SDRPi/basic-setup.yaml at main · Menschomat/SDRPi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
- name: Deploy SSH Key
  hosts: sdr-station
  gather_facts: yes
  vars:
    allowed_keys_file: "keys/allowed.pub"
    blocked_keys_file: "keys/blocked.pub"
  tasks:
    - name: Deploy SSH keys
      import_tasks: utils/deploy_ssh_keys.yml
    - name: Disable SSH password authentication.
      lineinfile: path=/etc/ssh/sshd_config
        regexp="^PasswordAuthentication"
        line="PasswordAuthentication no"
        state=present
      notify: restart sshd
  handlers:
    - name: restart sshd
      service: name=ssh state=restarted

- name: Setup NTP
  hosts: sdr-station
  gather_facts: yes
  vars:
    ntp_servers:
      - ptbtime1.ptb.de
      - ptbtime2.ptb.de
      - ptbtime3.ptb.de
  tasks:
    - name: install dependencies
      apt:
        pkg:
          - chrony
        state: latest
        update_cache: yes
    - name: Get current NTP servers
      shell: grep "^server " /etc/chrony/chrony.conf | awk '{print $2}'
      register: current_servers
      changed_when: false

    - name: Remove extra NTP servers
      lineinfile:
        path: /etc/chrony/chrony.conf
        regexp: "^server {{ item }}"
        state: absent
      loop: "{{ current_servers.stdout_lines }}"
      when: item not in ntp_servers
      notify: restart chronyd

    - name: Add specified NTP servers to chrony
      lineinfile:
        path: /etc/chrony/chrony.conf
        line: "server {{ item }} iburst"
        state: present
      loop: "{{ ntp_servers }}"
      notify:
        - restart chronyd

    - name: Ensure chronyd is enabled and running
      service:
        name: chronyd
        state: started
        enabled: yes
  handlers:
    - name: restart chronyd
      service:
        name: chronyd
        state: restarted

- name: Install Unattended Updates
  hosts: sdr-station
  gather_facts: yes
  tasks:
    - name: Install unattended-upgrades package
      apt:
        pkg: unattended-upgrades
        state: present
        update_cache: yes
    - name: Configure unattended upgrades
      lineinfile:
        path: /etc/apt/apt.conf.d/20auto-upgrades
        line: "{{ item }}"
        state: present
        create: yes
      loop:
        - 'APT::Periodic::Update-Package-Lists "1";'
        - 'APT::Periodic::Unattended-Upgrade "1";'
        - 'APT::Periodic::AutocleanInterval "7";'