--- - name: turn swap off become: yes command: "swapoff -a" changed_when: false - name: remove swap apt package become: yes apt: state="absent" name="dphys-swapfile" - name: add log2ram apt key become: yes apt_key: url="https://azlux.fr/repo.gpg.key" - name: add log2ram apt repo become: yes apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" - name: set timezone become: yes timezone: name="{{rpi_base_timezone}}" - name: setup wifi become: yes template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0600" - name: update apt package cache become: yes apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" - name: install extra apt packages become: yes apt: name="{{rpi_base_apt_packages}}" state="latest" - name: configure auto upgrades become: yes copy: src="20auto-upgrades" dest="/etc/apt/apt.conf.d/20auto-upgrades" - name: configure log2ram disk size become: yes lineinfile: path: "/etc/log2ram.conf" regexp: "^SIZE=" line: "SIZE={{rpi_base_log_size}}" notify: restart log2ram service - name: configure fail2ban become: yes copy: src="jail.local" dest="/etc/fail2ban/jail.local" - name: add users become: yes user: name: "{{admin_user_name}}" password: "{{admin_user_password}}" groups: "sudo,users" shell: "/bin/bash" append: yes - name: authorize admin ssh keys become: yes authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys" - name: authorize ssh keys become: yes authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" - name: nopasswd sudo for admin user become: yes template: src: "010_admin-nopasswd" dest: "/etc/sudoers.d/010_admin-nopasswd" - name: disable ssh password login become: yes lineinfile: path: "/etc/ssh/sshd_config" regexp: "^PasswordAuthentication" insertafter: "^#PasswordAuthentication" line: "PasswordAuthentication no"