commit f3fac3c2a2f5868bfd4e1ecfc5671e1eb99dec99 Author: Brian Lee Date: Mon Jul 3 15:20:02 2023 -0700 Initialize repo for the sysadmin packages helper. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4baac1e --- /dev/null +++ b/LICENSE @@ -0,0 +1,17 @@ +MIT No Attribution License + +Copyright (c) 2023 Brian Lee + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the “Software”), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..abbf767 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# linux role + +This is an Ansible role that installs a baseline of useful packages for the Linux system administrator. + +It is intended to be composed along with other playbooks in the micro-stack pattern (as described by Kief Morris' Infrastructure as Code, 2nd edition). + +## requirements + +* role: bleetube-dotfiles + +## TODO + +* include difftastic +* maybe include fzf, but not via apt because its an old version +* selectively prevent updates (e.g. [postgresql](https://askubuntu.com/a/18656)) +* add a RedHat profile for Almalinux and Opensuse +* configurable username +* CI tests diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..0a596ea --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +sysadmin_packages: [] \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..6f11e52 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart ssh + service: name=sshd state=restarted \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..6099501 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e86460f --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- import_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- import_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- import_tasks: setup-Arch.yml + when: ansible_os_family == 'Archlinux' + +- name: Load a variable file based on the OS type, or a default if not found. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + - "Debian.yml" + +- name: Ensure sysadmin utility packages are installed. + ansible.builtin.package: + state: present + name: "{{ sysadmin_packages }}" diff --git a/tasks/setup-Arch.yml b/tasks/setup-Arch.yml new file mode 100644 index 0000000..e4ecb28 --- /dev/null +++ b/tasks/setup-Arch.yml @@ -0,0 +1,4 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml new file mode 100644 index 0000000..d3ec41f --- /dev/null +++ b/tasks/setup-Debian.yml @@ -0,0 +1,59 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC + +- name: Let root authenticate via ssh pubkey, Ubuntu. + ansible.builtin.replace: + path: /root/.ssh/authorized_keys + regexp: '^no.*(ssh.*)$' + replace: '\1' + +- name: Check for Unattended-Upgrade + ansible.builtin.stat: + path: /etc/apt/apt.conf.d/20auto-upgrades + register: unattended_upgrade + +- name: Ensure apt automatic upgrades are not enabled. + lineinfile: + path: /etc/apt/apt.conf.d/20auto-upgrades + regexp: 'APT::Periodic::Unattended-Upgrade "1";' + line: 'APT::Periodic::Unattended-Upgrade "0";' + when: unattended_upgrade.stat.exists + +- name: Ensure unnecessary packages from Ubuntu are removed. + ansible.builtin.apt: + state: absent + name: + - snapd + - lxd-agent-loader + - modemmanager # Curious: mmcli --list-modems + register: apt_status + until: apt_status is success + delay: 6 + retries: 10 + +- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago + ansible.builtin.apt: + update_cache: yes + cache_valid_time: 3600 + +#- name: Update Linux Kernel +# ansible.builtin.apt: +# name: linux-image-amd64 +# state: latest +# register: kernel_version +# +#- name: Reboot a slow machine that might have lots of updates to apply +# ansible.builtin.reboot: +# reboot_timeout: 3600 +# when: kernel_version is changed + +- name: Update all packages to their latest version + ansible.builtin.apt: + name: '*' + state: latest + +- name: Remove dependencies that are no longer required + ansible.builtin.apt: + autoremove: yes diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml new file mode 100644 index 0000000..e4ecb28 --- /dev/null +++ b/tasks/setup-RedHat.yml @@ -0,0 +1,4 @@ +--- +- name: Set timezone to UTC + community.general.timezone: + name: UTC diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..1c26c61 --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,19 @@ +--- +sysadmin_packages: + - curl + - dnsutils + - git + - gpg + - htop + - iptables + - iputils-ping + - jq + - net-tools + - netcat + - psmisc + - python-is-python3 + - rsync + - tcpdump + - tmux + - tree + - vim