Compare commits
No commits in common. "a6b51b4cb40a768eaaeb6bdc0d4139c986bd364e" and "4b98ec14344e8e2c76d3ccd2609963cd9ba4c7b0" have entirely different histories.
a6b51b4cb4
...
4b98ec1434
16
README.md
16
README.md
@ -9,22 +9,6 @@ Most of the roles are adaptable for use with systems beyond ArchLinux, requiring
|
|||||||
- RHEL Systems are not currently supported due to restricted access to their repositories.
|
- RHEL Systems are not currently supported due to restricted access to their repositories.
|
||||||
A workaround could involve using an ISO as a local repository or setting up a proxy repository to facilitate access.
|
A workaround could involve using an ISO as a local repository or setting up a proxy repository to facilitate access.
|
||||||
|
|
||||||
# Supported Distributions
|
|
||||||
|
|
||||||
This playbook supports multiple Linux distributions with specific versions tailored to each. Below is a list of supported distributions:
|
|
||||||
|
|
||||||
| `os` | Distribution |
|
|
||||||
|------------|------------------------------------|
|
|
||||||
| archlinux | ArchLinux (Latest rolling release) |
|
|
||||||
| almalinux | AlmaLinux 8.x, 9.x |
|
|
||||||
| debian11 | Debian 11 (Bullseye) |
|
|
||||||
| debian12 | Debian 12 (Bookworm) |
|
|
||||||
| fedora | Fedora 40 |
|
|
||||||
| rocky | Rocky Linux 9.x |
|
|
||||||
| ubuntu | Ubuntu 23.10 (Mantic Minotaur) |
|
|
||||||
| ubuntu-lts | Ubuntu 22.04 LTS (Jammy Jellyfish) |
|
|
||||||
|
|
||||||
|
|
||||||
# Documentation
|
# Documentation
|
||||||
|
|
||||||
## Table of Contents
|
## Table of Contents
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
almalinux:
|
almalinux:
|
||||||
- bind-utils
|
- bind-utils
|
||||||
- cloud-init
|
- cloud-init
|
||||||
- dbus-daemon
|
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
@ -14,7 +13,6 @@ almalinux:
|
|||||||
- nfs-utils
|
- nfs-utils
|
||||||
- nfsv4-client-utils
|
- nfsv4-client-utils
|
||||||
- open-vm-tools
|
- open-vm-tools
|
||||||
- ppp
|
|
||||||
- shim
|
- shim
|
||||||
- telnet
|
- telnet
|
||||||
- vim
|
- vim
|
||||||
@ -32,7 +30,6 @@ archlinux:
|
|||||||
- fish
|
- fish
|
||||||
- grub
|
- grub
|
||||||
- htop
|
- htop
|
||||||
- libpwquality
|
|
||||||
- linux
|
- linux
|
||||||
- logrotate
|
- logrotate
|
||||||
- lrzsz
|
- lrzsz
|
||||||
@ -44,7 +41,6 @@ archlinux:
|
|||||||
- nfs-utils
|
- nfs-utils
|
||||||
- openssh
|
- openssh
|
||||||
- open-vm-tools
|
- open-vm-tools
|
||||||
- ppp
|
|
||||||
- prometheus-node-exporter
|
- prometheus-node-exporter
|
||||||
- python-psycopg2
|
- python-psycopg2
|
||||||
- qemu-guest-agent
|
- qemu-guest-agent
|
||||||
@ -144,22 +140,18 @@ fedora:
|
|||||||
- bind-utils
|
- bind-utils
|
||||||
- btrfs-progs
|
- btrfs-progs
|
||||||
- cloud-init
|
- cloud-init
|
||||||
- cronie
|
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
- grub2-efi
|
- grub2-efi
|
||||||
- logrotate
|
|
||||||
- lrzsz
|
- lrzsz
|
||||||
- lvm2
|
- lvm2
|
||||||
- nc
|
- nc
|
||||||
- nfs-utils
|
- nfs-utils
|
||||||
- nfsv4-client-utils
|
- nfsv4-client-utils
|
||||||
- open-vm-tools
|
- open-vm-tools
|
||||||
- polkit
|
|
||||||
- ppp
|
|
||||||
- shim
|
- shim
|
||||||
- telnet
|
- telnet
|
||||||
