summaryrefslogtreecommitdiff
path: root/roles/base/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/base/tasks/main.yml')
-rw-r--r--roles/base/tasks/main.yml91
1 files changed, 91 insertions, 0 deletions
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
new file mode 100644
index 00000000..3c6fc790
--- /dev/null
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,91 @@
+---
+- name: disable recommends and suggests
+ copy:
+ src: 02no-recommends
+ dest: /etc/apt/apt.conf.d/
+
+- name: install base system tools
+ apt:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - htop
+ - dstat
+ - lsof
+ - gawk
+ - psmisc
+ - less
+ - debian-goodies
+ - screen
+ - mtr-tiny
+ - tcpdump
+ - iptraf-ng
+ - unp
+ - haveged
+ - dbus
+ - libpam-systemd
+ - aptitude
+ - ca-certificates
+ - file
+ - man-db
+ - manpages
+ - nano
+
+- name: Remove startup message from screen
+ lineinfile:
+ regexp: "^startup_message"
+ line: "startup_message off"
+ dest: /etc/screenrc
+ mode: 0644
+ tags:
+ - screen
+
+- name: install htop config (1/2)
+ with_items:
+ - /root
+ - /etc/skel
+ file:
+ name: "{{ item }}/.config/htop/"
+ state: directory
+ mode: 0700
+
+- name: install htop config (2/2)
+ with_items:
+ - /root
+ - /etc/skel
+ copy:
+ src: htoprc
+ dest: "{{ item }}/.config/htop/"
+
+- name: Ensure /root is not world accessible
+ file:
+ path: /root
+ mode: 0700
+ owner: root
+ group: root
+ state: directory
+
+- name: disable net/fs/misc kernel modules
+ lineinfile:
+ dest: /etc/modprobe.d/disablemod.conf
+ line: "install {{ item }} /bin/true"
+ create: yes
+ owner: root
+ group: root
+ mode: 0644
+ with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
+
+- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
+ sysctl:
+ name: "{{ item.key }}"
+ value: "{{ item.value }}"
+ sysctl_set: yes
+ state: present
+ reload: yes
+ ignoreerrors: yes
+ with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}"
+
+- name: install extra packages
+ apt:
+ name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
+ state: present
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 23:17:16 +0000