Alan Orth
ffe7a872dd
According to Ansible we can use yes, true, True, "or any quoted st- ring" for a boolean true, but ansible-lint wants us to use either true or false. See: https://chronicler.tech/red-hat-ansible-yes-no-and/
110 lines
3.7 KiB
YAML
110 lines
3.7 KiB
YAML
---
|
|
|
|
- name: Configure Ubuntu packages
|
|
block:
|
|
- name: Configure apt mirror
|
|
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
when: ansible_architecture != 'armv7l'
|
|
|
|
- name: Upgrade base OS
|
|
ansible.builtin.apt: upgrade=dist cache_valid_time=3600
|
|
|
|
- name: Set Ubuntu base packages
|
|
ansible.builtin.set_fact:
|
|
ubuntu_base_packages:
|
|
- git
|
|
- git-lfs
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- vim
|
|
- unzip
|
|
- apt-transport-https # for https support in apt
|
|
- zstd
|
|
- rsync
|
|
- lsof
|
|
|
|
- name: Install base packages
|
|
ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
|
|
|
|
# We have to remove snaps one by one in a specific order because some depend
|
|
# on others. Only after that can we remove the corresponding system packages.
|
|
- name: Remove lxd snap
|
|
community.general.snap: name=lxd state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Remove core18 snap
|
|
community.general.snap: name=core18 state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Remove snapd snap
|
|
community.general.snap: name=snapd state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Set fact for packages to remove (Ubuntu <= 18.04)
|
|
ansible.builtin.set_fact:
|
|
ubuntu_annoying_packages:
|
|
- whoopsie # security (CIS 4.1)
|
|
- apport # security (CIS 4.1)
|
|
- command-not-found # annoying
|
|
- command-not-found-data # annoying
|
|
- python3-commandnotfound # annoying
|
|
- snapd # annoying (Ubuntu >= 16.04)
|
|
- lxd # annoying (Ubuntu >= 16.04)
|
|
- lxd-client # annoying (Ubuntu >= 16.04)
|
|
- liblxc1 # annoying (Ubuntu >= 16.04)
|
|
- lxc-common # annoying (Ubuntu >= 16.04)
|
|
- lxcfs #annoying (Ubuntu >= 16.04)
|
|
when: ansible_distribution_version is version('18.04', '<=')
|
|
|
|
- name: Set fact for packages to remove (Ubuntu 20.04)
|
|
ansible.builtin.set_fact:
|
|
ubuntu_annoying_packages:
|
|
- whoopsie # security (CIS 4.1)
|
|
- apport # security (CIS 4.1)
|
|
- command-not-found # annoying
|
|
- command-not-found-data # annoying
|
|
- python3-commandnotfound # annoying
|
|
- snapd # annoying (Ubuntu >= 16.04)
|
|
- lxd-agent-loader # annoying (Ubuntu 20.04)
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
|
|
- name: Remove packages
|
|
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=true
|
|
|
|
- name: Disable annoying Canonical spam in MOTD
|
|
ansible.builtin.file: path={{ item }} mode=0644 state=absent
|
|
loop:
|
|
- /etc/update-motd.d/99-esm # Ubuntu 14.04
|
|
- /etc/update-motd.d/10-help-text # Ubuntu 14.04+
|
|
- /etc/update-motd.d/50-motd-news # Ubuntu 18.04+
|
|
- /etc/update-motd.d/80-esm # Ubuntu 18.04+
|
|
- /etc/update-motd.d/80-livepatch # Ubuntu 18.04+
|
|
ignore_errors: true
|
|
|
|
- name: Disable annoying Canonical spam in MOTD
|
|
ansible.builtin.systemd: name={{ item }} state=stopped enabled=no
|
|
when: ansible_service_mgr == 'systemd'
|
|
loop:
|
|
- motd-news.service
|
|
- motd-news.timer
|
|
|
|
- name: Configure cron-apt
|
|
ansible.builtin.import_tasks: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
- name: Install tarsnap
|
|
ansible.builtin.import_tasks: tarsnap.yml
|
|
tags: packages
|
|
|
|
# vim: set sw=2 ts=2:
|