/
/
/
Ansible role that sets up sane defaults based on a simple host configuration.
1# System
2
3Baseline Debian/Ubuntu system configuration.
4
5## Key Parameters
6
7| Variable | Default | Description |
8|----------|---------|-------------|
9| `system_hostname` | inventory hostname | Set the system hostname |
10| `system_timezone` | `Europe/Amsterdam` | System timezone |
11| `system_auto_upgrades` | `false` | Disable unattended-upgrades (prevents surprise reboots) |
12| `system_passwordless_sudo` | `true` | Allow sudo group to run commands without password |
13| `system_umask` | `002` | Default UMASK for new files |
14| `system_upgrade_mode` | `dist` | Package upgrade mode: `dist`, `full`, or `safe` |
15| `system_extra_packages` | `[]` | Additional APT packages to install |
16
17## Workflow
18
191. Set hostname (if `system_manage_hostname` is true)
202. Configure passwordless sudo for the sudo group
213. Set system-wide UMASK
224. Disable automatic updates
235. Run full package upgrade
246. Install extra packages
25