generated from ansible/desktop
51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
- name: "Update package cache"
|
|
apt:
|
|
update_cache: "yes"
|
|
|
|
- name: "Upgrade to the latest packages"
|
|
apt:
|
|
upgrade: "dist"
|
|
autoremove: "yes"
|
|
|
|
- name: "Install packages"
|
|
apt:
|
|
name: "{{ apt_packages }}"
|
|
state: "present"
|
|
|
|
- name: "Allow tcp traffic on defined ports"
|
|
ufw:
|
|
rule: "allow"
|
|
port: 22
|
|
proto: "tcp"
|
|
|
|
- name: "Lock root user"
|
|
command: "passwd -l root"
|
|
|
|
- name: "Add deploy user"
|
|
user:
|
|
name: "{{ deploy_user_name }}"
|
|
shell: "/bin/bash"
|
|
|
|
- name: "Add authorized keys for deploy user"
|
|
authorized_key:
|
|
user: "{{ deploy_user_name }}"
|
|
key: "{{ lookup('file', item) }}"
|
|
with_items: "{{ deploy_public_key }}"
|
|
|
|
- name: "Add deploy user to sudoers"
|
|
lineinfile: "dest=/etc/sudoers
|
|
regexp='{{ deploy_user_name }} ALL'
|
|
line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
|
|
state=present"
|
|
|
|
- name: "Blacklist the floppy driver module"
|
|
kernel_blacklist:
|
|
name: "floppy"
|
|
state: "present"
|
|
notify: "reconfigure initramfs"
|
|
|
|
- name: "Unload the floppy driver module"
|
|
modprobe:
|
|
name: "floppy"
|
|
state: "absent"
|