diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-05-31 23:12:36 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-05-31 23:12:36 +0200 |
commit | 3a2319c9c58886a7938deabafc66ad4bc128c9f8 (patch) | |
tree | 222b41b5b49633b9156c070df830d5c73617edd7 /roles/base/tasks/Debian.yml | |
parent | chaos-at-home: deploy apt-repo/base to some more hosts (diff) |
move core roles to subdir
Diffstat (limited to 'roles/base/tasks/Debian.yml')
-rw-r--r-- | roles/base/tasks/Debian.yml | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml deleted file mode 100644 index 13c3c9f9..00000000 --- a/roles/base/tasks/Debian.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -- name: load distrubtion specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - skip: true - -- name: disable recommends and suggests - copy: - src: 02no-recommends - dest: /etc/apt/apt.conf.d/ - -- name: install base system tools - apt: - name: - - htop - - dstat - - lsof - - gawk - - psmisc - - less - - debian-goodies - - screen - - mtr-tiny - - tcpdump - - iptraf-ng - - unp - - dbus - - libpam-systemd - - aptitude - - ca-certificates - - file - - man-db - - manpages - - nano - state: present - -- name: install extra packages - apt: - name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}" - state: present - -- name: install rngd - when: base_entropy_generator == 'rngd' - block: - - name: install rngd - apt: - name: "{{ base_rngd_package_name }}" - state: present - - - name: make sure haveged is removed/purged - apt: - name: haveged - state: absent - purge: yes - - -- name: install haveged - when: base_entropy_generator == 'haveged' - block: - - name: install haveged - apt: - name: haveged - state: present - - - name: make sure rngd is removed/purged - apt: - name: "{{ base_rngd_package_name }}" - state: absent - purge: yes - - -- name: Ensure /root is not world accessible - file: - path: /root - mode: 0700 - owner: root - group: root - state: directory - -- name: disable net/fs/misc kernel modules - copy: - content: | - {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %} - install {{ item }} /bin/true - {% endfor %} - dest: /etc/modprobe.d/disablemod.conf - owner: root - group: root - mode: 0644 - -- name: Change various sysctl-settings, look at the sysctl-vars file for documentation - loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}" - loop_control: - label: "{{ item.key }} = {{ item.value }}" - sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_set: yes - state: present - reload: yes - ignoreerrors: yes - -- name: set kernel command line options - lineinfile: - path: /etc/default/grub - regexp: '^#?GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"' - when: install is defined and install.kernel_cmdline is defined - notify: update grub - -- name: apply stability fix/workaround for machines using intel NIC - when: base_intel_nic_stability_fix - import_tasks: intel-nic.yml |