mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-10 11:48:33 +01:00
83 lines
1.7 KiB
YAML
83 lines
1.7 KiB
YAML
- name: Install packages
|
|
apt:
|
|
pkg:
|
|
- rsync
|
|
- zsh
|
|
- net-tools
|
|
- tcpdump
|
|
- git
|
|
- apt-file
|
|
- htop
|
|
- ncdu
|
|
- gpg
|
|
- unattended-upgrades
|
|
|
|
- name: Ensure Opt dir exists and accessible
|
|
file:
|
|
name: /opt/
|
|
state: directory
|
|
mode: 0711
|
|
|
|
- name: Ensure backup info dir exists and accessible
|
|
file:
|
|
name: /opt/backup-info/
|
|
state: directory
|
|
mode: 0700
|
|
|
|
- name: Copy Backup Helper script
|
|
copy:
|
|
src: check_dir_size_for_backup.py
|
|
dest: /opt/check_dir_size_for_backup.py
|
|
mode: 0755
|
|
|
|
- name: Create sheppy .ssh dir
|
|
file:
|
|
path: /home/sheppy/.ssh/
|
|
state: directory
|
|
owner: sheppy
|
|
group: sheppy
|
|
mode: 0700
|
|
|
|
- name: Template Sheppy authorized keys
|
|
template:
|
|
src: authorized_keys_sheppy.j2
|
|
dest: /home/sheppy/.ssh/authorized_keys
|
|
owner: sheppy
|
|
group: sheppy
|
|
mode: 0600
|
|
|
|
- name: Add extra root keys
|
|
lineinfile:
|
|
path: /root/.ssh/authorized_keys
|
|
line: "{{ item }}"
|
|
loop: "{{ extra_root_keys }}"
|
|
|
|
- name: Add journalctl cleanup
|
|
ansible.builtin.cron:
|
|
name: "check dirs"
|
|
minute: "0"
|
|
hour: "0"
|
|
job: "/usr/bin/journalctl --vacuum-time={{ keep_journal_for_days }}d"
|
|
|
|
- name: Remove mails in var-mail
|
|
ansible.builtin.cron:
|
|
name: "Cleanup local mails"
|
|
minute: "0"
|
|
hour: "0"
|
|
job: "/usr/bin/rm -f /var/mail/*"
|
|
|
|
- name: Template Logrotate configs
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "/etc/logrotate/logrotate.d/"
|
|
with_items:
|
|
- daemon.conf
|
|
- syslog.conf
|
|
|
|
- name: Template Unattended Upgrade conf
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "/etc/apt/apt.conf.d/"
|
|
with_items:
|
|
- 20auto-upgrades.conf
|