main.yml 4.71 KB
Newer Older
1
2
---

Kristian Klausen's avatar
Kristian Klausen committed
3
- name: install essential tools
4
  pacman: name=vim,nano,tmux,htop,bash-completion,rsync,vnstat state=present
Kristian Klausen's avatar
Kristian Klausen committed
5
6
7
8

- name: start and enable vnstatd
  service: name=vnstat enabled=yes state=started

9
10
11
- name: install inetutils for hostname
  pacman: name=inetutils state=present

12
13
14
- name: set hostname
  hostname: name="{{ inventory_hostname }}"

15
16
17
- name: install pacman config
  template: src=pacman.conf.j2 dest=/etc/pacman.conf mode=0644 owner=root group=root

18
19
20
- name: configure pacman mirror
  template: src=mirrorlist.j2 dest=/etc/pacman.d/mirrorlist owner=root group=root mode=0644

21
22
23
- name: update package cache
  pacman: update_cache=yes

24
25
26
- name: start and enable auditd
  service: name=auditd enabled=yes state=started

27
28
- name: start and enable systemd-timesyncd
  service: name=systemd-timesyncd enabled=yes state=started
29
30
31

- name: install smart
  pacman: name=smartmontools state=present
32
  when: "'hcloud' not in group_names"
33
34

- name: start and enable smart
35
  service: name=smartd enabled=yes state=started
36
  when: "'hcloud' not in group_names"
37

38
- name: start and enable btrfs scrub timer
39
  service: name=btrfs-scrub@{{ '-' if (item.mount | length == 1) else (item.mount.split("/", 1)[1] | replace("/", "-")) }}.timer enabled=yes state=started
40
41
42
43
  loop: "{{ ansible_mounts | sort(attribute='mount') | groupby('uuid') | map(attribute=1) | map('first') }}"
  when:
    - item.fstype == 'btrfs'
    - not 'backup' in item.mount
44

45
46
47
48
49
50
51
52
53
54
55
56
57
- name: install mlocate
  pacman: name=mlocate state=present

- name: activate regular updatedb for mlocate
  service: name=updatedb.timer enabled=yes state=started

- name: generate locales
  locale_gen: name={{ item }} state=present
  with_items:
    - en_US.UTF-8

- name: configure locales
  template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644
58
59
60

- name: generate ssh key for root
  command: ssh-keygen -b 4096 -N "" -f /root/.ssh/id_rsa creates="/root/.ssh/id_rsa"
Florian Pritz's avatar
Florian Pritz committed
61

62
63
64
- name: configure networking
  include_role:
    name: networking
65
66
  when: configure_network

67
68
69
- name: configure tcp receive window limits
  sysctl:
    name: net.ipv4.tcp_rmem
70
    value: "{{ tcp_rmem }}"
Kristian Klausen's avatar
Kristian Klausen committed
71
    sysctl_set: true
72
73
74
75
76
77
    sysctl_file: /etc/sysctl.d/net.conf
  when: tcp_rmem is defined

- name: configure tcp send window limits
  sysctl:
    name: net.ipv4.tcp_wmem
78
    value: "{{ tcp_wmem }}"
Kristian Klausen's avatar
Kristian Klausen committed
79
    sysctl_set: true
80
81
82
    sysctl_file: /etc/sysctl.d/net.conf
  when: tcp_wmem is defined

83
- name: configure journald
84
  template: src={{ item }}.j2 dest=/etc/systemd/{{ item }} owner=root group=root mode=644
85
86
87
  with_items:
    - journald.conf
  notify:
88
    - restart journald
89

90
91
92
93
94
- name: install system.conf
  template: src=system.conf.j2 dest=/etc/systemd/system.conf owner=root group=root mode=0644
  notify:
    - systemd daemon-reload

95
96
- name: install zram-generator
  pacman: name=zram-generator state=present
97
98
  when: enable_zram_swap

99
- name: install zram-generator config for zram
100
  template: src=zram-generator.conf dest=/etc/systemd/zram-generator.conf owner=root group=root mode=0644
101
  notify:
102
    - restart systemd-zram-setup@zram0
103
104
  when: enable_zram_swap

105
106
107
108
109
110
111
112
113
- name: disable zswap to prevent conflict with zram
  copy: content="w- /sys/module/zswap/parameters/enabled - - - - N" dest=/etc/tmpfiles.d/zram.conf
  register: zramtmpfiles
  when: enable_zram_swap

- name: use tmpfiles.d/zram.conf
  command: systemd-tmpfiles --create
  when: zramtmpfiles.changed

114
115
116
117
118
119
120
121
122
123
124
125
126
127
- name: create drop-in directories for oomd
  file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
  with_items:
    - "-.slice"
    - user@.service

- name: install drop-in snippets for oomd
  copy: src=oomd-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
  with_items:
    - "-.slice"
    - user@.service
  notify:
    - systemd daemon-reload

128
129
130
- name: start systemd-oomd
  service: name=systemd-oomd state=started enabled=yes

131
132
133
134
135
136
137
138
139
- name: install logrotate
  pacman: name=logrotate state=present

- name: configure logrotate
  template: src=logrotate.conf.j2 dest=/etc/logrotate.conf owner=root group=root mode=0644

- name: enable logrotate timer
  service: name=logrotate.timer state=started enabled=yes

140
141
142
- name: create zsh directory
  file: path=/root/.zsh state=directory owner=root group=root mode=0700

Florian Pritz's avatar
Florian Pritz committed
143
- name: install root shell config
144
  copy: src={{ item }} dest=/root/.{{ item }} owner=root group=root mode=0644
Florian Pritz's avatar
Florian Pritz committed
145
146
147
148
  with_items:
    - zshrc
    - dircolors

149
150
- name: install pacman-contrib,archlinux-contrib
  pacman: name=pacman-contrib,archlinux-contrib state=installed
151

152
- name: install custom paccache.service
153
  copy: src=paccache.service dest=/etc/systemd/system/paccache.service owner=root group=root mode=0644
154
155
156

- name: enable paccache timer
  systemd: name=paccache.timer enabled=yes state=started daemon_reload=yes