blob: 5cba5bd7fce1e593a5e8755a550b69faf746f23c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
---
- name: load distrubtion specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution }}.yml"
skip: true
- name: disable recommends and suggests
copy:
src: 02no-recommends
dest: /etc/apt/apt.conf.d/
- name: install base system tools
apt:
name:
- htop
- dstat
- lsof
- gawk
- psmisc
- less
- debian-goodies
- screen
- mtr-tiny
- tcpdump
- iptraf-ng
- unp
- dbus
- libpam-systemd
- aptitude
- ca-certificates
- file
- man-db
- manpages
- nano
state: present
- name: install rngd
when: base_entropy_generator == 'rngd'
block:
- name: install rngd
apt:
name: "{{ base_rngd_package_name }}"
state: present
- name: make sure haveged is removed/purged
apt:
name: haveged
state: absent
purge: yes
- name: install haveged
when: base_entropy_generator == 'haveged'
block:
- name: install haveged
apt:
name: haveged
state: present
- name: make sure rngd is removed/purged
apt:
name: "{{ base_rngd_package_name }}"
state: absent
purge: yes
- name: Remove startup message from screen
lineinfile:
regexp: "^startup_message"
line: "startup_message off"
dest: /etc/screenrc
mode: 0644
tags:
- screen
- name: install htop config (1/2)
loop:
- /root
- /etc/skel
file:
name: "{{ item }}/.config/htop/"
state: directory
mode: 0700
- name: install htop config (2/2)
loop:
- /root
- /etc/skel
copy:
src: "{{ global_files_dir }}/common/htoprc"
dest: "{{ item }}/.config/htop/"
- name: Ensure /root is not world accessible
file:
path: /root
mode: 0700
owner: root
group: root
state: directory
- name: disable net/fs/misc kernel modules
loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
lineinfile:
dest: /etc/modprobe.d/disablemod.conf
line: "install {{ item }} /bin/true"
create: yes
owner: root
group: root
mode: 0644
- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
loop_control:
label: "{{ item.key }} = {{ item.value }}"
sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_set: yes
state: present
reload: yes
ignoreerrors: yes
- name: install extra packages
apt:
name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
state: present
- name: set kernel command line options
lineinfile:
path: /etc/default/grub
regexp: '^#?GRUB_CMDLINE_LINUX='
line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
when: install is defined and install.kernel_cmdline is defined
notify: update grub
|