{"id":21733910,"url":"https://github.com/avonae/ansible-playbooks","last_synced_at":"2025-09-02T06:34:11.243Z","repository":{"id":261588724,"uuid":"884757373","full_name":"Avonae/ansible-playbooks","owner":"Avonae","description":"Ansible playbook for secure and easy ubuntu installation","archived":false,"fork":false,"pushed_at":"2025-08-22T17:04:20.000Z","size":126,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-02T06:33:39.613Z","etag":null,"topics":["ansible","hardening","rsa","security","ssh","ubuntu"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Avonae.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-07T10:35:45.000Z","updated_at":"2025-08-22T17:04:24.000Z","dependencies_parsed_at":"2025-02-11T12:21:47.634Z","dependency_job_id":"d0b35432-a145-4ecd-818a-cb00d6214584","html_url":"https://github.com/Avonae/ansible-playbooks","commit_stats":null,"previous_names":["avonae/ansible-playbooks"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Avonae/ansible-playbooks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avonae%2Fansible-playbooks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avonae%2Fansible-playbooks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avonae%2Fansible-playbooks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avonae%2Fansible-playbooks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Avonae","download_url":"https://codeload.github.com/Avonae/ansible-playbooks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avonae%2Fansible-playbooks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273244306,"owners_count":25070958,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","hardening","rsa","security","ssh","ubuntu"],"created_at":"2024-11-26T05:06:59.878Z","updated_at":"2025-09-02T06:34:11.205Z","avatar_url":"https://github.com/Avonae.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ubuntu server Ansible secure setup\n[![ansible-lint](https://github.com/Avonae/ansible-playbooks/actions/workflows/ansible-lint.yml/badge.svg?branch=main)](https://github.com/Avonae/ansible-playbooks/actions/workflows/ansible-lint.yml)\n\nThis playbook allows you to configure Ubuntu quickly and securely. Assuming that [Ansible has been already installed](https://docs.ansible.com/ansible/latest/installation_guide/) on your system.\nThe main actions performed by the playbook are:\n\n- Changes the SSH port to a random one within the range 20000-30000\n- Disables root authentication and password authentication\n- Adds the server's IP, port, and username to ~/.ssh/config on the host machine\n- Adds the SSH port to UFW and enables it\nAdditionally, you can also install updates. \n\nThe installation consist of 3 parts:\n\n1. System configuration and Setup — tag `system_setup`\n2. Secure SSH configuration — tag `ssh_setup`\n3. User Profile Setup — tag `profile_update`\n\nYou can skip the `profile_update` and `ssh_setup` tags, but you can't skip `system_setup` because a user is created there which is used in the following roles.\n\n```shell\nansible-playbook playbook.yml --tags \"system_setup,ssh_setup\"\n```\n\n# Usage\nFor default installation you should have a clean ubuntu server with `root` user available through SSH.\n\n1. Download the repository:\n```shell\ngit clone https://github.com/Avonae/ansible-playbooks.git\n```\n2. Change the directory:\n```shell\ncd ansible-playbooks\n```\n3. Change server IP address to yours in `inventory.ini` file\n4. Change root password in `group_vars/all.yml` file\n5. Start the installation \n```shell\nansible-playbook playbook.yml\n```\nAfter installing you'll get a message with connection details:\n\n![image](https://github.com/user-attachments/assets/17ab42bf-6fab-4f47-acd8-cd3fac92aa16)\n\n```shell\nssh server_ip\n```\nAnd get connected via sudo user:\n\n![image](https://github.com/user-attachments/assets/ada9fdca-c10c-4e49-b972-941dff3bf337)\n\nThat's it.\nIf you want detailed output, uncomment this line in `ansible.cfg`:\n```yaml\nverbosity = 2 #uncomment this if you want to show detailed information\n```\n\n# Default variables\nThe repository already have variables file in `group_vars/all.yml` like:\n```yaml\n# domain_name:\nsuper_user: \"root\"\nserver_user: \"user\" # Put name of your sudo user here\nssh_old_port: 22\ntime_zone: \"Asia/Tbilisi\" # Put your timezone here. This is Linux timezone format \nenable_ufw: true\nupdate_install: false # Enable this if you want apt update \u0026\u0026 apt upgrade will will be executed. Please note that this may take a long time.\nnecessary_packages:\n  - htop # and other packages\n```\nChange them for your needs.\n\n# What exactly does the playbook do?\nDetailed list of actions below.\n\n## System Configuration and Setup\n\nThis role configures core system settings such as hostname, timezone and logging.\n\n1. Set Hostname\n2. Set Timezone\n3. Install Necessary Packages an enable rsyslog\n4. Disable Swap\n5. Create user and adding it to `sudo` group\n\n---\n## Secure SSH Configuration\n\nThis role secures SSH access on the server by setting up RSA key-based authentication, and disabling root login and password-based authentication.\n\n1. Generate SSH Key Pair\n3. Add Public Key to Authorized Keys\n4. Disable SSH socket daemon and enable SSH old-fashioned service\n5. Adding new generated SSH port to UFW\n6. Adding user, port, IP-address and private kay to ~/.ssh/config file on host machine\n7. Restarting SSH Service\n\n---\n\n## User Profile Setup\n\nThis role installs Neovim, adds it to the user’s `PATH`, and customizes the user’s profile settings in `.bashrc` for enhanced productivity.\n\n1. Neovim installation\n2. Activating `.bashrc` aliases and make alias for vim=nvim\n\n## Post tasks\nPost tasks include \n1. Apt ugrade -y\n2. Enabling UFW if you the the `ufw_enable` variable is set\n\n# What's next?\nI want to add this feauters later:\n- docker rootless setup\n- saving generated user password for later usage in Ansible vault\n- outline server install and restore from backup\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favonae%2Fansible-playbooks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favonae%2Fansible-playbooks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favonae%2Fansible-playbooks/lists"}