Personal
/
ansible-init-system
1
0
Bifurcation 0
Code Tickets Demandes d'ajout Publications Wiki Activité
ansible-init-system/init_system.yml

94 lignes
2.0 KiB
YAML
Brut Annotations Historique

---
- hosts: personal
user: root
tasks:
- include_vars: vars/all.yml
- name: Install essential and optional packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- vim
- byobu
- screen
- curl
- unzip
- ufw
- htop
- multitail
- chrony
- ca-certificates
- unattended-upgrades
- downtimed
- name: Copy the templates over
template:
src: "{{ item.source }}"
dest: "{{ item.destination }}"
with_items:
- { source: templates/vimrc.j2, destination: /etc/vim/vimrc }
- { source: templates/vimrc.local.j2, destination: /root/.vimrc }
- { source: templates/selected_editor.j2, destination: /root/.selected_editor }
- { source: templates/bashrc.j2, destination: /root/.bashrc }
- { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }
- name: Set vim as the default editor
alternatives:
name: editor
path: /usr/bin/vim.basic
- name: Set timezone
timezone:
name: "{{ timezone }}"
- name: Generate locales
locale_gen:
name: en_US.UTF-8
state: present
with_items:
- en_US.UTF-8
- el_CY.UTF-8
- name: Customize SSH
lineinfile:
path: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: "^#?Port 22", line: "Port 22" }
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }
notify:
- Restart SSH
- name: Configure UFW
ufw:
rule: allow
proto: tcp
direction: in
to_port: "{{ item }}"
dest: any
src: any
with_items:
- 22
- 80
- 443
- "{{ custom_ssh_port }}"
notify:
- Enable UFW
handlers:
- name: Restart SSH
service:
name: ssh
state: restarted
- name: Enable UFW
ufw:
state: enabled
Référencer dans un nouveau ticket Voir Git Blâme Copier le lien permanent