Alan Orth
16a9ebf97f
Ansible 2.4 changes the way includes work. Now you have to use "import" for playbooks and tasks that are static, and "include" for those that are dynamic (ie, those that use variables, loops, etc). See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
---
|
|
- name: Configure apt mirror
|
|
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
when: ansible_architecture != 'armv7l'
|
|
|
|
- name: Add GPG key for Extras repo
|
|
apt_key: id=0xC47415DFF48C09645B78609416126D3A3E5C1192 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC47415DFF48C09645B78609416126D3A3E5C1192 state=present
|
|
when: ansible_distribution_version | version_compare('14.04', '==')
|
|
|
|
- name: Upgrade base OS
|
|
apt: upgrade=dist update_cache=yes
|
|
|
|
- name: Install base packages
|
|
apt: pkg={{ item }}
|
|
with_items:
|
|
- git
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- s3cmd
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- sysv-rc-conf
|
|
- lzop
|
|
- vim
|
|
- lrzip
|
|
- unzip
|
|
|
|
- name: Security hardening (CIS Benchmark 1.0)
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- whoopsie # CIS 4.1
|
|
- apport # CIS 4.1
|
|
|
|
- name: Remove annoying packages
|
|
apt: pkg={{ item }} state=absent purge=yes
|
|
with_items:
|
|
- command-not-found
|
|
- command-not-found-data
|
|
- python3-commandnotfound
|
|
|
|
- import_tasks: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
- import_tasks: tarsnap.yml
|
|
|
|
# vim: set sw=2 ts=2:
|