Initial Commit
This commit is contained in:
commit
0d697bec31
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
vars/all.yml
|
||||||
|
*.retry
|
30
README.md
Normal file
30
README.md
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Initialize Linux Servers
|
||||||
|
|
||||||
|
This is an Ansible Playbook for initilazing Debian and Ubuntu Linux Servers
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
Some Debian/Ubuntu Linux Servers, VMs or Containers
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Clone the repo:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git clone https://git.cut.ac.cy/IST/ansible-initialize-servers.git
|
||||||
|
$ cd ansible-initialize-servers
|
||||||
|
```
|
||||||
|
|
||||||
|
Setup your environment. You can copy the examle file (*vars/all.yml.example*) to *vars/all.yml* or prepare your own:
|
||||||
|
|
||||||
|
```
|
||||||
|
# vars/all.yml
|
||||||
|
custom_ssh_port: 4444
|
||||||
|
timezone: "Europe/Nicosia"
|
||||||
|
```
|
||||||
|
|
||||||
|
Adjust your hosts in */etc/ansible/hosts* and in *init_system.yml* and run the Playbook:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ansible-playbook init_system.yml
|
||||||
|
```
|
93
init_system.yml
Normal file
93
init_system.yml
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
---
|
||||||
|
- hosts: personal
|
||||||
|
user: root
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- include_vars: vars/all.yml
|
||||||
|
|
||||||
|
- name: Install essential and optional packages
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
with_items:
|
||||||
|
- vim
|
||||||
|
- byobu
|
||||||
|
- screen
|
||||||
|
- curl
|
||||||
|
- unzip
|
||||||
|
- ufw
|
||||||
|
- htop
|
||||||
|
- multitail
|
||||||
|
- chrony
|
||||||
|
- ca-certificates
|
||||||
|
- unattended-upgrades
|
||||||
|
- downtimed
|
||||||
|
|
||||||
|
- name: Copy the templates over
|
||||||
|
template:
|
||||||
|
src: "{{ item.source }}"
|
||||||
|
dest: "{{ item.destination }}"
|
||||||
|
with_items:
|
||||||
|
- { source: templates/vimrc.j2, destination: /etc/vim/vimrc }
|
||||||
|
- { source: templates/vimrc.local.j2, destination: /root/.vimrc }
|
||||||
|
- { source: templates/selected_editor.j2, destination: /root/.selected_editor }
|
||||||
|
- { source: templates/bashrc.j2, destination: /root/.bashrc }
|
||||||
|
- { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }
|
||||||
|
|
||||||
|
- name: Set vim as the default editor
|
||||||
|
alternatives:
|
||||||
|
name: editor
|
||||||
|
path: /usr/bin/vim.basic
|
||||||
|
|
||||||
|
- name: Set timezone
|
||||||
|
timezone:
|
||||||
|
name: "{{ timezone }}"
|
||||||
|
|
||||||
|
- name: Generate locales
|
||||||
|
locale_gen:
|
||||||
|
name: en_US.UTF-8
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- en_US.UTF-8
|
||||||
|
- el_CY.UTF-8
|
||||||
|
|
||||||
|
- name: Customize SSH
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
with_items:
|
||||||
|
- { regexp: "^#?Port 22", line: "Port 22" }
|
||||||
|
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }
|
||||||
|
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }
|
||||||
|
notify:
|
||||||
|
- Restart SSH
|
||||||
|
|
||||||
|
- name: Configure UFW
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
proto: tcp
|
||||||
|
direction: in
|
||||||
|
to_port: "{{ item }}"
|
||||||
|
dest: any
|
||||||
|
src: any
|
||||||
|
with_items:
|
||||||
|
- 22
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
- "{{ custom_ssh_port }}"
|
||||||
|
notify:
|
||||||
|
- Enable UFW
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
|
||||||
|
- name: Restart SSH
|
||||||
|
service:
|
||||||
|
name: ssh
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Enable UFW
|
||||||
|
ufw:
|
||||||
|
state: enabled
|
117
templates/bashrc.j2
Normal file
117
templates/bashrc.j2
Normal file
|
@ -0,0 +1,117 @@
|
||||||
|
# ~/.bashrc: executed by bash(1) for non-login shells.
|
||||||
|
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
|
||||||
|
# for examples
|
||||||
|
|
||||||
|
# If not running interactively, don't do anything
|
||||||
|
case $- in
|
||||||
|
*i*) ;;
|
||||||
|
*) return;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# don't put duplicate lines or lines starting with space in the history.
