codatory/firmware-update.yml

## firmware-update.yml
- name: Applying OS Configuration Baseline
  hosts: all
  gather_facts: no
  become: true
  vars:
    ansible_ssh_pipelining: true
  tasks:
    - name: Install fwupd
      apt:
        name: fwupd
    - name: Refresh fwupd db
      command:
        cmd: fwupdmgr refresh
      ignore_errors: yes
    - name: Install firmware updates
      register: firmware
      command:
        cmd: fwupdmgr update -y
    - name: Reboot for firmware updates
      when: firmware.changed
      throttle: 1
      reboot:

## hosts.yml
all:
    children:
        control:
            hosts:
                10.8.0.11:
                10.8.0.12:
                10.8.0.13:
        work:
            hosts:
                10.8.0.21:
                10.8.0.22:
                10.8.0.23:

## os-setup.yml
- name: Applying OS Configuration Baseline
  hosts: all
  gather_facts: no
  become: true
  vars:
    ansible_ssh_pipelining: true
  tasks:
    - name: Configure Sudo NoPasswd
      community.general.sudoers:
        name: sudoers-nopasswd
        state: present
        group: sudo
        commands: ALL
        nopassword: yes
    - name: Prepare Aptitude
      apt:
        cache_valid_time: 1800
        autoremove: yes
        autoclean: yes
        name: aptitude
    - name: Install HWE
      apt:
        name: linux-generic-hwe-20.04
    - name: Install NFS Tools
      apt:
        name: nfs-common
    - name: Install Fail2Ban
      apt:
        name: fail2ban
    - name: Configure fail2ban
      register: fail2ban_jail
      copy:
        dest: /etc/fail2ban/jail.local
        content: |
          [sshd]
          enabled = true
          port = 22

          [sshd-ddos]
          enabled = true
          port = 22
    - name: Restart fail2ban
      when: fail2ban_jail.changed
      service:
        name: fail2ban
        state: restarted
    - name: Enable fail2ban
      service:
        name: fail2ban
        state: started
        enabled: yes
    - name: Update all packages
      apt:
        state: latest
        upgrade: yes
    - name: Check if reboot is required
      stat:
        path: /var/run/reboot-required
      register: reboot_required
    - name: Restart System
      throttle: 1
      when: reboot_required.stat.exists
      reboot:
	- name: Applying OS Configuration Baseline
	hosts: all
	gather_facts: no
	become: true
	vars:
	ansible_ssh_pipelining: true
	tasks:
	- name: Install fwupd
	apt:
	name: fwupd
	- name: Refresh fwupd db
	command:
	cmd: fwupdmgr refresh
	ignore_errors: yes
	- name: Install firmware updates
	register: firmware
	command:
	cmd: fwupdmgr update -y
	- name: Reboot for firmware updates
	when: firmware.changed
	throttle: 1
	reboot:
	all:
	children:
	control:
	hosts:
	10.8.0.11:
	10.8.0.12:
	10.8.0.13:
	work:
	hosts:
	10.8.0.21:
	10.8.0.22:
	10.8.0.23: