Apply ansible-lint suggestions
This commit is contained in:
parent
46854e2306
commit
d86b2faf8c
1 changed files with 46 additions and 41 deletions
|
|
@ -1,49 +1,54 @@
|
||||||
- name: Initial setup
|
- name: Initial setup
|
||||||
hosts: ovh
|
hosts: ovh
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure hostname is correct
|
- name: Ensure hostname is correct
|
||||||
ansible.builtin.hostname:
|
ansible.builtin.hostname:
|
||||||
name: '{{ inventory_hostname }}'
|
name: '{{ inventory_hostname }}'
|
||||||
become: yes
|
become: true
|
||||||
- name: Ensure password authentication for SSH is disabled
|
- name: Ensure password authentication for SSH is disabled
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^#?PasswordAuthentication'
|
regexp: '^#?PasswordAuthentication'
|
||||||
line: "PasswordAuthentication no"
|
line: "PasswordAuthentication no"
|
||||||
state: present
|
state: present
|
||||||
backup: yes
|
backup: true
|
||||||
become: yes
|
become: true
|
||||||
notify:
|
notify:
|
||||||
- restart ssh
|
- restart ssh
|
||||||
- name: Update authorized SSH keys for Ansible user
|
- name: Update authorized SSH keys for Ansible user
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: '/home/{{ ansible_user }}/.ssh/authorized_keys'
|
dest: '/home/{{ ansible_user }}/.ssh/authorized_keys'
|
||||||
# TODO: template this from a separate config file
|
# TODO: template this from a separate config file
|
||||||
content: |
|
content: |
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah
|
||||||
|
mode: "0600"
|
||||||
- name: Enable automatic upgrades
|
- name: Enable automatic upgrades
|
||||||
hosts: ovh
|
hosts: ovh
|
||||||
tasks:
|
tasks:
|
||||||
- ansible.builtin.dnf:
|
- name: Install dnf-automatic
|
||||||
name: dnf-automatic
|
ansible.builtin.dnf:
|
||||||
state: latest
|
name: dnf-automatic
|
||||||
become: yes
|
state: present
|
||||||
- ansible.builtin.copy:
|
become: true
|
||||||
dest: '/etc/dnf/automatic.conf'
|
- name: Configure dnf-automatic
|
||||||
content: |
|
ansible.builtin.copy:
|
||||||
[commands]
|
dest: '/etc/dnf/automatic.conf'
|
||||||
apply_updates=True
|
content: |
|
||||||
reboot=when-needed
|
[commands]
|
||||||
become: yes
|
apply_updates=True
|
||||||
- ansible.builtin.service:
|
reboot=when-needed
|
||||||
name: 'dnf-automatic.timer'
|
mode: "0644"
|
||||||
enabled: yes
|
become: true
|
||||||
state: started
|
- name: Enable a timer unit for dnf-automatic
|
||||||
become: yes
|
ansible.builtin.service:
|
||||||
|
name: 'dnf-automatic.timer'
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
become: true
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- name: Restart SSH
|
- name: Restart SSH
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue