lab-ansible/roles/common/tasks/base.yml

53 lines
1.1 KiB
YAML

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
ansible.builtin.hostname:
name: "{{ hostname }}"
- name: Set timezone
community.general.timezone:
name: "{{ timezone }}"
- name: Copy hosts file
ansible.builtin.template:
src: etc/hosts.j2
dest: /etc/hosts
owner: root
mode: u=rw,g=r,o=r
- name: Disable systemd-resolved stub resolver
when: hostname in groups['control_infra']
block:
- name: Set /etc/resolv.conf symlink
ansible.builtin.file:
path: /etc/resolv.conf
src: /run/systemd/resolve/resolv.conf
owner: root
force: true
state: link
- name: Set DNSStubListener=no
ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf
regexp: '^#?DNSStubListener='
line: 'DNSStubListener=no'
state: present
notify: Restart systemd-resolved
- name: Ensure UFW is absent
ansible.builtin.apt:
name: ufw
state: absent
- name: Install system packages
ansible.builtin.apt:
name: "{{ pkgs }}"
update_cache: true
state: present
vars:
pkgs:
- apparmor
- haveged
- firewalld