50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
# System Upgrade and package installation
|
|
- include: tasks/apt_update_cache.yml
|
|
- include: tasks/apt_distupgrade.yml
|
|
- include: tasks/apt_install.yml
|
|
|
|
# User configuration
|
|
- name: Lock root user
|
|
command: passwd -l root
|
|
|
|
- name: Add deploy user
|
|
user: name={{ deploy_user_name }} shell=/bin/bash password=$6$yWHFPhqJ$Il28ddG4zxPC3FWeRZeRsE8Aj0bE1YuNN.QB08xxyBDXfj1bp2kK1PEWbCmQmgSCuzj7IP45SNxosc./mV9bB/
|
|
|
|
- name: Add deploy user to sudoers
|
|
lineinfile: "dest=/etc/sudoers
|
|
regexp='{{ deploy_user_name }} ALL'
|
|
line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
|
|
state=present"
|
|
|
|
- include: tasks/ufw_tcp.yml
|
|
|
|
- name: Copy over the sshd_config file
|
|
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root
|
|
|
|
- name: Copy over the timezone file
|
|
template: src=timezone.j2 dest=/etc/timezone owner=root group=root
|
|
notify: reconfigure tzdata
|
|
|
|
- name: Copy over the 20auto-upgrades file
|
|
template: src=20auto-upgrades.j2
|
|
dest=/etc/apt/apt.conf.d/20auto-upgrades
|
|
owner=root
|
|
group=root
|
|
|
|
- name: Copy over the 50unattended-upgrades file
|
|
template: src=50unattended-upgrades.j2
|
|
dest=/etc/apt/apt.conf.d/50unattended-upgrades
|
|
owner=root
|
|
group=root
|
|
|
|
- name: update locales
|
|
lineinfile:
|
|
dest: /etc/locale.gen
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: "{{ item.state }}"
|
|
with_items:
|
|
- { regexp: '^#? ?en_GB.UTF-8 UTF-8', line: 'en_GB.UTF-8 UTF-8', state: present }
|
|
notify:
|
|
- rebuild locales
|