diff options
author | Jakob Odersky <jakob@odersky.com> | 2017-12-03 22:47:13 -0800 |
---|---|---|
committer | Jakob Odersky <jakob@odersky.com> | 2017-12-03 22:47:13 -0800 |
commit | df6be44d67e29d73b0f226985c2c7b6ec989c224 (patch) | |
tree | 590198484d5322042c2d0ef38bc4eeb1c71412ae /roles/common/tasks/main.yml | |
download | metamorphic-master.tar.gz metamorphic-master.tar.bz2 metamorphic-master.zip |
Diffstat (limited to 'roles/common/tasks/main.yml')
-rw-r--r-- | roles/common/tasks/main.yml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..7e81c55 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: install common packages + apt: name={{item}} state=latest + with_items: + - ufw + - openssl + - ca-certificates + - curl + - wget + - jq + - rsync + +- name: firewall - allow ssh + ufw: rule=allow port=22 proto=tcp + +- name: firewall - enforce rules and deny by default + ufw: state=enabled policy=deny + +- name: forward root email + lineinfile: "dest=/etc/aliases regexp='root:' line='root: infra@odersky.com'" + +- name: unattended upgrades - install + apt: name={{item}} state=latest + with_items: + - unattended-upgrades + - apt-listchanges + +- name: unattended upgrades - configure email + lineinfile: + dest=/etc/apt/apt.conf.d/50unattended-upgrades + regexp='//Unattended-Upgrade::Mail "root";' + line='Unattended-Upgrade::Mail "root";' + backrefs=yes + +- name: unattended upgrades - enable + copy: + content: | + APT::Periodic::Update-Package-Lists "1"; + APT::Periodic::Unattended-Upgrade "1"; + dest: /etc/apt/apt.conf.d/20auto-upgrades |