{"id":27342365,"url":"https://github.com/mist941/basic-server-configuration","last_synced_at":"2025-08-03T08:11:35.011Z","repository":{"id":285711084,"uuid":"957857613","full_name":"mist941/basic-server-configuration","owner":"mist941","description":"An Ansible playbook for automating secure server setup and configuration with sensible defaults for systems.","archived":false,"fork":false,"pushed_at":"2025-04-13T06:29:28.000Z","size":47,"stargazers_count":196,"open_issues_count":0,"forks_count":16,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-29T03:06:02.857Z","etag":null,"topics":["ansible","devops","linux","server","system-administration","system-administration-tool","tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mist941.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-31T08:51:59.000Z","updated_at":"2025-07-25T09:28:07.000Z","dependencies_parsed_at":"2025-04-02T09:32:45.906Z","dependency_job_id":"2d7947dc-1583-4531-8b1f-8afc2b316b32","html_url":"https://github.com/mist941/basic-server-configuration","commit_stats":null,"previous_names":["mist941/basic-server-configuration"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mist941/basic-server-configuration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mist941%2Fbasic-server-configuration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mist941%2Fbasic-server-configuration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mist941%2Fbasic-server-configuration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mist941%2Fbasic-server-configuration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mist941","download_url":"https://codeload.github.com/mist941/basic-server-configuration/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mist941%2Fbasic-server-configuration/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268512159,"owners_count":24261887,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-03T02:00:12.545Z","response_time":2577,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","devops","linux","server","system-administration","system-administration-tool","tools"],"created_at":"2025-04-12T16:29:57.494Z","updated_at":"2025-08-03T08:11:34.988Z","avatar_url":"https://github.com/mist941.png","language":"Shell","readme":"# Basic Server Configuration\n\nAn Ansible playbook for automating secure server setup and configuration with sensible defaults for systems.\n\n## 🚀 Features\n\n- **System Updates**: Keeps your servers up-to-date with the latest security patches\n- **Logging \u0026 Reporting**: \n  - Configures system logging with rsyslog\n  - Sets up log rotation with logrotate\n  - Generates HTML execution reports\n  - Maintains detailed Ansible logs\n- **User Management**: Creates a secure non-root user with sudo privileges\n- **SSH Hardening**: Configures SSH for key-based authentication only\n- **Firewall Setup**: Installs and configures UFW with secure defaults\n- **Security Enhancements**:\n  - Fail2ban for intrusion prevention\n  - Automatic security updates\n  - Sensible security defaults\n- **Time Synchronization**: Configures NTP for accurate system time\n- **Essential Packages**: Installs common utilities (vim, curl, htop, git, mtr)\n\n## 📋 Prerequisites\n\n- Ansible 2.9+\n- SSH key pair\n- Target Ubuntu servers\n- Local environment variables\n\n## 🔧 Setup \u0026 Configuration\n\n1. Clone this repository:\n   ```\n   git clone https://github.com/yourusername/basic-server-configuration.git\n   cd basic-server-configuration\n   ```\n\n2. Configure environment variables in the `.env` file, you can follow the sample file provided and fill in your data\n\n3. Update the `inventory.ini` file with your server IP addresses:\n   ```ini\n   [servers]\n   192.168.1.10\n   192.168.1.11\n   # Add your servers here\n   ```\n\n4. Run the playbook:\n   ```\n   ./run.sh\n   ```\n\n## 🛡️ What Gets Configured\n\n- Creates a new sudo user with SSH key authentication\n- Disables SSH password authentication and root login\n- Configures firewall (UFW) to allow only SSH\n- Sets up Fail2ban to prevent brute-force attacks\n- Configures automatic security updates\n- Installs essential system utilities\n- Sets timezone to Europe/Kyiv (configurable)\n- Configures comprehensive