{"id":15051129,"url":"https://github.com/ansibleguy/linux_bootstrap","last_synced_at":"2025-04-10T02:22:00.956Z","repository":{"id":53920685,"uuid":"338817762","full_name":"ansibleguy/linux_bootstrap","owner":"ansibleguy","description":"Ansible Role to provision basic Linux settings","archived":false,"fork":false,"pushed_at":"2024-10-06T11:41:47.000Z","size":404,"stargazers_count":4,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"latest","last_synced_at":"2024-10-13T17:42:58.735Z","etag":null,"topics":["ansible","ansible-role","automation","debian-linux","iac","infrastructure-as-code","linux-server"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansibleguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"ansible0guy","github":"ansibleguy"}},"created_at":"2021-02-14T13:59:47.000Z","updated_at":"2024-10-06T11:41:50.000Z","dependencies_parsed_at":"2023-02-15T17:16:08.822Z","dependency_job_id":"c4b17c85-4ef4-4c0a-8728-711a46535453","html_url":"https://github.com/ansibleguy/linux_bootstrap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Flinux_bootstrap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Flinux_bootstrap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Flinux_bootstrap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Flinux_bootstrap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansibleguy","download_url":"https://codeload.github.com/ansibleguy/linux_bootstrap/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248143163,"owners_count":21054719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","automation","debian-linux","iac","infrastructure-as-code","linux-server"],"created_at":"2024-09-24T21:31:05.150Z","updated_at":"2025-04-10T02:22:00.933Z","avatar_url":"https://github.com/ansibleguy.png","language":"Jinja","readme":"# Ansible Role - Linux Bootstrap\nAnsible Role to bootstrap linux servers.\n\nIt runs some basic setup tasks to bring a cleanly installed linux server up to the needed standards for further usage.\n\n[![Lint](https://github.com/ansibleguy/linux_bootstrap/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/linux_bootstrap/actions/workflows/lint.yml)\n[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/linux_bootstrap)\n\n**Molecule Integration-Tests**:\n\n* Status: [![Molecule Test Status](https://badges.ansibleguy.net/linux_bootstrap.molecule.svg)](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |\n[![Functional-Tests](https://github.com/ansibleguy/linux_bootstrap/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/ansibleguy/linux_bootstrap/actions/workflows/integration_test_result.yml)\n* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-molecule-linux_bootstrap/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70\u0026lines=1000) | [Short](https://badges.ansibleguy.net/log/molecule_linux_bootstrap_test_short.log) | [Full](https://badges.ansibleguy.net/log/molecule_linux_bootstrap_test.log)\n\nInternal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)\n\n**Tested:**\n* Debian 11\n* Debian 12\n\n----\n\n## Install\n\n```bash\n# latest\nansible-galaxy role install git+https://github.com/ansibleguy/linux_bootstrap\n\n# from galaxy\nansible-galaxy install ansibleguy.linux_bootstrap\n\n# or to custom role-path\nansible-galaxy install ansibleguy.linux_bootstrap --roles-path ./roles\n\n# install dependencies\nansible-galaxy install -r requirements.yml\npython3 -m pip install -r requirements.txt\n```\n\n----\n\n## Advertisement\n\n* Need **professional support** using Ansible or Linux? Contact us:\n\n  E-Mail: [contact@oxl.at](mailto:contact@oxl.at)\n\n  Tel: [+43 3115 40 900 0](tel:+433115409000)\n\n  Web: [EN](https://www.o-x-l.com) | [DE](https://www.oxl.at)\n\n  Language: German or English\n\n* You want a simple **Ansible GUI**?\n\n  Check-out this [Ansible WebUI](https://github.com/ansibleguy/webui)\n\n----\n\n## Usage\n\n### Config\n\nDefine the ssh/update/user/group/network/ufw config as needed.\n\n```yaml\nbootstrap:\n  configure_network: true\n  configure_firewall: true\n  configure_users: true\n  install_tools: true\n  \n  host_fqdn: 'host.bootstrap.template.ansibleguy.net'  # optional\n  \n  ssh:\n    configure: true\n    port: 10022\n    auto_pwd: false\n    # auth_multi: true  # if you want to enforce pwd \u0026 pubkey combined for ssh-authentication\n    msg: true  # show pre- and post-login banners\n    welcome_msg:\n      - 'Welcome to the secret server!'