init linux role

LICENSE

@@ -0,0 +1,17 @@
+MIT No Attribution License
+
+Copyright (c) 2023 Brian Lee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the “Software”), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

README.md

@@ -0,0 +1,15 @@
+# Ansible Role: Linux (package helper)
+
+This is an Ansible role that installs a configurable set of useful packages for the Linux system administrator.
+
+## Requirements
+
+None.
+
+## Role Variables
+
+Extra packages can be installed by using the custom list:
+
+```yaml
+sysadmin_packages_custom: []
+```

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+sysadmin_packages: []
+sysadmin_packages_custom: []

handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart ssh 
+  service: name=sshd state=restarted

meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: 'Mon 06 Jan 2025 07:19:19 PM '
+version: ''

meta/main.yml

@@ -0,0 +1,2 @@
+---
+dependencies: []

tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Load a variable file based on the OS type, or a default if not found.
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_facts.distribution_major_version }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+    - "default.yml"
+
+- name: Ensure sysadmin utility packages are installed.
+  ansible.builtin.package:
+    state: present
+    name: "{{ sysadmin_packages }}"
+
+- name: Ensure custom sysadmin utility packages are installed.
+  ansible.builtin.package:
+    state: present
+    name: "{{ sysadmin_packages_custom }}"
+  when: sysadmin_packages_custom | length > 0
+
+- name: Generate ed25519 SSH host key
+  ansible.builtin.command:
+    cmd: ssh-keygen -A
+    creates: /etc/ssh/ssh_host_ed25519_key
+
+- name: Prefer ed25519 HostKeys in sshd_config
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: 'HostKey /etc/ssh/ssh_host_ed25519_key'
+    line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
+    state: present
+  notify: restart ssh
+
+- name: "Set up {{ ansible_os_family }}-based systems"
+  include_tasks: "setup-{{ ansible_os_family }}.yml"

tasks/setup-Archlinux.yml

@@ -0,0 +1,10 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC
+
+- name: Update package database
+  community.general.pacman:
+    update_cache: yes
+    upgrade: yes
+  tags: upgrade

tasks/setup-Debian.yml

@@ -0,0 +1,51 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC
+
+- name: Let root authenticate via ssh pubkey, Ubuntu
+  ansible.builtin.replace:
+    path: /root/.ssh/authorized_keys
+    regexp: '^no.*(ssh.*)$'
+    replace: '\1'
+
+- name: Check for Unattended-Upgrade
+  ansible.builtin.stat:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+  register: unattended_upgrade
+
+- name: Ensure apt automatic upgrades are not enabled
+  lineinfile:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    regexp: 'APT::Periodic::Unattended-Upgrade "1";'
+    line: 'APT::Periodic::Unattended-Upgrade "0";'
+  when: unattended_upgrade.stat.exists
+
+- name: Ensure unnecessary packages from Ubuntu are removed.
+  ansible.builtin.apt:
+    state: absent
+    name:
+      - snapd
+      - lxd-agent-loader
+      - modemmanager        # Curious: mmcli --list-modems
+  register: apt_status
+  until: apt_status is success
+  delay: 6
+  retries: 10
+
+- name: Upgrade all packages
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 3600
+    upgrade: yes
+
+- name: Update sources.list to select a fast mirror on Ubuntu
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list
+    regexp: 'http://.*archive.ubuntu.com/ubuntu'
+    replace: 'mirror://mirrors.ubuntu.com/mirrors.txt'
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Remove dependencies that are no longer required
+  ansible.builtin.apt:
+    autoremove: yes

tasks/setup-RedHat.yml

@@ -0,0 +1,4 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC

vars/Archlinux.yml

@@ -0,0 +1,34 @@
+---
+sysadmin_packages:
+  - bash-completion
+  - curl
+  - dnsutils
+  - doas
+  - dosfstools
+  - ffmpeg
+  - file
+  - git
+  - gnupg
+  - htop
+  - jq
+  - mediainfo
+  - mtr
+  - net-tools
+  - netcat
+  - nginx
+  - p7zip
+  - parted
+  - pass
+  - psmisc
+  - rsync
+  - smartmontools
+  - tcpdump
+  - tmux
+  - tree
+  - unzip
+  - vi
+  - vim
+  - vim
+  - wget
+  - which
+  - whois

vars/Debian-12.yml

@@ -0,0 +1,20 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - bind9-dnsutils
+  - git
+  - gpg
+  - htop
+  - nftables
+  - iputils-ping
+  - jq
+  - net-tools
+  - netcat-traditional
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/Debian.yml

@@ -0,0 +1,20 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - dnsutils
+  - git
+  - gpg
+  - htop
+# - iptables
+  - iputils-ping
+  - jq
+  - net-tools
+  - netcat
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/RedHat-7.yml

@@ -0,0 +1,11 @@
+---
+sysadmin_packages:
+  - psmisc
+  - git
+  - net-tools
+  - psmisc
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/default.yml

@@ -0,0 +1,18 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - dnsutils
+  - git
+  - gpg
+  - htop
+  - jq
+  - net-tools
+  - netcat
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim