generated from ansible/desktop
77 lines
1.7 KiB
YAML
77 lines
1.7 KiB
YAML
- name: "Python is Python3"
|
|
apt:
|
|
name: "python-is-python3"
|
|
state: "present"
|
|
when:
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
|
|
|
- name: "Upgrade to the latest packages"
|
|
apt:
|
|
upgrade: "dist"
|
|
autoremove: "yes"
|
|
update_cache: yes
|
|
|
|
- name: "Install packages"
|
|
apt:
|
|
name: "{{ apt_packages }}"
|
|
state: "present"
|
|
|
|
- name: "Allow tcp traffic on defined ports"
|
|
ufw:
|
|
rule: "allow"
|
|
port: "22"
|
|
proto: "tcp"
|
|
|
|
- name: "Allow udp traffic on defined ports"
|
|
ufw:
|
|
rule: "allow"
|
|
port: 60001:60099
|
|
proto: "udp"
|
|
|
|
- name: "Enable UFW"
|
|
ufw:
|
|
state: "enabled"
|
|
|
|
- name: "Lock root user"
|
|
command: "passwd -l root"
|
|
|
|
- name: Add deploy user
|
|
user:
|
|
name: "{{ common_deploy_user_name }}"
|
|
shell: /bin/bash
|
|
|
|
- name: Add authorized keys for deploy user
|
|
authorized_key:
|
|
user: "{{ common_deploy_user_name }}"
|
|
key: "{{ lookup('file', item) }}"
|
|
with_items: "{{ common_deploy_public_key }}"
|
|
|
|
- name: Add deploy user to sudoers
|
|
lineinfile:
|
|
dest: "/etc/sudoers"
|
|
regexp: "{{ common_deploy_user_name }} ALL"
|
|
line: "{{ common_deploy_user_name }} ALL=(ALL) NOPASSWD: ALL"
|
|
state: "present"
|
|
|
|
- name: "Download Pip"
|
|
get_url:
|
|
url: "https://bootstrap.pypa.io/get-pip.py"
|
|
dest: "/tmp/get-pip.py"
|
|
mode: "0644"
|
|
when:
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
|
|
|
- name: "Download Pip"
|
|
get_url:
|
|
url: "https://bootstrap.pypa.io/pip/3.5/get-pip.py"
|
|
dest: "/tmp/get-pip.py"
|
|
mode: "0644"
|
|
when: (not ansible_facts['distribution_major_version'] | int >= 20
|
|
or not ansible_facts['distribution'] == "Ubuntu")
|
|
|
|
- name: "Install pip"
|
|
command:
|
|
cmd: "python3 /tmp/get-pip.py"
|