70 lines
1.5 KiB
YAML
70 lines
1.5 KiB
YAML
- name: "Check that host runs Debian buster/sid on armv7l or x86_64"
|
|
assert:
|
|
that:
|
|
- "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'"
|
|
- "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Upgrade system"
|
|
apt:
|
|
upgrade: full
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
autoclean: yes
|
|
autoremove: yes
|
|
|
|
- name: "Install base tools"
|
|
apt:
|
|
name:
|
|
# Essentials
|
|
- curl
|
|
- less
|
|
- sudo
|
|
- tar
|
|
- unzip
|
|
# User tooling
|
|
- screen
|
|
- vim
|
|
# Monitoring
|
|
- bmon
|
|
- htop
|
|
- iftop
|
|
- iotop
|
|
- iputils-ping
|
|
- pciutils
|
|
- strace
|
|
- tcpdump
|
|
# Networking
|
|
- bind9-dnsutils
|
|
- ethtool
|
|
- iproute2 # advanced net-tools
|
|
- iptables # legacy firewall (still used by diplonat)
|
|
- iptables-persistent
|
|
- net-tools # basic network tools
|
|
- nftables # iptables' successor (will replace it eventually)
|
|
# Filesystems / Disk Utils
|
|
- parted
|
|
state: present
|
|
|
|
# Install Docker if need be
|
|
|
|
- name: Check if Docker is installed
|
|
command: 'which docker'
|
|
args:
|
|
warn: no
|
|
register: docker_exists
|
|
changed_when: docker_exists.rc != 0
|
|
ignore_errors: true
|
|
|
|
- name: "Install Docker"
|
|
include_tasks: docker.yml
|
|
when: docker_exists.rc != 0
|
|
|
|
# Cool stuff
|
|
|
|
- name: "Passwordless sudo"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo'
|
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
|
validate: 'visudo -cf %s'
|