|
||||||
|
# See bash(1) for more options
|
||||||
|
HISTCONTROL=ignoreboth
|
||||||
|
|
||||||
|
# append to the history file, don't overwrite it
|
||||||
|
shopt -s histappend
|
||||||
|
|
||||||
|
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||||
|
HISTSIZE=16000
|
||||||
|
HISTFILESIZE=32000
|
||||||
|
|
||||||
|
# check the window size after each command and, if necessary,
|
||||||
|
# update the values of LINES and COLUMNS.
|
||||||
|
shopt -s checkwinsize
|
||||||
|
|
||||||
|
# If set, the pattern "**" used in a pathname expansion context will
|
||||||
|
# match all files and zero or more directories and subdirectories.
|
||||||
|
#shopt -s globstar
|
||||||
|
|
||||||
|
# make less more friendly for non-text input files, see lesspipe(1)
|
||||||
|
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
|
||||||
|
|
||||||
|
# set variable identifying the chroot you work in (used in the prompt below)
|
||||||
|
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
|
||||||
|
debian_chroot=$(cat /etc/debian_chroot)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set a fancy prompt (non-color, unless we know we "want" color)
|
||||||
|
case "$TERM" in
|
||||||
|
xterm-color) color_prompt=yes;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||||
|
# off by default to not distract the user: the focus in a terminal window
|
||||||
|
# should be on the output of commands, not on the prompt
|
||||||
|
#force_color_prompt=yes
|
||||||
|
|
||||||
|
if [ -n "$force_color_prompt" ]; then
|
||||||
|
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
|
||||||
|
# We have color support; assume it's compliant with Ecma-48
|
||||||
|
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
|
||||||
|
# a case would tend to support setf rather than setaf.)
|
||||||
|
color_prompt=yes
|
||||||
|
else
|
||||||
|
color_prompt=
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$color_prompt" = yes ]; then
|
||||||
|
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
||||||
|
else
|
||||||
|
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
|
||||||
|
fi
|
||||||
|
unset color_prompt force_color_prompt
|
||||||
|
|
||||||
|
# If this is an xterm set the title to user@host:dir
|
||||||
|
case "$TERM" in
|
||||||
|
xterm*|rxvt*)
|
||||||
|
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# enable color support of ls and also add handy aliases
|
||||||
|
if [ -x /usr/bin/dircolors ]; then
|
||||||
|
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||||
|
alias ls='ls --color=auto'
|
||||||
|
#alias dir='dir --color=auto'
|
||||||
|
#alias vdir='vdir --color=auto'
|
||||||
|
|
||||||
|
alias grep='grep --color=auto'
|
||||||
|
alias fgrep='fgrep --color=auto'
|
||||||
|
alias egrep='egrep --color=auto'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# colored GCC warnings and errors
|
||||||
|
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
|
||||||
|
|
||||||
|
# some more ls aliases
|
||||||
|
alias ll='ls -l'
|
||||||
|
alias la='ls -A'
|
||||||
|
alias l='ls -CF'
|
||||||
|
alias rm='rm -i'
|
||||||
|
alias cp='cp -i'
|
||||||
|
alias mv='mv -i'
|
||||||
|
|
||||||
|
# Alias definitions.
|
||||||
|
# You may want to put all your additions into a separate file like
|
||||||
|
# ~/.bash_aliases, instead of adding them here directly.
|
||||||
|
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
|
||||||
|
|
||||||
|
if [ -f ~/.bash_aliases ]; then
|
||||||
|
. ~/.bash_aliases
|
||||||
|
fi
|
||||||
|
|
||||||
|
# enable programmable completion features (you don't need to enable
|
||||||
|
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
|
||||||
|
# sources /etc/bash.bashrc).
|
||||||
|
if ! shopt -oq posix; then
|
||||||
|
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||||
|
. /usr/share/bash-completion/bash_completion
|
||||||
|
elif [ -f /etc/bash_completion ]; then
|
||||||
|
. /etc/bash_completion
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
[ -r /root/.byobu/prompt ] && . /root/.byobu/prompt #byobu-prompt#
|
46
templates/chrony.conf.j2
Normal file
46
templates/chrony.conf.j2
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# Welcome to the chrony configuration file. See chrony.conf(5) for more
