From cb312a9c51542e4a0877ebb31eef267e8cb495ed Mon Sep 17 00:00:00 2001 From: pleb Date: Fri, 23 Jan 2026 13:05:01 -0800 Subject: [PATCH] init linux role --- .gitignore | 0 README.md | 15 ++++++++++++ defaults/main.yml | 3 +++ handlers/main.yml | 3 +++ meta/.galaxy_install_info | 2 ++ meta/main.yml | 2 ++ tasks/main.yml | 35 +++++++++++++++++++++++++++ tasks/setup-Archlinux.yml | 10 ++++++++ tasks/setup-Debian.yml | 51 +++++++++++++++++++++++++++++++++++++++ tasks/setup-RedHat.yml | 4 +++ vars/Archlinux.yml | 34 ++++++++++++++++++++++++++ vars/Debian-11.yml | 20 +++++++++++++++ vars/Debian.yml | 20 +++++++++++++++ vars/RedHat-7.yml | 11 +++++++++ vars/default.yml | 18 ++++++++++++++ 15 files changed, 228 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/.galaxy_install_info create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/setup-Archlinux.yml create mode 100644 tasks/setup-Debian.yml create mode 100644 tasks/setup-RedHat.yml create mode 100644 vars/Archlinux.yml create mode 100644 vars/Debian-11.yml create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat-7.yml create mode 100644 vars/default.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md new file mode 100644 index 0000000..fa4585d --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Ansible Role: Linux (package helper) + +This is an Ansible role that installs a configurable set of useful packages for the Linux system administrator. + +## Requirements + +None. + +## Role Variables + +Extra packages can be installed by using the custom list: + +```yaml +sysadmin_packages_custom: [] +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b9afb63 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +sysadmin_packages: [] +sysadmin_packages_custom: [] \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..6f11e52 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart ssh + service: name=sshd state=restarted \ No newline at end of file diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..285c3e9 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: 'Mon 06 Jan 2025 07:19:19 PM ' +version: '' diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..6099501 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..5e21726 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Load a variable file based on the OS type, or a default if not found. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + - "default.yml" + +- name: Ensure sysadmin utility packages are installed. + ansible.builtin.package: + state: present + name: "{{ sysadmin_packages }}" + +- name: Ensure custom sysadmin utility packages are installed. + ansible.builtin.package: + state: present + name: "{{ sysadmin_packages_custom }}" + when: sysadmin_packages_custom | length > 0 + +- name: Generate ed25519 SSH host key + ansible.builtin.command: + cmd: ssh-keygen -A + creates: /etc/ssh/ssh_host_ed25519_key + +- name: Prefer ed25519 HostKeys in sshd_config + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regex: 'HostKey /etc/ssh/ssh_host_ed25519_key' + line: 'HostKey /etc/ssh/ssh_host_ed25519_key' + state: present + notify: restart ssh + +- name: "Set up {{ ansible_os_family }}-based systems" + include_tasks: "setup-{{ ansible_os_family }}.yml" diff --git a/tasks/setup-Archlinux.yml b/tasks/setup-Archlinux.yml new file mode 100644 index 0000000..f24ac26 --- /dev/null +++ b/tasks/setup-Archlinux.yml @@ -0,0 +1,10 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC + +- name: Update package database + community.general.pacman: + update_cache: yes + upgrade: yes + tags: upgrade diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml new file mode 100644 index 0000000..4221b45 --- /dev/null +++ b/tasks/setup-Debian.yml @@ -0,0 +1,51 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC + +- name: Let root authenticate via ssh pubkey, Ubuntu + ansible.builtin.replace: + path: /root/.ssh/authorized_keys + regexp: '^no.*(ssh.*)$' + replace: '\1' + +- name: Check for Unattended-Upgrade + ansible.builtin.stat: + path: /etc/apt/apt.conf.d/20auto-upgrades + register: unattended_upgrade + +- name: Ensure apt automatic upgrades are not enabled + lineinfile: + path: /etc/apt/apt.conf.d/20auto-upgrades + regexp: 'APT::Periodic::Unattended-Upgrade "1";' + line: 'APT::Periodic::Unattended-Upgrade "0";' + when: unattended_upgrade.stat.exists + +- name: Ensure unnecessary packages from Ubuntu are removed. + ansible.builtin.apt: + state: absent + name: + - snapd + - lxd-agent-loader + - modemmanager # Curious: mmcli --list-modems + register: apt_status + until: apt_status is success + delay: 6 + retries: 10 + +- name: Upgrade all packages + ansible.builtin.apt: + update_cache: yes + cache_valid_time: 3600 + upgrade: yes + +- name: Update sources.list to select a fast mirror on Ubuntu + ansible.builtin.replace: + path: /etc/apt/sources.list + regexp: 'http://.*archive.ubuntu.com/ubuntu' + replace: 'mirror://mirrors.ubuntu.com/mirrors.txt' + when: ansible_distribution == 'Ubuntu' + +- name: Remove dependencies that are no longer required + ansible.builtin.apt: + autoremove: yes diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml new file mode 100644 index 0000000..e4ecb28 --- /dev/null +++ b/tasks/setup-RedHat.yml @@ -0,0 +1,4 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml new file mode 100644 index 0000000..8136c03 --- /dev/null +++ b/vars/Archlinux.yml @@ -0,0 +1,34 @@ +--- +sysadmin_packages: + - bash-completion + - curl + - dnsutils + - doas + - dosfstools + - ffmpeg + - file + - git + - gnupg + - htop + - jq + - mediainfo + - mtr + - net-tools + - netcat + - nginx + - p7zip + - parted + - pass + - psmisc + - rsync + - smartmontools + - tcpdump + - tmux + - tree + - unzip + - vi + - vim + - vim + - wget + - which + - whois \ No newline at end of file diff --git a/vars/Debian-11.yml b/vars/Debian-11.yml new file mode 100644 index 0000000..cf64259 --- /dev/null +++ b/vars/Debian-11.yml @@ -0,0 +1,20 @@ +--- +sysadmin_packages: + - curl + - file + - dnsutils + - git + - gpg + - htop +# - iptables + - iputils-ping + - jq + - net-tools + - netcat + - psmisc + - python-is-python3 + - rsync + - tcpdump + - tmux + - tree + - vim diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..82c7ccb --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,20 @@ +--- +sysadmin_packages: + - curl + - file + - bind9-dnsutils + - git + - gpg + - htop + - nftables + - iputils-ping + - jq + - net-tools + - netcat-traditional + - psmisc + - python-is-python3 + - rsync + - tcpdump + - tmux + - tree + - vim diff --git a/vars/RedHat-7.yml b/vars/RedHat-7.yml new file mode 100644 index 0000000..3410212 --- /dev/null +++ b/vars/RedHat-7.yml @@ -0,0 +1,11 @@ +--- +sysadmin_packages: + - psmisc + - git + - net-tools + - psmisc + - rsync + - tcpdump + - tmux + - tree + - vim diff --git a/vars/default.yml b/vars/default.yml new file mode 100644 index 0000000..6011136 --- /dev/null +++ b/vars/default.yml @@ -0,0 +1,18 @@ +--- +sysadmin_packages: + - curl + - file + - dnsutils + - git + - gpg + - htop + - jq + - net-tools + - netcat + - psmisc + - python-is-python3 + - rsync + - tcpdump + - tmux + - tree + - vim