summaryrefslogtreecommitdiff
path: root/roles/base/tasks/Debian.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/base/tasks/Debian.yml')
-rw-r--r--roles/base/tasks/Debian.yml116
1 files changed, 0 insertions, 116 deletions
diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml
deleted file mode 100644
index 13c3c9f9..00000000
--- a/roles/base/tasks/Debian.yml
+++ /dev/null
@@ -1,116 +0,0 @@
----
-- name: load distrubtion specific variables
- include_vars: "{{ item }}"
- with_first_found:
- - files:
- - "{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution }}.yml"
- skip: true
-
-- name: disable recommends and suggests
- copy:
- src: 02no-recommends
- dest: /etc/apt/apt.conf.d/
-
-- name: install base system tools
- apt:
- name:
- - htop
- - dstat
- - lsof
- - gawk
- - psmisc
- - less
- - debian-goodies
- - screen
- - mtr-tiny
- - tcpdump
- - iptraf-ng
- - unp
- - dbus
- - libpam-systemd
- - aptitude
- - ca-certificates
- - file
- - man-db
- - manpages
- - nano
- state: present
-
-- name: install extra packages
- apt:
- name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
- state: present
-
-- name: install rngd
- when: base_entropy_generator == 'rngd'
- block:
- - name: install rngd
- apt:
- name: "{{ base_rngd_package_name }}"
- state: present
-
- - name: make sure haveged is removed/purged
- apt:
- name: haveged
- state: absent
- purge: yes
-
-
-- name: install haveged
- when: base_entropy_generator == 'haveged'
- block:
- - name: install haveged
- apt:
- name: haveged
- state: present
-
- - name: make sure rngd is removed/purged
- apt:
- name: "{{ base_rngd_package_name }}"
- state: absent
- purge: yes
-
-
-- name: Ensure /root is not world accessible
- file:
- path: /root
- mode: 0700
- owner: root
- group: root
- state: directory
-
-- name: disable net/fs/misc kernel modules
- copy:
- content: |
- {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %}
- install {{ item }} /bin/true
- {% endfor %}
- dest: /etc/modprobe.d/disablemod.conf
- owner: root
- group: root
- mode: 0644
-
-- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
- loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}"
- loop_control:
- label: "{{ item.key }} = {{ item.value }}"
- sysctl:
- name: "{{ item.key }}"
- value: "{{ item.value }}"
- sysctl_set: yes
- state: present
- reload: yes
- ignoreerrors: yes
-
-- name: set kernel command line options
- lineinfile:
- path: /etc/default/grub
- regexp: '^#?GRUB_CMDLINE_LINUX='
- line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
- when: install is defined and install.kernel_cmdline is defined
- notify: update grub
-
-- name: apply stability fix/workaround for machines using intel NIC
- when: base_intel_nic_stability_fix
- import_tasks: intel-nic.yml
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 09:44:15 +0000