From 0d697bec310f0c68ee851eeac429594f593aeb51 Mon Sep 17 00:00:00 2001 From: Theodotos Andreou Date: Wed, 6 Jun 2018 13:52:16 -0700 Subject: [PATCH] Initial Commit --- .gitignore | 2 + README.md | 30 +++++++++ init_system.yml | 93 ++++++++++++++++++++++++++++ templates/bashrc.j2 | 117 +++++++++++++++++++++++++++++++++++ templates/chrony.conf.j2 | 46 ++++++++++++++ templates/screenrc.j2 | 108 ++++++++++++++++++++++++++++++++ templates/selected_editor.j2 | 1 + templates/vimrc.j2 | 52 ++++++++++++++++ templates/vimrc.local.j2 | 1 + vars/all.yml.example | 2 + 10 files changed, 452 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 init_system.yml create mode 100644 templates/bashrc.j2 create mode 100644 templates/chrony.conf.j2 create mode 100644 templates/screenrc.j2 create mode 100644 templates/selected_editor.j2 create mode 100644 templates/vimrc.j2 create mode 100644 templates/vimrc.local.j2 create mode 100644 vars/all.yml.example diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b4be227 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +vars/all.yml +*.retry diff --git a/README.md b/README.md new file mode 100644 index 0000000..6dcab35 --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +# Initialize Linux Servers + +This is an Ansible Playbook for initilazing Debian and Ubuntu Linux Servers + +## Prerequisites + +Some Debian/Ubuntu Linux Servers, VMs or Containers + +## Usage + +Clone the repo: + +``` +$ git clone https://git.cut.ac.cy/IST/ansible-initialize-servers.git +$ cd ansible-initialize-servers +``` + +Setup your environment. You can copy the examle file (*vars/all.yml.example*) to *vars/all.yml* or prepare your own: + +``` +# vars/all.yml +custom_ssh_port: 4444 +timezone: "Europe/Nicosia" +``` + +Adjust your hosts in */etc/ansible/hosts* and in *init_system.yml* and run the Playbook: + +``` +$ ansible-playbook init_system.yml +``` diff --git a/init_system.yml b/init_system.yml new file mode 100644 index 0000000..ab01188 --- /dev/null +++ b/init_system.yml @@ -0,0 +1,93 @@ +--- +- hosts: personal + user: root + + tasks: + + - include_vars: vars/all.yml + + - name: Install essential and optional packages + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - vim + - byobu + - screen + - curl + - unzip + - ufw + - htop + - multitail + - chrony + - ca-certificates + - unattended-upgrades + - downtimed + + - name: Copy the templates over + template: + src: "{{ item.source }}" + dest: "{{ item.destination }}" + with_items: + - { source: templates/vimrc.j2, destination: /etc/vim/vimrc } + - { source: templates/vimrc.local.j2, destination: /root/.vimrc } + - { source: templates/selected_editor.j2, destination: /root/.selected_editor } + - { source: templates/bashrc.j2, destination: /root/.bashrc } + - { source: templates/bashrc.j2, destination: /etc/skel/.bashrc } + + - name: Set vim as the default editor + alternatives: + name: editor + path: /usr/bin/vim.basic + + - name: Set timezone + timezone: + name: "{{ timezone }}" + + - name: Generate locales + locale_gen: + name: en_US.UTF-8 + state: present + with_items: + - en_US.UTF-8 + - el_CY.UTF-8 + + - name: Customize SSH + lineinfile: + path: /etc/ssh/sshd_config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^#?Port 22", line: "Port 22" } + - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" } + - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" } + notify: + - Restart SSH + + - name: Configure UFW + ufw: + rule: allow + proto: tcp + direction: in + to_port: "{{ item }}" + dest: any + src: any + with_items: + - 22 + - 80 + - 443 + - "{{ custom_ssh_port }}" + notify: + - Enable UFW + + handlers: + + - name: Restart SSH + service: + name: ssh + state: restarted + + - name: Enable UFW + ufw: + state: enabled diff --git a/templates/bashrc.j2 b/templates/bashrc.j2 new file mode 100644 index 0000000..8ecc01c --- /dev/null +++ b/templates/bashrc.j2 @@ -0,0 +1,117 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=16000 +HISTFILESIZE=32000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +# some more ls aliases +alias ll='ls -l' +alias la='ls -A' +alias l='ls -CF' +alias rm='rm -i' +alias cp='cp -i' +alias mv='mv -i' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +[ -r /root/.byobu/prompt ] && . /root/.byobu/prompt #byobu-prompt# diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2 new file mode 100644 index 0000000..cd510cd --- /dev/null +++ b/templates/chrony.conf.j2 @@ -0,0 +1,46 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. + +# This will use (up to): +# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled +# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well +# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) +# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only +# sources will be used. +# At the same time it retains some protection against one of the entries being +# down (compare to just using one of the lines). See (LP: #1754358) for the +# discussion. +# +# About using servers from the NTP Pool Project in general see (LP: #104525). +# Approved by Ubuntu Technical Board on 2011-02-08. +# See http://www.pool.ntp.org/join.html for more information. +server ntp.cut.ac.cy +#pool ntp.ubuntu.com iburst maxsources 4 +#pool 0.ubuntu.pool.ntp.org iburst maxsources 1 +#pool 1.ubuntu.pool.ntp.org iburst maxsources 1 +#pool 2.ubuntu.pool.ntp.org iburst maxsources 2 + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/templates/screenrc.j2 b/templates/screenrc.j2 new file mode 100644 index 0000000..fc56b8d --- /dev/null +++ b/templates/screenrc.j2 @@ -0,0 +1,108 @@ +# $Id: screenrc,v 1.15 2003/10/08 11:39:03 zal Exp $ +# +# /etc/screenrc +# +# This is the system wide screenrc. +# +# You can use this file to change the default behavior of screen system wide +# or copy it to ~/.screenrc and use it as a starting point for your own +# settings. +# +# Commands in this file are used to set options, bind screen