--- - name: Update package cache apt: update_cache: yes cache_valid_time: 86400 - name: Upgrade installed packages (safe — не трогает pve-kernel и pve-пакеты) apt: upgrade: safe notify: reboot if kernel updated - name: Install essential base packages apt: name: - curl - wget - gnupg - apt-transport-https - ca-certificates - lsb-release - net-tools - iproute2 - pciutils - smartmontools - htop - vim - bash-completion state: present - name: Ensure 'locales' is installed (required for locale_gen) apt: name: locales state: present when: system_locale is defined and system_locale | length > 0 - name: Remove unused packages apt: autoremove: yes autoclean: yes - name: Disable IPv6 via sysctl sysctl: name: "{{ item.name }}" value: "{{ item.value }}" sysctl_set: yes state: present reload: yes loop: - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } - name: Ensure /root/.bashrc exists file: path: /root/.bashrc state: touch mode: '0644' - name: Add custom aliases and env to ~/.bashrc blockinfile: path: /root/.bashrc marker: "# {mark} ANSIBLE MANAGED BLOCK: PROXMOX CUSTOM ALIASES" block: | # ——— Общие ——— alias rm='rm -i' # Защита от случайного удаления alias cp='cp -i' alias mv='mv -i' alias ls='ls --color=auto' alias ll='ls -lah' alias l.='ls -d .* --color=auto' alias mount='mount | column -t' alias h='history' alias c='clear' alias now='date +%T' alias nowdate='date +%Y-%m-%d' alias ping5='ping -c 5' alias ports='ss -tulnp' # современная замена netstat alias meminfo='free -h' alias psmem='ps aux --sort=-%mem | head -11' # ——— Proxmox ——— alias lxcstat='pct list' alias qmstat='qm list' alias ha='pvecm status && pve-ha-manager status' alias stor='pvesm status' # ——— RAID / Диски ——— alias storcli='/opt/MegaRAID/storcli/storcli64' # ——— Обновление ——— alias aptup='apt update && apt list --upgradable' owner: root mode: '0644' - name: Configure timezone timezone: name: "{{ timezone }}" - name: Generate system locale locale_gen: name: "{{ system_locale }}" state: present when: system_locale is defined and system_locale | length > 0 - name: Set default LANG in /etc/default/locale lineinfile: path: /etc/default/locale regexp: '^LANG=' line: "LANG={{ system_locale }}" state: present create: yes when: system_locale is defined and system_locale | length > 0 - name: Ensure common dirs exist file: path: "{{ item }}" state: directory mode: '0755' loop: - /opt/scripts - /etc/apt/keyrings - name: Ensure python3-requests is available (for custom scripts) apt: name: python3-requests state: present - name: Ensure SSH directory exists file: path: /root/.ssh state: directory mode: '0700' - name: Add authorized SSH keys for root authorized_key: user: root state: present key: "{{ item }}" loop: "{{ ssh_public_keys | default([]) }}" - name: Harden SSH configuration lineinfile: path: /etc/ssh/sshd_config regexp: "^{{ item.key }}\\s" line: "{{ item.key }} {{ item.value }}" state: present loop: - { key: 'PasswordAuthentication', value: 'no' } - { key: 'PermitRootLogin', value: 'prohibit-password' } - { key: 'PubkeyAuthentication', value: 'yes' } - { key: 'X11Forwarding', value: 'no' } notify: restart ssh