暫無描述
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

main.yml 2.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. ---
  2. # Defines tasks applicable across all machines in the infrastructure.
  3. - name: Set up closest mirror autoselect (ubuntu-only)
  4. template: src=apt_sources.list.j2 dest=/etc/apt/sources.list
  5. when: ansible_distribution == 'Ubuntu'
  6. tags:
  7. - dependencies
  8. - name: Update apt cache
  9. apt: update_cache=yes
  10. tags:
  11. - dependencies
  12. - name: Upgrade all safe packages
  13. apt: upgrade=safe
  14. tags:
  15. - dependencies
  16. - name: Install necessities and nice-to-haves
  17. apt: pkg={{ item }} state=installed
  18. with_items:
  19. - apache2
  20. - apt-transport-https
  21. - apticron
  22. - build-essential
  23. - debian-goodies
  24. - git
  25. - htop
  26. - iftop
  27. - iotop
  28. - mosh
  29. - python-software-properties
  30. - ruby1.9.3
  31. - screen
  32. - sudo
  33. - update-notifier-common
  34. - unattended-upgrades
  35. - molly-guard
  36. - vim
  37. - zsh
  38. tags:
  39. - dependencies
  40. - name: timezone - configure /etc/timezone
  41. copy:
  42. content: "{{ common_timezone | regex_replace('$', '\n') }}"
  43. dest: /etc/timezone
  44. owner: root
  45. group: root
  46. mode: 0644
  47. register: common_timezone_config
  48. - name: timezone - Set localtime to UTC
  49. file: src=/usr/share/zoneinfo/Etc/UTC dest=/etc/localtime
  50. when: common_timezone_config.changed
  51. - name: timezone - reconfigure tzdata
  52. command: dpkg-reconfigure --frontend noninteractive tzdata
  53. when: common_timezone_config.changed
  54. - name: Apticron email configuration
  55. template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf
  56. - name: Disable default Apache site
  57. command: a2dissite 000-default removes=/etc/apache2/sites-enabled/000-default
  58. notify: restart apache
  59. - name: Enable Apache headers module
  60. command: a2enmod headers creates=/etc/apache2/mods-enabled/headers.load
  61. notify: restart apache
  62. - name: Set ServerName for Apache
  63. template: src=fqdn.j2 dest=/etc/apache2/conf.d/fqdn
  64. notify: restart apache
  65. when: ansible_distribution_release != 'trusty'
  66. - name: Create ServerName configuration file for Apache for Ubuntu Trusty
  67. template: src=fqdn.j2 dest=/etc/apache2/conf-available/fqdn.conf
  68. when: ansible_distribution_release == 'trusty'
  69. - name: Set ServerName for Apache for Ubuntu Trusty
  70. command: a2enconf fqdn creates=/etc/apache2/conf-enabled/fqdn.conf
  71. notify: restart apache
  72. when: ansible_distribution_release == 'trusty'
  73. - name: Create decrypted directory (even if encfs isn't used)
  74. file: state=directory path=/decrypted
  75. - name: Set decrypted directory permissions
  76. file: state=directory path=/decrypted group=mail mode=775
  77. - include: encfs.yml tags=encfs
  78. - include: users.yml tags=users
  79. - include: ssl.yml tags=ssl
  80. - include: ufw.yml tags=ufw
  81. - include: security.yml tags=security
  82. - include: ntp.yml tags=ntp
  83. - include: google_auth.yml tags=google_auth
  84. when: ansible_distribution_release != 'trusty'
  85. - include: google_auth_mod.yml tags=google_auth
  86. when: ansible_distribution_release == 'trusty'