functions to +# keys, redefine terminal capabilities, and to automatically establish one or +# more windows at the beginning of your screen session. +# +# This is not a comprehensive list of options, look at the screen manual for +# details on everything that you can put in this file. +# + +# ------------------------------------------------------------------------------ +# SCREEN SETTINGS +# ------------------------------------------------------------------------------ + +#startup_message off +#nethack on + +#defflow on # will force screen to process ^S/^Q +deflogin on +#autodetach off + +# turn visual bell on +vbell on +vbell_msg " Wuff ---- Wuff!! " + +# define a bigger scrollback, default is 100 lines +defscrollback 1024 + +# ------------------------------------------------------------------------------ +# SCREEN KEYBINDINGS +# ------------------------------------------------------------------------------ + +# Remove some stupid / dangerous key bindings +bind ^k +#bind L +bind ^\ +# Make them better +bind \\ quit +bind K kill +bind I login on +bind O login off +bind } history + +# An example of a "screen scraper" which will launch urlview on the current +# screen window +# +#bind ^B eval "hardcopy_append off" "hardcopy -h $HOME/.screen-urlview" "screen urlview $HOME/.screen-urlview" + +# ------------------------------------------------------------------------------ +# TERMINAL SETTINGS +# ------------------------------------------------------------------------------ + +# The vt100 description does not mention "dl". *sigh* +termcapinfo vt100 dl=5\E[M + +# turn sending of screen messages to hardstatus off +hardstatus off +# Set the hardstatus prop on gui terms to set the titlebar/icon title +#termcapinfo xterm*|rxvt*|kterm*|Eterm* hs:ts=\E]0;:fs=\007:ds=\E]0;\007 +# use this for the hard status string +hardstatus string "%h%? users: %u%?" + +# An alternative hardstatus to display a bar at the bottom listing the +# windownames and highlighting the current windowname in blue. (This is only +# enabled if there is no hardstatus setting for your terminal) +# +hardstatus lastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<" + +# set these terminals up to be 'optimal' instead of vt100 +termcapinfo xterm*|linux*|rxvt*|Eterm* OP + +# Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E> +# (This fixes the "Aborted because of window size change" konsole symptoms found +# in bug #134198) +termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l' + +# To get screen to add lines to xterm's scrollback buffer, uncomment the +# following termcapinfo line which tells xterm to use the normal screen buffer +# (which has scrollback), not the alternate screen buffer. +# +#termcapinfo xterm|xterms|xs|rxvt ti@:te@ + +# Enable non-blocking mode to better cope with flaky ssh connections. +defnonblock 5 + +# ------------------------------------------------------------------------------ +# STARTUP SCREENS +# ------------------------------------------------------------------------------ + +# Example of automatically running some programs in windows on screen startup. +# +# The following will open top in the first window, an ssh session to monkey +# in the next window, and then open mutt and tail in windows 8 and 9 +# respectively. +# +# screen top +# screen -t monkey ssh monkey +# screen -t mail 8 mutt +# screen -t daemon 9 tail -f /var/log/daemon.log + diff --git a/templates/selected_editor.j2 b/templates/selected_editor.j2 new file mode 100644 index 0000000..a0e916c --- /dev/null +++ b/templates/selected_editor.j2 @@ -0,0 +1 @@ +SELECTED_EDITOR="/usr/bin/vim.basic" diff --git a/templates/vimrc.j2 b/templates/vimrc.j2 new file mode 100644 index 0000000..c00422f --- /dev/null +++ b/templates/vimrc.j2 @@ -0,0 +1,52 @@ +" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by +" the call to :runtime you can find below. If you wish to change any of those +" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim +" will be overwritten everytime an upgrade of the vim packages is performed. +" It is recommended to make changes after sourcing debian.vim since it alters +" the value of the 'compatible' option. + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +" Uncomment the next line to make Vim more Vi-compatible +" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous +" options, so any other options should be set AFTER setting 'compatible'. +"set compatible + +" Vim5 and later versions support syntax highlighting. Uncommenting the next +" line enables syntax highlighting by default. +syntax on + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +" Uncomment the following to have Vim jump to the last position when +" reopening a file +if has("autocmd") + au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif +endif + +" Uncomment the following to have Vim load indentation rules and plugins +" according to the detected filetype. +"if has("autocmd") +" filetype plugin indent on +"endif + +" The following are commented out as they cause vim to behave a lot +" differently from regular Vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +set ignorecase " Do case insensitive matching +set smartcase " Do smart case matching +set incsearch " Incremental search +set autowrite " Automatically save before commands like :next and :make +set hidden " Hide buffers when they are abandoned +set mouse-=a " Enable mouse usage (all modes) + +" Source a global configuration file if available +if filereadable("/etc/vim/vimrc.local") + source /etc/vim/vimrc.local +endif + diff --git a/templates/vimrc.local.j2 b/templates/vimrc.local.j2 new file mode 100644 index 0000000..0f457db --- /dev/null +++ b/templates/vimrc.local.j2 @@ -0,0 +1 @@ +set mouse-=a diff --git a/vars/all.yml.example b/vars/all.yml.example new file mode 100644 index 0000000..00826f7 --- /dev/null +++ b/vars/all.yml.example @@ -0,0 +1,2 @@ +custom_ssh_port: 4444 +timezone: "Europe/Nicosia"