest: /etc/motd
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
|
||
|
# TODO Change defaults
|
||
|
- name: Configure unattended-upgrades
|
||
|
copy:
|
||
|
src: files/50unattended-upgrades
|
||
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
|
||
|
- name: Enable unattended-upgrades
|
||
|
copy:
|
||
|
src: files/20auto-upgrades
|
||
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
|
||
|
- name: Disable power and reset buttons
|
||
|
copy:
|
||
|
src: files/logind.conf
|
||
|
dest: /etc/systemd/logind.conf
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
notify: Restart systemd-logind service
|
||
|
|
||
|
# Core networking
|
||
|
- name: Configure sshd_config to listen on 2222/22 and disable password auth
|
||
|
copy:
|
||
|
src: files/sshd_config
|
||
|
dest: /etc/ssh/sshd_config
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
notify: Restart sshd service
|
||
|
|
||
|
## Changes will take effect during next reboot
|
||
|
## (determined by unattended-upgrades)
|
||
|
- name: Configure sysctl with IPv6 privacy extensions
|
||
|
template:
|
||
|
src: templates/local.conf.j2
|
||
|
dest: /etc/sysctl.d/local.conf
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
|
||
|
- name: Add Docker GPG key
|
||
|
apt_key:
|
||
|
url: https://download.docker.com/linux/debian/gpg
|
||
|
|
||
|
- name: Add Docker APT repository
|
||
|
apt_repository:
|
||
|
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
|
||
|
|
||
|
- name: Install Docker CE
|
||
|
apt:
|
||
|
name:
|
||
|
- docker-ce
|
||
|
- docker-ce-cli
|
||
|
- containerd.io
|
||
|
force_apt_get: yes
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Add joe to docker group
|
||
|
user:
|
||
|
name: joe
|
||
|
groups: docker
|
||
|
append: yes
|
||
|
|
||
|
- name: Install weechat systemd service
|
||
|
copy:
|
||
|
src: files/weechat.service
|
||
|
dest: /etc/systemd/system/weechat.service
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
notify: Enable weechat service
|
||
|
|
||
|
# Clone docker repo to start services
|