generated from ansible/desktop
add tasks and vars
This commit is contained in:
parent
44c26c9dd2
commit
71e72df057
|
@ -0,0 +1,50 @@
|
|||
- name: "Update package cache"
|
||||
apt:
|
||||
update_cache: "yes"
|
||||
|
||||
- name: "Upgrade to the latest packages"
|
||||
apt:
|
||||
upgrade: "dist"
|
||||
autoremove: "yes"
|
||||
|
||||
- name: "Install packages"
|
||||
apt:
|
||||
name: "{{ apt_packages }}"
|
||||
state: "present"
|
||||
|
||||
- name: "Allow tcp traffic on defined ports"
|
||||
ufw:
|
||||
rule: "allow"
|
||||
port: 22
|
||||
proto: "tcp"
|
||||
|
||||
- name: "Lock root user"
|
||||
command: "passwd -l root"
|
||||
|
||||
- name: "Add deploy user"
|
||||
user:
|
||||
name: "{{ deploy_user_name }}"
|
||||
shell: "/bin/bash"
|
||||
|
||||
- name: "Add authorized keys for deploy user"
|
||||
authorized_key:
|
||||
user: "{{ deploy_user_name }}"
|
||||
key: "{{ lookup('file', item) }}"
|
||||
with_items: "{{ deploy_public_key }}"
|
||||
|
||||
- name: "Add deploy user to sudoers"
|
||||
lineinfile: "dest=/etc/sudoers
|
||||
regexp='{{ deploy_user_name }} ALL'
|
||||
line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
|
||||
state=present"
|
||||
|
||||
- name: "Blacklist the floppy driver module"
|
||||
kernel_blacklist:
|
||||
name: "floppy"
|
||||
state: "present"
|
||||
notify: "reconfigure initramfs"
|
||||
|
||||
- name: "Unload the floppy driver module"
|
||||
modprobe:
|
||||
name: "floppy"
|
||||
state: "absent"
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
deploy_user_name: ansible
|
||||
deploy_public_key:
|
||||
- keys/ansible.pub
|
||||
|
||||
apt_packages:
|
||||
- apt-transport-https
|
||||
- ntp
|
||||
- sudo
|
||||
- ufw
|
||||
- unzip
|
||||
- vim
|
||||
- htop
|
||||
- tmux
|
||||
- git
|
||||
- tree
|
||||
|
||||
timezone: Europe/Zurich
|
Reference in New Issue