ansible-role-system/tasks/os-debian.yml
2024-09-19 23:48:29 +02:00

248 lines
5.4 KiB
YAML

---
# vim: set expandtab tabstop=2 shiftwidth=2:
# pre dependencies:
- name: "aptitude should clean on install/upgrades"
copy:
dest: /etc/apt/apt.conf.d/99AutomaticClean
content: |
Aptitude::Clean-After-Install "{{value}}";
owner: root
group: root
mode: 0644
vars:
value: "{{'true' if true == apt_clean_after_install or apt_proxy is defined else 'false'}}"
- name: "Use proxy for apt http"
when: "apt_proxy is defined"
copy:
dest: /etc/apt/apt.conf.d/99proxy
content: |
Acquire::http { Proxy {{apt_proxy|quote()}}; }
owner: root
group: root
mode: 0644
- name: install packages
apt:
force: no
name:
- aptitude
- set_fact:
crap_packages:
- cloud-init
- vim-tiny
- landscape-common
- snapd
- ubuntu-advantage-tools
- unattended-upgrades
- name: remove unwanted packages
apt:
state: absent
name: '{{crap_packages}}'
- name: stay away packages
dpkg_selections:
selection: hold
name: '{{item}}'
with_items: '{{crap_packages}}'
- name: safe-upgrade
apt:
upgrade: safe
update_cache: yes
# check capabilities:
- name: check mailer
shell: |
aptitude search '~Pmail-transport-agent' | sed -ne '/^i/{s/^i *//;s/^ *.*//;s/ *.*//;p}' | grep \\S
register: mailer
failed_when: "mailer.rc != 1 and mailer.rc != 0"
changed_when: 'false'
- set_fact:
has_nullmailer: '{{mailer.rc == 1 or mailer.stdout=="nullmailer"}}'
# installation packages:
- name: install packages
apt:
force: no
name: '{{lookup("flattened", items)}}'
update_cache: yes
vars:
items:
- ack
- '{{ [] if is_virt_guest else ["chrony", "smartmontools"] }}'
- cron-apt
- curl
- etckeeper
- file
- fizsh
- git
- gpgconf
- haveged
- htop
- inetutils-ping
- inetutils-traceroute
- knot-dnsutils
- krb5-user
- ldap-utils
- locales
- lsof
- lvm2
- mosh
- mtr-tiny
- ncdu
- net-tools
- '{{ ["nullmailer"] if has_nullmailer else [] }}'
- openssh-server
- progress
- pv
- '{{ ["rng-tools"] if has_hwrng else [] }}'
- rsync
- rsyslog
- socat
- sudo
- systemd
- systemd-sysv
- tmux
- tzdata
- unzip
- usrmerge
- vim-nox
- '{{ [] if is_container else ["xfsdump", "xfsprogs"] }}'
- '{{ needed_debs if needed_debs is defined else [] }}'
- '{{ logcompress_algo if logcompress_algo else [] }}'
# remove garbage:
- name: 'no ubuntu adverts'
when: '"ubuntu" == ansible_distribution'
block:
- name: no ubuntu-motd-adverts
lineinfile:
path: /etc/default/motd-news
line: ENABLED=0
regexp: '^ENABLED='
create: yes
- name: no ubuntu-cloudguest-adverts
file:
path: /etc/update-motd.d/51-cloudguest
state: absent
- name: 'no ubuntu-"documentation"-adverts'
copy:
dest: /etc/update-motd.d/10-help-text
mode: 0644
content: ''
# configure system:
- name: set alternatives
alternatives:
name: "{{item.key}}"
path: "{{item.value}}"
with_dict:
editor: /usr/bin/vim.nox
vim: /usr/bin/vim.nox
vimdiff: /usr/bin/vim.nox
vi: /usr/bin/vim.nox
view: /usr/bin/vim.nox
- name: copy configs
copy:
src: "{{item.key}}"
dest: "{{item.value}}"
owner: root
group: root
mode: 0644
with_dict:
cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d/6-upgrade
cron-apt/cron-apt.service: /etc/systemd/system/cron-apt.service
cron-apt/cron-apt.timer: /etc/systemd/system/cron-apt.timer
notify:
- restart services
- name: no cron-apt crontabs
lineinfile:
path: /etc/cron.d/cron-apt
line: '# 0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt'
regexp: '^\s*[^#].*/usr/sbin/cron-apt'
- name: copy configs
template:
src: "{{item.key}}"
dest: "{{item.value}}"
owner: root
group: root
mode: 0644
with_dict:
cron-apt/config.j2: /etc/cron-apt/config
notify:
- restart services
- name: generates locales
community.general.locale_gen:
name: "{{locales}}"
state: present
- name: default locale
copy:
dest: /etc/default/locale
content: |
LANG={{locale_default | default("C") | mandatory}}
owner: root
group: root
mode: 0644
- include_tasks: sshd_config.yml
- include_tasks: ohmyzsh.yml
- include_tasks: systemd.yml
- include_tasks: users.yml
- name: update timezone
command: dpkg-reconfigure --frontend noninteractive tzdata
- name: setup mailname
copy:
dest: /etc/mailname
content: |
{{sys_mailname | default(ansible_fqdn) | mandatory}}
owner: root
group: root
mode: 0644
- name: setup nullmailer remote
when: "mailer.changed"
copy:
dest: /etc/nullmailer/remotes
content: |
{{mail_relay_host}} smtp
owner: root
group: mail
mode: 0640
notify:
- restart nullmailer
- name: setup nullmailer domain
when: "mailer.changed"
copy:
dest: /etc/nullmailer/defaultdomain
content: 'denkn.at'
owner: root
group: mail
mode: 0640
notify:
- restart nullmailer
- name: 'dig -> kdig and other knot-utils'
file:
state: link
path: '/usr/local/bin/{{item}}'
src: '../../bin/k{{item}}'
with_items: [dig, nsupdate]
- name: enable service
systemd:
name: '{{item}}'
enabled: yes
state: started
with_items:
- ssh.service
- cron-apt.timer