79 lines
1.7 KiB
YAML
79 lines
1.7 KiB
YAML
---
|
|
- name: "Basic debian bookworm server setup"
|
|
hosts: all
|
|
become: true
|
|
|
|
tasks:
|
|
- name: "Update Apt cache"
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
cache_valid_time: 3600 # 1 Hour
|
|
|
|
- name: "Update everything"
|
|
ansible.builtin.apt:
|
|
name: "*"
|
|
state: latest
|
|
|
|
- name: "Install basic applications"
|
|
ansible.builtin.apt:
|
|
state: present
|
|
name:
|
|
- "apt-transport-https"
|
|
- "ca-certificates"
|
|
- "sysstat"
|
|
- "htop"
|
|
- "vim"
|
|
- "tmux"
|
|
- "net-tools"
|
|
- "curl"
|
|
- "wget"
|
|
- "git"
|
|
- "tcpdump"
|
|
- "dnsutils"
|
|
- "iputils-ping"
|
|
- "ripgrep"
|
|
|
|
- name: "Install ufw"
|
|
ansible.builtin.apt:
|
|
state: present
|
|
name:
|
|
- "ufw"
|
|
when: ufw_status == "enabled"
|
|
|
|
- name: "Make sure ntpd is not installed"
|
|
ansible.builtin.apt:
|
|
state: absent
|
|
name:
|
|
- ntp
|
|
|
|
- name: "Enable and start systemd-timesyncd"
|
|
ansible.builtin.systemd:
|
|
state: started
|
|
enabled: true
|
|
name: systemd-timesyncd
|
|
|
|
- name: "Ensure adminmz account is present"
|
|
ansible.builtin.user:
|
|
state: present
|
|
name: adminmz
|
|
groups:
|
|
- "sudo"
|
|
|
|
- name: "Set adminmz ssh key"
|
|
ansible.posix.authorized_key:
|
|
user: adminmz
|
|
state: present
|
|
key: https://git.mziesel.nl/mans.keys
|
|
|
|
- name: "Add ssh allow rule in ufw"
|
|
community.general.ufw:
|
|
rule: allow
|
|
to_port: "{{ ssh_port }}"
|
|
protocol: tcp
|
|
when: ufw_status == "enabled"
|
|
|
|
- name: "Enable ufw"
|
|
community.general.ufw:
|
|
state: enabled
|
|
when: ufw_status == "enabled"
|