@@ -0,0 +1,2 @@ | |||||
vars/all.yml | |||||
*.retry |
@@ -0,0 +1,30 @@ | |||||
# Initialize Linux Servers | |||||
This is an Ansible Playbook for initilazing Debian and Ubuntu Linux Servers | |||||
## Prerequisites | |||||
Some Debian/Ubuntu Linux Servers, VMs or Containers | |||||
## Usage | |||||
Clone the repo: | |||||
``` | |||||
$ git clone https://git.cut.ac.cy/IST/ansible-initialize-servers.git | |||||
$ cd ansible-initialize-servers | |||||
``` | |||||
Setup your environment. You can copy the examle file (*vars/all.yml.example*) to *vars/all.yml* or prepare your own: | |||||
``` | |||||
# vars/all.yml | |||||
custom_ssh_port: 4444 | |||||
timezone: "Europe/Nicosia" | |||||
``` | |||||
Adjust your hosts in */etc/ansible/hosts* and in *init_system.yml* and run the Playbook: | |||||
``` | |||||
$ ansible-playbook init_system.yml | |||||
``` |
@@ -0,0 +1,93 @@ | |||||
--- | |||||
- hosts: personal | |||||
user: root | |||||
tasks: | |||||
- include_vars: vars/all.yml | |||||
- name: Install essential and optional packages | |||||
apt: | |||||
name: "{{ item }}" | |||||
state: present | |||||
update_cache: yes | |||||
with_items: | |||||
- vim | |||||
- byobu | |||||
- screen | |||||
- curl | |||||
- unzip | |||||
- ufw | |||||
- htop | |||||
- multitail | |||||
- chrony | |||||
- ca-certificates | |||||
- unattended-upgrades | |||||
- downtimed | |||||
- name: Copy the templates over | |||||
template: | |||||
src: "{{ item.source }}" | |||||
dest: "{{ item.destination }}" | |||||
with_items: | |||||
- { source: templates/vimrc.j2, destination: /etc/vim/vimrc } | |||||
- { source: templates/vimrc.local.j2, destination: /root/.vimrc } | |||||
- { source: templates/selected_editor.j2, destination: /root/.selected_editor } | |||||
- { source: templates/bashrc.j2, destination: /root/.bashrc } | |||||
- { source: templates/bashrc.j2, destination: /etc/skel/.bashrc } | |||||
- name: Set vim as the default editor | |||||
alternatives: | |||||
name: editor | |||||
path: /usr/bin/vim.basic | |||||
- name: Set timezone | |||||
timezone: | |||||
name: "{{ timezone }}" | |||||
- name: Generate locales | |||||
locale_gen: | |||||
name: en_US.UTF-8 | |||||
state: present | |||||
with_items: | |||||
- en_US.UTF-8 | |||||
- el_CY.UTF-8 | |||||
- name: Customize SSH | |||||
lineinfile: | |||||
path: /etc/ssh/sshd_config | |||||
regexp: "{{ item.regexp }}" | |||||
line: "{{ item.line }}" | |||||
with_items: | |||||
- { regexp: "^#?Port 22", line: "Port 22" } | |||||
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" } | |||||
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" } | |||||
notify: | |||||
- Restart SSH | |||||
- name: Configure UFW | |||||
ufw: | |||||
rule: allow | |||||
proto: tcp | |||||
direction: in | |||||
to_port: "{{ item }}" | |||||
dest: any | |||||
src: any | |||||
with_items: | |||||
- 22 | |||||
- 80 | |||||
- 443 | |||||
- "{{ custom_ssh_port }}" | |||||
notify: | |||||
- Enable UFW | |||||
handlers: | |||||
- name: Restart SSH | |||||
service: | |||||
name: ssh | |||||
state: restarted | |||||
- name: Enable UFW | |||||
ufw: | |||||
state: enabled |
@@ -0,0 +1,117 @@ | |||||
# ~/.bashrc: executed by bash(1) for non-login shells. | |||||
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) | |||||
# for examples | |||||
# If not running interactively, don't do anything | |||||
case $- in | |||||
*i*) ;; | |||||
*) return;; | |||||
esac | |||||
# don't put duplicate lines or lines starting with space in the history. | |||||
# See bash(1) for more options | |||||
HISTCONTROL=ignoreboth | |||||
# append to the history file, don't overwrite it | |||||
shopt -s histappend | |||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) | |||||
HISTSIZE=16000 | |||||
HISTFILESIZE=32000 | |||||
# check the window size after each command and, if necessary, | |||||
# update the values of LINES and COLUMNS. | |||||
shopt -s checkwinsize | |||||
# If set, the pattern "**" used in a pathname expansion context will | |||||
# match all files and zero or more directories and subdirectories. | |||||
#shopt -s globstar | |||||
