--- # check os support - name: "check for os support" ansible.builtin.import_tasks: "ossupport.yaml" tags: - "apt" - "apt-cleanup" - "cron" - "environment-file" - "hostname" - "firewall" - "journald" - "locale" - "lldp" - "lxd" - "motd" - "ntp" - "telemetry" - "snap" - "sshd" - "swap" - "sysctl" - "systemctl" - "syslog" - "timezone" - "usermanagement" # load os variables - name: "include os specific vars" ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml" when: "os_support" tags: - "apt" - "apt-cleanup" - "cron" - "environment-file" - "hostname" - "firewall" - "journald" - "locale" - "lldp" - "lxd" - "motd" - "ntp" - "telemetry" - "snap" - "sshd" - "sysctl" - "systemctl" - "syslog" - "timezone" - "usermanagement" # set hostname - name: "set hostname" ansible.builtin.import_tasks: "hostname.yaml" when: "os_support" tags: "hostname" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # set locale - name: "set locale" ansible.builtin.import_tasks: "locale.yaml" when: "os_support" tags: "locale" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # environment - name: "environment" ansible.builtin.import_tasks: "environment.yaml" when: "os_support" tags: "environment-file" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # motd - name: "motd" ansible.builtin.import_tasks: "motd.yaml" when: "os_support" tags: "motd" # cron jobs - name: "cron jobs" ansible.builtin.import_tasks: "cron.yaml" when: "os_support" tags: "cron" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # swap - name: "swap" ansible.builtin.import_tasks: "swap.yaml" when: - "os_support" - 'type == "vm"' tags: "swap" # apt - name: "apt" ansible.builtin.import_tasks: "apt/sources.yaml" when: "os_support" tags: "apt" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" - name: "apt - packages" ansible.builtin.import_tasks: "apt/packages.yaml" when: "os_support" tags: "apt" - name: "apt - config" ansible.builtin.import_tasks: "apt/config.yaml" when: "os_support" tags: "apt" - name: "apt - cleanup" ansible.builtin.import_tasks: "apt/cleanup.yaml" when: "os_support" tags: "apt-cleanup" # telemetry - name: "telemetry" ansible.builtin.import_tasks: "telemetry.yaml" when: "os_support" tags: "telemetry" # service - name: "service" ansible.builtin.include_tasks: "service.yaml" loop: "{{ service }}" loop_control: loop_var: "__service" when: - "os_support" - "service is defined" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # chrony - name: "ntp" ansible.builtin.import_tasks: "ntp.yaml" when: - "os_support" - 'type == "vm" or type == "hw"' tags: "ntp" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # snap - name: "snap - daemon" ansible.builtin.import_tasks: "snap/snap_daemon.yaml" when: "os_support" tags: "snap" - name: "snap - package" ansible.builtin.import_tasks: "snap/snap_package.yaml" when: - "os_support" - "snap_package is defined" tags: "snap" # llpd - name: "lldpd" ansible.builtin.import_tasks: "lldpd.yaml" when: - "os_support" - 'type == "vm" or type == "hw"' tags: "lldp" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # lxd - name: "lxd" ansible.builtin.import_tasks: "lxd.yaml" when: - "os_support" - 'type == "vm"' tags: "lxd" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # sysctl - name: "sysctl - set sysctl" ansible.builtin.include_tasks: "sysctl.yaml" loop: "{{ sysctl }}" loop_control: loop_var: "__sysctl" when: - "os_support" - 'type == "vm" or type == "hw"' tags: "sysctl" # systemctl - name: "sysctl - set systemctl" ansible.builtin.include_tasks: "systemctl.yaml" loop: "{{ systemctl }}" loop_control: loop_var: "__systemctl" when: - "os_support" - 'type == "vm"' tags: "systemctl" # syslog - name: "syslog - install" ansible.builtin.import_tasks: "syslog/install.yaml" when: - "os_support" - "syslog_enable" tags: "syslog" - name: "syslog - config" ansible.builtin.import_tasks: "syslog/config.yaml" when: - "os_support" - "syslog_enable" tags: "syslog" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # journald - name: "journald" ansible.builtin.import_tasks: "journald.yaml" when: "os_support" tags: "journald" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # timezone - name: "timezone" ansible.builtin.import_tasks: "timezone.yaml" when: "os_support" tags: "timezone" # sshd - name: "sshd" ansible.builtin.import_tasks: "sshd.yaml" when: "os_support" tags: "sshd" # flush handler - name: "flush handlers" ansible.builtin.meta: "flush_handlers" # user - name: "user - create users" ansible.builtin.include_tasks: "user.yaml" loop: "{{ user }}" loop_control: loop_var: "__user" when: "os_support" tags: "usermanagement" # firewall - name: "firewall" ansible.builtin.import_tasks: "firewall/firewall-general.yaml" when: - "os_support" - "firewall_enabled" tags: "firewall" # firewall common rules - name: "create firewall rules" ansible.builtin.include_tasks: "firewall/firewall-rules.yaml" loop: "{{ firewall_rules_common }}" loop_control: loop_var: "__rule" when: - "os_support" - "firewall_rules_common is defined and firewall_enabled" tags: "firewall" # firewall routed rules - name: "create routed firewall rules" ansible.builtin.include_tasks: "firewall/firewall-rules-routed.yaml" loop: "{{ firewall_rules_routed }}" loop_control: loop_var: "__rule" when: - "os_support" - "firewall_rules_routed is defined and firewall_enabled" tags: "firewall" # firewall host rules - name: "create firewall rules" ansible.builtin.include_tasks: "firewall/firewall-rules.yaml" loop: "{{ firewall_rules }}" loop_control: loop_var: "__rule" when: - "os_support" - "firewall_rules is defined and firewall_enabled" tags: "firewall"