Permalink
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (55 sloc) 1.82 KB
# Configure the box. This happens after the base initialization, but before
# the project is cloned or built.
- name: set hostname
hostname: name={{hostname}}
- name: ensure unattended upgrades are running
copy:
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
dest: /etc/apt/apt.conf.d/10periodic
- name: add loopback references to our domain in /etc/hosts
lineinfile:
dest: /etc/hosts
state: present
line: "127.0.0.1 {{hostname}} {{site_fqdn}}"
- name: disallow password authentication
lineinfile:
dest: /etc/ssh/sshd_config
state: present
regexp: "^PasswordAuthentication"
line: "PasswordAuthentication no"
notify: restart sshd
- name: disallow challenge response authentication
lineinfile:
dest: /etc/ssh/sshd_config
state: present
regexp: "^ChallengeResponseAuthentication"
line: "ChallengeResponseAuthentication no"
notify: restart sshd
- name: ensure github.com is a known host
lineinfile:
dest: /etc/ssh/ssh_known_hosts
state: present
create: yes
regexp: "^github\\.com"
line: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}"
- name: ensure ssh agent socket environment variable persists when sudoing
lineinfile:
dest: /etc/sudoers
state: present
insertafter: "^Defaults"
line: "Defaults\tenv_keep += \"SSH_AUTH_SOCK\""
validate: "visudo -cf %s"
- name: allow passwordless sudo - development only!
lineinfile:
dest: /etc/sudoers
state: present
regexp: "^%sudo"
line: "%sudo\tALL=(ALL:ALL) NOPASSWD:ALL"
validate: "visudo -cf %s"
when: "{{ env == 'development' }}"
- include: swap.yml
when: swap_file_path is defined and swap_file_size is defined