71 lines
2.2 KiB
YAML
71 lines
2.2 KiB
YAML
---
|
|
- hosts: dev
|
|
become: true
|
|
vars_files:
|
|
- "{{ inventory_dir }}/vars.yml"
|
|
tags:
|
|
- host
|
|
tasks:
|
|
- name: Upgrade base system to Debian Trixie
|
|
tags:
|
|
- apt
|
|
- requires_reboot
|
|
block:
|
|
- name: Update and upgrade base system packages
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
upgrade: full
|
|
autoclean: true
|
|
- name: Change package sources file to pull from Trixie
|
|
ansible.builtin.copy:
|
|
src: "{{ inventory_dir }}/includes/00-configure-host-system/sources.list"
|
|
dest: "{{ etc_apt }}/sources.list"
|
|
backup: true
|
|
- name: Update base system to Trixie
|
|
ansible.builtin.apt:
|
|
clean: true
|
|
update_cache: true
|
|
upgrade: dist
|
|
- name: Reboot the system after dist upgrade
|
|
ansible.builtin.reboot:
|
|
- name: Autoremove old packages
|
|
ansible.builtin.apt:
|
|
autoremove: true
|
|
- name: Configure host system
|
|
tags:
|
|
- requires_reboot
|
|
block:
|
|
- name: Change hostname
|
|
ansible.builtin.command:
|
|
argv:
|
|
- hostnamectl
|
|
- set-hostname
|
|
- "{{ hostname }}"
|
|
- name: Generate UTF-8 locales
|
|
ansible.builtin.command:
|
|
argv:
|
|
- locale-gen
|
|
- en_US.utf8
|
|
- name: Reboot the host system after configuration
|
|
ansible.builtin.reboot:
|
|
- name: Enable and configure the firewall
|
|
block:
|
|
- name: Install nftables and firewalld
|
|
ansible.builtin.package:
|
|
name: nftables,firewalld
|
|
state: present
|
|
- name: Add all necessary services to firewalld
|
|
ansible.builtin.command:
|
|
argv:
|
|
- firewall-cmd
|
|
- --permanent
|
|
- --add-service=ssh
|
|
- --add-service=http
|
|
- --add-service=https
|
|
- --add-service=redis
|
|
- --add-service=postgresql
|
|
- name: Reload firewalld to apply service changes
|
|
ansible.builtin.command:
|
|
argv:
|
|
- firewall-cmd
|
|
- --reload
|