From 71e72df0571f7474bfe0977d4b186252d72b2212 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Tue, 17 Aug 2021 22:29:04 +0200 Subject: [PATCH] add tasks and vars --- tasks/main.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ vars/main.yml | 18 ++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 tasks/main.yml create mode 100644 vars/main.yml diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..4db0ea5 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,50 @@ +- name: "Update package cache" + apt: + update_cache: "yes" + +- name: "Upgrade to the latest packages" + apt: + upgrade: "dist" + autoremove: "yes" + +- name: "Install packages" + apt: + name: "{{ apt_packages }}" + state: "present" + +- name: "Allow tcp traffic on defined ports" + ufw: + rule: "allow" + port: 22 + proto: "tcp" + +- name: "Lock root user" + command: "passwd -l root" + +- name: "Add deploy user" + user: + name: "{{ deploy_user_name }}" + shell: "/bin/bash" + +- name: "Add authorized keys for deploy user" + authorized_key: + user: "{{ deploy_user_name }}" + key: "{{ lookup('file', item) }}" + with_items: "{{ deploy_public_key }}" + +- name: "Add deploy user to sudoers" + lineinfile: "dest=/etc/sudoers + regexp='{{ deploy_user_name }} ALL' + line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL' + state=present" + +- name: "Blacklist the floppy driver module" + kernel_blacklist: + name: "floppy" + state: "present" + notify: "reconfigure initramfs" + +- name: "Unload the floppy driver module" + modprobe: + name: "floppy" + state: "absent" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..d45f887 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,18 @@ +--- +deploy_user_name: ansible +deploy_public_key: + - keys/ansible.pub + +apt_packages: + - apt-transport-https + - ntp + - sudo + - ufw + - unzip + - vim + - htop + - tmux + - git + - tree + +timezone: Europe/Zurich