+---
+- name: Remove apt-config-file derived from preseeding
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf
+ state: absent
+ when: ("baremetal" in group_names)
+- name: Create apt-proxy config file
+ ansible.builtin.template:
+ src: apt-proxy_01proxy.j2
+ dest: /etc/apt/apt.conf.d/01proxy
+ when: ("DMZ" not in group_names)
+- name: Remove apt-config-file only for aptproxy
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf.d/01proxy
+ state: absent
+ when: ("aptproxy" in inventory_hostname)
+- name: Copy apt-unattended-upgrades config file
+ ansible.builtin.copy:
+ src: apt-unattended-upgrades_10periodic
+ dest: /etc/apt/apt.conf.d/10periodic
+- name: Update and upgrade apt packages
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: true
+ autoremove: true
+- name: Install core-packages
+ ansible.builtin.apt:
+ pkg:
+ - sudo
+ - gnupg
+ - htop
+ - ncdu
+ - vim
+ - tmux
+ - gnupg2
+ - nethogs
+ - iftop
+ - rsync
+ - ripgrep
+- name: Install core-packages for bare-metal-server
+ ansible.builtin.apt:
+ pkg:
+ - inxi
+ when: ("baremetal" in group_names)
+- name: Install core-packages for server in DMZ
+ ansible.builtin.apt:
+ pkg:
+ - fail2ban
+ when: ("DMZ" in group_names)
+- name: Add ansible user to server
+ ansible.builtin.user:
+ name: ansible
+ shell: /bin/bash
+- name: Allow "ansible"-user to have passwordless sudo
+ ansible.builtin.copy:
+ src: sudo_ansible
+ dest: /etc/sudoers.d/ansible
+ owner: root
+ group: root
+ mode: "0440"
+- name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
+ ansible.posix.authorized_key:
+ user: ansible
+ state: present
+ manage_dir: true
+ key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
+
projects / fsit_smgt.git / commitdiff