|
||||||
|
# information about usuable directives.
|
||||||
|
|
||||||
|
# This will use (up to):
|
||||||
|
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
|
||||||
|
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
|
||||||
|
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
|
||||||
|
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
|
||||||
|
# sources will be used.
|
||||||
|
# At the same time it retains some protection against one of the entries being
|
||||||
|
# down (compare to just using one of the lines). See (LP: #1754358) for the
|
||||||
|
# discussion.
|
||||||
|
#
|
||||||
|
# About using servers from the NTP Pool Project in general see (LP: #104525).
|
||||||
|
# Approved by Ubuntu Technical Board on 2011-02-08.
|
||||||
|
# See http://www.pool.ntp.org/join.html for more information.
|
||||||
|
server ntp.cut.ac.cy
|
||||||
|
#pool ntp.ubuntu.com iburst maxsources 4
|
||||||
|
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
|
||||||
|
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
|
||||||
|
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
|
||||||
|
|
||||||
|
# This directive specify the location of the file containing ID/key pairs for
|
||||||
|
# NTP authentication.
|
||||||
|
keyfile /etc/chrony/chrony.keys
|
||||||
|
|
||||||
|
# This directive specify the file into which chronyd will store the rate
|
||||||
|
# information.
|
||||||
|
driftfile /var/lib/chrony/chrony.drift
|
||||||
|
|
||||||
|
# Uncomment the following line to turn logging on.
|
||||||
|
#log tracking measurements statistics
|
||||||
|
|
||||||
|
# Log files location.
|
||||||
|
logdir /var/log/chrony
|
||||||
|
|
||||||
|
# Stop bad estimates upsetting machine clock.
|
||||||
|
maxupdateskew 100.0
|
||||||
|
|
||||||
|
# This directive enables kernel synchronisation (every 11 minutes) of the
|
||||||
|
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
|
||||||
|
rtcsync
|
||||||
|
|
||||||
|
# Step the system clock instead of slewing it if the adjustment is larger than
|
||||||
|
# one second, but only in the first three clock updates.
|
||||||
|
makestep 1 3
|
108
templates/screenrc.j2
Normal file
108
templates/screenrc.j2
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
# $Id: screenrc,v 1.15 2003/10/08 11:39:03 zal Exp $
|
||||||
|
#
|
||||||
|
# /etc/screenrc
|
||||||
|
#
|
||||||
|
# This is the system wide screenrc.
|
||||||
|
#
|
||||||
|
# You can use this file to change the default behavior of screen system wide
|
||||||
|
# or copy it to ~/.screenrc and use it as a starting point for your own
|
||||||
|
# settings.
|
||||||
|
#
|
||||||
|
# Commands in this file are used to set options, bind screen functions to
|
||||||
|
# keys, redefine terminal capabilities, and to automatically establish one or
|
||||||
|
# more windows at the beginning of your screen session.
|
||||||
|
#
|
||||||
|
# This is not a comprehensive list of options, look at the screen manual for
|
||||||
|
# details on everything that you can put in this file.
|
||||||
|
#
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# SCREEN SETTINGS
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#startup_message off
|
||||||
|
#nethack on
|
||||||
|
|
||||||
|
#defflow on # will force screen to process ^S/^Q
|
||||||
|
deflogin on
|
||||||
|
#autodetach off
|
||||||
|
|
||||||
|
# turn visual bell on
|
||||||
|
vbell on
|
||||||
|
vbell_msg " Wuff ---- Wuff!! "
|
||||||
|
|
||||||
|
# define a bigger scrollback, default is 100 lines
|
||||||
|
defscrollback 1024
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# SCREEN KEYBINDINGS
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Remove some stupid / dangerous key bindings
|
||||||
|
bind ^k
|
||||||
|
#bind L
|
||||||
|
bind ^\
|
||||||
|
# Make them better
|
||||||
|
bind \\ quit
|
||||||
|
bind K kill
|
||||||
|
bind I login on
|
||||||
|
bind O login off
|
||||||
|
bind } history
|
||||||
|
|
||||||
|
# An example of a "screen scraper" which will launch urlview on the current
|
||||||
|
# screen window
|
||||||
|
#
|
||||||
|
#bind ^B eval "hardcopy_append off" "hardcopy -h $HOME/.screen-urlview" "screen urlview $HOME/.screen-urlview"
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# TERMINAL SETTINGS
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# The vt100 description does not mention "dl". *sigh*
|
||||||
|
termcapinfo vt100 dl=5\E[M
|
||||||
|
|
||||||
|
# turn sending of screen messages to hardstatus off
|
||||||
|
hardstatus off
|
||||||
|
# Set the hardstatus prop on gui terms to set the titlebar/icon title
|
||||||
|
#termcapinfo xterm*|rxvt*|kterm*|Eterm* hs:ts=\E]0;:fs=\007:ds=\E]0;\007
|
||||||
|
# use this for the hard status string
|
||||||
|
hardstatus string "%h%? users: %u%?"
