initial commit as copy from helsinki ansible repo

1 files changed, 59 insertions, 0 deletions

diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
new file mode 100644
index 00000000..91349e50
--- /dev/null
+++ b/roles/base/tasks/main.yaml
@@ -0,0 +1,59 @@
+---
+- name: apt - Install base system tools
+  apt: name={{ item }} state=present
+  with_items:
+    - htop
+    - dstat
+    - lsof
+    - gawk
+    - psmisc
+    - less
+    - debian-goodies
+    - screen
+    - mtr-tiny
+    - tcpdump
+    - unp
+    - sudo
+    - haveged
+    - dbus
+    - libpam-systemd
+    - aptitude
+    - ca-certificates
+    - file
+
+- name: Remove startup message from screen
+  lineinfile:
+    regexp: "^startup_message"
+    line: "startup_message off"
+    dest: /etc/screenrc
+    mode: 0644
+  tags:
+    - screen
+
+- name: Ensure /root is not world accessible
+  file:
+    path: /root
+    mode: 0700
+    owner: root
+    group: root
+    state: directory
+
+- name: disable net/fs/misc kernel modules
+  lineinfile:
+    dest: /etc/modprobe.d/disablemod.conf
+    line: "install {{ item }} /bin/true"
+    create: yes
+    owner: root
+    group: root
+    mode: 0644
+  with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
+
+- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
+  sysctl:
+    name: '{{ item.key }}'
+    value: '{{ item.value }}'
+    sysctl_set: yes
+    state: present
+    reload: yes
+    ignoreerrors: yes
+  with_dict: '{{ sysctl_config | combine(sysctl_config_user) }}'