From e4593e3072a6ad6d16546c3e7997797d6c556667 Mon Sep 17 00:00:00 2001 From: c0de Date: Thu, 19 Dec 2024 21:17:03 -0600 Subject: [PATCH] Create role to setup ubuntu server --- .gitignore | 1 + roles/ubuntu/README.md | 72 +++++++++++++++++++++++++++++++++ roles/ubuntu/defaults/main.yml | 7 ++++ roles/ubuntu/handlers/main.yml | 11 +++++ roles/ubuntu/meta/main.yml | 22 ++++++++++ roles/ubuntu/tasks/main.yml | 14 +++++++ roles/ubuntu/tasks/packages.yml | 15 +++++++ roles/ubuntu/tasks/services.yml | 13 ++++++ roles/ubuntu/tasks/upgrades.yml | 21 ++++++++++ roles/ubuntu/tasks/users.yml | 34 ++++++++++++++++ roles/ubuntu/vars/main.yml | 4 ++ setup-ubuntu.yml | 7 ++++ 12 files changed, 221 insertions(+) create mode 100644 .gitignore create mode 100644 roles/ubuntu/README.md create mode 100644 roles/ubuntu/defaults/main.yml create mode 100644 roles/ubuntu/handlers/main.yml create mode 100644 roles/ubuntu/meta/main.yml create mode 100644 roles/ubuntu/tasks/main.yml create mode 100644 roles/ubuntu/tasks/packages.yml create mode 100644 roles/ubuntu/tasks/services.yml create mode 100644 roles/ubuntu/tasks/upgrades.yml create mode 100644 roles/ubuntu/tasks/users.yml create mode 100644 roles/ubuntu/vars/main.yml create mode 100644 setup-ubuntu.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1d17dae --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.venv diff --git a/roles/ubuntu/README.md b/roles/ubuntu/README.md new file mode 100644 index 0000000..a84cf3a --- /dev/null +++ b/roles/ubuntu/README.md @@ -0,0 +1,72 @@ +Ubuntu +========= + +Sets up an Ubuntu server + +- Installs Updates +- Disables Services +- Installs Packages +- Installs Users and Groups + +Role Variables +-------------- + +Inputs (defaults): + +- `ubuntu_disable_services` + - Type: `list[str]` + - Default: `[]` + - Description: SystemD service names to disable (including .service/.socket/etc) +- `ubuntu_install_packages` + - Type: `list[str]` + - Default: `[]` + - Description: Packages to install through APT +- `ubuntu_groups` + - Type: `list[str]` + - Default: `[]` + - Description: List of groups to create +- `ubuntu_users` + - Type: `list[dict]` + - Default: `[]` + - Description: List of user dictionaries + +Vars: + +- `ubuntu_passwordless_sudo_group` + - Type: `str` + - Default: `wheel` + - Description: The user group that will have passwordless sudo + +Example Playbook +---------------- + +```yaml +- name: Setup Ubuntu + hosts: ubuntu + become: true + vars: + ubuntu_disable_services: + - unattended-upgrades.service + ubuntu_install_packages: + - build-essential + ubuntu_groups: + - sudo + ubuntu_users: + - name: ansible + ssh_key: ssh-rsa AAAAB... + groups: + - sudo + - wheel + roles: + - role: ubuntu +``` + +License +------- + +BSD-3-Clause + +Author Information +------------------ + +- [Code Fox](https://c0de.dev) diff --git a/roles/ubuntu/defaults/main.yml b/roles/ubuntu/defaults/main.yml new file mode 100644 index 0000000..6cf5a15 --- /dev/null +++ b/roles/ubuntu/defaults/main.yml @@ -0,0 +1,7 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +ubuntu_disable_services: [] +ubuntu_install_packages: [] +ubuntu_groups: [] +ubuntu_users: [] diff --git a/roles/ubuntu/handlers/main.yml b/roles/ubuntu/handlers/main.yml new file mode 100644 index 0000000..66ac8aa --- /dev/null +++ b/roles/ubuntu/handlers/main.yml @@ -0,0 +1,11 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +- name: Reboot Server + ansible.builtin.reboot: + +- name: Clean apt cache + ansible.builtin.apt: + autoclean: true + autoremove: true + purge: true diff --git a/roles/ubuntu/meta/main.yml b/roles/ubuntu/meta/main.yml new file mode 100644 index 0000000..ec2642f --- /dev/null +++ b/roles/ubuntu/meta/main.yml @@ -0,0 +1,22 @@ +#SPDX-License-Identifier: BSD-3-Clause +galaxy_info: + author: Code Fox + company: Code Fox LLC + license: BSD-3-Clause + + description: | + Sets up an Ubuntu server + + - Installs Updates + - Disables Services + - Installs Packages + - Installs Users and Groups + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + min_ansible_version: "2.18" + galaxy_tags: + - ubuntu + - c0defox diff --git a/roles/ubuntu/tasks/main.yml b/roles/ubuntu/tasks/main.yml new file mode 100644 index 0000000..a3155ae --- /dev/null +++ b/roles/ubuntu/tasks/main.yml @@ -0,0 +1,14 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +- name: Install Updates + ansible.builtin.include_tasks: upgrades.yml + +- name: Disable Services + ansible.builtin.include_tasks: services.yml + +- name: Install Packages + ansible.builtin.include_tasks: packages.yml + +- name: Setup Users + ansible.builtin.include_tasks: users.yml diff --git a/roles/ubuntu/tasks/packages.yml b/roles/ubuntu/tasks/packages.yml new file mode 100644 index 0000000..5a85b66 --- /dev/null +++ b/roles/ubuntu/tasks/packages.yml @@ -0,0 +1,15 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +- name: Update apt cache + ansible.builtin.apt: + update_cache: true + +- name: Install Packages + ansible.builtin.apt: + name: "{{ item }}" + state: present + loop: "{{ ubuntu_install_packages }}" + notify: + - Clean apt cache + - Reboot Server diff --git a/roles/ubuntu/tasks/services.yml b/roles/ubuntu/tasks/services.yml new file mode 100644 index 0000000..9628ae2 --- /dev/null +++ b/roles/ubuntu/tasks/services.yml @@ -0,0 +1,13 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +- name: Disable Services + ansible.builtin.systemd_service: + enabled: false + masked: true + name: "{{ item }}" + loop: "{{ ubuntu_disable_services }}" + +- name: Reload SystemD + ansible.builtin.systemd_service: + daemon_reload: true diff --git a/roles/ubuntu/tasks/upgrades.yml b/roles/ubuntu/tasks/upgrades.yml new file mode 100644 index 0000000..83837d9 --- /dev/null +++ b/roles/ubuntu/tasks/upgrades.yml @@ -0,0 +1,21 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +- name: Update apt cache + ansible.builtin.apt: + update_cache: true + +- name: Update existing packages to latest version + ansible.builtin.apt: + name: "*" + state: latest + notify: + - Reboot Server + +- name: Upgrade the OS (apt-get dist-upgrade) + ansible.builtin.apt: + upgrade: dist + notify: + - Clean apt cache + - Reboot Server + diff --git a/roles/ubuntu/tasks/users.yml b/roles/ubuntu/tasks/users.yml new file mode 100644 index 0000000..6ddba32 --- /dev/null +++ b/roles/ubuntu/tasks/users.yml @@ -0,0 +1,34 @@ +--- + +- name: "Setup {{ ubuntu_passwordless_sudo_group }} group" + ansible.builtin.group: + state: present + name: "{{ ubuntu_passwordless_sudo_group }}" + +- name: "Add {{ ubuntu_passwordless_sudo_group }} group to sudoers" + lineinfile: + path: /etc/sudoers + state: present + regexp: "^%{{ ubuntu_passwordless_sudo_group }}" + line: "%{{ ubuntu_passwordless_sudo_group }} ALL=(ALL) NOPASSWD: ALL" + validate: 'visudo -cf %s' + +- name: Setup Groups + ansible.builtin.group: + state: present + name: "{{ item }}" + loop: "{{ ubuntu_groups }}" + +- name: Setup Users + ansible.builtin.user: + state: present + name: "{{ item.name }}" + groups: "{{ item.groups }}" + loop: "{{ ubuntu_users }}" + +- name: Set Authorized ssh key + ansible.posix.authorized_key: + state: present + user: "{{ item.name }}" + key: "{{ item.ssh_key }}" + loop: "{{ ubuntu_users }}" diff --git a/roles/ubuntu/vars/main.yml b/roles/ubuntu/vars/main.yml new file mode 100644 index 0000000..6ebcad7 --- /dev/null +++ b/roles/ubuntu/vars/main.yml @@ -0,0 +1,4 @@ +#SPDX-License-Identifier: BSD-3-Clause +--- + +ubuntu_passwordless_sudo_group: wheel diff --git a/setup-ubuntu.yml b/setup-ubuntu.yml new file mode 100644 index 0000000..53aa2de --- /dev/null +++ b/setup-ubuntu.yml @@ -0,0 +1,7 @@ +--- + +- name: Setup Ubuntu + hosts: ubuntu + become: true + roles: + - role: ubuntu