Initialize repo for the sysadmin packages helper.
This commit is contained in:
commit
f3fac3c2a2
0
.gitignore
vendored
Normal file
0
.gitignore
vendored
Normal file
17
LICENSE
Normal file
17
LICENSE
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
MIT No Attribution License
|
||||||
|
|
||||||
|
Copyright (c) 2023 Brian Lee
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the “Software”), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
18
README.md
Normal file
18
README.md
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# linux role
|
||||||
|
|
||||||
|
This is an Ansible role that installs a baseline of useful packages for the Linux system administrator.
|
||||||
|
|
||||||
|
It is intended to be composed along with other playbooks in the micro-stack pattern (as described by Kief Morris' Infrastructure as Code, 2nd edition).
|
||||||
|
|
||||||
|
## requirements
|
||||||
|
|
||||||
|
* role: bleetube-dotfiles
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
|
||||||
|
* include difftastic
|
||||||
|
* maybe include fzf, but not via apt because its an old version
|
||||||
|
* selectively prevent updates (e.g. [postgresql](https://askubuntu.com/a/18656))
|
||||||
|
* add a RedHat profile for Almalinux and Opensuse
|
||||||
|
* configurable username
|
||||||
|
* CI tests
|
2
defaults/main.yml
Normal file
2
defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
sysadmin_packages: []
|
3
handlers/main.yml
Normal file
3
handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart ssh
|
||||||
|
service: name=sshd state=restarted
|
2
meta/main.yml
Normal file
2
meta/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
dependencies: []
|
22
tasks/main.yml
Normal file
22
tasks/main.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: setup-Debian.yml
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- import_tasks: setup-RedHat.yml
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- import_tasks: setup-Arch.yml
|
||||||
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
|
- name: Load a variable file based on the OS type, or a default if not found.
|
||||||
|
include_vars: "{{ item }}"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
|
||||||
|
- "{{ ansible_distribution }}.yml"
|
||||||
|
- "{{ ansible_os_family }}.yml"
|
||||||
|
- "Debian.yml"
|
||||||
|
|
||||||
|
- name: Ensure sysadmin utility packages are installed.
|
||||||
|
ansible.builtin.package:
|
||||||
|
state: present
|
||||||
|
name: "{{ sysadmin_packages }}"
|
4
tasks/setup-Arch.yml
Normal file
4
tasks/setup-Arch.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- name: Set timezone to UTC
|
||||||
|
community.general.timezone:
|
||||||
|
name: UTC
|
59
tasks/setup-Debian.yml
Normal file
59
tasks/setup-Debian.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
- name: Set timezone to UTC
|
||||||
|
community.general.timezone:
|
||||||
|
name: UTC
|
||||||
|
|
||||||
|
- name: Let root authenticate via ssh pubkey, Ubuntu.
|
||||||
|
ansible.builtin.replace:
|
||||||
|
path: /root/.ssh/authorized_keys
|
||||||
|
regexp: '^no.*(ssh.*)$'
|
||||||
|
replace: '\1'
|
||||||
|
|
||||||
|
- name: Check for Unattended-Upgrade
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
|
register: unattended_upgrade
|
||||||
|
|
||||||
|
- name: Ensure apt automatic upgrades are not enabled.
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
|
regexp: 'APT::Periodic::Unattended-Upgrade "1";'
|
||||||
|
line: 'APT::Periodic::Unattended-Upgrade "0";'
|
||||||
|
when: unattended_upgrade.stat.exists
|
||||||
|
|
||||||
|
- name: Ensure unnecessary packages from Ubuntu are removed.
|
||||||
|
ansible.builtin.apt:
|
||||||
|
state: absent
|
||||||
|
name:
|
||||||
|
- snapd
|
||||||
|
- lxd-agent-loader
|
||||||
|
- modemmanager # Curious: mmcli --list-modems
|
||||||
|
register: apt_status
|
||||||
|
until: apt_status is success
|
||||||
|
delay: 6
|
||||||
|
retries: 10
|
||||||
|
|
||||||
|
- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 3600
|
||||||
|
|
||||||
|
#- name: Update Linux Kernel
|
||||||
|
# ansible.builtin.apt:
|
||||||
|
# name: linux-image-amd64
|
||||||
|
# state: latest
|
||||||
|
# register: kernel_version
|
||||||
|
#
|
||||||
|
#- name: Reboot a slow machine that might have lots of updates to apply
|
||||||
|
# ansible.builtin.reboot:
|
||||||
|
# reboot_timeout: 3600
|
||||||
|
# when: kernel_version is changed
|
||||||
|
|
||||||
|
- name: Update all packages to their latest version
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: '*'
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Remove dependencies that are no longer required
|
||||||
|
ansible.builtin.apt:
|
||||||
|
autoremove: yes
|
4
tasks/setup-RedHat.yml
Normal file
4
tasks/setup-RedHat.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- name: Set timezone to UTC
|
||||||
|
community.general.timezone:
|
||||||
|
name: UTC
|
19
vars/Debian.yml
Normal file
19
vars/Debian.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
sysadmin_packages:
|
||||||
|
- curl
|
||||||
|
- dnsutils
|
||||||
|
- git
|
||||||
|
- gpg
|
||||||
|
- htop
|
||||||
|
- iptables
|
||||||
|
- iputils-ping
|
||||||
|
- jq
|
||||||
|
- net-tools
|
||||||
|
- netcat
|
||||||
|
- psmisc
|
||||||
|
- python-is-python3
|
||||||
|
- rsync
|
||||||
|
- tcpdump
|
||||||
|
- tmux
|
||||||
|
- tree
|
||||||
|
- vim
|
Loading…
Reference in New Issue
Block a user