---
-- block:
- - name: Remove apt-config-file derived from preseeding
- ansible.builtin.file:
- path: /etc/apt/apt.conf
- state: absent
- when: ("baremetal" in group_names)
- - name: Create apt-proxy config file
- ansible.builtin.template:
- src: apt-proxy_01proxy.j2
- dest: /etc/apt/apt.conf.d/01proxy
- when: ("DMZ" not in group_names)
- - name: Remove apt-config-file only for aptproxy
- ansible.builtin.file:
- path: /etc/apt/apt.conf.d/01proxy
- state: absent
- when: ("aptproxy" in inventory_hostname)
- - name: Copy apt-unattended-upgrades config file
- ansible.builtin.copy:
- src: apt-unattended-upgrades_10periodic
- dest: /etc/apt/apt.conf.d/10periodic
- - name: Update and upgrade apt packages
- ansible.builtin.apt:
- update_cache: true
- upgrade: true
- autoremove: true
- - name: Install core-packages
- ansible.builtin.apt:
- pkg:
- - sudo
- - gnupg
- - htop
- - ncdu
- - vim
- - tmux
- - gnupg2
- - nethogs
- - iftop
- - rsync
- - ripgrep
- - name: Install core-packages for bare-metal-server
- ansible.builtin.apt:
- pkg:
- - inxi
- when: ("baremetal" in group_names)
- - name: Install core-packages for server in DMZ
- ansible.builtin.apt:
- pkg:
- - fail2ban
- when: ("DMZ" in group_names)
- - name: Add ansible user to server
- ansible.builtin.user:
- name: ansible
- shell: /bin/bash
- - name: Allow "ansible"-user to have passwordless sudo
- ansible.builtin.copy:
- src: sudo_ansible
- dest: /etc/sudoers.d/ansible
- owner: root
- group: root
- mode: "0440"
- - name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
- ansible.posix.authorized_key:
- user: ansible
- state: present
- manage_dir: true
- key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
- remote_user: root
+- name: Remove apt-config-file derived from preseeding
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf
+ state: absent
+ when: ("baremetal" in group_names)
+- name: Create apt-proxy config file
+ ansible.builtin.template:
+ src: apt-proxy_01proxy.j2
+ dest: /etc/apt/apt.conf.d/01proxy
+ when: ("DMZ" not in group_names)
+- name: Remove apt-config-file only for aptproxy
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf.d/01proxy
+ state: absent
+ when: ("aptproxy" in inventory_hostname)
+- name: Copy apt-unattended-upgrades config file
+ ansible.builtin.copy:
+ src: apt-unattended-upgrades_10periodic
+ dest: /etc/apt/apt.conf.d/10periodic
+- name: Update and upgrade apt packages
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: true
+ autoremove: true
+- name: Install core-packages
+ ansible.builtin.apt:
+ pkg:
+ - sudo
+ - gnupg
+ - htop
+ - ncdu
+ - vim
+ - tmux
+ - gnupg2
+ - nethogs
+ - iftop
+ - rsync
+ - ripgrep
+- name: Install core-packages for bare-metal-server
+ ansible.builtin.apt:
+ pkg:
+ - inxi
+ when: ("baremetal" in group_names)
+- name: Install core-packages for server in DMZ
+ ansible.builtin.apt:
+ pkg:
+ - fail2ban
+ when: ("DMZ" in group_names)
+- name: Add ansible user to server
+ ansible.builtin.user:
+ name: ansible
+ shell: /bin/bash
+- name: Allow "ansible"-user to have passwordless sudo
+ ansible.builtin.copy:
+ src: sudo_ansible
+ dest: /etc/sudoers.d/ansible
+ owner: root
+ group: root
+ mode: "0440"
+- name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
+ ansible.posix.authorized_key:
+ user: ansible
+ state: present
+ manage_dir: true
+ key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
projects / fsit_smgt.git / blobdiff