93 lines
2.0 KiB
YAML
93 lines
2.0 KiB
YAML
---
|
|
- name: add repositories
|
|
ansible.builtin.yum_repository:
|
|
name: "{{ item.name }}"
|
|
description: "Ansible repositories"
|
|
baseurl: "{{ item.baseurl }}"
|
|
async: yes
|
|
gpgkey: "{{ item.gpgkey }}"
|
|
with_items: "{{ redhat_required_repositories }}"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Run Package tasks
|
|
include_tasks:
|
|
file: ./templates/packages.yml
|
|
|
|
#- name: Create user account
|
|
# user:
|
|
# name: "{{ username }}"
|
|
# password: "{{ userpassword }}"
|
|
# groups: sudo
|
|
# shell: /bin/bash
|
|
# state: present
|
|
# createhome: yes
|
|
# when: ansible_os_family == "Debian"
|
|
|
|
#- name: Create user account
|
|
# user:
|
|
# name: "{{ username }}"
|
|
# password: "{{ userpassword }}"
|
|
# shell: /bin/bash
|
|
# groups: wheel
|
|
# state: present
|
|
# createhome: yes
|
|
# when: ansible_os_family == "RedHat"
|
|
|
|
- name: Run SSH tasks
|
|
include_tasks:
|
|
file: ssh.yml
|
|
|
|
- name: Copy unattended-upgrades file
|
|
copy:
|
|
src: files/10periodic
|
|
dest: /etc/apt/apt.conf.d/10periodic
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Remove undesirable packages
|
|
package:
|
|
name: "{{ unnecessary_software }}"
|
|
state: absent
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Stop and disable unnecessary services
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: no
|
|
with_items: "{{ unnecessary_services }}"
|
|
ignore_errors: yes
|
|
|
|
- name: Set a message of the day
|
|
copy:
|
|
dest: /etc/motd
|
|
src: files/motd
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Set a login banner
|
|
copy:
|
|
dest: "{{ item }}"
|
|
src: files/issue
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- /etc/issue
|
|
- /etc/issue.net
|
|
|
|
- name: set timezone
|
|
shell: timedatectl set-timezone America/Chicago
|
|
|
|
- name: Enable cockpit
|
|
systemd:
|
|
name: cockpit
|
|
daemon_reload: yes
|
|
state: restarted
|
|
enabled: yes
|
|
when: ansible_os_family == "RedHat"
|