- name: "Python is Python3" apt: name: "python-is-python3" state: "present" when: - ansible_facts['distribution_major_version'] | int >= 20 - ansible_facts['distribution'] == "Ubuntu" - name: "Upgrade to the latest packages" apt: upgrade: "dist" autoremove: "yes" update_cache: yes - name: "Install packages" apt: name: "{{ apt_packages }}" state: "present" - name: "Allow tcp traffic on defined ports" ufw: rule: "allow" port: "22" proto: "tcp" - name: "Allow udp traffic on defined ports" ufw: rule: "allow" port: 60001:60099 proto: "udp" - name: "Enable UFW" ufw: state: "enabled" when: ufw_disabled is undefined - name: "Lock root user" command: "passwd -l root" - name: Add deploy user user: name: "{{ common_deploy_user_name }}" shell: /bin/bash - name: Add authorized keys for deploy user authorized_key: user: "{{ common_deploy_user_name }}" key: "{{ lookup('file', item) }}" with_items: "{{ common_deploy_public_key }}" - name: Add deploy user to sudoers lineinfile: dest: "/etc/sudoers" regexp: "{{ common_deploy_user_name }} ALL" line: "{{ common_deploy_user_name }} ALL=(ALL) NOPASSWD: ALL" state: "present" - name: "Check if pip is installed" ansible.builtin.stat: path: "/usr/local/bin/pip3" register: pip_state - name: "Download the newest Pip" get_url: url: "https://bootstrap.pypa.io/get-pip.py" dest: "/tmp/get-pip.py" mode: "0644" when: - ansible_facts['distribution_major_version'] | int >= 20 - ansible_facts['distribution'] == "Ubuntu" - not pip_state.stat.exists - name: "Download Pip for Python 3.5" get_url: url: "https://bootstrap.pypa.io/pip/3.5/get-pip.py" dest: "/tmp/get-pip.py" mode: "0644" when: - (not ansible_facts['distribution_major_version'] | int >= 20 or not ansible_facts['distribution'] == "Ubuntu") - not pip_state.stat.exists - name: "Install pip" command: cmd: "python3 /tmp/get-pip.py" when: not pip_state.stat.exists - name: "Upgrade pip" ansible.builtin.pip: name: pip state: latest when: pip_state.stat.exists