- vim-default-editor
|
- vim-default-editor
|
||||||
@ -197,7 +189,6 @@ rhel9:
|
|||||||
rocky:
|
rocky:
|
||||||
- bind-utils
|
- bind-utils
|
||||||
- cloud-init
|
- cloud-init
|
||||||
- dbus-daemon
|
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
@ -210,7 +201,6 @@ rocky:
|
|||||||
- nfs-utils
|
- nfs-utils
|
||||||
- nfsv4-client-utils
|
- nfsv4-client-utils
|
||||||
- open-vm-tools
|
- open-vm-tools
|
||||||
- ppp
|
|
||||||
- shim
|
- shim
|
||||||
- telnet
|
- telnet
|
||||||
- util-linux-core
|
- util-linux-core
|
||||||
|
|||||||
@ -65,7 +65,7 @@
|
|||||||
# - { regexp: '^PASS_MIN_DAYS.*', replace: 'PASS_MIN_DAYS 7' }
|
# - { regexp: '^PASS_MIN_DAYS.*', replace: 'PASS_MIN_DAYS 7' }
|
||||||
# - { regexp: '^UMASK.*', replace: 'UMASK 027' }
|
# - { regexp: '^UMASK.*', replace: 'UMASK 027' }
|
||||||
|
|
||||||
- name: Ensure files exist
|
- name: Create allow files
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: touch
|
state: touch
|
||||||
@ -73,8 +73,6 @@
|
|||||||
loop:
|
loop:
|
||||||
- /mnt/etc/at.allow
|
- /mnt/etc/at.allow
|
||||||
- /mnt/etc/cron.allow
|
- /mnt/etc/cron.allow
|
||||||
- /mnt/etc/hosts.allow
|
|
||||||
- /mnt/etc/hosts.deny
|
|
||||||
|
|
||||||
- name: Add Security related lines into config files
|
- name: Add Security related lines into config files
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@ -87,14 +85,14 @@
|
|||||||
- { path: '/mnt/etc/security/pwquality.conf', content: 'ucredit = -1' }
|
- { path: '/mnt/etc/security/pwquality.conf', content: 'ucredit = -1' }
|
||||||
- { path: '/mnt/etc/security/pwquality.conf', content: 'ocredit = -1' }
|
- { path: '/mnt/etc/security/pwquality.conf', content: 'ocredit = -1' }
|
||||||
- { path: '/mnt/etc/security/pwquality.conf', content: 'lcredit = -1' }
|
- { path: '/mnt/etc/security/pwquality.conf', content: 'lcredit = -1' }
|
||||||
- { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rocky"] else "bash.bashrc" }}', content: 'umask 077' }
|
- { path: '/mnt/etc/bash.bashrc', content: 'umask 077' }
|
||||||
- { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rocky"] else "bash.bashrc" }}', content: 'export TMOUT=3000' }
|
- { path: '/mnt/etc/bash.bashrc', content: 'export TMOUT=3000' }
|
||||||
- { path: '/mnt/{{ "usr/lib/systemd/journald.conf" if os == "fedora" else "etc/systemd/journald.conf" }}', content: 'Storage=persistent' }
|
- { path: '/mnt/etc/systemd/journald.conf', content: 'Storage=persistent' }
|
||||||
- { path: '/mnt/etc/sudoers', content: 'Defaults logfile="/var/log/sudo.log"' }
|
- { path: '/mnt/etc/sudoers', content: 'Defaults logfile="/var/log/sudo.log"' }
|
||||||
- { path: '/mnt/etc/pam.d/su', content: 'auth required pam_wheel.so' }
|
- { path: '/mnt/etc/pam.d/su', content: 'auth required pam_wheel.so' }
|
||||||
- { path: '/mnt/etc/{{ "pam.d/common-auth" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "authselect/system-auth" if os == "fedora" else "pam.d/system-auth" }}', content: 'auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900' }
|
- { path: '/mnt/etc/pam.d/common-auth', content: 'auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900' }
|
||||||