# make less more friendly for non-text input files, see lesspipe(1) | |||||
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" | |||||
# set variable identifying the chroot you work in (used in the prompt below) | |||||
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then | |||||
debian_chroot=$(cat /etc/debian_chroot) | |||||
fi | |||||
# set a fancy prompt (non-color, unless we know we "want" color) | |||||
case "$TERM" in | |||||
xterm-color) color_prompt=yes;; | |||||
esac | |||||
# uncomment for a colored prompt, if the terminal has the capability; turned | |||||
# off by default to not distract the user: the focus in a terminal window | |||||
# should be on the output of commands, not on the prompt | |||||
#force_color_prompt=yes | |||||
if [ -n "$force_color_prompt" ]; then | |||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then | |||||
# We have color support; assume it's compliant with Ecma-48 | |||||
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such | |||||
# a case would tend to support setf rather than setaf.) | |||||
color_prompt=yes | |||||
else | |||||
color_prompt= | |||||
fi | |||||
fi | |||||
if [ "$color_prompt" = yes ]; then | |||||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' | |||||
else | |||||
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' | |||||
fi | |||||
unset color_prompt force_color_prompt | |||||
# If this is an xterm set the title to user@host:dir | |||||
case "$TERM" in | |||||
xterm*|rxvt*) | |||||
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" | |||||
;; | |||||
*) | |||||
;; | |||||
esac | |||||
# enable color support of ls and also add handy aliases | |||||
if [ -x /usr/bin/dircolors ]; then | |||||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" | |||||
alias ls='ls --color=auto' | |||||
#alias dir='dir --color=auto' | |||||
#alias vdir='vdir --color=auto' | |||||
alias grep='grep --color=auto' | |||||
alias fgrep='fgrep --color=auto' | |||||
alias egrep='egrep --color=auto' | |||||
fi | |||||
# colored GCC warnings and errors | |||||
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' | |||||
# some more ls aliases | |||||
alias ll='ls -l' | |||||
alias la='ls -A' | |||||
alias l='ls -CF' | |||||
alias rm='rm -i' | |||||
alias cp='cp -i' | |||||
alias mv='mv -i' | |||||
# Alias definitions. | |||||
# You may want to put all your additions into a separate file like | |||||
# ~/.bash_aliases, instead of adding them here directly. | |||||
# See /usr/share/doc/bash-doc/examples in the bash-doc package. | |||||
if [ -f ~/.bash_aliases ]; then | |||||
. ~/.bash_aliases | |||||
fi | |||||
# enable programmable completion features (you don't need to enable | |||||
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile | |||||
# sources /etc/bash.bashrc). | |||||
if ! shopt -oq posix; then | |||||
if [ -f /usr/share/bash-completion/bash_completion ]; then | |||||
. /usr/share/bash-completion/bash_completion | |||||
elif [ -f /etc/bash_completion ]; then | |||||
. /etc/bash_completion | |||||
fi | |||||
fi | |||||
[ -r /root/.byobu/prompt ] && . /root/.byobu/prompt #byobu-prompt# |
@@ -0,0 +1,46 @@ | |||||
# Welcome to the chrony configuration file. See chrony.conf(5) for more | |||||
# information about usuable directives. | |||||
# This will use (up to): | |||||
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled | |||||
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well | |||||
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) | |||||
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only | |||||
# sources will be used. | |||||
# At the same time it retains some protection against one of the entries being | |||||
# down (compare to just using one of the lines). See (LP: #1754358) for the | |||||
# discussion. | |||||
# | |||||
# About using servers from the NTP Pool Project in general see (LP: #104525). | |||||
# Approved by Ubuntu Technical Board on 2011-02-08. | |||||
# See http://www.pool.ntp.org/join.html for more information. | |||||
server ntp.cut.ac.cy | |||||
