59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
---
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
become: true
|
|
|
|
- name: Install Common packages
|
|
apt:
|
|
name: "{{ common_packages }}"
|
|
state: present
|
|
become: true
|
|
|
|
- name: Set zsh as the default shell
|
|
shell: chsh -s $(which zsh) {{ ansible_user }}
|
|
become: true
|
|
when: ansible_user != "root"
|
|
register: chsh_result
|
|
failed_when: chsh_result.rc != 0
|
|
changed_when: false
|
|
|
|
- name: Ensure firewalld service is started and enabled
|
|
ansible.builtin.service:
|
|
name: firewalld
|
|
state: started
|
|
enabled: true
|
|
become: true
|
|
|
|
- name: Allow unprivileged users to bind to ports below 1024
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.ip_unprivileged_port_start
|
|
value: '80'
|
|
state: present
|
|
sysctl_file: /etc/sysctl.d/99-unprivileged-ports.conf
|
|
reload: true
|
|
become: true
|
|
|
|
- name: Set sysctl for Wireguard src_valid_mark
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.conf.all.src_valid_mark
|
|
value: '1'
|
|
state: present
|
|
sysctl_file: /etc/sysctl.d/99-wireguard-sysctl.conf
|
|
reload: true
|
|
become: true
|
|
|
|
- name: Create podman group if it does not exist
|
|
ansible.builtin.group:
|
|
name: podman
|
|
state: present
|
|
become: true
|
|
|
|
- name: Add ansible_user to podman group
|
|
ansible.builtin.user:
|
|
name: "{{ ansible_user }}"
|
|
groups: podman
|
|
append: true
|
|
become: true
|