ansible-init-system/init_system.yml

---
- hosts: personal
  user: root

  tasks:

  - include_vars: vars/all.yml

  - name: Install essential and optional packages
    apt:
      name: "{{ item }}"
      state: present
      update_cache: yes
    with_items:
      - vim
      - byobu
      - screen
      - curl
      - unzip
      - ufw
      - htop
      - multitail
      - chrony
      - ca-certificates
      - unattended-upgrades
      - downtimed

  - name: Copy the templates over
    template:
      src: "{{ item.source }}"
      dest: "{{ item.destination }}"
    with_items:
      - { source: templates/vimrc.j2, destination: /etc/vim/vimrc }
      - { source: templates/vimrc.local.j2, destination: /root/.vimrc }
      - { source: templates/selected_editor.j2, destination: /root/.selected_editor }
      - { source: templates/bashrc.j2, destination: /root/.bashrc }
      - { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }

  - name: Set vim as the default editor
    alternatives:
      name: editor
      path: /usr/bin/vim.basic

  - name: Set timezone
    timezone:
      name: "{{ timezone }}"

  - name: Generate locales
    locale_gen:
      name: en_US.UTF-8
      state: present
    with_items:
      - en_US.UTF-8
      - el_CY.UTF-8

  - name: Customize SSH
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: "^#?Port 22", line: "Port 22" }
      - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }
      - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }
    notify:
      - Restart SSH

  - name: Configure UFW
    ufw:
      rule: allow
      proto: tcp
      direction: in
      to_port: "{{ item }}"
      dest: any
      src: any
    with_items:
      - 22
      - 80
      - 443
      - "{{ custom_ssh_port }}"
    notify:
      - Enable UFW

  handlers:

  - name: Restart SSH
    service:
      name: ssh
      state: restarted

  - name: Enable UFW
    ufw:
      state: enabled
Initial Commit 2018-06-06 23:52:16 +03:00			`---`
			`- hosts: personal`
			`user: root`

			`tasks:`

			`- include_vars: vars/all.yml`

			`- name: Install essential and optional packages`
			`apt:`
			`name: "{{ item }}"`
			`state: present`
			`update_cache: yes`
			`with_items:`
			`- vim`
			`- byobu`
			`- screen`
			`- curl`
			`- unzip`
			`- ufw`
			`- htop`
			`- multitail`
			`- chrony`
			`- ca-certificates`
			`- unattended-upgrades`
			`- downtimed`

			`- name: Copy the templates over`
			`template:`
			`src: "{{ item.source }}"`
			`dest: "{{ item.destination }}"`
			`with_items:`
			`- { source: templates/vimrc.j2, destination: /etc/vim/vimrc }`
			`- { source: templates/vimrc.local.j2, destination: /root/.vimrc }`
			`- { source: templates/selected_editor.j2, destination: /root/.selected_editor }`
			`- { source: templates/bashrc.j2, destination: /root/.bashrc }`
			`- { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }`

			`- name: Set vim as the default editor`
			`alternatives:`
			`name: editor`
			`path: /usr/bin/vim.basic`

			`- name: Set timezone`
			`timezone:`
			`name: "{{ timezone }}"`

			`- name: Generate locales`
			`locale_gen:`
			`name: en_US.UTF-8`
			`state: present`
			`with_items:`
			`- en_US.UTF-8`
			`- el_CY.UTF-8`

			`- name: Customize SSH`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- { regexp: "^#?Port 22", line: "Port 22" }`
			`- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }`
			`- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }`
			`notify:`
			`- Restart SSH`

			`- name: Configure UFW`
			`ufw:`
			`rule: allow`
			`proto: tcp`
			`direction: in`
			`to_port: "{{ item }}"`
			`dest: any`
			`src: any`
			`with_items:`
			`- 22`
			`- 80`
			`- 443`
			`- "{{ custom_ssh_port }}"`
			`notify:`
			`- Enable UFW`

			`handlers:`

			`- name: Restart SSH`
			`service:`
			`name: ssh`
			`state: restarted`

			`- name: Enable UFW`
			`ufw:`
			`state: enabled`