local-it/ansible-debian
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move files to this submodule

Browse source
This commit is contained in:
kim 2024-03-21 23:06:28 +01:00
commit ed8986fc5c
10 changed files with 165 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
README.md Normal file
View file

2
files/etc/apt/apt.conf.d/20auto-upgrades Normal file
View file

@ -0,0 +1,2 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

18
files/etc/ssh/sshd_config Normal file
View file

@ -0,0 +1,18 @@
Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTH
PermitRootLogin without-password
MaxAuthTries 4
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
ClientAliveInterval 120

21
tasks/config.yml Normal file
View file

@ -0,0 +1,21 @@
- name: copy base configs
copy:
src: etc/apt/apt.conf.d/20auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades
- name: set local timezone
file:
state: link
src: /usr/share/zoneinfo/Europe/Berlin
dest: /etc/localtime
- name: Ensure the US locale exists
community.general.locale_gen:
name: en_US.UTF-8
state: present
- name: Ensure the DE locale exists
community.general.locale_gen:
name: de_DE.UTF-8
state: present

19
tasks/customs.yml Normal file
View file

@ -0,0 +1,19 @@
- name: Add azlux.fr GPG apt key
apt_key:
url: https://azlux.fr/repo.gpg.key
state: present
- name: Add azlux.fr repository
apt_repository:
repo: deb http://packages.azlux.fr/debian bookworm main
state: present
- name: install ctop package from azlux.fr
tags: [apt]
apt:
autoremove: yes
update_cache: yes
cache_valid_time: 3600
state: present
name:
- docker-ctop

15
tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
- name: base config
import_tasks: config.yml
- name: install packages
import_tasks: packages.yml
- name: install custom software
import_tasks: customs.yml
- name: openssh settings
import_tasks: openssh.yml
- name: performance optimisation
import_tasks: performance.yml

15
tasks/openssh.yml Normal file
View file

@ -0,0 +1,15 @@
- name: Add hardened SSH config
copy:
src: etc/ssh/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0600
register: config_change
- name: Reload SSH daemon after config change
systemd:
name: ssh.service
daemon_reload: yes
state: reloaded
when: config_change.changed

33
tasks/packages.yml Normal file
View file

@ -0,0 +1,33 @@
- name: install software packages
tags: [apt]
apt:
autoremove: yes
update_cache: yes
cache_valid_time: 3600
state: present
name:
- cron
- curl
- ca-certificates
- gnupg
- dnsutils
- htop
- iftop
- iperf3
- iputils-ping
- iotop
- sysstat
- jq
- rsync
- tcpdump
- tmux
- unattended-upgrades
- vim
- wget
- lsb-release
- qemu-guest-agent
- nload
- sysstat
- needrestart
- ncat

5
tasks/performance.yml Normal file
View file

@ -0,0 +1,5 @@
- name: run fstrim
ansible.builtin.cron:
name: "fstrim"
special_time: weekly
job: "/sbin/fstrim --all"

37
tasks/swap.yml Normal file
View file

@ -0,0 +1,37 @@
- name: Check whether swap is already enabled or not
shell: cat /etc/sysctl.conf
register: swap_enabled
check_mode: false
changed_when: false
- block:
- name: create swap file
command: dd if=/dev/zero of=/swapfile bs=1G count=4
- name: change permission type
file: path=/swapfile mode=600 state=file
- name: setup swap
command: mkswap /swapfile
- name: create swap
command: swapon /swapfile
- name: Add to fstab
action: lineinfile dest=/etc/fstab regexp="swapfile" line="/swapfile none swap sw 0 0" state=present
- name: start swap
command: swapon -a
- name: set swapiness
sysctl:
name: vm.swappiness
value: "10"
- name: set swapiness
sysctl:
name: vm.vfs_cache_pressure
value: "50"
when: swap_enabled.stdout.find('swappiness') == -1