57 lines
1.1 KiB
YAML
57 lines
1.1 KiB
YAML
---
|
|
- name: Install base system packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
# Base utilities
|
|
- curl
|
|
- wget
|
|
- unzip
|
|
- xclip
|
|
- tree
|
|
# Network and admin tools
|
|
- net-tools
|
|
- ufw
|
|
- fail2ban
|
|
- mailutils
|
|
# Monitoring tools
|
|
- iotop
|
|
- nethogs
|
|
- logwatch
|
|
# Modern CLI tools
|
|
- jq
|
|
- ripgrep
|
|
- fd-find
|
|
state: present
|
|
|
|
- name: Install modern tools via snap
|
|
community.general.snap:
|
|
name:
|
|
- yq
|
|
- btop
|
|
state: present
|
|
|
|
- name: Create fd symlink (Ubuntu uses fd-find)
|
|
ansible.builtin.file:
|
|
src: /usr/bin/fdfind
|
|
dest: /usr/local/bin/fd
|
|
state: link
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
- name: Configure fail2ban
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
mode: '0644'
|
|
notify: restart fail2ban
|
|
|
|
# UFW enablement moved to ssh role to avoid lockout
|
|
|
|
- name: Set timezone
|
|
community.general.timezone:
|
|
name: "{{ timezone | default('UTC') }}"
|
|
|
|
- name: Configure locale
|
|
community.general.locale_gen:
|
|
name: "{{ locale | default('en_US.UTF-8') }}"
|
|
state: present
|