|
||||||
|
|
||||||
|
# An alternative hardstatus to display a bar at the bottom listing the
|
||||||
|
# windownames and highlighting the current windowname in blue. (This is only
|
||||||
|
# enabled if there is no hardstatus setting for your terminal)
|
||||||
|
#
|
||||||
|
hardstatus lastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<"
|
||||||
|
|
||||||
|
# set these terminals up to be 'optimal' instead of vt100
|
||||||
|
termcapinfo xterm*|linux*|rxvt*|Eterm* OP
|
||||||
|
|
||||||
|
# Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E>
|
||||||
|
# (This fixes the "Aborted because of window size change" konsole symptoms found
|
||||||
|
# in bug #134198)
|
||||||
|
termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l'
|
||||||
|
|
||||||
|
# To get screen to add lines to xterm's scrollback buffer, uncomment the
|
||||||
|
# following termcapinfo line which tells xterm to use the normal screen buffer
|
||||||
|
# (which has scrollback), not the alternate screen buffer.
|
||||||
|
#
|
||||||
|
#termcapinfo xterm|xterms|xs|rxvt ti@:te@
|
||||||
|
|
||||||
|
# Enable non-blocking mode to better cope with flaky ssh connections.
|
||||||
|
defnonblock 5
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# STARTUP SCREENS
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Example of automatically running some programs in windows on screen startup.
|
||||||
|
#
|
||||||
|
# The following will open top in the first window, an ssh session to monkey
|
||||||
|
# in the next window, and then open mutt and tail in windows 8 and 9
|
||||||
|
# respectively.
|
||||||
|
#
|
||||||
|
# screen top
|
||||||
|
# screen -t monkey ssh monkey
|
||||||
|
# screen -t mail 8 mutt
|
||||||
|
# screen -t daemon 9 tail -f /var/log/daemon.log
|
||||||
|
|
1
templates/selected_editor.j2
Normal file
1
templates/selected_editor.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SELECTED_EDITOR="/usr/bin/vim.basic"
|
52
templates/vimrc.j2
Normal file
52
templates/vimrc.j2
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by
|
||||||
|
" the call to :runtime you can find below. If you wish to change any of those
|
||||||
|
" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim
|
||||||
|
" will be overwritten everytime an upgrade of the vim packages is performed.
|
||||||
|
" It is recommended to make changes after sourcing debian.vim since it alters
|
||||||
|
" the value of the 'compatible' option.
|
||||||
|
|
||||||
|
" This line should not be removed as it ensures that various options are
|
||||||
|
" properly set to work with the Vim-related packages available in Debian.
|
||||||
|
runtime! debian.vim
|
||||||
|
|
||||||
|
" Uncomment the next line to make Vim more Vi-compatible
|
||||||
|
" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous
|
||||||
|
" options, so any other options should be set AFTER setting 'compatible'.
|
||||||
|
"set compatible
|
||||||
|
|
||||||
|
" Vim5 and later versions support syntax highlighting. Uncommenting the next
|
||||||
|
" line enables syntax highlighting by default.
|
||||||
|
syntax on
|
||||||
|
|
||||||
|
" If using a dark background within the editing area and syntax highlighting
|
||||||
|
" turn on this option as well
|
||||||
|
set background=dark
|
||||||
|
|
||||||
|
" Uncomment the following to have Vim jump to the last position when
|
||||||
|
" reopening a file
|
||||||
|
if has("autocmd")
|
||||||
|
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
" Uncomment the following to have Vim load indentation rules and plugins
|
||||||
|
" according to the detected filetype.
|
||||||
|
"if has("autocmd")
|
||||||
|
" filetype plugin indent on
|
||||||
|
"endif
|
||||||
|
|
||||||
|
" The following are commented out as they cause vim to behave a lot
|
||||||
|
" differently from regular Vi. They are highly recommended though.
|
||||||
|
set showcmd " Show (partial) command in status line.
|
||||||
|
set showmatch " Show matching brackets.
|
||||||
|
set ignorecase " Do case insensitive matching
|
||||||
|
set smartcase " Do smart case matching
|
||||||
|
set incsearch " Incremental search
|
||||||
|
set autowrite " Automatically save before commands like :next and :make
|
||||||
|
set hidden " Hide buffers when they are abandoned
|
||||||
|
set mouse-=a " Enable mouse usage (all modes)
|
||||||
|
|
||||||
|
" Source a global configuration file if available
|
||||||
|
if filereadable("/etc/vim/vimrc.local")
|
||||||
|
source /etc/vim/vimrc.local
|
||||||
|
endif
|
||||||
|
|
1
templates/vimrc.local.j2
Normal file
1
templates/vimrc.local.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
set mouse-=a
|
2
vars/all.yml.example
Normal file
2
vars/all.yml.example
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
custom_ssh_port: 4444
|
||||||
|
timezone: "Europe/Nicosia"
|
Loading…
Reference in a new issue