generated from ansible/desktop
93 lines
2.1 KiB
YAML
93 lines
2.1 KiB
YAML
- name: "Python is Python3"
|
|
apt:
|
|
name: "python-is-python3"
|
|
state: "present"
|
|
when:
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
|
|
|
- name: "Upgrade to the latest packages"
|
|
apt:
|
|
upgrade: "dist"
|
|
autoremove: "yes"
|
|
update_cache: yes
|
|
|
|
- name: "Install packages"
|
|
apt:
|
|
name: "{{ apt_packages }}"
|
|
state: "present"
|
|
|
|
- name: "Allow tcp traffic on defined ports"
|
|
ufw:
|
|
rule: "allow"
|
|
port: "22"
|
|
proto: "tcp"
|
|
|
|
- name: "Allow udp traffic on defined ports"
|
|
ufw:
|
|
rule: "allow"
|
|
port: 60001:60099
|
|
proto: "udp"
|
|
|
|
- name: "Enable UFW"
|
|
ufw:
|
|
state: "enabled"
|
|
when: ufw_disabled is undefined
|
|
|
|
- name: "Lock root user"
|
|
command: "passwd -l root"
|
|
|
|
- name: Add deploy user
|
|
user:
|
|
name: "{{ common_deploy_user_name }}"
|
|
shell: /bin/bash
|
|
|
|
- name: Add authorized keys for deploy user
|
|
authorized_key:
|
|
user: "{{ common_deploy_user_name }}"
|
|
key: "{{ lookup('file', item) }}"
|
|
with_items: "{{ common_deploy_public_key }}"
|
|
|
|
- name: Add deploy user to sudoers
|
|
lineinfile:
|
|
dest: "/etc/sudoers"
|
|
regexp: "{{ common_deploy_user_name }} ALL"
|
|
line: "{{ common_deploy_user_name }} ALL=(ALL) NOPASSWD: ALL"
|
|
state: "present"
|
|
|
|
- name: "Check if pip is installed"
|
|
ansible.builtin.stat:
|
|
path: "/usr/local/bin/pip3"
|
|
register: pip_state
|
|
|
|
- name: "Download the newest Pip"
|
|
get_url:
|
|
url: "https://bootstrap.pypa.io/get-pip.py"
|
|
dest: "/tmp/get-pip.py"
|
|
mode: "0644"
|
|
when:
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
|
- not pip_state.stat.exists
|
|
|
|
- name: "Download Pip for Python 3.5"
|
|
get_url:
|
|
url: "https://bootstrap.pypa.io/pip/3.5/get-pip.py"
|
|
dest: "/tmp/get-pip.py"
|
|
mode: "0644"
|
|
when:
|
|
- (not ansible_facts['distribution_major_version'] | int >= 20
|
|
or not ansible_facts['distribution'] == "Ubuntu")
|
|
- not pip_state.stat.exists
|
|
|
|
- name: "Install pip"
|
|
command:
|
|
cmd: "python3 /tmp/get-pip.py"
|
|
when: not pip_state.stat.exists
|
|
|
|
- name: "Upgrade pip"
|
|
ansible.builtin.pip:
|
|
name: pip
|
|
state: latest
|
|
when: pip_state.stat.exists
|