#pool ntp.ubuntu.com iburst maxsources 4 | |||||
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1 | |||||
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1 | |||||
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2 | |||||
# This directive specify the location of the file containing ID/key pairs for | |||||
# NTP authentication. | |||||
keyfile /etc/chrony/chrony.keys | |||||
# This directive specify the file into which chronyd will store the rate | |||||
# information. | |||||
driftfile /var/lib/chrony/chrony.drift | |||||
# Uncomment the following line to turn logging on. | |||||
#log tracking measurements statistics | |||||
# Log files location. | |||||
logdir /var/log/chrony | |||||
# Stop bad estimates upsetting machine clock. | |||||
maxupdateskew 100.0 | |||||
# This directive enables kernel synchronisation (every 11 minutes) of the | |||||
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. | |||||
rtcsync | |||||
# Step the system clock instead of slewing it if the adjustment is larger than | |||||
# one second, but only in the first three clock updates. | |||||
makestep 1 3 |
@@ -0,0 +1,108 @@ | |||||
# $Id: screenrc,v 1.15 2003/10/08 11:39:03 zal Exp $ | |||||
# | |||||
# /etc/screenrc | |||||
# | |||||
# This is the system wide screenrc. | |||||
# | |||||
# You can use this file to change the default behavior of screen system wide | |||||
# or copy it to ~/.screenrc and use it as a starting point for your own | |||||
# settings. | |||||
# | |||||
# Commands in this file are used to set options, bind screen functions to | |||||
# keys, redefine terminal capabilities, and to automatically establish one or | |||||
# more windows at the beginning of your screen session. | |||||
# | |||||
# This is not a comprehensive list of options, look at the screen manual for | |||||
# details on everything that you can put in this file. | |||||
# | |||||
# ------------------------------------------------------------------------------ | |||||
# SCREEN SETTINGS | |||||
# ------------------------------------------------------------------------------ | |||||
#startup_message off | |||||
#nethack on | |||||
#defflow on # will force screen to process ^S/^Q | |||||
deflogin on | |||||
#autodetach off | |||||
# turn visual bell on | |||||
vbell on | |||||
vbell_msg " Wuff ---- Wuff!! " | |||||
# define a bigger scrollback, default is 100 lines | |||||
defscrollback 1024 | |||||
# ------------------------------------------------------------------------------ | |||||
# SCREEN KEYBINDINGS | |||||
# ------------------------------------------------------------------------------ | |||||
# Remove some stupid / dangerous key bindings | |||||
bind ^k | |||||
#bind L | |||||
bind ^\ | |||||
# Make them better | |||||
bind \\ quit | |||||
bind K kill | |||||
bind I login on | |||||
bind O login off | |||||
bind } history | |||||
# An example of a "screen scraper" which will launch urlview on the current | |||||
# screen window | |||||
# | |||||
#bind ^B eval "hardcopy_append off" "hardcopy -h $HOME/.screen-urlview" "screen urlview $HOME/.screen-urlview" | |||||
# ------------------------------------------------------------------------------ | |||||
# TERMINAL SETTINGS | |||||
# ------------------------------------------------------------------------------ | |||||
# The vt100 description does not mention "dl". *sigh* | |||||
termcapinfo vt100 dl=5\E[M | |||||
# turn sending of screen messages to hardstatus off | |||||
hardstatus off | |||||
# Set the hardstatus prop on gui terms to set the titlebar/icon title | |||||
#termcapinfo xterm*|rxvt*|kterm*|Eterm* hs:ts=\E]0;:fs=\007:ds=\E]0;\007 | |||||
# use this for the hard status string | |||||
hardstatus string "%h%? users: %u%?" | |||||
# An alternative hardstatus to display a bar at the bottom listing the | |||||
# windownames and highlighting the current windowname in blue. (This is only | |||||
# enabled if there is no hardstatus setting for your terminal) | |||||
# | |||||
hardstatus lastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<" | |||||
