Alan Orth
b512a7f765
According the the Debian docs for third-party repositories we must create this manually on distros before Debian 12 and Ubuntu 22.04. This is due to changes in apt-secure and the deprecation of apt-key. See: https://wiki.debian.org/DebianRepository/UseThirdParty
107 lines
3.5 KiB
YAML
107 lines
3.5 KiB
YAML
---
|
|
|
|
- name: Configure Ubuntu packages
|
|
block:
|
|
# Create directory for third-party package signing keys. Required on distros
|
|
# older than Debian 12 / Ubuntu 22.04.
|
|
#
|
|
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
|
|
- name: Create /etc/apt/keyrings
|
|
file:
|
|
path: /etc/apt/keyrings
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
when: ansible_distribution_major_version is version('22.04', '<')
|
|
|
|
- name: Configure apt mirror
|
|
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
|
|
when: ansible_architecture != 'armv7l'
|
|
|
|
- name: Upgrade base OS
|
|
ansible.builtin.apt: upgrade=dist cache_valid_time=3600
|
|
|
|
- name: Set Ubuntu base packages
|
|
ansible.builtin.set_fact:
|
|
ubuntu_base_packages:
|
|
- git
|
|
- git-lfs
|
|
- tmux
|
|
- iotop
|
|
- htop
|
|
- strace
|
|
- cron-apt
|
|
- safe-rm
|
|
- debian-goodies
|
|
- mosh
|
|
- python-pycurl # for ansible's apt_repository
|
|
- vim
|
|
- unzip
|
|
- apt-transport-https # for https support in apt
|
|
- zstd
|
|
- rsync
|
|
- lsof
|
|
|
|
- name: Install base packages
|
|
ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
|
|
|
|
# We have to remove snaps one by one in a specific order because some depend
|
|
# on others. Only after that can we remove the corresponding system packages.
|
|
- name: Remove lxd snap
|
|
community.general.snap: name=lxd state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Remove core18 snap
|
|
community.general.snap: name=core18 state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Remove snapd snap
|
|
community.general.snap: name=snapd state=absent
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
ignore_errors: true
|
|
|
|
- name: Set fact for packages to remove (Ubuntu 20.04)
|
|
ansible.builtin.set_fact:
|
|
ubuntu_annoying_packages:
|
|
- whoopsie # security (CIS 4.1)
|
|
- apport # security (CIS 4.1)
|
|
- command-not-found # annoying
|
|
- command-not-found-data # annoying
|
|
- python3-commandnotfound # annoying
|
|
- snapd # annoying (Ubuntu >= 16.04)
|
|
- lxd-agent-loader # annoying (Ubuntu 20.04)
|
|
when: ansible_distribution_version is version('20.04', '==')
|
|
|
|
- name: Remove packages
|
|
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=true
|
|
|
|
- name: Disable annoying Canonical spam in MOTD
|
|
ansible.builtin.file: path={{ item }} mode=0644 state=absent
|
|
loop:
|
|
- /etc/update-motd.d/99-esm # Ubuntu 14.04
|
|
- /etc/update-motd.d/10-help-text # Ubuntu 14.04+
|
|
- /etc/update-motd.d/50-motd-news # Ubuntu 18.04+
|
|
- /etc/update-motd.d/80-esm # Ubuntu 18.04+
|
|
- /etc/update-motd.d/80-livepatch # Ubuntu 18.04+
|
|
ignore_errors: true
|
|
|
|
- name: Disable annoying Canonical spam in MOTD
|
|
ansible.builtin.systemd: name={{ item }} state=stopped enabled=no
|
|
when: ansible_service_mgr == 'systemd'
|
|
loop:
|
|
- motd-news.service
|
|
- motd-news.timer
|
|
|
|
- name: Configure cron-apt
|
|
ansible.builtin.import_tasks: cron-apt.yml
|
|
tags: cron-apt
|
|
|
|
- name: Install tarsnap
|
|
ansible.builtin.import_tasks: tarsnap.yml
|
|
tags: packages
|
|
|
|
# vim: set sw=2 ts=2:
|