\n\n  auto_update:\n    enable: true\n    exclude_kernel: true\n    exclusions: ['haproxy']\n    logging_verbose: true\n\nsystem_auth:\n  users:  # more info: https://github.com/ansibleguy/linux_users\n    guy:\n      comment: 'AnsibleGuy'\n      ssh_pub: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKkIlii1iJM240yPSPS5WhrdQwGFa7BTJZ59ia40wgVWjjg1JlTtr9K2W66fNb2zNO7tLkaNzPddMEsov2bJAno= guy@ansibleguy.net'\n  \n  groups:\n    ag_users:\n      members: []\n    ag_admins:\n      members: ['guy']\n      member_of: ['ag_users']\n\nnetwork:  # more info: https://github.com/ansibleguy/linux_networking\n  interfaces:\n    ens192:\n      address: '192.168.142.90/24'\n      gateway: '192.168.142.1'\n\nufw_rules:  # more info: https://github.com/ansibleguy/linux_ufw\n  ssh:\n    port: 10022\n    proto: 'tcp'\n    log: true\n    rule: 'limit'\n  webServer:\n    port: 80,443\n    proto: 'tcp'\n```\n\n### Execution\n\nI've not yet found a solution for reloading the 'meta-variables' (_like the targets ip-address, ssh-port and ssh-credentials_) so the bootstrapping can be done in one run. See also: [Issue](https://github.com/ansibleguy/linux_bootstrap/issues/1)\n\nTherefor the bootstrapping got 'part'-flags as shown in the example below. \n\nRun the playbook:\n```bash\n# prerequisites:\n#   1. you must be able to connect via ssh with a user that has root privileges\n#     the easiest way to do this - is to set 'PermitRootLogin' to 'yes' temporarily and restart the sshd service\n#   2. connect to the server one time using ssh to mark the host-key as known\n\n# 1. connecting the first time using root, the default ssh-port and currently active ip\n#   this part will deploy: basics, auto-update, users \u0026 groups, ssh- and ufw-config\n#   NOTE: you might need to add the '--ask-vault-pass' flag if you're using ansible-vault to secure your user-passwords\n\n#   example using root\ninit_user=\"root\"\ninit_port=22\ninit_ip=\"192.168.0.1\"\nansible-playbook --ask-pass -D -i inventory/hosts.yml playbook.yml -e ansible_port=\"$init_port\" -e ansible_user=\"$init_user\" -e ansible_host=\"$init_ip\" -e part=1\n\n#   example using other privileged user\nansible-playbook --ask-become-pass -D -i inventory/hosts.yml playbook.yml -e ansible_port=\"$init_port\" -e ansible_user=\"$init_user\" -e ansible_host=\"$init_ip\" -e part=1\n\n# 2. re-run to deploy the network config\n#   NOTE: if the ip-address changes - the network task will show an error\n#   example using a privileged user\nansible-playbook --ask-become-pass -D -i inventory/hosts.yml playbook.yml -e ansible_host=\"$init_ip\" --ask-vault-pass -e part=2\n\n# after this setup you can re-run the bootstrapping as often as you want/need to update its config\n#   NOTE: you might need to add the '--ask-vault-pass' flag if you're using ansible-vault to secure your user-passwords\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml\n```\n\nThere are also some useful **tags** available:\n* base\n* interfaces\n* routing\n* auth\n* update\n* ufw\n* ssh\n* part1\n* part2\n\n----\n\n## Functionality\n\n* **Package installation**\n  * Ansible dependencies (_minimal_)\n  * Administrative tools\n  * Virtual machine guest-tools (_vmware/kvm_)\n  * lightweight administrative tools\n\n\n* **Default opt-in**:\n  * OpenSSH server\n  * Users/Groups =\u003e using [THIS](https://github.com/ansibleguy/linux_users) role\n\n\n* **Default opt-out**:\n  * Auto-updates\n  * UFW =\u003e using [THIS](https://github.com/ansibleguy/linux_ufw) role\n  * Network(-interfaces) =\u003e using [THIS](https://github.com/ansibleguy/linux_networking) role\n\n\n## Info\n\n* **Note:** Most of the role's functionality can be opted in or out.\n\n  For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/linux_bootstrap/blob/latest/defaults/main/1_main.yml)!\n\n\n\n* **Note:** this role currently only supports debian-based systems\n\n\n* **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!\n\n\n* **Info:** Prerequisites:\n\n  1. You must be able to connect via ssh with a user that has root privileges.\n  The easiest way to do this - is to set 'PermitRootLogin' to 'yes' temporarily and restart the sshd service.\n\n  2. Connect to the server one time using ssh to mark the host-key as known.\n","funding_links":["https://ko-fi.com/ansible0guy","https://github.com/sponsors/ansibleguy"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Flinux_bootstrap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansibleguy%2Flinux_bootstrap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Flinux_bootstrap/lists"}