2019/ansible/playbooks/roles/common/tasks/main.yml

- name: "get git version"
  shell: git log -1 '--date=format:%Y-%m-%d %H:%M' '--pretty=format:%cd %h'
  register: git_version
  delegate_to: localhost
  changed_when: False

- name: set timezone
  timezone: name={{ timezone }}

- name: "configure sources.list"
  template:
    src: sources.list.j2
    dest: /etc/apt/sources.list
    owner: root
    group: root
    mode: 0644
  register: apt_sources

- name: "run apt update if we have modified the sources"
  apt:
    update_cache: yes
  when: apt_sources.changed

- name: "run apt update if the cache is is stale"
  apt:
    update_cache: yes
    cache_valid_time: 86400

- name: "add ssh keys to root"
  authorized_key:
    user: root
    key: "{{ lookup('file', '../access/ssh-keys/'+item+'.key') }}"
  with_items: "{{ ssh_users }}"

- name: "configure root user"
  user:
    name: root
    shell: /bin/bash
    password: ""

- name: "disable ssh password login for root"
  replace: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin\ yes$' replace='PermitRootLogin without-password'
  notify: reload ssh

- name: "disable ssh password login for everyone"
  lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
  notify: reload ssh

- name: "Install packages"
  apt:
    state: latest
    install_recommends: no
    package:
      - apt-transport-https
      - bash-completion
      - binutils
      - ca-certificates
      - curl
      - ethtool
      - file
      - git
      - htop
      - ifmetric
      - iftop
      - inotify-tools
      - iotop
      - less
      - libcap2-bin
      - lsof
      - ltrace
      - mediainfo
      - mtr-tiny
      - patch
      - screen
      - sipcalc
      - strace
      - sudo
      - tcpdump
      - vim
      - vnstat

- name: "Install ntp"
  apt:
    state: latest
    install_recommends: no
    package:
      - ntp

- name: "Configure ntp"
  template:
    src: ntp.conf.j2
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: 0640
  notify: restart ntp
Initial ansible 2019-05-07 17:18:54 +03:00			`- name: "get git version"`
			`shell: git log -1 '--date=format:%Y-%m-%d %H:%M' '--pretty=format:%cd %h'`
			`register: git_version`
			`delegate_to: localhost`
			`changed_when: False`

			`- name: set timezone`
			`timezone: name={{ timezone }}`

			`- name: "configure sources.list"`
			`template:`
			`src: sources.list.j2`
			`dest: /etc/apt/sources.list`
			`owner: root`
			`group: root`
			`mode: 0644`
			`register: apt_sources`

			`- name: "run apt update if we have modified the sources"`
			`apt:`
			`update_cache: yes`
			`when: apt_sources.changed`

			`- name: "run apt update if the cache is is stale"`
			`apt:`
			`update_cache: yes`
			`cache_valid_time: 86400`

			`- name: "add ssh keys to root"`
			`authorized_key:`
			`user: root`
Add some ansible 2019-07-29 15:04:32 +03:00			`key: "{{ lookup('file', '../access/ssh-keys/'+item+'.key') }}"`
Initial ansible 2019-05-07 17:18:54 +03:00			`with_items: "{{ ssh_users }}"`

			`- name: "configure root user"`
			`user:`
			`name: root`
			`shell: /bin/bash`
			`password: ""`

			`- name: "disable ssh password login for root"`
			`replace: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin\ yes$' replace='PermitRootLogin without-password'`
			`notify: reload ssh`

			`- name: "disable ssh password login for everyone"`
			`lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present`
			`notify: reload ssh`

			`- name: "Install packages"`
			`apt:`
			`state: latest`
			`install_recommends: no`
			`package:`
			`- apt-transport-https`
			`- bash-completion`
			`- binutils`
			`- ca-certificates`
			`- curl`
			`- ethtool`
			`- file`
			`- git`
			`- htop`
			`- ifmetric`
			`- iftop`
			`- inotify-tools`
			`- iotop`
			`- less`
			`- libcap2-bin`
			`- lsof`
			`- ltrace`
			`- mediainfo`
			`- mtr-tiny`
			`- patch`
			`- screen`
			`- sipcalc`
			`- strace`
			`- sudo`
			`- tcpdump`
			`- vim`
			`- vnstat`

			`- name: "Install ntp"`
			`apt:`
			`state: latest`
			`install_recommends: no`
			`package:`
			`- ntp`

			`- name: "Configure ntp"`
			`template:`
			`src: ntp.conf.j2`
			`dest: /etc/ntp.conf`
			`owner: root`
			`group: root`
			`mode: 0640`
			`notify: restart ntp`