From df6be44d67e29d73b0f226985c2c7b6ec989c224 Mon Sep 17 00:00:00 2001
From: Jakob Odersky <jakob@odersky.com>
Date: Sun, 3 Dec 2017 22:47:13 -0800
Subject: Initial commit

---
 roles/common/tasks/main.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 roles/common/tasks/main.yml

(limited to 'roles/common')

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..7e81c55
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: install common packages
+  apt: name={{item}} state=latest
+  with_items:
+    - ufw
+    - openssl
+    - ca-certificates
+    - curl
+    - wget
+    - jq
+    - rsync
+
+- name: firewall - allow ssh
+  ufw: rule=allow port=22 proto=tcp
+
+- name: firewall - enforce rules and deny by default
+  ufw: state=enabled policy=deny
+
+- name: forward root email
+  lineinfile: "dest=/etc/aliases regexp='root:' line='root: infra@odersky.com'"
+
+- name: unattended upgrades - install
+  apt: name={{item}} state=latest
+  with_items:
+    - unattended-upgrades
+    - apt-listchanges
+
+- name: unattended upgrades - configure email
+  lineinfile:
+    dest=/etc/apt/apt.conf.d/50unattended-upgrades
+    regexp='//Unattended-Upgrade::Mail "root";'
+    line='Unattended-Upgrade::Mail "root";'
+    backrefs=yes
+
+- name: unattended upgrades - enable
+  copy:
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "1";
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
-- 
cgit v1.2.3