add tasks and vars

2021-08-17 22:29:04 +02:00 · 2021-08-17 22:29:04 +02:00 · 71e72df057
parent 44c26c9dd2
commit 71e72df057
2 changed files with 68 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,50 @@
+- name: "Update package cache"
+  apt:
+    update_cache: "yes"
+
+- name: "Upgrade to the latest packages"
+  apt:
+    upgrade: "dist"
+    autoremove: "yes"
+
+- name: "Install packages"
+  apt:
+    name: "{{ apt_packages }}"
+    state: "present"
+
+- name: "Allow tcp traffic on defined ports"
+  ufw:
+    rule: "allow"
+    port: 22
+    proto: "tcp"
+
+- name: "Lock root user"
+  command: "passwd -l root"
+
+- name: "Add deploy user"
+  user:
+    name: "{{ deploy_user_name }}"
+    shell: "/bin/bash"
+
+- name: "Add authorized keys for deploy user"
+  authorized_key:
+    user: "{{ deploy_user_name }}"
+    key: "{{ lookup('file', item) }}"
+  with_items: "{{ deploy_public_key }}"
+
+- name: "Add deploy user to sudoers"
+  lineinfile: "dest=/etc/sudoers
+              regexp='{{ deploy_user_name }} ALL'
+              line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
+              state=present"
+
+- name: "Blacklist the floppy driver module"
+  kernel_blacklist:
+    name: "floppy"
+    state: "present"
+  notify: "reconfigure initramfs"
+
+- name: "Unload the floppy driver module"
+  modprobe:
+    name: "floppy"
+    state: "absent"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,18 @@
+---
+deploy_user_name: ansible
+deploy_public_key:
+  - keys/ansible.pub
+
+apt_packages:
+  - apt-transport-https
+  - ntp
+  - sudo
+  - ufw
+  - unzip
+  - vim
+  - htop
+  - tmux
+  - git
+  - tree
+
+timezone: Europe/Zurich