91 lines
1.8 KiB
YAML
91 lines
1.8 KiB
YAML
- name: Set up network interfaces
|
|
template:
|
|
dest: /etc/network/interfaces
|
|
src: interfaces.j2
|
|
notify: restart networking
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Set hostname
|
|
hostname:
|
|
name: '{{ dns_name }}'
|
|
|
|
- name: Configure hosts
|
|
template:
|
|
dest: /etc/hosts
|
|
src: hosts.j2
|
|
|
|
- name: Enable community package repo
|
|
lineinfile:
|
|
path: /etc/apk/repositories
|
|
regexp: '^# *(http.*/v[^/]*/community)'
|
|
line: '\1'
|
|
backrefs: yes
|
|
notify: update package cache
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Install base packages
|
|
package:
|
|
name:
|
|
- acl
|
|
- git
|
|
- iproute2
|
|
- logrotate
|
|
- nftables
|
|
- procps
|
|
- rsync
|
|
- tmux
|
|
- vim
|
|
|
|
- name: Disable SSH password authentication
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?{{ item.key }}'
|
|
line: '{{ item.key }} {{ item.value }}'
|
|
loop:
|
|
- key: PasswordAuthentication
|
|
value: 'no'
|
|
- key: PermitRootLogin
|
|
value: 'prohibit-password'
|
|
notify: reload sshd
|
|
|
|
- name: Set up firewall
|
|
template:
|
|
dest: /etc/nftables.d/local.nft
|
|
src: local.nft.j2
|
|
notify: reload nftables
|
|
|
|
- name: Enable firewall
|
|
service:
|
|
name: nftables
|
|
enabled: yes
|
|
state: started
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Enable QEMU guest agent
|
|
when: is_virtual
|
|
block:
|
|
- name: Install QEMU guest agent package
|
|
package:
|
|
name: qemu-guest-agent
|
|
|
|
- name: Enable QEMU guest agent service
|
|
service:
|
|
name: qemu-guest-agent
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Install automatic upgrade script
|
|
copy:
|
|
dest: /etc/periodic/weekly/
|
|
src: unattended-upgrade
|
|
mode: 0755
|
|
|
|
- name: Configure log rotation for automatic upgrades
|
|
copy:
|
|
dest: /etc/logrotate.d/unattended-upgrade
|
|
src: unattended-upgrade.logrotate
|
|
mode: 0644
|