always use full name of ansible task
This commit is contained in:
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "Use custom Ubuntu mirror"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
path: /etc/apt/sources.list
|
||||
regexp: 'http://hu.archive.ubuntu.com'
|
||||
replace: 'https://tormakris.jfrog.io/artifactory/ubuntu-mirror'
|
||||
@ -12,25 +12,25 @@
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "Render JFrog credentials configuration"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: jfrog.conf.template
|
||||
dest: /etc/apt/auth.conf.d/jfrog.conf
|
||||
|
||||
- name: "Remove Ubuntu bloatware"
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
state: absent
|
||||
name: ubutu-server
|
||||
autoremove: yes
|
||||
|
||||
- name: "Update machine"
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
upgrade: "yes"
|
||||
autoclean: yes
|
||||
autoremove: yes
|
||||
|
||||
- name: "Install my favourite applications"
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: clean motd
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: touch
|
||||
owner: tormakris
|
||||
group: tormakris
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
---
|
||||
- name: disable cloudinit
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: ""
|
||||
dest: /etc/cloud/cloud-init.disabled
|
||||
force: no
|
||||
|
||||
- name: disable network autoconfig
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "network: {config: disabled}"
|
||||
dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
||||
force: no
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "Install node exporter"
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
@ -14,7 +14,7 @@
|
||||
src: 192.168.69.0/24
|
||||
|
||||
- name: Enable and restart exporter daemon
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: prometheus-node-exporter
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
---
|
||||
- name: Remove snapd from Ubuntu
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: snapd
|
||||
state: absent
|
||||
purge: yes
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Remove snapd-related directories
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
|
||||
@ -1,30 +1,30 @@
|
||||
---
|
||||
- name: Disable password authentication
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: 'PasswordAuthentication yes'
|
||||
replace: 'PasswordAuthentication no'
|
||||
|
||||
- name: Disable root authentication
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '#PermitRootLogin prohibit-password'
|
||||
replace: 'PermitRootLogin no'
|
||||
|
||||
- name: Disable X11 forwarding
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: 'X11Forwarding yes'
|
||||
replace: 'X11Forwarding no'
|
||||
|
||||
- name: Explicitly only listen on ipv4
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '#AddressFamily any'
|
||||
replace: 'AddressFamily inet'
|
||||
|
||||
- name: Check if AllowUsers is defined
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
state: absent
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: "^AllowUsers"
|
||||
@ -33,14 +33,14 @@
|
||||
register: checkallowusers
|
||||
|
||||
- name: Define AllowUsers if undefined
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
state: present
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "AllowUsers tormakris ansible service-user"
|
||||
when: checkallowusers.found == 0
|
||||
|
||||
- name: "Restart sshd"
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
...
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
---
|
||||
- name: Setup timesync config
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: timesyncd.conf.template
|
||||
dest: /etc/systemd/timesyncd.conf
|
||||
notify: run Timedatectl
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: set Timezone
|
||||
timezone: name={{ timedatectl_timezone }}
|
||||
ansible.builtin.timezone: name={{ timedatectl_timezone }}
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: Reastart timesyncd to apply changes
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "Install ufw via apt"
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
|
||||
@ -19,14 +19,14 @@
|
||||
append: yes
|
||||
|
||||
- name: Create .ssh directory of root user
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /home/ansible/.ssh
|
||||
state: directory
|
||||
owner: ansible
|
||||
group: ansible
|
||||
|
||||
- name: Copy authorized_keys
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: authorized_keys
|
||||
dest: /home/ansible/.ssh/authorized_keys
|
||||
mode: 0600
|
||||
@ -34,7 +34,7 @@
|
||||
group: ansible
|
||||
|
||||
- name: Check if ansible is already nopasswd in sudoers
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
state: absent
|
||||
path: /etc/sudoers
|
||||
regexp: "^ansible"
|
||||
@ -43,7 +43,7 @@
|
||||
register: checkallowusers
|
||||
|
||||
- name: Define ansible nopasswd in sudoers
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
state: present
|
||||
path: /etc/sudoers
|
||||
line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||
|
||||
Reference in New Issue
Block a user