initial commit, here be dragons
This commit is contained in:
15
roles/bootstrap/tasks/logrotate.yml
Normal file
15
roles/bootstrap/tasks/logrotate.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
- name: Install logrotate
|
||||
ansible.builtin.apt:
|
||||
name: "logrotate"
|
||||
|
||||
- name: Configure logrotate to rotate monthly
|
||||
ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^weekly", line: "monthly" }
|
||||
|
||||
- name: Configure logrotate to keep 12 months
|
||||
ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^rotate 4", line: "rotate 12" }
|
||||
|
||||
- name: Configure logrotate to compress
|
||||
ansible.builtin.lineinfile: { path: /etc/logrotate.conf, regexp: "^#compress", line: "compress" }
|
||||
|
66
roles/bootstrap/tasks/main.yml
Normal file
66
roles/bootstrap/tasks/main.yml
Normal file
@ -0,0 +1,66 @@
|
||||
---
|
||||
|
||||
- name: Create users
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
shell: "{{ item.shell }}"
|
||||
groups: "sudo"
|
||||
state: present
|
||||
loop:
|
||||
- { name: "chris", shell: "/bin/bash" }
|
||||
|
||||
- name: Add authorized keys
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ lookup('file', '{{ item.keyfile }}') }}"
|
||||
state: present
|
||||
loop:
|
||||
- { name: "chris", keyfile: "Krabat_ed25519.pub" }
|
||||
- { name: "chris", keyfile: "LinTron2_ed25519.pub" }
|
||||
|
||||
- name: Set swappiness via sysctl
|
||||
ansible.posix.sysctl:
|
||||
name: vm.swappiness
|
||||
value: '20'
|
||||
sysctl_file: /etc/sysctl.d/99-swappiness.conf
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: Set timezone
|
||||
community.general.timezone: { name: "Europe/Berlin" }
|
||||
|
||||
- name: Setup static network
|
||||
ansible.builtin.template:
|
||||
src: 00-static-config.yaml.j2
|
||||
dest: /etc/netplan/00-static-config.yaml
|
||||
|
||||
- name: Apply netplan configuration
|
||||
ansible.builtin.command:
|
||||
cmd: netplan apply
|
||||
changed_when: false
|
||||
|
||||
- name: Setup sudoers to sudo without password
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: ^%sudo\s
|
||||
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
||||
|
||||
- name: Install common software
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
update_cache: yes
|
||||
vars:
|
||||
packages:
|
||||
- htop
|
||||
- rsync
|
||||
- nano
|
||||
- tmux
|
||||
- byobu
|
||||
- iotop
|
||||
- iftop
|
||||
- colordiff
|
||||
- ncdu
|
||||
|
||||
- name: Include logroate
|
||||
ansible.builtin.include_tasks: logrotate.yml
|
Reference in New Issue
Block a user