X-Git-Url: https://freie-schul-it.de/gitweb/fsit-cmgt.git/blobdiff_plain/c77857d2f2a4107b7c8c15eb1f3feae8af46587a..acbd76a5312d9f700f2eebfa1ac6580b4aea74bb:/library/bootstrap.yml?ds=sidebyside

diff --git a/library/bootstrap.yml b/library/bootstrap.yml
index e69de29..a005d4c 100644
--- a/library/bootstrap.yml
+++ b/library/bootstrap.yml
@@ -0,0 +1,63 @@
+---
+- name: change ansible-user password
+  ansible.builtin.user:
+    name: ansible
+    update_password: always
+    password: "{{ ansibleuser|password_hash('sha512') }}"
+- name: hide system-account
+  ansible.builtin.lineinfile:
+    path: /var/lib/AccountsService/users/ansible
+    regex: 'SystemAccount=*'
+    line: 'SystemAccount=true'
+- name: remove apt-config-file derived from preseeding
+  ansible.builtin.file:
+    path: /etc/apt/apt.conf
+    state: absent
+- name: copy new apt-proxy config file to apt.conf.d-dir
+  ansible.builtin.copy:
+    dest: /etc/apt/apt.conf.d/01proxy
+    content: |
+      Acquire::http { Proxy "http://{{ aptproxy }}:3142"; };
+      Acquire::https { Proxy "https://"; };
+- name: prepare ubuntu-DNS for working in local network
+  file:
+    src: /run/systemd/resolve/resolv.conf
+    dest: /etc/resolv.conf
+    state: link
+    force: yes
+  when: ansible_facts['distribution'] == 'Ubuntu'
+- name: Update and upgrade apt packages
+  apt:
+    update_cache: true
+    upgrade: true
+    autoremove: true
+- name: install core-packages
+  apt:
+    pkg:
+    - htop
+#    - glances
+    - inxi
+    - bmon
+    - vim
+    - mtr-tiny
+    - tmux
+- name: configure apt-unattended-upgrades part one
+  ansible.builtin.copy:
+    dest: /etc/apt/apt.conf.d/10periodic
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "1";
+      APT::Periodic::Download-Upgradeable-Packages "1";
+      APT::Periodic::AutocleanInterval "7";
+#- name: configure apt-unattended-upgrades part two
+#  ansible.builtin.lineinfile:
+# Müssen wir noch an einem neuen Gerät nachvollziehen :-)
+#- name: stop automatic remote printer installation
+#  ansible.builtin.systemd:
+#    name: cups-browsed
+#    state: stopped
+#- name: disable automatic remote printer installation
+#  ansible.builtin.systemd:
+#    name: cups-browsed
+#    enabled: no
+...