46 lines
1.1 KiB
YAML
46 lines
1.1 KiB
YAML
- name: Copy firewall template
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/nftables.j2'
|
|
dest: '/etc/nftables.conf'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: restart nftables
|
|
|
|
- name: Copy ssh template
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/ssh.j2'
|
|
dest: '/etc/ssh/sshd_config'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: reload ssh
|
|
|
|
- name: Copy wezterm terminfo file
|
|
ansible.builtin.copy:
|
|
src: 'files/wezterm.terminfo'
|
|
dest: '{{ ansible_env.HOME }}/.terminfo'
|
|
mode: '0755'
|
|
notify: Compile wezterm terminfo file
|
|
|
|
- name: Disable user lingering
|
|
become: true
|
|
ansible.builtin.command: 'loginctl disable-linger sonny'
|
|
|
|
- name: Copy unattended upgrades configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/unattended-upgrades.j2'
|
|
dest: '/etc/apt/apt.conf.d/10periodic'
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Enable unattended upgrades timer
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: apt-daily-upgrade.timer
|
|
state: started
|
|
enabled: true
|