248 lines
5.4 KiB
YAML
248 lines
5.4 KiB
YAML
---
|
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
|
|
|
# pre dependencies:
|
|
|
|
- name: "aptitude should clean on install/upgrades"
|
|
copy:
|
|
dest: /etc/apt/apt.conf.d/99AutomaticClean
|
|
content: |
|
|
Aptitude::Clean-After-Install "{{value}}";
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
vars:
|
|
value: "{{'true' if true == apt_clean_after_install or apt_proxy is defined else 'false'}}"
|
|
- name: "Use proxy for apt http"
|
|
when: "apt_proxy is defined"
|
|
copy:
|
|
dest: /etc/apt/apt.conf.d/99proxy
|
|
content: |
|
|
Acquire::http { Proxy {{apt_proxy|quote()}}; }
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
- name: install packages
|
|
apt:
|
|
force: no
|
|
name:
|
|
- aptitude
|
|
- set_fact:
|
|
crap_packages:
|
|
- cloud-init
|
|
- vim-tiny
|
|
- landscape-common
|
|
- snapd
|
|
- ubuntu-advantage-tools
|
|
- unattended-upgrades
|
|
- name: remove unwanted packages
|
|
apt:
|
|
state: absent
|
|
name: '{{crap_packages}}'
|
|
- name: stay away packages
|
|
dpkg_selections:
|
|
selection: hold
|
|
name: '{{item}}'
|
|
with_items: '{{crap_packages}}'
|
|
- name: safe-upgrade
|
|
apt:
|
|
upgrade: safe
|
|
update_cache: yes
|
|
|
|
# check capabilities:
|
|
|
|
- name: check mailer
|
|
shell: |
|
|
aptitude search '~Pmail-transport-agent' | sed -ne '/^i/{s/^i *//;s/^ *.*//;s/ *.*//;p}' | grep \\S
|
|
register: mailer
|
|
failed_when: "mailer.rc != 1 and mailer.rc != 0"
|
|
changed_when: 'false'
|
|
|
|
- set_fact:
|
|
has_nullmailer: '{{mailer.rc == 1 or mailer.stdout=="nullmailer"}}'
|
|
|
|
# installation packages:
|
|
|
|
- name: install packages
|
|
apt:
|
|
force: no
|
|
name: '{{lookup("flattened", items)}}'
|
|
update_cache: yes
|
|
vars:
|
|
items:
|
|
- ack
|
|
- '{{ [] if is_virt_guest else ["chrony", "smartmontools"] }}'
|
|
- cron-apt
|
|
- curl
|
|
- etckeeper
|
|
- file
|
|
- fizsh
|
|
- git
|
|
- gpgconf
|
|
- haveged
|
|
- htop
|
|
- inetutils-ping
|
|
- inetutils-traceroute
|
|
- knot-dnsutils
|
|
- krb5-user
|
|
- ldap-utils
|
|
- locales
|
|
- lsof
|
|
- lvm2
|
|
- mosh
|
|
- mtr-tiny
|
|
- ncdu
|
|
- net-tools
|
|
- '{{ ["nullmailer"] if has_nullmailer else [] }}'
|
|
- openssh-server
|
|
- progress
|
|
- pv
|
|
- '{{ ["rng-tools"] if has_hwrng else [] }}'
|
|
- rsync
|
|
- rsyslog
|
|
- socat
|
|
- sudo
|
|
- systemd
|
|
- systemd-sysv
|
|
- tmux
|
|
- tzdata
|
|
- unzip
|
|
- usrmerge
|
|
- vim-nox
|
|
- '{{ [] if is_container else ["xfsdump", "xfsprogs"] }}'
|
|
- '{{ needed_debs if needed_debs is defined else [] }}'
|
|
- '{{ logcompress_algo if logcompress_algo else [] }}'
|
|
|
|
# remove garbage:
|
|
|
|
- name: 'no ubuntu adverts'
|
|
when: '"ubuntu" == ansible_distribution'
|
|
block:
|
|
- name: no ubuntu-motd-adverts
|
|
lineinfile:
|
|
path: /etc/default/motd-news
|
|
line: ENABLED=0
|
|
