64 lines
1.3 KiB
YAML
64 lines
1.3 KiB
YAML
---
|
|
- name: "Update Apt cache"
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
cache_valid_time: 3600 # 1 Hour
|
|
|
|
- name: "Update everything"
|
|
ansible.builtin.apt:
|
|
name: "*"
|
|
state: latest
|
|
|
|
- name: "Install basic applications"
|
|
ansible.builtin.apt:
|
|
state: present
|
|
name:
|
|
- "apt-transport-https"
|
|
- "ca-certificates"
|
|
- "sysstat"
|
|
- "htop"
|
|
- "vim"
|
|
- "tmux"
|
|
- "net-tools"
|
|
- "curl"
|
|
- "wget"
|
|
- "git"
|
|
- "tcpdump"
|
|
- "dnsutils"
|
|
- "iputils-ping"
|
|
- "ripgrep"
|
|
- "acl" # required for ansible to become unprivileged user
|
|
|
|
- name: "Make sure ntpd is not installed"
|
|
ansible.builtin.apt:
|
|
state: absent
|
|
name:
|
|
- ntp
|
|
|
|
- name: "Enable and start systemd-timesyncd"
|
|
ansible.builtin.systemd:
|
|
state: started
|
|
enabled: true
|
|
name: systemd-timesyncd
|
|
|
|
- name: "Ensure adminmz account is present"
|
|
ansible.builtin.user:
|
|
state: present
|
|
name: adminmz
|
|
shell: "/bin/bash"
|
|
groups:
|
|
- "sudo"
|
|
|
|
- name: "Set adminmz ssh key"
|
|
ansible.posix.authorized_key:
|
|
user: adminmz
|
|
state: present
|
|
key: https://git.mziesel.nl/mans.keys
|
|
|
|
- name: "Add nopasswd to sudoers files"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
|
state: present
|
|
validate: 'visudo -cf %s'
|