38 lines
717 B
YAML
38 lines
717 B
YAML
---
|
|
- name: Install base system packages
|
|
apt:
|
|
name:
|
|
# Base utilities
|
|
- htop
|
|
- curl
|
|
- wget
|
|
- unzip
|
|
- xclip
|
|
# Network and admin tools
|
|
- net-tools
|
|
- ufw
|
|
- fail2ban
|
|
- mailutils
|
|
# Monitoring tools
|
|
- iotop
|
|
- nethogs
|
|
- logwatch
|
|
state: present
|
|
|
|
- name: Configure fail2ban
|
|
template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
mode: '0644'
|
|
notify: restart fail2ban
|
|
|
|
# UFW enablement moved to ssh role to avoid lockout
|
|
|
|
- name: Set timezone
|
|
timezone:
|
|
name: "{{ timezone | default('UTC') }}"
|
|
|
|
- name: Configure locale
|
|
locale_gen:
|
|
name: "{{ locale | default('en_US.UTF-8') }}"
|
|
state: present |