init linux role

README.md

@@ -0,0 +1,15 @@
+# Ansible Role: Linux (package helper)
+
+This is an Ansible role that installs a configurable set of useful packages for the Linux system administrator.
+
+## Requirements
+
+None.
+
+## Role Variables
+
+Extra packages can be installed by using the custom list:
+
+```yaml
+sysadmin_packages_custom: []
+```

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+sysadmin_packages: []
+sysadmin_packages_custom: []

handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart ssh 
+  service: name=sshd state=restarted

meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: 'Mon 06 Jan 2025 07:19:19 PM '
+version: ''

meta/main.yml

@@ -0,0 +1,2 @@
+---
+dependencies: []

tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Load a variable file based on the OS type, or a default if not found.
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_facts.distribution_major_version }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+    - "default.yml"
+
+- name: Ensure sysadmin utility packages are installed.
+  ansible.builtin.package:
+    state: present
+    name: "{{ sysadmin_packages }}"
+
+- name: Ensure custom sysadmin utility packages are installed.
+  ansible.builtin.package:
+    state: present
+    name: "{{ sysadmin_packages_custom }}"
+  when: sysadmin_packages_custom | length > 0
+
+- name: Generate ed25519 SSH host key
+  ansible.builtin.command:
+    cmd: ssh-keygen -A
+    creates: /etc/ssh/ssh_host_ed25519_key
+
+- name: Prefer ed25519 HostKeys in sshd_config
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: 'HostKey /etc/ssh/ssh_host_ed25519_key'
+    line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
+    state: present
+  notify: restart ssh
+
+- name: "Set up {{ ansible_os_family }}-based systems"
+  include_tasks: "setup-{{ ansible_os_family }}.yml"

tasks/setup-Archlinux.yml

@@ -0,0 +1,10 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC
+
+- name: Update package database
+  community.general.pacman:
+    update_cache: yes
+    upgrade: yes
+  tags: upgrade

tasks/setup-Debian.yml

@@ -0,0 +1,51 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC
+
+- name: Let root authenticate via ssh pubkey, Ubuntu
+  ansible.builtin.replace:
+    path: /root/.ssh/authorized_keys
+    regexp: '^no.*(ssh.*)$'
+    replace: '\1'
+
+- name: Check for Unattended-Upgrade
+  ansible.builtin.stat:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+  register: unattended_upgrade
+
+- name: Ensure apt automatic upgrades are not enabled
+  lineinfile:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    regexp: 'APT::Periodic::Unattended-Upgrade "1";'
+    line: 'APT::Periodic::Unattended-Upgrade "0";'
+  when: unattended_upgrade.stat.exists
+
+- name: Ensure unnecessary packages from Ubuntu are removed.
+  ansible.builtin.apt:
+    state: absent
+    name:
+      - snapd
+      - lxd-agent-loader
+      - modemmanager        # Curious: mmcli --list-modems
+  register: apt_status
+  until: apt_status is success
+  delay: 6
+  retries: 10
+
+- name: Upgrade all packages
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 3600
+    upgrade: yes
+
+- name: Update sources.list to select a fast mirror on Ubuntu
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list
+    regexp: 'http://.*archive.ubuntu.com/ubuntu'
+    replace: 'mirror://mirrors.ubuntu.com/mirrors.txt'
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Remove dependencies that are no longer required
+  ansible.builtin.apt:
+    autoremove: yes

tasks/setup-RedHat.yml

@@ -0,0 +1,4 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC

vars/Archlinux.yml

@@ -0,0 +1,34 @@
+---
+sysadmin_packages:
+  - bash-completion
+  - curl
+  - dnsutils
+  - doas
+  - dosfstools
+  - ffmpeg
+  - file
+  - git
+  - gnupg
+  - htop
+  - jq
+  - mediainfo
+  - mtr
+  - net-tools
+  - netcat
+  - nginx
+  - p7zip
+  - parted
+  - pass
+  - psmisc
+  - rsync
+  - smartmontools
+  - tcpdump
+  - tmux
+  - tree
+  - unzip
+  - vi
+  - vim
+  - vim
+  - wget
+  - which
+  - whois

vars/Debian-11.yml

@@ -0,0 +1,20 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - dnsutils
+  - git
+  - gpg
+  - htop
+# - iptables
+  - iputils-ping
+  - jq
+  - net-tools
+  - netcat
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/Debian.yml

@@ -0,0 +1,20 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - bind9-dnsutils
+  - git
+  - gpg
+  - htop
+  - nftables
+  - iputils-ping
+  - jq
+  - net-tools
+  - netcat-traditional
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/RedHat-7.yml

@@ -0,0 +1,11 @@
+---
+sysadmin_packages:
+  - psmisc
+  - git
+  - net-tools
+  - psmisc
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim

vars/default.yml

@@ -0,0 +1,18 @@
+---
+sysadmin_packages:
+  - curl
+  - file
+  - dnsutils
+  - git
+  - gpg
+  - htop
+  - jq
+  - net-tools
+  - netcat
+  - psmisc
+  - python-is-python3
+  - rsync
+  - tcpdump
+  - tmux
+  - tree
+  - vim