Create role to setup ubuntu server
This commit is contained in:
commit
e4593e3072
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.venv
|
72
roles/ubuntu/README.md
Normal file
72
roles/ubuntu/README.md
Normal file
@ -0,0 +1,72 @@
|
||||
Ubuntu
|
||||
=========
|
||||
|
||||
Sets up an Ubuntu server
|
||||
|
||||
- Installs Updates
|
||||
- Disables Services
|
||||
- Installs Packages
|
||||
- Installs Users and Groups
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
Inputs (defaults):
|
||||
|
||||
- `ubuntu_disable_services`
|
||||
- Type: `list[str]`
|
||||
- Default: `[]`
|
||||
- Description: SystemD service names to disable (including .service/.socket/etc)
|
||||
- `ubuntu_install_packages`
|
||||
- Type: `list[str]`
|
||||
- Default: `[]`
|
||||
- Description: Packages to install through APT
|
||||
- `ubuntu_groups`
|
||||
- Type: `list[str]`
|
||||
- Default: `[]`
|
||||
- Description: List of groups to create
|
||||
- `ubuntu_users`
|
||||
- Type: `list[dict]`
|
||||
- Default: `[]`
|
||||
- Description: List of user dictionaries
|
||||
|
||||
Vars:
|
||||
|
||||
- `ubuntu_passwordless_sudo_group`
|
||||
- Type: `str`
|
||||
- Default: `wheel`
|
||||
- Description: The user group that will have passwordless sudo
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```yaml
|
||||
- name: Setup Ubuntu
|
||||
hosts: ubuntu
|
||||
become: true
|
||||
vars:
|
||||
ubuntu_disable_services:
|
||||
- unattended-upgrades.service
|
||||
ubuntu_install_packages:
|
||||
- build-essential
|
||||
ubuntu_groups:
|
||||
- sudo
|
||||
ubuntu_users:
|
||||
- name: ansible
|
||||
ssh_key: ssh-rsa AAAAB...
|
||||
groups:
|
||||
- sudo
|
||||
- wheel
|
||||
roles:
|
||||
- role: ubuntu
|
||||
```
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD-3-Clause
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
- [Code Fox](https://c0de.dev)
|
7
roles/ubuntu/defaults/main.yml
Normal file
7
roles/ubuntu/defaults/main.yml
Normal file
@ -0,0 +1,7 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
ubuntu_disable_services: []
|
||||
ubuntu_install_packages: []
|
||||
ubuntu_groups: []
|
||||
ubuntu_users: []
|
11
roles/ubuntu/handlers/main.yml
Normal file
11
roles/ubuntu/handlers/main.yml
Normal file
@ -0,0 +1,11 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Reboot Server
|
||||
ansible.builtin.reboot:
|
||||
|
||||
- name: Clean apt cache
|
||||
ansible.builtin.apt:
|
||||
autoclean: true
|
||||
autoremove: true
|
||||
purge: true
|
22
roles/ubuntu/meta/main.yml
Normal file
22
roles/ubuntu/meta/main.yml
Normal file
@ -0,0 +1,22 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
galaxy_info:
|
||||
author: Code Fox
|
||||
company: Code Fox LLC
|
||||
license: BSD-3-Clause
|
||||
|
||||
description: |
|
||||
Sets up an Ubuntu server
|
||||
|
||||
- Installs Updates
|
||||
- Disables Services
|
||||
- Installs Packages
|
||||
- Installs Users and Groups
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
min_ansible_version: "2.18"
|
||||
galaxy_tags:
|
||||
- ubuntu
|
||||
- c0defox
|
14
roles/ubuntu/tasks/main.yml
Normal file
14
roles/ubuntu/tasks/main.yml
Normal file
@ -0,0 +1,14 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Install Updates
|
||||
ansible.builtin.include_tasks: upgrades.yml
|
||||
|
||||
- name: Disable Services
|
||||
ansible.builtin.include_tasks: services.yml
|
||||
|
||||
- name: Install Packages
|
||||
ansible.builtin.include_tasks: packages.yml
|
||||
|
||||
- name: Setup Users
|
||||
ansible.builtin.include_tasks: users.yml
|
15
roles/ubuntu/tasks/packages.yml
Normal file
15
roles/ubuntu/tasks/packages.yml
Normal file
@ -0,0 +1,15 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Install Packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ ubuntu_install_packages }}"
|
||||
notify:
|
||||
- Clean apt cache
|
||||
- Reboot Server
|
13
roles/ubuntu/tasks/services.yml
Normal file
13
roles/ubuntu/tasks/services.yml
Normal file
@ -0,0 +1,13 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Disable Services
|
||||
ansible.builtin.systemd_service:
|
||||
enabled: false
|
||||
masked: true
|
||||
name: "{{ item }}"
|
||||
loop: "{{ ubuntu_disable_services }}"
|
||||
|
||||
- name: Reload SystemD
|
||||
ansible.builtin.systemd_service:
|
||||
daemon_reload: true
|
21
roles/ubuntu/tasks/upgrades.yml
Normal file
21
roles/ubuntu/tasks/upgrades.yml
Normal file
@ -0,0 +1,21 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Update existing packages to latest version
|
||||
ansible.builtin.apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
notify:
|
||||
- Reboot Server
|
||||
|
||||
- name: Upgrade the OS (apt-get dist-upgrade)
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
notify:
|
||||
- Clean apt cache
|
||||
- Reboot Server
|
||||
|
34
roles/ubuntu/tasks/users.yml
Normal file
34
roles/ubuntu/tasks/users.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
|
||||
- name: "Setup {{ ubuntu_passwordless_sudo_group }} group"
|
||||
ansible.builtin.group:
|
||||
state: present
|
||||
name: "{{ ubuntu_passwordless_sudo_group }}"
|
||||
|
||||
- name: "Add {{ ubuntu_passwordless_sudo_group }} group to sudoers"
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: "^%{{ ubuntu_passwordless_sudo_group }}"
|
||||
line: "%{{ ubuntu_passwordless_sudo_group }} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- name: Setup Groups
|
||||
ansible.builtin.group:
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
loop: "{{ ubuntu_groups }}"
|
||||
|
||||
- name: Setup Users
|
||||
ansible.builtin.user:
|
||||
state: present
|
||||
name: "{{ item.name }}"
|
||||
groups: "{{ item.groups }}"
|
||||
loop: "{{ ubuntu_users }}"
|
||||
|
||||
- name: Set Authorized ssh key
|
||||
ansible.posix.authorized_key:
|
||||
state: present
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.ssh_key }}"
|
||||
loop: "{{ ubuntu_users }}"
|
4
roles/ubuntu/vars/main.yml
Normal file
4
roles/ubuntu/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
#SPDX-License-Identifier: BSD-3-Clause
|
||||
---
|
||||
|
||||
ubuntu_passwordless_sudo_group: wheel
|
7
setup-ubuntu.yml
Normal file
7
setup-ubuntu.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- name: Setup Ubuntu
|
||||
hosts: ubuntu
|
||||
become: true
|
||||
roles:
|
||||
- role: ubuntu
|
Loading…
Reference in New Issue
Block a user