diff options
Diffstat (limited to 'roles/common/tasks/main.yml')
| -rw-r--r-- | roles/common/tasks/main.yml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..7e81c55 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: install common packages + apt: name={{item}} state=latest + with_items: + - ufw + - openssl + - ca-certificates + - curl + - wget + - jq + - rsync + +- name: firewall - allow ssh + ufw: rule=allow port=22 proto=tcp + +- name: firewall - enforce rules and deny by default + ufw: state=enabled policy=deny + +- name: forward root email + lineinfile: "dest=/etc/aliases regexp='root:' line='root: infra@odersky.com'" + +- name: unattended upgrades - install + apt: name={{item}} state=latest + with_items: + - unattended-upgrades + - apt-listchanges + +- name: unattended upgrades - configure email + lineinfile: + dest=/etc/apt/apt.conf.d/50unattended-upgrades + regexp='//Unattended-Upgrade::Mail "root";' + line='Unattended-Upgrade::Mail "root";' + backrefs=yes + +- name: unattended upgrades - enable + copy: + content: | + APT::Periodic::Update-Package-Lists "1"; + APT::Periodic::Unattended-Upgrade "1"; + dest: /etc/apt/apt.conf.d/20auto-upgrades |