README.md

@@ -1,15 +1,3 @@
 # Ansible Role: Linux (package helper)
 
 This is an Ansible role that installs a configurable set of useful packages for the Linux system administrator.
-
-## Requirements
-
-None.
-
-## Role Variables
-
-Extra packages can be installed by using the custom list:
-
-```yaml
-sysadmin_packages_custom: []
-```

defaults/main.yml

@@ -1,3 +1,2 @@
 ---
 sysadmin_packages: []
-sysadmin_packages_custom: []

tasks/main.yml

@@ -1,35 +1,22 @@
 ---
+- import_tasks: setup-Debian.yml
+  when: ansible_os_family == 'Debian'
+
+- import_tasks: setup-RedHat.yml
+  when: ansible_os_family == 'RedHat'
+
+- import_tasks: setup-Arch.yml
+  when: ansible_os_family == 'Archlinux'
+
 - name: Load a variable file based on the OS type, or a default if not found.
   include_vars: "{{ item }}"
   with_first_found:
-    - "{{ ansible_distribution }}-{{ ansible_facts.distribution_major_version }}.yml"
+    - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
     - "{{ ansible_distribution }}.yml"
     - "{{ ansible_os_family }}.yml"
-    - "default.yml"
+    - "Debian.yml"
 
 - name: Ensure sysadmin utility packages are installed.
   ansible.builtin.package:
     state: present
     name: "{{ sysadmin_packages }}"
-
-- name: Ensure custom sysadmin utility packages are installed.
-  ansible.builtin.package:
-    state: present
-    name: "{{ sysadmin_packages_custom }}"
-  when: sysadmin_packages_custom | length > 0
-
-- name: Generate ed25519 SSH host key
-  ansible.builtin.command:
-    cmd: ssh-keygen -A
-    creates: /etc/ssh/ssh_host_ed25519_key
-
-- name: Prefer ed25519 HostKeys in sshd_config
-  ansible.builtin.lineinfile:
-    path: /etc/ssh/sshd_config
-    regex: 'HostKey /etc/ssh/ssh_host_ed25519_key'
-    line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
-    state: present
-  notify: restart ssh
-
-- name: "Set up {{ ansible_os_family }}-based systems"
-  include_tasks: "setup-{{ ansible_os_family }}.yml"

tasks/setup-Arch.yml

@@ -0,0 +1,4 @@
+---
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC

tasks/setup-Archlinux.yml

@@ -1,10 +0,0 @@
----
-- name: Set timezone to UTC
-  community.general.timezone:
-    name: UTC
-
-- name: Update package database
-  community.general.pacman:
-    update_cache: yes
-    upgrade: yes
-  tags: upgrade

tasks/setup-Debian.yml

@@ -3,7 +3,7 @@
   community.general.timezone:
     name: UTC
 
-- name: Let root authenticate via ssh pubkey, Ubuntu
+- name: Let root authenticate via ssh pubkey, Ubuntu.
   ansible.builtin.replace:
     path: /root/.ssh/authorized_keys
     regexp: '^no.*(ssh.*)$'
@@ -14,7 +14,7 @@
     path: /etc/apt/apt.conf.d/20auto-upgrades
   register: unattended_upgrade
 
-- name: Ensure apt automatic upgrades are not enabled
+- name: Ensure apt automatic upgrades are not enabled.
   lineinfile:
     path: /etc/apt/apt.conf.d/20auto-upgrades
     regexp: 'APT::Periodic::Unattended-Upgrade "1";'
@@ -33,18 +33,26 @@
   delay: 6
   retries: 10
 
-- name: Upgrade all packages
+- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
   ansible.builtin.apt:
     update_cache: yes
     cache_valid_time: 3600
-    upgrade: yes
 
-- name: Update sources.list to select a fast mirror on Ubuntu
+#- name: Update Linux Kernel
-  ansible.builtin.replace:
+#  ansible.builtin.apt:
-    path: /etc/apt/sources.list
+#    name: linux-image-amd64
-    regexp: 'http://.*archive.ubuntu.com/ubuntu'
+#    state: latest
-    replace: 'mirror://mirrors.ubuntu.com/mirrors.txt'
+#  register: kernel_version
-  when: ansible_distribution == 'Ubuntu'
+#
+#- name: Reboot a slow machine that might have lots of updates to apply
+#  ansible.builtin.reboot:
+#    reboot_timeout: 3600
+#  when: kernel_version is changed
+
+- name: Update all packages to their latest version
+  ansible.builtin.apt:
+    name: '*'
+    state: latest
 
 - name: Remove dependencies that are no longer required
   ansible.builtin.apt:

vars/Archlinux.yml

@@ -1,34 +0,0 @@
----
-sysadmin_packages:
-  - bash-completion
-  - curl
-  - dnsutils
-  - doas
-  - dosfstools
-  - ffmpeg
-  - file
-  - git
-  - gnupg
-  - htop
-  - jq
-  - mediainfo
-  - mtr
-  - net-tools
-  - netcat
-  - nginx
-  - p7zip
-  - parted
-  - pass
-  - psmisc
-  - rsync
-  - smartmontools
-  - tcpdump
-  - tmux
-  - tree
-  - unzip
-  - vi
-  - vim
-  - vim
-  - wget
-  - which
-  - whois

vars/Debian-12.yml

@@ -1,20 +0,0 @@
----
-sysadmin_packages:
-  - curl
-  - file
-  - bind9-dnsutils
-  - git
-  - gpg
-  - htop
-  - nftables
-  - iputils-ping
-  - jq
-  - net-tools
-  - netcat-traditional
-  - psmisc
-  - python-is-python3
-  - rsync
-  - tcpdump
-  - tmux
-  - tree
-  - vim

vars/Debian.yml

@@ -1,12 +1,11 @@
 ---
 sysadmin_packages:
   - curl
-  - file
   - dnsutils
   - git
   - gpg
   - htop
-# - iptables
+  - iptables
   - iputils-ping
   - jq
   - net-tools

vars/RedHat-7.yml

@@ -1,11 +0,0 @@
----
-sysadmin_packages:
-  - psmisc
-  - git
-  - net-tools
-  - psmisc
-  - rsync
-  - tcpdump
-  - tmux
-  - tree
-  - vim

vars/default.yml

@@ -1,18 +0,0 @@
----
-sysadmin_packages:
-  - curl
-  - file
-  - dnsutils
-  - git
-  - gpg
-  - htop
-  - jq
-  - net-tools
-  - netcat
-  - psmisc
-  - python-is-python3
-  - rsync
-  - tcpdump
-  - tmux
-  - tree
-  - vim