Alan Orth
8851f8f631
This reverts commit 201165cff6.
Turns out this actually breaks initial deployments, because the
cache gets updated in the first task, then you add sources for
nginx and mariadb, but it doesn't update the indexes because the
cache is < 3600 seconds old, so you end up getting the distro's
versions of nginx and mariadb.
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
---
|
|
- name: Configure apt mirror
|
|
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
|
|
- name: Add GPG key for Extras repo
|
|
apt_key: id=0xC47415DFF48C09645B78609416126D3A3E5C1192 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC47415DFF48C09645B78609416126D3A3E5C1192 state=present
|
|
when: ansible_distribution_version == '14.04'
|
|
|
|
- name: Upgrade base OS
|
|
apt: upgrade=dist update_cache=yes
|
|
|
|
- name: Install base packages
|
|
apt: pkg={{ item }}
|
|
with_items:
|
|
- git
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- s3cmd
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- sysv-rc-conf
|
|
- lzop
|
|
- vim
|
|
- lrzip
|
|
- unzip
|
|
|
|
- name: Security hardening (CIS Benchmark 1.0)
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- whoopsie # CIS 4.1
|
|
- apport # CIS 4.1
|
|
|
|
- name: Remove annoying packages
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- command-not-found
|
|
- command-not-found-data
|
|
- python3-commandnotfound
|
|
|
|
- include: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
# vim: set sw=2 ts=2:
|