forked from Deuxfleurs/infrastructure
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
- name: "Check that host runs Debian buster/sid on armv7l or x86_64"
|
|
assert:
|
|
that:
|
|
- "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'"
|
|
- "ansible_os_family == 'Debian'"
|
|
|
|
- name: "Upgrade system"
|
|
apt:
|
|
upgrade: dist # Should we do a full uprade instead of a dist one?
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
autoclean: yes
|
|
autoremove: yes
|
|
|
|
- name: "Install base tools"
|
|
apt:
|
|
name:
|
|
# Essentials
|
|
- curl
|
|
- less
|
|
- sudo
|
|
- tar
|
|
- unzip
|
|
# User tooling
|
|
- screen
|
|
- vim
|
|
# Monitoring
|
|
- bmon
|
|
- htop
|
|
- iftop
|
|
- iputils-ping
|
|
- iotop
|
|
- strace
|
|
- tcpdump
|
|
# Networking
|
|
- iproute2 # advanced net-tools
|
|
- iptables # legacy firewall (still used by diplonat)
|
|
- iptables-persistent
|
|
- net-tools # basic network tools
|
|
- nftables # iptables' successor (will replace it eventually)
|
|
- dnsutils # now called bind9-dnsutils
|
|
# Optional / Dispensable
|
|
#- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker)
|
|
- parted
|
|
#- btrfs-tools
|
|
#- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
|
|
state: present
|
|
|
|
- name: "Passwordless sudo"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo'
|
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
|
validate: 'visudo -cf %s'
|
|
|