--- - name: (basic.yml) Ensure timezone is is correct timezone: name={{ time_zone }} tags: - timezone - name: (basic.yml) Ensure locales are present locale_gen: name: "{{ item }}" state: present with_items: "{{ locales }}" when: - ansible_facts['distribution'] == "Debian" tags: - locales - name: (basic.yml) Create a symbolic link /bin/sh -> bash file: src: bash dest: /bin/sh owner: root group: root state: link tags: - symlink-sh # ---------- # security limit (maybe DEPRECATED see systemd settings) # ---------- - name: (basic.yml) Ensure directory '/etc/security/limits.d' exists file: path: /etc/security/limits.d state: directory mode: 0755 group: root owner: root when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] - copy_plain_files_security_limits is defined - copy_plain_files_security_limits|length > 0 tags: - systemd-config - name: (basic.yml) Ensure files /etc/security/limits.d/*.conf exists copy: src: '{{ item.src_path }}' dest: '{{ item.dest_path }}' owner: root group: root mode: '0644' loop: "{{ copy_plain_files_security_limits }}" loop_control: label: 'dest: {{ item.name }}' when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] - copy_plain_files_security_limits is defined - copy_plain_files_security_limits|length > 0 tags: - systemd-config # ---------- # systemd stuff # ---------- - name: (basic.yml) Ensure directory '/etc/systemd/system.conf.d' exists file: path: /etc/systemd/system.conf.d state: directory mode: 0755 group: root owner: root when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] or inventory_hostname in groups['jitsi_meet_server'] - copy_plain_files_systemd is defined - copy_plain_files_systemd|length > 0 tags: - systemd-config - name: (basic.yml) Ensure files /etc/systemd/system.conf.d/*.conf exists copy: src: '{{ item.src_path }}' dest: '{{ item.dest_path }}' owner: root group: root mode: '0644' loop: "{{ copy_plain_files_systemd }}" loop_control: label: 'dest: {{ item.name }}' when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] or inventory_hostname in groups['jitsi_meet_server'] - copy_plain_files_systemd is defined - copy_plain_files_systemd|length > 0 tags: - systemd-config - name: (basic.yml) Ensure directory '/etc/systemd/journald.conf.d' exists file: path: /etc/systemd/journald.conf.d state: directory mode: 0755 group: root owner: root when: - copy_plain_files_journald is defined - copy_plain_files_journald|length > 0 tags: - systemd-config - name: (basic.yml) Ensure files /etc/systemd/journald.conf.d/*.conf exists copy: src: '{{ item.src_path }}' dest: '{{ item.dest_path }}' owner: root group: root mode: '0644' loop: "{{ copy_plain_files_journald }}" loop_control: label: 'dest: {{ item.name }}' notify: "Restart systemd-journald" when: - copy_plain_files_journald is defined - copy_plain_files_journald|length > 0 tags: - systemd-config # ---------- # kernel parameter # ---------- - name: (basic.yml) Ensure directory '/etc/sysctl.d' exists file: path: etc/sysctl.d state: directory mode: 0755 group: root owner: root when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] - copy_plain_files_sysctl is defined - copy_plain_files_sysctl|length > 0 tags: - systctl-config - name: (basic.yml) Ensure files /etc/sysctl.d/*.conf exists copy: src: '{{ item.src_path }}' dest: '{{ item.dest_path }}' owner: root group: root mode: '0644' loop: "{{ copy_plain_files_sysctl }}" loop_control: label: 'dest: {{ item.name }}' when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] - copy_plain_files_sysctl is defined - copy_plain_files_sysctl|length > 0 tags: - systctl-config - name: (basic.yml) Additional Kernel Parameters (files /etc/sysctl.d/*.conf) copy: src: '{{ item.src_path }}' dest: '{{ item.dest_path }}' owner: root group: root mode: '0644' loop: "{{ copy_additional_plain_files_sysctl }}" loop_control: label: 'dest: {{ item.name }}' when: - inventory_hostname not in groups['lxc_guest'] or inventory_hostname in groups['lxc_host'] or inventory_hostname in groups['oopen_office_server'] - copy_additional_plain_files_sysctl is defined - copy_additional_plain_files_sysctl|length > 0 tags: - systctl-config # ---------- # unattended upgrades # ---------- - name: (basic.yml) install unattended-upgrades apt: pkg=unattended-upgrades state=present when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades - name: (basic.yml) install apt-listchanges apt: pkg=apt-listchanges state=present when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades - name: (basic.yml) remove apticron apt: pkg=apticron state=absent when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades - name: (basic.yml) check if /etc/apt/apt.conf.d/20auto-upgrades exists stat: path=/etc/apt/apt.conf.d/20auto-upgrades register: ua_enabled when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades - name: (basic.yml) activate unattended upgrades shell: DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure -plow unattended-upgrades when: - ansible_facts['distribution'] == "Debian" - ua_enabled.stat.exists == False tags: - unattended-upgrades - name: (basic.yml) copy apt-listchanges.conf template: src: etc/apt/listchanges.conf.j2 dest: /etc/apt/listchanges.conf owner: root group: root mode: 0644 when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades - name: (basic.yml) copy unattended-upgrades conf template: src: etc/apt/apt.conf.d/50unattended-upgrades.j2 dest: /etc/apt/apt.conf.d/50unattended-upgrades backup: yes owner: root group: root mode: 0644 when: - ansible_facts['distribution'] == "Debian" tags: - unattended-upgrades