# set these terminals up to be 'optimal' instead of vt100 | |||||
termcapinfo xterm*|linux*|rxvt*|Eterm* OP | |||||
# Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E> | |||||
# (This fixes the "Aborted because of window size change" konsole symptoms found | |||||
# in bug #134198) | |||||
termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l' | |||||
# To get screen to add lines to xterm's scrollback buffer, uncomment the | |||||
# following termcapinfo line which tells xterm to use the normal screen buffer | |||||
# (which has scrollback), not the alternate screen buffer. | |||||
# | |||||
#termcapinfo xterm|xterms|xs|rxvt ti@:te@ | |||||
# Enable non-blocking mode to better cope with flaky ssh connections. | |||||
defnonblock 5 | |||||
# ------------------------------------------------------------------------------ | |||||
# STARTUP SCREENS | |||||
# ------------------------------------------------------------------------------ | |||||
# Example of automatically running some programs in windows on screen startup. | |||||
# | |||||
# The following will open top in the first window, an ssh session to monkey | |||||
# in the next window, and then open mutt and tail in windows 8 and 9 | |||||
# respectively. | |||||
# | |||||
# screen top | |||||
# screen -t monkey ssh monkey | |||||
# screen -t mail 8 mutt | |||||
# screen -t daemon 9 tail -f /var/log/daemon.log | |||||
@@ -0,0 +1 @@ | |||||
SELECTED_EDITOR="/usr/bin/vim.basic" |
@@ -0,0 +1,52 @@ | |||||
" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by | |||||
" the call to :runtime you can find below. If you wish to change any of those | |||||
" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim | |||||
" will be overwritten everytime an upgrade of the vim packages is performed. | |||||
" It is recommended to make changes after sourcing debian.vim since it alters | |||||
" the value of the 'compatible' option. | |||||
" This line should not be removed as it ensures that various options are | |||||
" properly set to work with the Vim-related packages available in Debian. | |||||
runtime! debian.vim | |||||
" Uncomment the next line to make Vim more Vi-compatible | |||||
" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous | |||||
" options, so any other options should be set AFTER setting 'compatible'. | |||||
"set compatible | |||||
" Vim5 and later versions support syntax highlighting. Uncommenting the next | |||||
" line enables syntax highlighting by default. | |||||
syntax on | |||||
" If using a dark background within the editing area and syntax highlighting | |||||
" turn on this option as well | |||||
set background=dark | |||||
" Uncomment the following to have Vim jump to the last position when | |||||
" reopening a file | |||||
if has("autocmd") | |||||
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif | |||||
endif | |||||
" Uncomment the following to have Vim load indentation rules and plugins | |||||
" according to the detected filetype. | |||||
"if has("autocmd") | |||||
" filetype plugin indent on | |||||
"endif | |||||
" The following are commented out as they cause vim to behave a lot | |||||
" differently from regular Vi. They are highly recommended though. | |||||
set showcmd " Show (partial) command in status line. | |||||
set showmatch " Show matching brackets. | |||||
set ignorecase " Do case insensitive matching | |||||
set smartcase " Do smart case matching | |||||
set incsearch " Incremental search | |||||
set autowrite " Automatically save before commands like :next and :make | |||||
set hidden " Hide buffers when they are abandoned | |||||
set mouse-=a " Enable mouse usage (all modes) | |||||
" Source a global configuration file if available | |||||
if filereadable("/etc/vim/vimrc.local") | |||||
source /etc/vim/vimrc.local | |||||
endif | |||||
@@ -0,0 +1 @@ | |||||
set mouse-=a |
@@ -0,0 +1,2 @@ | |||||
custom_ssh_port: 4444 | |||||
timezone: "Europe/Nicosia" |