os/config/roles/common/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

- name: "Check that host runs Debian buster/sid on armv7l or x86_64"
  assert:
    that:
      - "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'"
      - "ansible_os_family == 'Debian'"

- name: "Upgrade system"
  apt:
    upgrade: dist # Should we do a full uprade instead of a dist one?
    update_cache: yes
    cache_valid_time: 3600
    autoclean: yes
    autoremove: yes

- name: "Install base tools"
  apt:
    name:
      # Essentials
      - curl
      - less
      - sudo
      - tar
      - unzip
      # User tooling
      - screen
      - vim
      # Monitoring
      - bmon
      - htop
      - iftop
      - iotop
      - iputils-ping
      - pciutils
      - strace
      - tcpdump
      # Networking
      - dnsutils # now called bind9-dnsutils (still valid)
      - ethtool
      - iproute2 # advanced net-tools
      - iptables # legacy firewall (still used by diplonat)
      - iptables-persistent
      - net-tools # basic network tools
      - nftables # iptables' successor (will replace it eventually)
      # Optional / Dispensable
      #- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker)
      - parted 
      #- btrfs-tools
      #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
    state: present

# Install Docker if need be

- name: Check if Docker is installed 
  command: 'which docker'
  args:
    warn: no
  register: docker_exists
  changed_when: docker_exists.rc != 0
  ignore_errors: true

- name: "Install Docker"
  include_tasks: docker.yml
  when: docker_exists.rc != 0

# Install Nomad & Consul if need be

- name: Check if Nomad is installed 
  command: 'which nomad'
  args:
    warn: no
  register: nomad_exists
  changed_when: nomad_exists.rc != 0
  ignore_errors: true

- name: "Install Nomad & Consul"
  include_tasks: hashicorp.yml
  when: nomad_exists.rc != 0

# Cool stuff

- name: "Passwordless sudo"
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'