letsencrypt now generates certificates that include the chain
[ansible.git] / roles / base / tasks / main.yml
index 0bc1caff8f5a127f348455138f7c84b49e9b21b9..528f662073da874ba70e927fe92f2cd342cb4824 100644 (file)
@@ -3,7 +3,7 @@
   when: not (ansible_distribution == "Debian" and ansible_lsb.major_release|int >= 9)
   command: "false"
 - name: detect if we have backports in the sources.list
-  command: fgrep backports /etc/apt/sources.list
+  command: 'fgrep backports /etc/apt/sources.list'
   register: backports
   failed_when: backports.rc == 2
   changed_when: False
   when: backports.rc != 0
   apt_repository: repo='deb http://httpredir.debian.org/debian {{ansible_distribution_release}}-backports main contrib non-free' state=present update_cache=yes
 - name: get rid of packages we do not want
-  apt: name=exim4-base,rpcbind state=absent autoremove=yes
-- name: install needrestart (from backports)
-  apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
+  apt: name=exim4-base,rpcbind,procmail,fetchmail state=absent autoremove=yes
 - name: install some basic tools
-  apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
-# dh2048
-- name: create dh2048 file
-  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
-  args:
-    creates: "/etc/ssl/dh2048.pem"
+  apt: name=nano,aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop,acl,libpam-systemd,needrestart,debian-security-support state=latest
 # configuration
 - name: configure root shell
   copy:
@@ -36,3 +29,7 @@
     dest: /etc/systemd/timesyncd.conf
     src: files/timesyncd.conf
   notify: timesyncd
+- name: configure needrestart
+  copy:
+    dest: /etc/needrestart/conf.d/restart.conf
+    src: files/needrestart.conf