--- - name: Set correct hostname ansible.builtin.hostname: name: "{{ inventory_hostname }}" - name: Check if dnf python bindings are installed ansible.builtin.command: argv: - rpm - "-q" - python3-dnf register: result failed_when: false changed_when: false - name: Install dnf python bindings ansible.builtin.command: argv: - dnf - install - "-y" - python3-dnf when: result.rc != 0 - name: Install OS specific roles for physical hardware ansible.builtin.include_role: name: cpupower when: - ansible_virtualization_role == "host" - name: Install OS specific roles ansible.builtin.include_role: name: "{{ role }}" with_items: - selinux # selinux first to get fcontexts working - rsyslog loop_control: loop_var: role - name: Install systemd-resolved ansible.builtin.include_role: name: systemd_resolved when: ansible_distribution == "Fedora" - name: Install firewall ansible.builtin.include_role: name: iptables when: ansible_distribution_major_version|int <= 8 - name: Install firewall ansible.builtin.include_role: name: nftables when: ansible_distribution_major_version|int >= 9 - name: Fix SELinux context from /export community.general.sefcontext: path: "/export" setype: var_t - name: Check SELinux context from /export ansible.builtin.command: argv: - matchpathcon - -V - /export register: result check_mode: false changed_when: false failed_when: false - name: Apply selinux context to /export ansible.builtin.command: argv: - restorecon - -iv - /export when: "' should be ' in result.stdout" - name: Enable tmpfs mount for /tmp ansible.builtin.service: name: tmp.mount state: started enabled: true - name: Install postfix ansible.builtin.include_role: name: postfix when: "'mail' not in group_names" - name: Install packages ansible.builtin.package: name: "{{ item }}" state: installed with_items: - bind-utils # dig - bzip2 # bzip - cronie # missing from fedora - curl # curl - iotop # monitor io usage - nc # netcat - net-tools # ifconfig etc - psmisc # pstree for debugging - rsync # rsync - strace # debugging - sysstat # sa, sar - tar # tar - tcpdump # for network debugging - telnet # test ports - tmpwatch # tmp cleanup - usbutils # lsusb - vim-enhanced # working vi :) - xterm # resize - name: Install roles for physical hardware ansible.builtin.include_role: name: fwupd when: - ansible_virtualization_role == "host" - name: Install packages for physical hardware ansible.builtin.package: name: "{{ item }}" state: installed with_items: - hdparm - pciutils - powertop when: - ansible_virtualization_role == "host" - name: Install packages (el8 and older) ansible.builtin.package: name: "{{ item }}" state: installed with_items: - mailx when: ansible_distribution_major_version|int <= 8 - name: Install packages (el9 and newer) ansible.builtin.package: name: "{{ item }}" state: installed with_items: - s-nail when: ansible_distribution_major_version|int >= 9 - name: Disable grep colors ansible.builtin.file: dest: /etc/GREP_COLORS state: absent - name: Check date format ansible.builtin.shell: cmd: | set -o pipefail localectl status | grep -E '^\s+LC_TIME=C.UTF-8$' executable: /bin/bash register: locale_check changed_when: false failed_when: false check_mode: false - name: Set date format to use 24 hour clock ansible.builtin.command: argv: - localectl - set-locale - LC_TIME=C.UTF-8 register: result changed_when: result.rc == 0 when: locale_check.rc != 0 - name: Store date and time for bash history ansible.builtin.copy: dest: /etc/profile.d/history.sh content: 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "' mode: "0644" owner: root group: "{{ ansible_wheel }}" - name: Cron job for downloading updates ansible.builtin.cron: name: dnf-downloadonly user: root hour: "3" minute: "{{ 59 | random(seed=inventory_hostname) }}" job: "dnf-3 -q -y update --downloadonly"