misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'dev-unattended-updates_1' into 'dev-unattended-updates'

Browse source 
Unattended updates and some system basics | Adjustments after test

See merge request roydfalk/ansible-base!5
This commit is contained in:
roydfalk 2024-06-09 08:57:09 +00:00
commit b9224747a1
4 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
roles/system-basics/handlers/main.json → roles/system_basics/handlers/main.json
View file

10
roles/system-basics/tasks/main.json → roles/system_basics/tasks/main.json
View file

@ -1,12 +1,14 @@
[ [
{ {
"name": "Set timezone to Berlin", "name": "Set timezone to Berlin",
"become": true,
"community.general.timezone": { "community.general.timezone": {
"name": "Europe/Berlin" "name": "Europe/Berlin"
} }
}, },
{ {
"name": "Limit syslogs", "name": "Limit syslogs",
"become": true,
"ansible.builtin.lineinfile": { "ansible.builtin.lineinfile": {
"dest": "/etc/systemd/journald.conf", "dest": "/etc/systemd/journald.conf",
"regexp": "^#?\\s*SystemMaxFileSize", "regexp": "^#?\\s*SystemMaxFileSize",
@ -15,16 +17,19 @@
"notify": "restart journal" "notify": "restart journal"
}, },
{ {
"name": "Install vim", "name": "install packages",
"become": true, "become": true,
"ansible.builtin.apt": { "ansible.builtin.apt": {
"pkg": [ "pkg": [
"vim" "vim",
"htop",
"tmux"
] ]
} }
}, },
{ {
"name": "Set vim as default editor", "name": "Set vim as default editor",
"become": true,
"community.general.alternatives": { "community.general.alternatives": {
"name": "editor", "name": "editor",
"path": "/usr/bin/vim.basic" "path": "/usr/bin/vim.basic"
@ -32,6 +37,7 @@
}, },
{ {
"name": "Disable root login without key", "name": "Disable root login without key",
"become": true,
"ansible.builtin.lineinfile": { "ansible.builtin.lineinfile": {
"dest": "/etc/ssh/sshd_config", "dest": "/etc/ssh/sshd_config",
"regexp": "^#?PermitRootLogin ", "regexp": "^#?PermitRootLogin ",

0
roles/unattended-upgrades/files/20auto-upgrades → roles/unattended_upgrades/files/20auto-upgrades
View file

23
roles/unattended-upgrades/tasks/main.json → roles/unattended_upgrades/tasks/main.json
View file

@ -1,7 +1,19 @@
[ [
{
"name": "install packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"unattended-upgrades",
"apt-listchanges"
]
}
},
{ {
"name": "Allow unattended reboots (1)", "name": "Allow unattended reboots (1)",
"lineinfile": { "become": true,
"ansible.builtin.lineinfile": {
"dest": "/etc/apt/apt.conf.d/50unattended-upgrades", "dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
"regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot ", "regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot ",
"line": "Unattended-Upgrade::Automatic-Reboot \"true\";" "line": "Unattended-Upgrade::Automatic-Reboot \"true\";"
@ -9,7 +21,8 @@
}, },
{ {
"name": "Allow unattended reboots (2)", "name": "Allow unattended reboots (2)",
"lineinfile": { "become": true,
"ansible.builtin.lineinfile": {
"dest": "/etc/apt/apt.conf.d/50unattended-upgrades", "dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
"regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot-Time ", "regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot-Time ",
"line": "Unattended-Upgrade::Automatic-Reboot-Time \"23:55\";" "line": "Unattended-Upgrade::Automatic-Reboot-Time \"23:55\";"
@ -17,7 +30,8 @@
}, },
{ {
"name": "Allow more origins for updates", "name": "Allow more origins for updates",
"lineinfile": { "become": true,
"ansible.builtin.lineinfile": {
"dest": "/etc/apt/apt.conf.d/50unattended-upgrades", "dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
"regexp": "^(//\\s*)?\"\\$\\{distro_id\\}:\\$\\{distro_codename\\}-updates\";", "regexp": "^(//\\s*)?\"\\$\\{distro_id\\}:\\$\\{distro_codename\\}-updates\";",
"line": "\"${distro_id}:${distro_codename}-updates\";" "line": "\"${distro_id}:${distro_codename}-updates\";"
@ -25,7 +39,8 @@
}, },
{ {
"name": "Enable unattended upgrades", "name": "Enable unattended upgrades",
"copy": { "become": true,
"ansible.builtin.copy": {
"src": "20auto-upgrades", "src": "20auto-upgrades",
"dest": "/etc/apt/apt.conf.d/20auto-upgrades" "dest": "/etc/apt/apt.conf.d/20auto-upgrades"
} }