regexp: '^ENABLED='
|
|
create: yes
|
|
- name: no ubuntu-cloudguest-adverts
|
|
file:
|
|
path: /etc/update-motd.d/51-cloudguest
|
|
state: absent
|
|
- name: 'no ubuntu-"documentation"-adverts'
|
|
copy:
|
|
dest: /etc/update-motd.d/10-help-text
|
|
mode: 0644
|
|
content: ''
|
|
|
|
# configure system:
|
|
|
|
- name: set alternatives
|
|
alternatives:
|
|
name: "{{item.key}}"
|
|
path: "{{item.value}}"
|
|
with_dict:
|
|
editor: /usr/bin/vim.nox
|
|
vim: /usr/bin/vim.nox
|
|
vimdiff: /usr/bin/vim.nox
|
|
vi: /usr/bin/vim.nox
|
|
view: /usr/bin/vim.nox
|
|
|
|
- name: copy configs
|
|
copy:
|
|
src: "{{item.key}}"
|
|
dest: "{{item.value}}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_dict:
|
|
cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d/6-upgrade
|
|
cron-apt/cron-apt.service: /etc/systemd/system/cron-apt.service
|
|
cron-apt/cron-apt.timer: /etc/systemd/system/cron-apt.timer
|
|
notify:
|
|
- restart services
|
|
|
|
- name: no cron-apt crontabs
|
|
lineinfile:
|
|
path: /etc/cron.d/cron-apt
|
|
line: '# 0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt'
|
|
regexp: '^\s*[^#].*/usr/sbin/cron-apt'
|
|
|
|
- name: copy configs
|
|
template:
|
|
src: "{{item.key}}"
|
|
dest: "{{item.value}}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_dict:
|
|
cron-apt/config.j2: /etc/cron-apt/config
|
|
notify:
|
|
- restart services
|
|
|
|
- name: generates locales
|
|
community.general.locale_gen:
|
|
name: "{{locales}}"
|
|
state: present
|
|
- name: default locale
|
|
copy:
|
|
dest: /etc/default/locale
|
|
content: |
|
|
LANG={{locale_default | default("C") | mandatory}}
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- include_tasks: sshd_config.yml
|
|
- include_tasks: ohmyzsh.yml
|
|
- include_tasks: systemd.yml
|
|
- include_tasks: users.yml
|
|
|
|
- name: update timezone
|
|
command: dpkg-reconfigure --frontend noninteractive tzdata
|
|
|
|
- name: setup mailname
|
|
copy:
|
|
dest: /etc/mailname
|
|
content: |
|
|
{{sys_mailname | default(ansible_fqdn) | mandatory}}
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
- name: setup nullmailer remote
|
|
when: "mailer.changed"
|
|
copy:
|
|
dest: /etc/nullmailer/remotes
|
|
content: |
|
|
{{mail_relay_host}} smtp
|
|
owner: root
|
|
group: mail
|
|
mode: 0640
|
|
notify:
|
|
- restart nullmailer
|
|
|
|
- name: setup nullmailer domain
|
|
when: "mailer.changed"
|
|
copy:
|
|
dest: /etc/nullmailer/defaultdomain
|
|
content: 'denkn.at'
|
|
owner: root
|
|
group: mail
|
|
mode: 0640
|
|
notify:
|
|
- restart nullmailer
|
|
|
|
- name: 'dig -> kdig and other knot-utils'
|
|
file:
|
|
state: link
|
|
path: '/usr/local/bin/{{item}}'
|
|
src: '../../bin/k{{item}}'
|
|
with_items: [dig, nsupdate]
|
|
|
|
- name: enable service
|
|
systemd:
|
|
name: '{{item}}'
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- ssh.service
|
|
- cron-apt.timer
|