servers/roles/alpine/tasks/main.yml

91 lines
1.8 KiB
YAML

- name: Set up network interfaces
template:
dest: /etc/network/interfaces
src: interfaces.j2
notify: restart networking
- meta: flush_handlers
- name: Set hostname
hostname:
name: '{{ dns_name }}'
- name: Configure hosts
template:
dest: /etc/hosts
src: hosts.j2
- name: Enable community package repo
lineinfile:
path: /etc/apk/repositories
regexp: '^# *(http.*/v[^/]*/community)'
line: '\1'
backrefs: yes
notify: update package cache
- meta: flush_handlers
- name: Install base packages
package:
name:
- acl
- git
- iproute2
- logrotate
- nftables
- procps
- rsync
- tmux
- vim
- name: Disable SSH password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?{{ item.key }}'
line: '{{ item.key }} {{ item.value }}'
loop:
- key: PasswordAuthentication
value: 'no'
- key: PermitRootLogin
value: 'prohibit-password'
notify: reload sshd
- name: Set up firewall
template:
dest: /etc/nftables.d/local.nft
src: local.nft.j2
notify: reload nftables
- name: Enable firewall
service:
name: nftables
enabled: yes
state: started
- meta: flush_handlers
- name: Enable QEMU guest agent
when: is_virtual
block:
- name: Install QEMU guest agent package
package:
name: qemu-guest-agent
- name: Enable QEMU guest agent service
service:
name: qemu-guest-agent
enabled: yes
state: started
- name: Install automatic upgrade script
copy:
dest: /etc/periodic/weekly/
src: unattended-upgrade
mode: 0755
- name: Configure log rotation for automatic upgrades
copy:
dest: /etc/logrotate.d/unattended-upgrade
src: unattended-upgrade.logrotate
mode: 0644