From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/linux_base/defaults/main.yml |  1 +
 roles/linux_base/handlers/main.yml | 16 +++++++++++
 roles/linux_base/tasks/main.yml    | 57 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 roles/linux_base/defaults/main.yml
 create mode 100644 roles/linux_base/handlers/main.yml
 create mode 100644 roles/linux_base/tasks/main.yml

(limited to 'roles/linux_base')

diff --git a/roles/linux_base/defaults/main.yml b/roles/linux_base/defaults/main.yml
new file mode 100644
index 0000000..3fb0cb5
--- /dev/null
+++ b/roles/linux_base/defaults/main.yml
@@ -0,0 +1 @@
+domain: "home.local"
diff --git a/roles/linux_base/handlers/main.yml b/roles/linux_base/handlers/main.yml
new file mode 100644
index 0000000..0065ae9
--- /dev/null
+++ b/roles/linux_base/handlers/main.yml
@@ -0,0 +1,16 @@
+- name: update and upgrade - debian
+  when: ansible_facts['distribution'] == 'Debian'
+  become: yes
+  apt:
+    name: "*"
+    state: latest
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+
+- name: update and upgrade - fedora
+  when: ansible_facts['distribution'] == 'Fedora'
+  dnf:
+    name: "*"
+    state: latest
diff --git a/roles/linux_base/tasks/main.yml b/roles/linux_base/tasks/main.yml
new file mode 100644
index 0000000..ef523ef
--- /dev/null
+++ b/roles/linux_base/tasks/main.yml
@@ -0,0 +1,57 @@
+- name: remove cloud config managed /etc/hosts
+  lineinfile:
+    path: /etc/cloud/cloud.cfg
+    regexp: ".*update_etc_hosts.*"
+    state: absent
+
+- name: set fully qualified hostname
+  notify:
+    - update and upgrade - debian
+    - update and upgrade - fedora
+  hostname:
+    name: "{{ ansible_hostname }}.{{ domain }}"
+
+- name: use https repos - debian
+  when: ansible_facts['distribution'] == 'Debian'
+  replace:
+    path: /etc/apt/sources.list
+    regexp: "http://"
+    replace: "https://"
+
+- name: install packages
+  package:
+    name: "{{ base_packages }}"
+    state: latest
+
+- name: allow ssh
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    rule: allow
+    name: ssh
+
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
+
+- name: enable ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: enabled
+
+- name: default deny incoming
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: deny
+    direction: incoming
+
+- name: default allow outgoing
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    default: allow
+    direction: outgoing
+
+- name: reload ufw
+  when: ansible_facts['hostname'] != 'proxmox'
+  ufw:
+    state: reloaded
-- 
cgit v1.2.3