Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/linux_base
3 files changed, 74 insertions, 0 deletions
diff --git a/roles/linux_base/defaults/main.yml b/roles/linux_base/defaults/main.yml
new file mode 100644
index 0000000..3fb0cb5
--- /dev/null
+++ b/roles/linux_base/defaults/main.yml
@@ -0,0 +1 @@
+domain: "home.local"
diff --git a/roles/linux_base/handlers/main.yml b/roles/linux_base/handlers/main.yml
new file mode 100644
index 0000000..0065ae9
--- /dev/null
+++ b/roles/linux_base/handlers/main.yml
@@ -0,0 +1,16 @@
+- name: update and upgrade - debian
+  when: ansible_facts['distribution'] == 'Debian'
+  become: yes
+  apt:
+    name: "*"
+    state: latest
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+- name: update and upgrade - fedora
+  when: ansible_facts['distribution'] == 'Fedora'
+  dnf:
+    name: "*"
+    state: latest
diff --git a/roles/linux_base/tasks/main.yml b/roles/linux_base/tasks/main.yml
new file mode 100644
index 0000000..ef523ef
--- /dev/null
+++ b/roles/linux_base/tasks/main.yml
@@ -0,0 +1,57 @@
+- name: remove cloud config managed /etc/hosts
+  lineinfile:
+    path: /etc/cloud/cloud.cfg
+    regexp: ".*update_etc_hosts.*"
+    state: absent
+- name: set fully qualified hostname
+  notify:
+    - update and upgrade - debian
+    - update and upgrade - fedora
+  hostname:
+    name: "{{ ansible_hostname }}.{{ domain }}"
+- name: use https repos - debian
+  when: ansible_facts['distribution'] == 'Debian'
+  replace:
+    path: /etc/apt/sources.list
+    regexp: "http://"
+    replace: "https://"
+- name: install packages
+  package:
+    name: "{{ base_packages }}"
+    state: latest
+- name: allow ssh
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    rule: allow
+    name: ssh
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
+- name: enable ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: enabled
+- name: default deny incoming
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: deny
+    direction: incoming
+- name: default allow outgoing
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: allow
+    direction: outgoing
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/linux_base

diff --git a/roles/linux_base/defaults/main.yml b/roles/linux_base/defaults/main.yml new file mode 100644 index 0000000..3fb0cb5 --- /dev/null +++ b/roles/linux_base/defaults/main.yml
@@ -0,0 +1 @@
		domain: "home.local"


diff --git a/roles/linux_base/handlers/main.yml b/roles/linux_base/handlers/main.yml new file mode 100644 index 0000000..0065ae9 --- /dev/null +++ b/roles/linux_base/handlers/main.yml
@@ -0,0 +1,16 @@
	1	- name: update and upgrade - debian
	2	when: ansible_facts['distribution'] == 'Debian'
	3	become: yes
	4	apt:
	5	name: "*"
	6	state: latest
	7	update_cache: yes
	8	register: apt_upgrade
	9	retries: 100
	10	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	11
	12	- name: update and upgrade - fedora
	13	when: ansible_facts['distribution'] == 'Fedora'
	14	dnf:
	15	name: "*"
	16	state: latest


diff --git a/roles/linux_base/tasks/main.yml b/roles/linux_base/tasks/main.yml new file mode 100644 index 0000000..ef523ef --- /dev/null +++ b/roles/linux_base/tasks/main.yml
@@ -0,0 +1,57 @@
	1	- name: remove cloud config managed /etc/hosts
	2	lineinfile:
	3	path: /etc/cloud/cloud.cfg
	4	regexp: ".update_etc_hosts."
	5	state: absent
	6
	7	- name: set fully qualified hostname
	8	notify:
	9	- update and upgrade - debian
	10	- update and upgrade - fedora
	11	hostname:
	12	name: "{{ ansible_hostname }}.{{ domain }}"
	13
	14	- name: use https repos - debian
	15	when: ansible_facts['distribution'] == 'Debian'
	16	replace:
	17	path: /etc/apt/sources.list
	18	regexp: "http://"
	19	replace: "https://"
	20
	21	- name: install packages
	22	package:
	23	name: "{{ base_packages }}"
	24	state: latest
	25
	26	- name: allow ssh
	27	when: ansible_facts['hostname'] != 'proxmox'
	28	ufw:
	29	rule: allow
	30	name: ssh
	31
	32	- name: reload ufw
	33	when: ansible_facts['hostname'] != 'proxmox'
	34	ufw:
	35	state: reloaded
	36
	37	- name: enable ufw
	38	when: ansible_facts['hostname'] != 'proxmox'
	39	ufw:
	40	state: enabled
	41
	42	- name: default deny incoming
	43	when: ansible_facts['hostname'] != 'proxmox'
	44	ufw:
	45	default: deny
	46	direction: incoming
	47
	48	- name: default allow outgoing
	49	when: ansible_facts['hostname'] != 'proxmox'
	50	ufw:
	51	default: allow
	52	direction: outgoing
	53
	54	- name: reload ufw
	55	when: ansible_facts['hostname'] != 'proxmox'
	56	ufw:
	57	state: reloaded