--- # System setup tasks for Arrs Media Stack deployment - name: Set timezone timezone: name: "{{ timezone }}" notify: reload systemd tags: ['timezone'] - name: Update system packages apt: upgrade: dist update_cache: yes cache_valid_time: 3600 tags: ['system_update'] - name: Install additional system utilities apt: name: - vim - git - rsync - cron - logrotate - fail2ban - ncdu - iotop - nethogs - jq state: present tags: ['system_packages'] - name: Configure automatic security updates apt: name: unattended-upgrades state: present tags: ['security_updates'] - name: Configure unattended-upgrades template: src: 50unattended-upgrades.j2 dest: /etc/apt/apt.conf.d/50unattended-upgrades backup: yes tags: ['security_updates'] - name: Enable automatic security updates template: src: 20auto-upgrades.j2 dest: /etc/apt/apt.conf.d/20auto-upgrades backup: yes tags: ['security_updates'] - name: Configure system limits for Docker pam_limits: domain: "{{ docker_user }}" limit_type: "{{ item.type }}" limit_item: "{{ item.item }}" value: "{{ item.value }}" loop: - { type: 'soft', item: 'nofile', value: '65536' } - { type: 'hard', item: 'nofile', value: '65536' } - { type: 'soft', item: 'nproc', value: '32768' } - { type: 'hard', item: 'nproc', value: '32768' } tags: ['system_limits'] - name: Configure kernel parameters for Docker sysctl: name: "{{ item.name }}" value: "{{ item.value }}" state: present reload: yes loop: - { name: 'vm.max_map_count', value: '262144' } - { name: 'fs.file-max', value: '2097152' } - { name: 'net.core.somaxconn', value: '65535' } tags: ['kernel_params'] - name: Create systemd override directory for Docker file: path: /etc/systemd/system/docker.service.d state: directory mode: '0755' tags: ['docker_systemd'] - name: Configure Docker systemd service template: src: docker-override.conf.j2 dest: /etc/systemd/system/docker.service.d/override.conf backup: yes notify: - reload systemd - restart docker tags: ['docker_systemd']