1 ---

     2 

     3 - name: turn swap off

     4   become: yes

     5   command: "swapoff -a"

     6   changed_when: false

     7 

     8 - name: remove swap apt package

     9   become: yes

    10   apt: state="absent" name="dphys-swapfile"

    11 

    12 - name: add log2ram apt key

    13   become: yes

    14   apt_key: url="https://azlux.fr/repo.gpg.key"

    15 

    16 - name: add log2ram apt repo

    17   become: yes

    18   apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main"

    19 

    20 - name: set timezone

    21   become: yes

    22   timezone: name="{{rpi_base_timezone}}"

    23 

    24 - name: setup wifi

    25   become: yes

    26   template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0600"

    27 

    28 - name: update apt package cache

    29   become: yes

    30   apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600"

    31 

    32 - name: install extra apt packages

    33   become: yes

    34   apt: name="{{rpi_base_apt_packages}}" state="latest"

    35 

    36 - name: configure auto upgrades

    37   become: yes

    38   copy: src="20auto-upgrades" dest="/etc/apt/apt.conf.d/20auto-upgrades"

    39 

    40 - name: configure log2ram disk size

    41   become: yes

    42   lineinfile:

    43     path: "/etc/log2ram.conf"

    44     regexp: "^SIZE="

    45     line: "SIZE={{rpi_base_log_size}}"

    46   notify: restart log2ram service

    47 

    48 - name: configure fail2ban

    49   become: yes

    50   copy: src="jail.local" dest="/etc/fail2ban/jail.local"

    51 

    52 - name: add users

    53   become: yes

    54   user:

    55     name: "{{admin_user_name}}"

    56     password: "{{admin_user_password}}"

    57     groups: "sudo,users"

    58     shell: "/bin/bash"

    59     append: yes

    60 

    61 - name: authorize admin ssh keys

    62   become: yes

    63   authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys"

    64 

    65 - name: authorize ssh keys

    66   become: yes

    67   authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"

    68 

    69 - name: nopasswd sudo for admin user

    70   become: yes

    71   template:

    72     src: "010_admin-nopasswd"

    73     dest: "/etc/sudoers.d/010_admin-nopasswd"

    74 

    75 - name: disable ssh password login

    76   become: yes

    77   lineinfile:

    78     path: "/etc/ssh/sshd_config"

    79     regexp: "^PasswordAuthentication"

    80     insertafter: "^#PasswordAuthentication"

    81     line: "PasswordAuthentication no"