home-infra/10_base_server_setup.yaml

---
- name: "Basic debian bookworm server setup"
  hosts: all
  become: true

  tasks:
    - name: "Update Apt cache"
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 3600 # 1 Hour

    - name: "Update everything"
      ansible.builtin.apt:
       name: "*"
       state: latest        

    - name: "Install basic applications"
      ansible.builtin.apt:
        state: present
        name:
          - "apt-transport-https"
          - "ca-certificates"
          - "sysstat"
          - "htop"
          - "vim"
          - "tmux"
          - "net-tools"
          - "curl"
          - "wget"
          - "git"
          - "tcpdump"
          - "dnsutils"
          - "iputils-ping"
          - "ripgrep"

    - name: "Install ufw"
      ansible.builtin.apt:
        state: present
        name:
          - "ufw"
      when: ufw_status == "enabled"

    - name: "Make sure ntpd is not installed"
      ansible.builtin.apt:
        state: absent
        name:
          - ntp

    - name: "Enable and start systemd-timesyncd"
      ansible.builtin.systemd:
        state: started
        enabled: true
        name: systemd-timesyncd

    - name: "Ensure adminmz account is present"
      ansible.builtin.user:
        state: present
        name: adminmz
        groups:
          - "sudo"

    - name: "Set adminmz ssh key"
      ansible.posix.authorized_key:
        user: adminmz
        state: present
        key: https://git.mziesel.nl/mans.keys

    - name: "Add ssh allow rule in ufw"
      community.general.ufw:
        rule: allow
        to_port: "{{ ssh_port }}"
        protocol: tcp
      when: ufw_status == "enabled"

    - name: "Enable ufw"
      community.general.ufw:
        state: enabled
      when: ufw_status == "enabled"
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00			`---`
			`- name: "Basic debian bookworm server setup"`
			`hosts: all`
			`become: true`

			`tasks:`
			`- name: "Update Apt cache"`
			`ansible.builtin.apt:`
			`update_cache: true`
			`cache_valid_time: 3600 # 1 Hour`

			`- name: "Update everything"`
			`ansible.builtin.apt:`
			`name: "*"`
			`state: latest`

			`- name: "Install basic applications"`
			`ansible.builtin.apt:`
			`state: present`
			`name:`
			`- "apt-transport-https"`
			`- "ca-certificates"`
			`- "sysstat"`
			`- "htop"`
			`- "vim"`
			`- "tmux"`
			`- "net-tools"`
			`- "curl"`
			`- "wget"`
			`- "git"`
			`- "tcpdump"`
			`- "dnsutils"`
			`- "iputils-ping"`
			`- "ripgrep"`

update configs 2025-01-16 13:37:02 +01:00			`- name: "Install ufw"`
			`ansible.builtin.apt:`
			`state: present`
			`name:`
			`- "ufw"`
			`when: ufw_status == "enabled"`

working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00			`- name: "Make sure ntpd is not installed"`
			`ansible.builtin.apt:`
			`state: absent`
			`name:`
			`- ntp`

			`- name: "Enable and start systemd-timesyncd"`
			`ansible.builtin.systemd:`
			`state: started`
			`enabled: true`
			`name: systemd-timesyncd`

			`- name: "Ensure adminmz account is present"`
			`ansible.builtin.user:`
			`state: present`
			`name: adminmz`
			`groups:`
			`- "sudo"`

			`- name: "Set adminmz ssh key"`
			`ansible.posix.authorized_key:`
			`user: adminmz`
			`state: present`
			`key: https://git.mziesel.nl/mans.keys`

			`- name: "Add ssh allow rule in ufw"`
			`community.general.ufw:`
			`rule: allow`
			`to_port: "{{ ssh_port }}"`
			`protocol: tcp`
update configs 2025-01-16 13:37:02 +01:00			`when: ufw_status == "enabled"`
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00
			`- name: "Enable ufw"`
			`community.general.ufw:`
			`state: enabled`
update configs 2025-01-16 13:37:02 +01:00			`when: ufw_status == "enabled"`