infra/playbooks/roles/common/tasks/main.yml

---

### Rly base stuff

- name: Apt upgrade, update
  ansible.builtin.apt:
    update_cache: true
    upgrade: "dist"

- name: Install dependencies
  ansible.builtin.apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg-agent
      - software-properties-common
      - vim
      - git
      - rsync
    state: latest
    update_cache: true

### Time

- name: Timesyncd
  ansible.builtin.apt:
    name:
      - systemd-timesyncd
  notify:
    - Enable systemd-timesyncd

### SSH

- name: Copy sshd_config
  ansible.builtin.copy:
    src: files/sshd_config
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify:
    - Restart sshd

- name: Copy authorized_keys
  ansible.builtin.copy:
    src: files/authorized_keys
    dest: /home/{{ ansible_user }}/.ssh/authorized_keys

### UFW

- name: Install ufw
  ansible.builtin.apt:
    name: ufw
    state: present

- name: Allow ssh from rfc1918 networks
  loop: "{{ rfc1918_networks }}"
  community.general.ufw:
    rule: allow
    name: "OpenSSH"
    from: "{{ item }}"
    state: "enabled"
  notify:
    - Enable ufw
    - Reload ufw