--- # vim: set expandtab tabstop=2 shiftwidth=2: # pre dependencies: - name: "aptitude should clean on install/upgrades" copy: dest: /etc/apt/apt.conf.d/99AutomaticClean content: | Aptitude::Clean-After-Install "{{value}}"; owner: root group: root mode: 0644 vars: value: "{{'true' if true == apt_clean_after_install or apt_proxy is defined else 'false'}}" - name: "Use proxy for apt http" when: "apt_proxy is defined" copy: dest: /etc/apt/apt.conf.d/99proxy content: | Acquire::http { Proxy {{apt_proxy|quote()}}; } owner: root group: root mode: 0644 - name: install packages apt: force: no name: - aptitude - when: '"ubuntu" != ansible_distribution' set_fact: crap_packages: - vim-tiny - snapd - when: '"ubuntu" == ansible_distribution' set_fact: crap_packages: - cloud-init - vim-tiny - landscape-common - snapd - ubuntu-advantage-tools - unattended-upgrades - name: remove unwanted packages apt: state: absent name: '{{crap_packages}}' - name: stay away packages dpkg_selections: selection: hold name: '{{item}}' with_items: '{{crap_packages}}' - name: safe-upgrade apt: upgrade: safe update_cache: yes # check capabilities: - name: check mailer shell: | aptitude search '~Pmail-transport-agent' | sed -ne '/^i/{s/^i *//;s/^ *.*//;s/ *.*//;p}' | grep \\S register: mailer failed_when: "mailer.rc != 1 and mailer.rc != 0" changed_when: 'false' - set_fact: has_nullmailer: '{{mailer.rc == 1 or mailer.stdout=="nullmailer"}}' # installation packages: - name: install packages apt: force: no name: '{{lookup("flattened", items)}}' update_cache: yes vars: items: - ack - '{{ [] if is_virt_guest else ["chrony", "smartmontools"] }}' - cron-apt - curl - etckeeper - file - fizsh - git - gpgconf - haveged - htop - inetutils-ping - inetutils-traceroute - knot-dnsutils - krb5-user - ldap-utils - locales - lsof - lvm2 - lzip - mosh - mtr-tiny - ncdu - net-tools - '{{ ["nullmailer"] if has_nullmailer else [] }}' - openssh-server - progress - pv - '{{ ["rng-tools"] if has_hwrng else [] }}' - rsync - rsyslog - socat - sudo - systemd - systemd-sysv - tmux - tzdata - unzip - usrmerge - vim-nox - zstd - '{{ [] if is_container else ["xfsdump", "xfsprogs"] }}' - '{{ needed_debs if needed_debs is defined else [] }}' - '{{ logcompress_algo if logcompress_algo else [] }}' # remove garbage: - name: 'no ubuntu adverts' when: '"ubuntu" == ansible_distribution' block: - name: no ubuntu-motd-adverts lineinfile: path: /etc/default/motd-news line: ENABLED=0 regexp: '^ENABLED=' create: yes - name: no ubuntu-cloudguest-adverts file: path: /etc/update-motd.d/51-cloudguest state: absent - name: 'no ubuntu-"documentation"-adverts' copy: dest: /etc/update-motd.d/10-help-text mode: 0644 content: '' # configure system: - name: set alternatives alternatives: name: "{{item.key}}" path: "{{item.value}}" with_dict: editor: /usr/bin/vim.nox vim: /usr/bin/vim.nox vimdiff: /usr/bin/vim.nox vi: /usr/bin/vim.nox view: /usr/bin/vim.nox - name: copy configs copy: src: "{{item.key}}" dest: "{{item.value}}" owner: root group: root mode: 0644 with_dict: cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d/6-upgrade cron-apt/cron-apt.service: /etc/systemd/system/cron-apt.service cron-apt/cron-apt.timer: /etc/systemd/system/cron-apt.timer notify: - restart services - name: no cron-apt crontabs lineinfile: path: /etc/cron.d/cron-apt line: '# 0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt' regexp: '^\s*[^#].*/usr/sbin/cron-apt' - name: copy configs template: src: "{{item.key}}" dest: "{{item.value}}" owner: root group: root mode: 0644 with_dict: cron-apt/config.j2: /etc/cron-apt/config notify: - restart services - name: generates locales community.general.locale_gen: name: "{{locales}}" state: present - name: default locale copy: dest: /etc/default/locale content: | LANG={{locale_default | default("C") | mandatory}} owner: root group: root mode: 0644 - include_tasks: sshd_config.yml - include_tasks: ohmyzsh.yml - include_tasks: systemd.yml - include_tasks: users.yml - name: update timezone command: dpkg-reconfigure --frontend noninteractive tzdata - name: setup mailname copy: dest: /etc/mailname content: | {{sys_mailname | default(ansible_fqdn) | mandatory}} owner: root group: root mode: 0644 - name: setup nullmailer remote when: "mailer.changed" copy: dest: /etc/nullmailer/remotes content: | {{mail_relay_host}} smtp owner: root group: mail mode: 0640 notify: - restart nullmailer - name: setup nullmailer domain when: "mailer.changed" copy: dest: /etc/nullmailer/defaultdomain content: 'denkn.at' owner: root group: mail mode: 0640 notify: - restart nullmailer - name: 'dig -> kdig and other knot-utils' file: state: link path: '/usr/local/bin/{{item}}' src: '../../bin/k{{item}}' with_items: [dig, nsupdate] - name: enable service systemd: name: '{{item}}' enabled: yes state: started with_items: - ssh.service - cron-apt.timer