- name: Disable install of additional recommends and suggests packages copy: mode: 0444 src: 95disable-recommends dest: /etc/apt/apt.conf.d/ owner: root group: root # NOTE(ianw) There are ordering issues with this. Hopefully when # we're bionic only we can just remove ntp - name: Install NTP when: ansible_distribution_version is version('18.04', '<') block: - name: Install ntp package: name: ntp state: present - name: Ensure NTP service is running service: name: ntp enabled: yes state: started - name: Ensure systemd-timesyncd is running service: name: systemd-timesyncd enabled: yes state: started when: ansible_distribution_version is version('18.04', '>=') - name: Remove packages that make no sense for our servers package: name: - apport - whoopsie - popularity-contest - lxd - lxd-client state: absent - name: Configure file limits copy: mode: 0644 src: debian_limits.conf dest: /etc/security/limits.d/60-nofile-limit.conf - name: Custom rsyslog config to disable /dev/xconsole noise copy: mode: 0644 src: rsyslog.d_50-default.conf dest: /etc/rsyslog.d/50-default.conf notify: Restart rsyslog - name: Install apt-daily 10periodic file for unattended-upgrades copy: mode: 0444 src: 10periodic dest: /etc/apt/apt.conf.d/10periodic owner: root group: root - name: Install 50unattended-upgrades file for unattended-upgrades copy: mode: 0444 src: 50unattended-upgrades dest: /etc/apt/apt.conf.d/50unattended-upgrades owner: root group: root