71 lines
1.5 KiB
YAML
71 lines
1.5 KiB
YAML
---
|
|
- name: ensure common tools
|
|
apt:
|
|
name:
|
|
- ansible
|
|
- avahi-daemon
|
|
- build-essential
|
|
- curl
|
|
- dnsutils
|
|
- git
|
|
- iputils-ping
|
|
- jed
|
|
- net-tools
|
|
- python3-dev
|
|
- python3-distutils
|
|
- python3-pip
|
|
- rsync
|
|
- sshpass
|
|
- sudo
|
|
- ufw
|
|
- unzip
|
|
- wget
|
|
- zip
|
|
|
|
- name: remove the extras
|
|
apt: name=lightdm,triggerhappy,gvfsd,bluealsa,chromium,snapd state=absent
|
|
|
|
- name: add {{user}}
|
|
user:
|
|
name: "{{user}}"
|
|
password: '$6$3/nNUZfJvg9V9$9OkDm4wO25wyuNJq0Iw3Pw15uCmcUoLBkq/8C0HuRR2vRtrcJVXU6VU6k0d9/gSCWkoEBNDAkHAubZ.wrT43H.'
|
|
groups: sudo,dialout,video,audio
|
|
state: present
|
|
update_password: on_create
|
|
shell: /bin/bash
|
|
skeleton: /etc/skel
|
|
|
|
- name: set authorized keys
|
|
authorized_key:
|
|
user: "{{ item }}"
|
|
state: present
|
|
key: "https://juju.nz/src/{{ item }}.keys"
|
|
with_items:
|
|
- '{{ user }}'
|
|
ignore_errors: yes
|
|
|
|
- name: enable ufw
|
|
ufw: state=enabled policy=deny
|
|
|
|
- name: allow SSH and web
|
|
ufw: rule=allow port="{{item}}" proto=tcp
|
|
loop:
|
|
- '22'
|
|
- '80'
|
|
- '443'
|
|
- '9100'
|
|
|
|
- name: allow DNS
|
|
ufw: rule=allow port="{{item}}" proto=any
|
|
loop:
|
|
- '53'
|
|
|
|
- name: ensure prometheus-node-exporter
|
|
apt: name=prometheus-node-exporter
|
|
|
|
- name: prometheus-node-exporter config
|
|
lineinfile:
|
|
path: /etc/default/prometheus-node-exporter
|
|
regexp: ^ARGS=
|
|
line: 'ARGS="--collector.textfile.directory=/var/lib/prometheus/node-exporter --collector.processes --collector.wifi --collector.systemd"'
|