69 lines
1.7 KiB
YAML
69 lines
1.7 KiB
YAML
---
|
|
|
|
- block:
|
|
- name: Configure apt mirror
|
|
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
when: ansible_architecture != 'armv7l'
|
|
|
|
- name: Upgrade base OS
|
|
apt: upgrade=dist update_cache=yes cache_valid_time=3600
|
|
|
|
- name: Set Ubuntu base packages
|
|
set_fact:
|
|
ubuntu_base_packages:
|
|
- git
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- lzop
|
|
- vim
|
|
- lrzip
|
|
- unzip
|
|
- apt-transport-https # for https support in apt
|
|
|
|
- name: Install base packages
|
|
apt: pkg={{ ubuntu_base_packages }} state=present update_cache=yes cache_valid_time=3600
|
|
|
|
- name: Security hardening (CIS Benchmark 1.0)
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
loop:
|
|
- whoopsie # CIS 4.1
|
|
- apport # CIS 4.1
|
|
|
|
- name: Set fact for annoying packages
|
|
set_fact:
|
|
ubuntu_annoying_packages:
|
|
- command-not-found
|
|
- command-not-found-data
|
|
- python3-commandnotfound
|
|
|
|
- name: Set fact for more annoying packages
|
|
set_fact:
|
|
ubuntu_more_annoying_packages:
|
|
- snapd
|
|
- lxd
|
|
- lxd-client
|
|
- liblxc1
|
|
- lxc-common
|
|
- lxcfs
|
|
when: ansible_distribution_version is version_compare('16.04', '>=')
|
|
|
|
- name: Remove more annoying packages
|
|
apt: name={{ ubuntu_annoying_packages | union(ubuntu_more_annoying_packages) }} state=absent purge=yes
|
|
|
|
- name: Configure cron-apt
|
|
import_tasks: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
- name: Install tarsnap
|
|
import_tasks: tarsnap.yml
|
|
tags: packages
|
|
|
|
# vim: set sw=2 ts=2:
|