Initial commitHEADmaster

1 files changed, 40 insertions, 0 deletions

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..7e81c55
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: install common packages
+  apt: name={{item}} state=latest
+  with_items:
+    - ufw
+    - openssl
+    - ca-certificates
+    - curl
+    - wget
+    - jq
+    - rsync
+
+- name: firewall - allow ssh
+  ufw: rule=allow port=22 proto=tcp
+
+- name: firewall - enforce rules and deny by default
+  ufw: state=enabled policy=deny
+
+- name: forward root email
+  lineinfile: "dest=/etc/aliases regexp='root:' line='root: infra@odersky.com'"
+
+- name: unattended upgrades - install
+  apt: name={{item}} state=latest
+  with_items:
+    - unattended-upgrades
+    - apt-listchanges
+
+- name: unattended upgrades - configure email
+  lineinfile:
+    dest=/etc/apt/apt.conf.d/50unattended-upgrades
+    regexp='//Unattended-Upgrade::Mail "root";'
+    line='Unattended-Upgrade::Mail "root";'
+    backrefs=yes
+
+- name: unattended upgrades - enable
+  copy:
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "1";
+    dest: /etc/apt/apt.conf.d/20auto-upgrades