|
- ---
- - hosts: personal
- user: root
-
- tasks:
-
- - include_vars: vars/all.yml
-
- - name: Install essential and optional packages
- apt:
- name: "{{ item }}"
- state: present
- update_cache: yes
- with_items:
- - vim
- - byobu
- - screen
- - curl
- - unzip
- - ufw
- - htop
- - multitail
- - chrony
- - ca-certificates
- - unattended-upgrades
- - downtimed
-
- - name: Copy the templates over
- template:
- src: "{{ item.source }}"
- dest: "{{ item.destination }}"
- with_items:
- - { source: templates/vimrc.j2, destination: /etc/vim/vimrc }
- - { source: templates/vimrc.local.j2, destination: /root/.vimrc }
- - { source: templates/selected_editor.j2, destination: /root/.selected_editor }
- - { source: templates/bashrc.j2, destination: /root/.bashrc }
- - { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }
-
- - name: Set vim as the default editor
- alternatives:
- name: editor
- path: /usr/bin/vim.basic
-
- - name: Set timezone
- timezone:
- name: "{{ timezone }}"
-
- - name: Generate locales
- locale_gen:
- name: en_US.UTF-8
- state: present
- with_items:
- - en_US.UTF-8
- - el_CY.UTF-8
-
- - name: Customize SSH
- lineinfile:
- path: /etc/ssh/sshd_config
- regexp: "{{ item.regexp }}"
- line: "{{ item.line }}"
- with_items:
- - { regexp: "^#?Port 22", line: "Port 22" }
- - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }
- - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }
- notify:
- - Restart SSH
-
- - name: Configure UFW
- ufw:
- rule: allow
- proto: tcp
- direction: in
- to_port: "{{ item }}"
- dest: any
- src: any
- with_items:
- - 22
- - 80
- - 443
- - "{{ custom_ssh_port }}"
- notify:
- - Enable UFW
-
- handlers:
-
- - name: Restart SSH
- service:
- name: ssh
- state: restarted
-
- - name: Enable UFW
- ufw:
- state: enabled
|
