astara-appliance/ansible/tasks/base.yml

---

- name: install base packages
  apt: name={{item}} state=installed install_recommends=no
  with_items:
    - wget
    - iptables
    - iptables-persistent
    - iputils-ping
    - conntrack
    - ntp
    - tcpdump
    - vim
    - keepalived
    - conntrackd

- name: latest bash (CVE-2014-6271)
  apt: name=bash state=latest install_recommends=no

- name: remove timezone
  command: rm -f arg1 removes=/etc/localtime

- name: set timezone to UTC
  command: ln -s /usr/share/zoneinfo/UTC arg1 creates=/etc/localtime

- name: setting hostname
  copy: content="astara-linux" dest=/etc/hostname

- name: set default nameserver
  copy: content="nameserver 8.8.8.8" dest=/etc/resolv.conf

- name: vanity motd
  template: src=motd.j2 dest=/etc/motd

- name: disable fsck on boot via fastboot
  file: path=/fastboot state=touch

- name: reset v4 persistent table rules
  template: src=rules_v4.j2 dest=/etc/iptables/rules.v4

- name: reset v6 persistent table rules
  template: src=rules_v6.j2 dest=/etc/iptables/rules.v6

- name: clear out network interfaces.d
  shell: rm -f /etc/network/interfaces.d/*

- name: reset network interfaces
  file: content="auto lo\niface lo inet loopback" dest=/etc/network/interfaces