2022-01-14 19:46:59 +01:00
|
|
|
---
|
2022-05-20 18:55:40 +02:00
|
|
|
- name: essential | Change repository URLs
|
2022-01-20 17:43:37 +01:00
|
|
|
template:
|
|
|
|
src: repositories.j2
|
|
|
|
dest: /etc/apk/repositories
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-01-20 17:43:37 +01:00
|
|
|
|
2022-05-20 18:55:40 +02:00
|
|
|
- name: essential | Update repository cache and the system
|
2022-11-26 17:09:24 +01:00
|
|
|
community.general.apk:
|
2022-10-16 12:31:57 +02:00
|
|
|
available: true
|
|
|
|
upgrade: true
|
|
|
|
update_cache: true
|
2022-02-27 13:20:25 +01:00
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: essential | Install common dependencies
|
2022-11-26 17:09:24 +01:00
|
|
|
community.general.apk:
|
2022-05-20 18:55:40 +02:00
|
|
|
name: zstd, dbus, terminus-font, shadow-login
|
2022-01-14 19:46:59 +01:00
|
|
|
state: present
|
|
|
|
|
2022-03-28 20:15:28 +02:00
|
|
|
- name: essential | Enable logging and unicode support for openrc
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/rc.conf
|
|
|
|
state: present
|
|
|
|
search_string: '{{ item }}='
|
|
|
|
line: '{{ item }}="YES"'
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-03-28 20:15:28 +02:00
|
|
|
loop:
|
|
|
|
- rc_logger
|
|
|
|
- unicode
|
|
|
|
|
|
|
|
# https://wiki.gentoo.org/wiki/Elogind
|
|
|
|
# elogind still requires 'cgroup-hybrid' useflag
|
2022-05-20 18:55:40 +02:00
|
|
|
- name: essential | Explicitly enable only cgroup v2 for OpenRC
|
2022-03-28 20:15:28 +02:00
|
|
|
lineinfile:
|
|
|
|
path: /etc/rc.conf
|
|
|
|
state: present
|
|
|
|
search_string: rc_cgroup_mode=
|
|
|
|
line: rc_cgroup_mode="unified"
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-03-28 20:15:28 +02:00
|
|
|
when: seat_manager != 'elogind'
|
|
|
|
|
2022-01-14 19:46:59 +01:00
|
|
|
- name: essential | Change the default motd
|
|
|
|
template:
|
|
|
|
src: motd.j2
|
|
|
|
dest: /etc/motd
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-01-14 19:46:59 +01:00
|
|
|
|
|
|
|
- name: essential | Use zstd for initramfs
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/mkinitfs/mkinitfs.conf
|
|
|
|
state: present
|
|
|
|
search_string: initfscomp=
|
|
|
|
line: initfscomp="zstd"
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-01-14 19:46:59 +01:00
|
|
|
notify: Regenerate initramfs
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: essential | Blacklist bluetooth related kernel modules
|
2023-04-05 19:00:00 +02:00
|
|
|
community.general.kernel_blacklist:
|
2022-04-17 13:52:06 +02:00
|
|
|
name: '{{ item }}'
|
|
|
|
state: present
|
|
|
|
loop:
|
|
|
|
- vivid
|
|
|
|
- bluetooth
|
|
|
|
- btusb
|
2022-01-14 19:46:59 +01:00
|
|
|
|
2022-04-17 13:52:06 +02:00
|
|
|
- name: essential | Use /var/tmp for coredumps
|
2023-04-05 19:00:00 +02:00
|
|
|
ansible.posix.sysctl:
|
2022-04-17 13:52:06 +02:00
|
|
|
name: kernel.core_pattern
|
|
|
|
value: /var/tmp/core-%e.%p.%h.%t
|
|
|
|
state: present
|
2022-10-16 12:31:57 +02:00
|
|
|
reload: false
|
2022-04-17 13:52:06 +02:00
|
|
|
|
|
|
|
- name: essential | Set privacy extension for IPv6
|
2023-04-05 19:00:00 +02:00
|
|
|
ansible.posix.sysctl:
|
2022-04-17 13:52:06 +02:00
|
|
|
name: net.ipv6.conf.{{ item.name }}.use_tempaddr
|
|
|
|
value: '2'
|
|
|
|
state: present
|
2022-10-16 12:31:57 +02:00
|
|
|
reload: false
|
2022-04-17 13:52:06 +02:00
|
|
|
loop: '{{ network_interfaces + [{"name": "default"}, {"name": "all"}] }}'
|
2022-02-14 06:55:43 +01:00
|
|
|
|
2022-02-17 17:33:22 +01:00
|
|
|
- name: essential | Change the tty font to {{ console_font }}
|
2022-02-14 06:55:43 +01:00
|
|
|
lineinfile:
|
|
|
|
path: /etc/conf.d/consolefont
|
|
|
|
state: present
|
|
|
|
regexp: '^consolefont='
|
2022-02-17 17:33:22 +01:00
|
|
|
line: 'consolefont="{{ console_font }}"'
|
2022-02-14 06:55:43 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
2023-04-05 19:00:00 +02:00
|
|
|
mode: '644'
|
2022-02-14 06:55:43 +01:00
|
|
|
|
2022-06-19 20:27:32 +02:00
|
|
|
- name: essential | Start services on runlevel 'boot'
|
2022-02-14 06:55:43 +01:00
|
|
|
service:
|
2022-06-19 20:27:32 +02:00
|
|
|
name: '{{ item }}'
|
2022-02-14 06:55:43 +01:00
|
|
|
runlevel: boot
|
2022-10-16 12:31:57 +02:00
|
|
|
enabled: true
|
2022-02-14 06:55:43 +01:00
|
|
|
state: started
|
2023-01-24 17:29:06 +01:00
|
|
|
loop: ['consolefont', 'seedrng', 'syslog']
|
2022-06-19 20:27:32 +02:00
|
|
|
|
|
|
|
- name: essential | Start services on runlevel 'default'
|
|
|
|
service:
|
|
|
|
name: '{{ item }}'
|
|
|
|
runlevel: default
|
2022-10-16 12:31:57 +02:00
|
|
|
enabled: true
|
2022-06-19 20:27:32 +02:00
|
|
|
state: started
|
2023-04-05 19:00:00 +02:00
|
|
|
loop: ['dbus', 'cgroups']
|