ansible-playbooks/ubuntu/roles/common/tasks/main.yml

---
# This playbook contains common plays that will be run all nodes.

- name: Install python-apt, aptitude, and debconf-utils
  shell: apt-get update && apt-get -y install python-apt aptitude debconf-utils
- name: Do any package upgrades
  apt: upgrade=dist
- name: Set default locale to en_US.UTF-8
  debconf: name=locales question='locales/default_environment_locale' value=en_US.UTF-8 vtype='select'
- name: Generate locales
  debconf: name=locales question='locales/locales_to_be_generated'  value='en_US.UTF-8 UTF-8' vtype='multiselect'
- name: Set timezone area
  debconf: name=tzdata question='tzdata/Areas' value='Etc' vtype='select'
- name: Set timezone
  debconf: name=tzdata question='tzdata/Zones/Etc' value='UTC' vtype='select'
  notify:
  - restart rsyslog
  - restart cron
- name: Install required packages
  apt:
    name: "{{ packages }}"
    state: latest
  vars:
    packages:
    - most
    - zsh
    - vim
    - vim-scripts
    - git
    - tmux
    - multitail
    - mtr-tiny
    - curl
    - dnsutils
    - sudo
    - gnupg
    - traceroute
    - htop
    - haveged
    - build-essential
    - vnstat
    - chrony
    - unattended-upgrades
    - iptables-persistent
    - netfilter-persistent
    - mailutils
    - postfix
- name: Remove packages we do not need
  apt:
    name: "{{ packages }}"
    state: absent
  vars:
    packages:
    - exim4-daemon-light
    - consolekit
    - snapd
    - lxcfs
    - rpcbind
- name: Ensure haveged, ntp, and vnstat are started on boot
  service: name={{ item }} enabled=yes
  with_items:
     - haveged
     - vnstat
     - chrony
- name: Ensure that the periodic APT cron task clears out old kernels and does unattended security upgrades
  copy: src=10periodic dest=/etc/apt/apt.conf.d/10periodic backup=yes owner=root group=root mode=0644
- name: Copy our sshd_config over and restart sshd
  copy: src=sshd_config dest=/etc/ssh/sshd_config backup=yes owner=root group=root mode=0644
  notify:
  - restart sshd