summaryrefslogtreecommitdiff
path: root/roles/core/base/tasks/Debian.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/core/base/tasks/Debian.yml')
-rw-r--r--roles/core/base/tasks/Debian.yml116
1 files changed, 116 insertions, 0 deletions
diff --git a/roles/core/base/tasks/Debian.yml b/roles/core/base/tasks/Debian.yml
new file mode 100644
index 00000000..13c3c9f9
--- /dev/null
+++ b/roles/core/base/tasks/Debian.yml
@@ -0,0 +1,116 @@
+---
+- name: load distrubtion specific variables
+ include_vars: "{{ item }}"
+ with_first_found:
+ - files:
+ - "{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution }}.yml"
+ skip: true
+
+- name: disable recommends and suggests
+ copy:
+ src: 02no-recommends
+ dest: /etc/apt/apt.conf.d/
+
+- name: install base system tools
+ apt:
+ name:
+ - htop
+ - dstat
+ - lsof
+ - gawk
+ - psmisc
+ - less
+ - debian-goodies
+ - screen
+ - mtr-tiny
+ - tcpdump
+ - iptraf-ng
+ - unp
+ - dbus
+ - libpam-systemd
+ - aptitude
+ - ca-certificates
+ - file
+ - man-db
+ - manpages
+ - nano
+ state: present
+
+- name: install extra packages
+ apt:
+ name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
+ state: present
+
+- name: install rngd
+ when: base_entropy_generator == 'rngd'
+ block:
+ - name: install rngd
+ apt:
+ name: "{{ base_rngd_package_name }}"
+ state: present
+
+ - name: make sure haveged is removed/purged
+ apt:
+ name: haveged
+ state: absent
+ purge: yes
+
+
+- name: install haveged
+ when: base_entropy_generator == 'haveged'
+ block:
+ - name: install haveged
+ apt:
+ name: haveged
+ state: present
+
+ - name: make sure rngd is removed/purged
+ apt:
+ name: "{{ base_rngd_package_name }}"
+ state: absent
+ purge: yes
+
+
+- name: Ensure /root is not world accessible
+ file:
+ path: /root
+ mode: 0700
+ owner: root
+ group: root
+ state: directory
+
+- name: disable net/fs/misc kernel modules
+ copy:
+ content: |
+ {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %}
+ install {{ item }} /bin/true
+ {% endfor %}
+ dest: /etc/modprobe.d/disablemod.conf
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
+ loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}"
+ loop_control:
+ label: "{{ item.key }} = {{ item.value }}"
+ sysctl:
+ name: "{{ item.key }}"
+ value: "{{ item.value }}"
+ sysctl_set: yes
+ state: present
+ reload: yes
+ ignoreerrors: yes
+
+- name: set kernel command line options
+ lineinfile:
+ path: /etc/default/grub
+ regexp: '^#?GRUB_CMDLINE_LINUX='
+ line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
+ when: install is defined and install.kernel_cmdline is defined
+ notify: update grub
+
+- name: apply stability fix/workaround for machines using intel NIC
+ when: base_intel_nic_stability_fix
+ import_tasks: intel-nic.yml
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 20:33:52 +0000