2014-08-16 23:35:57 +02:00
|
|
|
---
|
2018-04-25 17:00:56 +02:00
|
|
|
- name: Import OS-specific variables
|
|
|
|
include_vars: "vars/{{ ansible_distribution }}.yml"
|
|
|
|
tags: always
|
2014-08-16 23:35:57 +02:00
|
|
|
|
2017-10-03 14:02:38 +02:00
|
|
|
- name: Configure network time
|
|
|
|
import_tasks: ntp.yml
|
2016-06-27 09:30:11 +02:00
|
|
|
tags: ntp
|
|
|
|
|
2017-10-03 14:02:38 +02:00
|
|
|
- name: Install common packages
|
2018-04-25 17:46:28 +02:00
|
|
|
include_tasks: packages_Debian.yml
|
2017-11-05 00:51:49 +01:00
|
|
|
when: ansible_distribution == 'Debian'
|
|
|
|
tags: packages
|
|
|
|
|
|
|
|
- name: Install common packages
|
2018-04-25 17:46:28 +02:00
|
|
|
include_tasks: packages_Ubuntu.yml
|
2017-11-05 00:51:49 +01:00
|
|
|
when: ansible_distribution == 'Ubuntu'
|
2015-07-24 18:52:54 +02:00
|
|
|
tags: packages
|
|
|
|
|
2017-10-03 14:02:38 +02:00
|
|
|
- name: Configure firewall
|
2018-04-25 17:58:31 +02:00
|
|
|
include_tasks: firewall_Debian.yml
|
2017-11-05 00:51:49 +01:00
|
|
|
when: ansible_distribution == 'Debian'
|
|
|
|
tags: firewall
|
|
|
|
|
|
|
|
- name: Configure firewall
|
2018-04-25 17:58:31 +02:00
|
|
|
include_tasks: firewall_Ubuntu.yml
|
2017-11-05 00:51:49 +01:00
|
|
|
when: ansible_distribution == 'Ubuntu'
|
2015-03-15 15:33:48 +01:00
|
|
|
tags: firewall
|
2014-08-16 23:35:57 +02:00
|
|
|
|
2017-10-03 14:02:38 +02:00
|
|
|
- name: Configure secure shell daemon
|
|
|
|
import_tasks: sshd.yml
|
2015-01-20 14:28:06 +01:00
|
|
|
tags: sshd
|
|
|
|
|
2018-12-07 22:46:18 +01:00
|
|
|
# this should work on CentOS 7+ and Ubuntu 16.04+
|
|
|
|
- block:
|
|
|
|
- name: Create systemd-journald drop-in config directory
|
|
|
|
file: path=/etc/systemd/journald.conf.d owner=root group=root mode=0755 state=directory
|
|
|
|
|
|
|
|
- name: Enable persistent systemd journal
|
|
|
|
copy: src=00-persistent-journal.conf dest=/etc/systemd/journald.conf.d/00-persistent-journal.conf owner=root group=root mode=0644
|
|
|
|
when: ansible_service_mgr == 'systemd'
|
|
|
|
tags: systemd-journald
|
|
|
|
|
2015-08-22 23:12:17 +02:00
|
|
|
# containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
|
2014-08-16 23:35:57 +02:00
|
|
|
- name: Reconfigure /etc/sysctl.conf
|
2015-08-22 23:12:17 +02:00
|
|
|
when: ansible_virtualization_role != 'host'
|
2014-08-16 23:35:57 +02:00
|
|
|
template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
|
|
|
|
notify:
|
2015-03-15 15:31:29 +01:00
|
|
|
- reload sysctl
|
2014-08-16 23:35:57 +02:00
|
|
|
tags: sysctl
|
|
|
|
|
|
|
|
- name: Reconfigure /etc/rc.local
|
2015-03-15 15:43:21 +01:00
|
|
|
when: ansible_distribution == 'Ubuntu'
|
2016-08-24 09:11:13 +02:00
|
|
|
template: src=rc.local_Ubuntu.j2 dest=/etc/rc.local owner=root group=root mode=0755
|
2014-08-16 23:35:57 +02:00
|
|
|
|
2015-03-15 15:52:05 +01:00
|
|
|
- name: Set I/O scheduler
|
|
|
|
template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
|
|
|
|
tags: udev
|
|
|
|
|
2017-10-03 14:02:38 +02:00
|
|
|
- name: Copy admin SSH keys
|
|
|
|
import_tasks: ssh-keys.yml
|
2014-10-11 11:13:45 +02:00
|
|
|
tags: ssh-keys
|
|
|
|
|
2014-08-16 23:35:57 +02:00
|
|
|
# vim: set sw=2 ts=2:
|