Create role to setup ubuntu server

.gitignore

@@ -0,0 +1 @@
+.venv

roles/ubuntu/README.md

@@ -0,0 +1,72 @@
+Ubuntu
+=========
+
+Sets up an Ubuntu server
+
+- Installs Updates
+- Disables Services
+- Installs Packages
+- Installs Users and Groups
+
+Role Variables
+--------------
+
+Inputs (defaults):
+
+- `ubuntu_disable_services`
+  - Type: `list[str]`
+  - Default: `[]`
+  - Description: SystemD service names to disable (including .service/.socket/etc)
+- `ubuntu_install_packages`
+  - Type: `list[str]`
+  - Default: `[]`
+  - Description: Packages to install through APT
+- `ubuntu_groups`
+  - Type: `list[str]`
+  - Default: `[]`
+  - Description: List of groups to create
+- `ubuntu_users`
+  - Type: `list[dict]`
+  - Default: `[]`
+  - Description: List of user dictionaries
+
+Vars:
+
+- `ubuntu_passwordless_sudo_group`
+  - Type: `str`
+  - Default: `wheel`
+  - Description: The user group that will have passwordless sudo
+
+Example Playbook
+----------------
+
+```yaml
+- name: Setup Ubuntu
+  hosts: ubuntu
+  become: true
+  vars:
+    ubuntu_disable_services:
+      - unattended-upgrades.service
+    ubuntu_install_packages:
+      - build-essential
+    ubuntu_groups:
+      - sudo
+    ubuntu_users:
+      - name: ansible
+        ssh_key: ssh-rsa AAAAB...
+        groups:
+        - sudo
+        - wheel
+  roles:
+    - role: ubuntu
+```
+
+License
+-------
+
+BSD-3-Clause
+
+Author Information
+------------------
+
+- [Code Fox](https://c0de.dev)

roles/ubuntu/defaults/main.yml

@@ -0,0 +1,7 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+ubuntu_disable_services: []
+ubuntu_install_packages: []
+ubuntu_groups: []
+ubuntu_users: []

roles/ubuntu/handlers/main.yml

@@ -0,0 +1,11 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+- name: Reboot Server
+  ansible.builtin.reboot:
+
+- name: Clean apt cache
+  ansible.builtin.apt:
+    autoclean: true
+    autoremove: true
+    purge: true

roles/ubuntu/meta/main.yml

@@ -0,0 +1,22 @@
+#SPDX-License-Identifier: BSD-3-Clause
+galaxy_info:
+  author: Code Fox
+  company: Code Fox LLC
+  license: BSD-3-Clause
+
+  description: |
+    Sets up an Ubuntu server
+
+    - Installs Updates
+    - Disables Services
+    - Installs Packages
+    - Installs Users and Groups
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  min_ansible_version: "2.18"
+  galaxy_tags:
+    - ubuntu
+    - c0defox

roles/ubuntu/tasks/main.yml

@@ -0,0 +1,14 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+- name: Install Updates
+  ansible.builtin.include_tasks: upgrades.yml
+
+- name: Disable Services
+  ansible.builtin.include_tasks: services.yml
+
+- name: Install Packages
+  ansible.builtin.include_tasks: packages.yml
+
+- name: Setup Users
+  ansible.builtin.include_tasks: users.yml

roles/ubuntu/tasks/packages.yml

@@ -0,0 +1,15 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install Packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ ubuntu_install_packages }}"
+  notify:
+    - Clean apt cache
+    - Reboot Server

roles/ubuntu/tasks/services.yml

@@ -0,0 +1,13 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+- name: Disable Services
+  ansible.builtin.systemd_service:
+    enabled: false
+    masked: true
+    name: "{{ item }}"
+  loop: "{{ ubuntu_disable_services }}"
+
+- name: Reload SystemD
+  ansible.builtin.systemd_service:
+    daemon_reload: true

roles/ubuntu/tasks/upgrades.yml

@@ -0,0 +1,21 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Update existing packages to latest version
+  ansible.builtin.apt:
+    name: "*"
+    state: latest
+  notify:
+    - Reboot Server
+
+- name: Upgrade the OS (apt-get dist-upgrade)
+  ansible.builtin.apt:
+    upgrade: dist
+  notify:
+    - Clean apt cache
+    - Reboot Server
+

roles/ubuntu/tasks/users.yml

@@ -0,0 +1,34 @@
+---
+
+- name: "Setup {{ ubuntu_passwordless_sudo_group }} group"
+  ansible.builtin.group:
+    state: present
+    name: "{{ ubuntu_passwordless_sudo_group }}"
+
+- name: "Add {{ ubuntu_passwordless_sudo_group }} group to sudoers"
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: "^%{{ ubuntu_passwordless_sudo_group }}"
+    line: "%{{ ubuntu_passwordless_sudo_group }} ALL=(ALL) NOPASSWD: ALL"
+    validate: 'visudo -cf %s'
+
+- name: Setup Groups
+  ansible.builtin.group:
+    state: present
+    name: "{{ item }}"
+  loop: "{{ ubuntu_groups }}"
+
+- name: Setup Users
+  ansible.builtin.user:
+    state: present
+    name: "{{ item.name }}"
+    groups: "{{ item.groups }}"
+  loop: "{{ ubuntu_users }}"
+
+- name: Set Authorized ssh key
+  ansible.posix.authorized_key:
+    state: present
+    user: "{{ item.name }}"
+    key: "{{ item.ssh_key }}"
+  loop: "{{ ubuntu_users }}"

roles/ubuntu/vars/main.yml

@@ -0,0 +1,4 @@
+#SPDX-License-Identifier: BSD-3-Clause
+---
+
+ubuntu_passwordless_sudo_group: wheel

setup-ubuntu.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Setup Ubuntu
+  hosts: ubuntu
+  become: true
+  roles:
+    - role: ubuntu