From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/linux_base/tasks/main.yml | 57 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 roles/linux_base/tasks/main.yml

(limited to 'roles/linux_base/tasks')

diff --git a/roles/linux_base/tasks/main.yml b/roles/linux_base/tasks/main.yml
new file mode 100644
index 0000000..ef523ef
--- /dev/null
+++ b/roles/linux_base/tasks/main.yml
@@ -0,0 +1,57 @@
+- name: remove cloud config managed /etc/hosts
+  lineinfile:
+    path: /etc/cloud/cloud.cfg
+    regexp: ".*update_etc_hosts.*"
+    state: absent
+
+- name: set fully qualified hostname
+  notify:
+    - update and upgrade - debian
+    - update and upgrade - fedora
+  hostname:
+    name: "{{ ansible_hostname }}.{{ domain }}"
+
+- name: use https repos - debian
+  when: ansible_facts['distribution'] == 'Debian'
+  replace:
+    path: /etc/apt/sources.list
+    regexp: "http://"
+    replace: "https://"
+
+- name: install packages
+  package:
+    name: "{{ base_packages }}"
+    state: latest
+
+- name: allow ssh
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    rule: allow
+    name: ssh
+
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
+
+- name: enable ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: enabled
+
+- name: default deny incoming
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: deny
+    direction: incoming
+
+- name: default allow outgoing
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: allow
+    direction: outgoing
+
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
-- 
cgit v1.2.3