60 lines
1.3 KiB
YAML
60 lines
1.3 KiB
YAML
# vim: ft=yaml.ansible
|
|
# code: language=ansible
|
|
---
|
|
- name: Set hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ hostname }}"
|
|
|
|
- name: Set timezone
|
|
community.general.timezone:
|
|
name: "{{ timezone }}"
|
|
|
|
- name: Copy hosts file
|
|
ansible.builtin.template:
|
|
src: etc/hosts.j2
|
|
dest: /etc/hosts
|
|
owner: root
|
|
mode: u=rw,g=r,o=r
|
|
|
|
- name: Disable systemd-resolved stub resolver
|
|
when: hostname in groups['control_infra']
|
|
block:
|
|
- name: Set /etc/resolv.conf symlink
|
|
ansible.builtin.file:
|
|
path: /etc/resolv.conf
|
|
src: /run/systemd/resolve/resolv.conf
|
|
owner: root
|
|
force: true
|
|
state: link
|
|
|
|
- name: Set DNSStubListener=no
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/systemd/resolved.conf
|
|
regexp: '^#?DNSStubListener='
|
|
line: 'DNSStubListener=no'
|
|
state: present
|
|
notify: Restart systemd-resolved
|
|
|
|
- name: Enable Security SIG repositories
|
|
ansible.builtin.dnf:
|
|
name: rocky-release-security
|
|
state: present
|
|
|
|
- name: Install system packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- haveged
|
|
- firewalld
|
|
- lkrg
|
|
state: present
|
|
|
|
- name: Ensure services are enabled and running
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
state: started
|
|
loop:
|
|
- haveged
|
|
- firewalld
|
|
- lkrg
|