diff --git a/basics-container.yml b/basics-container.yml deleted file mode 100644 index e406227..0000000 --- a/basics-container.yml +++ /dev/null @@ -1,210 +0,0 @@ ---- -- name: Basic Debian Linux Setup for Containers - hosts: all - tasks: - #- name: Print all available facts - # ansible.builtin.debug: - # var: ansible_facts - - - name: Install Basic Packages - apt: - name: - - bc - - psutils - - psmisc - - procps - - htop - - iotop - - sysstat - - strace - - net-tools - - vim - - git - - man-db - - netcat - - debconf-utils - - iputils-ping - - lsof - - inotify-tools - - rsync - - dos2unix - - locales - - iproute2 - - cryptsetup - - curl - - moreutils - - ffmpeg - - mediainfo - - telnet - - libstring-approx-perl - - postfix - - zip - - nmap - - whois - - libfile-readbackwards-perl - - libcrypt-cbc-perl - - libcrypt-des-perl - - pwgen - - jq - - cifs-utils - - apt-transport-https - - golang - - make - - sshfs - - imagemagick - - libimage-exiftool-perl - - sqlite3 - - html-xml-utils - - openssh-server - update_cache: yes - install_recommends: no - - - name: Set a hostname - ansible.builtin.hostname: - name: "{{inventory_hostname}}" - - - name: Remove root-Password - user: - name: root - password: '*' - - - name: Prefer ipv4 over ipv6 to avoid problems and waiting times - ansible.builtin.lineinfile: - path: /etc/gai.conf - regexp: '^#precedence ::ffff:0:0/96 100' - line: "precedence ::ffff:0:0/96 100 # CHANGED BY ANSIBLE" - backup: yes - - - name: Ensure en_US.UTF-8 locale exists - community.general.locale_gen: - name: en_US.UTF-8 - state: present - - name: Ensure en_GB.UTF-8 locale exists - community.general.locale_gen: - name: en_GB.UTF-8 - state: present - - name: Ensure de_DE.UTF-8 locale exists - community.general.locale_gen: - name: de_DE.UTF-8 - state: present - - - name: SSHD hardening - blockinfile: - path: /etc/ssh/sshd_config.d/hardening.conf - mode: "0444" - owner: root - group: root - create: yes - insertbefore: BOF # Beginning of the file - marker: "# {mark} ANSIBLE MANAGED BLOCK" - block: | - Port 22 - Port 33 - PermitRootLogin prohibit-password - PermitUserRC no - PermitUserEnvironment no - PubkeyAuthentication yes - X11Forwarding no - AllowAgentForwarding no - AllowTcpForwarding yes - Subsystem sftp internal-sftp -f AUTH -l INFO -u 0007 - ## Ciphers Check https://sshcheck.com/server/{{inventory_hostname}}/ - # nmap -p22 -n -sV --script ssh2-enum-algos localhost - KexAlgorithms curve25519-sha256@libssh.org - HostKeyAlgorithms ssh-ed25519 - Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com - IgnoreRhosts yes - LogLevel VERBOSE - AddressFamily any - backup: yes - - - name: Disable external sftp-Subsystem - replace: - path: /etc/ssh/sshd_config - regexp: '(^Subsystem.*sftp.*)' - replace: '#\1' - backup: yes - - - name: Create .ssh dir - ansible.builtin.file: - path: /root/.ssh - owner: root - group: root - state: directory - mode: '0550' - - - name: Generate an OpenSSH keypair ed25519 - community.crypto.openssh_keypair: - path: /root/.ssh/id_ed25519 - type: ed25519 - - - name: shell profile - blockinfile: - path: /etc/profile.d/settings-from-ansible.sh - create: yes - mode: "0444" - owner: root - group: root - marker: "# {mark} ANSIBLE MANAGED BLOCK" - block: | - if ${use_color} ; then - if [[ ${EUID} == 0 ]] ; then - PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] ' - else - PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' - fi - export EDITOR="/usr/bin/vim" - export HISTSIZE= - export HISTFILESIZE= - export HISTTIMEFORMAT="[%F %T] " - if [ -f /etc/debian_version ] - then - export DEBIAN_FRONTEND='noninteractive' - export LANG="en_US.UTF-8" - alias ls='ls --color=auto' - alias grep='grep --colour=auto' - alias egrep='egrep --colour=auto' - alias fgrep='fgrep --colour=auto' - fi - else - # show root@ when we don't have colors - PS1+='\u@\h \w \$' - fi - # execute for linuxmint - if [ -d /etc/linuxmint ] - then - grep -q /etc/profile.d/settings-from-ansible.sh ~/.bashrc || echo '. /etc/profile.d/settings-from-ansible.sh' >> ~/.bashrc - export LANG="de_DE.UTF-8" - #for rc in ~/.bashrc /etc/skel/.bashrc - #do - # grep -q /etc/profile.d/settings-from-ansible.sh $rc || echo '. /etc/profile.d/settings-from-ansible.sh' >> $rc - #done - fi - backup: yes - validate: /bin/bash -n %s - - - name: vim settings - blockinfile: - path: /etc/vim/vimrc.local - mode: "0444" - owner: root - group: root - create: yes - marker: "\" {mark} ANSIBLE MANAGED BLOCK" - block: | - :syntax on - let g:skip_defaults_vim = 1 - set encoding=utf-8 - set tabstop=2 softtabstop=0 expandtab shiftwidth=2 smarttab - syntax match nonascii "[^[:alnum:][:punct:][:space:]]/" - highlight nonascii guibg=Red ctermbg=2 - backup: yes - - - name: gaboshlib from git - ansible.builtin.git: - repo: 'https://gitea.ds9.dedyn.io/olli/gaboshlib.git' - dest: /etc/bash - force: yes - -