Alan Orth
201165cff6
I have added cache_valid_time=3600 for the first task in each tag that could be possibly running apt-related commands. For ex, the "nginx" tag is also in the "packages" tag, but sometimes you run the nginx tag by itself (perhaps repeatadely), so you'd want to limit the update unless the cache was 1 hour old
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
---
|
|
- name: Configure apt mirror
|
|
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
|
|
- name: Add GPG key for Extras repo
|
|
apt_key: id=0x3E5C1192 url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x16126D3A3E5C1192 state=present
|
|
when: ansible_distribution_version == '14.04'
|
|
|
|
- name: Upgrade base OS
|
|
apt: upgrade=dist update_cache=yes cache_valid_time=3600
|
|
|
|
- name: Install base packages
|
|
apt: pkg={{ item }}
|
|
with_items:
|
|
- git
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- s3cmd
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- sysv-rc-conf
|
|
- lzop
|
|
- vim
|
|
- lrzip
|
|
- unzip
|
|
|
|
- name: Security hardening (CIS Benchmark 1.0)
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- whoopsie # CIS 4.1
|
|
- apport # CIS 4.1
|
|
|
|
- name: Remove annoying packages
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- command-not-found
|
|
- command-not-found-data
|
|
- python3-commandnotfound
|
|
|
|
- include: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
# vim: set sw=2 ts=2:
|