first changes
This commit is contained in:
rene
53
roles/base/tasks/ansible_setup.yml
Normal file
53
roles/base/tasks/ansible_setup.yml
Normal file
@@ -0,0 +1,53 @@
|
||||
- name: ansible setup | ensure ansible is the latest version
|
||||
tags: ansible,ansible-setup
|
||||
package:
|
||||
name: ansible
|
||||
state: latest
|
||||
|
||||
- name: ansible setup | install required packages
|
||||
tags: ansible,ansible-setup,packages
|
||||
package:
|
||||
name:
|
||||
- "{{ dconf_package }}"
|
||||
- "{{ python_psutil_package }}"
|
||||
|
||||
# Note: For Arch, the requirement is met by a dependency of systemd, only necessary on Debian-based
|
||||
- name: ansible setup | install acl package
|
||||
tags: ansible,ansible-setup,packages
|
||||
package:
|
||||
name: acl
|
||||
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
|
||||
|
||||
- name: ansible:setup | create ansible log file
|
||||
tags: ansible,ansible-setup
|
||||
file:
|
||||
path: /var/log/ansible.log
|
||||
owner: rene
|
||||
group: ansible
|
||||
mode: 0664
|
||||
state: touch
|
||||
changed_when: False
|
||||
|
||||
- name: ansible setup | add logrotate config for ansible log file
|
||||
tags: ansible-setup
|
||||
copy:
|
||||
src: files/ansible-setup/logrotate
|
||||
dest: /etc/logrotate.d/ansible
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: ansible setup | remove default ansible directory (/etc/ansible) from host
|
||||
tags: ansible,ansible-setup
|
||||
file:
|
||||
path: /etc/ansible
|
||||
state: absent
|
||||
|
||||
- name: ansible setup | generate provision script from template
|
||||
tags: ansible,ansible-setup,scripts
|
||||
template:
|
||||
src: provision.sh.j2
|
||||
dest: /usr/local/bin/provision
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
31
roles/base/tasks/main.yml
Normal file
31
roles/base/tasks/main.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
# Load distro-specific variables
|
||||
- include_vars: "{{ ansible_distribution }}.yml
|
||||
tags: always
|
||||
|
||||
- block:
|
||||
# Make sure users exist on the system
|
||||
- import_tasks: users/rene.yml
|
||||
- import_tasks: users/root.yml
|
||||
|
||||
# Set up the ansible environment
|
||||
- import_tasks: ansible_setup.yml
|
||||
|
||||
# install software
|
||||
- import_tasks: software/repositories.yml
|
||||
- import_tasks: software/packages_development.yml
|
||||
- import_tasks: software/packages_cleanup.yml
|
||||
- import_tasks: software/packages_pip.yml
|
||||
- import_tasks: software/packages_utilities.yml
|
||||
|
||||
# Perform remeining tasks:
|
||||
- import_tasks: system_setup/clock.yml
|
||||
- import_tasks: system_setup/cron.yml
|
||||
- import_tasks: system_setup/locale.yml
|
||||
- import_tasks: system_setup/logging.yml
|
||||
- import_tasks: system_setup/memory.yml
|
||||
- import_tasks: system_setup/microcode.yml
|
||||
- import_tasks: system_setup/openssh.yml
|
||||
- import_tasks: system_setup/scripts.yml
|
||||
|
||||
rescue:
|
||||
- set_fact: task_failed=true
|
||||
0
roles/base/tasks/users/rene.yml
Normal file
0
roles/base/tasks/users/rene.yml
Normal file
32
roles/base/tasks/users/root.yml
Normal file
32
roles/base/tasks/users/root.yml
Normal file
@@ -0,0 +1,32 @@
|
||||
- name: users | root | ensure account is locked
|
||||
user:
|
||||
name: root
|
||||
password_lock: yes
|
||||
|
||||
- name: users | root | create config directories
|
||||
file:
|
||||
path: /root/{{ item.dir }}
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
with_items:
|
||||
- { dir: '.vim' }
|
||||
- { dir: '.vim/colors' }
|
||||
tags: dotfiles
|
||||
|
||||
-name: users | root | copy dotfiles
|
||||
copy:
|
||||
src: users/root/{{ item.src }}
|
||||
dest: /root/{{ item.dest }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
with_items:
|
||||
- { src: 'bash/bashrc', dest: '.bashrc' }
|
||||
- { src: 'bash/bash_profile', dest: '.bash_profile' }
|
||||
- { src: 'bash/profile', dest: '.profile' }
|
||||
- { src: 'tmux/tmux.conf' dest: '.tmux.conf' }
|
||||
- { src: 'vim/vimrc', dest: '.vimrc' }
|
||||
- { src: 'zsh/zshrc', dest: '.zshrc' }
|
||||
tags: dotfiles
|
||||
11
roles/base/tasks/users/software/packages_cleanup.yml
Normal file
11
roles/base/tasks/users/software/packages_cleanup.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
- name: system setup | package cleanup | remove unneeded packages (debian, ubuntu, etc. )
|
||||
tags: cleanup,packages,system,settings
|
||||
package:
|
||||
state: absent
|
||||
name:
|
||||
- cowsay
|
||||
- exim4
|
||||
- exim4-base
|
||||
- exim4-config
|
||||
- nano
|
||||
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
|
||||
27
roles/base/tasks/users/system_setup/clock.yml
Normal file
27
roles/base/tasks/users/system_setup/clock.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
- name: system setup | clock | install systemd-timesyncd (ubuntu)
|
||||
tags: ntp,system setup
|
||||
package:
|
||||
name: systemd-timesyncd
|
||||
state: latest
|
||||
when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
|
||||
|
||||
# Currently systemd-timesyncd for debian is available only in buster-backports
|
||||
- name: system setup | clock | install systemd-timesyncd (debian)
|
||||
tags: ntp, system setup
|
||||
apt:
|
||||
name: systemd-timesyncd
|
||||
default_release: buster-packports
|
||||
state: latest
|
||||
when: ansible_distribution == "Debian"
|
||||
|
||||
- name: system setup | clock | start and enable systemd-timestampd
|
||||
tags: ntp,system setup
|
||||
service:
|
||||
name: systemd-timesyncd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: system setup | clock | set time zone
|
||||
tags: tnp,timezone,system setup
|
||||
timezone:
|
||||
name: "Europe/Berlin"
|
||||
Reference in New Issue
Block a user