- { path: '/mnt/etc/{{ "pam.d/common-account" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "authselect/system-auth" if os == "fedora" else "pam.d/system-auth" }}', content: 'account required pam_faillock.so' }
|
- { path: '/mnt/etc/pam.d/common-account', content: 'account required pam_faillock.so' }
|
||||||
- { path: '/mnt/etc/pam.d/{{ "common-password" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "passwd" }}', content: 'password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5' }
|
- { path: '/mnt/etc/pam.d/common-password', content: 'password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5' }
|
||||||
- { path: '/mnt/etc/hosts.deny', content: 'ALL: ALL' }
|
- { path: '/mnt/etc/hosts.deny', content: 'ALL: ALL' }
|
||||||
- { path: '/mnt/etc/hosts.allow', content: 'sshd: ALL' }
|
- { path: '/mnt/etc/hosts.allow', content: 'sshd: ALL' }
|
||||||
|
|
||||||
@ -114,8 +112,12 @@
|
|||||||
- { path: '/mnt/etc/crontab', mode: '0600' }
|
- { path: '/mnt/etc/crontab', mode: '0600' }
|
||||||
- { path: '/mnt/etc/logrotate.conf', mode: '0644' }
|
- { path: '/mnt/etc/logrotate.conf', mode: '0644' }
|
||||||
- { path: '/mnt/usr/sbin/pppd', mode: '754' }
|
- { path: '/mnt/usr/sbin/pppd', mode: '754' }
|
||||||
- { path: '/mnt/usr/bin/{{ "fusermount3" if os in ["archlinux", "debian12", "fedora"] else "fusermount" }}', mode: '755' }
|
- { path: '/mnt/usr/lib/dbus-1.0/dbus-daemon-launch-helper', mode: '754' }
|
||||||
|
- { path: '/mnt/usr/libexec/polkit-agent-helper-1', mode: '755' }
|
||||||
|
- { path: '/mnt/usr/bin/{{ "fusermount" if os == "debian11" else "fusermount3" }}', mode: '755' }
|
||||||
- { path: '/mnt/usr/bin/{{ "write.ul" if os == "debian11" else "write" }}', mode: '755' }
|
- { path: '/mnt/usr/bin/{{ "write.ul" if os == "debian11" else "write" }}', mode: '755' }
|
||||||
|
- { path: '/mnt/usr/lib/x86_64-linux-gnu/utempter/utempter', mode: '755' }
|
||||||
|
- { path: '/mnt/home/svcansible', mode: '750' }
|
||||||
|
|
||||||
- name: Adjust SSHD config
|
- name: Adjust SSHD config
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|||||||
@ -97,6 +97,7 @@
|
|||||||
command: arch-chroot /mnt {% if os | lower == "archlinux" %}/usr/sbin/mkinitcpio -P{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %}/usr/bin/dracut --regenerate-all --force{% else %}echo "Skipping initramfs regeneration"{% endif %}
|
command: arch-chroot /mnt {% if os | lower == "archlinux" %}/usr/sbin/mkinitcpio -P{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %}/usr/bin/dracut --regenerate-all --force{% else %}echo "Skipping initramfs regeneration"{% endif %}
|
||||||
|
|
||||||
- name: Extra Configuration
|
- name: Extra Configuration
|
||||||
|
when: os | lower != "archlinux"
|
||||||
block:
|
block:
|
||||||
- name: Append lines to vimrc
|
- name: Append lines to vimrc
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
@ -112,7 +113,6 @@
|
|||||||
- "set mouse=a"
|
- "set mouse=a"
|
||||||
|
|
||||||
- name: Copy FirstRun Script
|
- name: Copy FirstRun Script
|
||||||
when: os | lower != "archlinux"
|
|
||||||
template:
|
template:
|
||||||
src: firstrun.sh.j2
|
src: firstrun.sh.j2
|
||||||
dest: /mnt/root/firstrun.sh
|
dest: /mnt/root/firstrun.sh
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user