system logging with rsyslog\n- Sets up log rotation to manage log file sizes\n- Creates a dedicated directory for application logs\n- Implements basic log monitoring for large log files\n- Generates detailed HTML reports for each playbook run\n\n## ⚙️ Customization\n\nThe playbook has been modularized into roles for better organization and maintainability. To customize:\n\n- **System Updates**: Edit `roles/system_updates/tasks/main.yml`\n- **Logging Setup**: Edit `roles/logging_setup/tasks/main.yml`\n  - Modify rsyslog configuration in `roles/logging_setup/templates/rsyslog.conf.j2`\n  - Adjust log rotation settings in `roles/logging_setup/files/logrotate.conf`\n- **Time Configuration**: Edit `roles/time_configuration/tasks/main.yml`\n- **SSH Setup**: Edit `roles/ssh_setup/tasks/main.yml`\n- **User Management**: Edit `roles/user_management/tasks/main.yml`\n- **Package Installation**: Edit `roles/package_installation/tasks/main.yml`\n- **Security Setup**: Edit `roles/security_setup/tasks/main.yml`\n- **Automatic Updates**: Edit `roles/automatic_updates/tasks/main.yml`\n\nCommon customizations:\n- Change the timezone: Edit the timezone task in `roles/time_configuration/tasks/main.yml`\n- Modify the package list: Edit the package list in `roles/package_installation/tasks/main.yml`\n- Adjust security settings: Edit the security settings in `roles/security_setup/tasks/main.yml`\n- Configure logging:\n  - Enable remote logging: Uncomment and configure the remote logging line in `roles/logging_setup/templates/rsyslog.conf.j2`\n  - Change log rotation frequency: Modify rotation settings in `roles/logging_setup/files/logrotate.conf`\n  - Add custom application logs: Add new log paths in both rsyslog and logrotate configurations\n- Add or remove configuration tasks: Add or remove tasks in the appropriate role's task file\n\n## 🏷️ Using Tags\n\nThe playbook now supports tags, allowing you to selectively run or skip specific parts of the configuration. This is useful for:\n\n- Running only specific components during testing\n- Updating only certain aspects of your server configuration\n- Skipping parts that you've already configured or don't need\n\n### Available Tags\n\n- **system**: System-related tasks\n- **updates**: Update-related tasks (both system and automatic updates)\n- **logging**: Logging configuration tasks\n  - **rsyslog**: rsyslog-specific configuration\n  - **logrotate**: logrotate-specific configuration\n  - **log_monitoring**: Log monitoring tasks\n  - **log_directory**: Log directory creation\n- **time**: Time configuration tasks\n- **ssh**: SSH configuration tasks\n- **users**: User management tasks\n- **packages**: Package installation tasks\n- **security**: Security-related tasks\n  - **fail2ban**: Fail2ban configuration\n  - **ufw**: Firewall configuration\n- **automatic**: Automatic update configuration\n\n### Using Tags\n\nTo run only specific parts of the playbook, use the `--tags` option:\n\n```bash\n# Run only security-related tasks\nansible-playbook playbook.yml --tags security\n\n# Run only SSH and user management tasks\nansible-playbook playbook.yml --tags \"ssh,users\"\n\n# Run only fail2ban configuration\nansible-playbook playbook.yml --tags fail2ban\n```\n\nTo skip specific parts of the playbook, use the `--skip-tags` option:\n\n```bash\n# Run everything except automatic updates\nansible-playbook playbook.yml --skip-tags automatic\n\n# Run everything except security and logging\nansible-playbook playbook.yml --skip-tags \"security,logging\"\n```\n\nYou can also combine these approaches for more complex scenarios.\n\n## 🤝 Contributions\n\nStars and contributions are highly appreciated! If you find this project useful, please consider:\n\n- ⭐ Starring the repository\n- 🐛 Opening issues for bugs or feature requests\n- 📢 Sharing with fellow sysadmins and DevOps engineers\n\nLet's collaborate to build a more robust, secure, and feature-rich server configuration tool together!\n\n## 📜 License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmist941%2Fbasic-server-configuration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmist941%2Fbasic-server-configuration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmist941%2Fbasic-server-configuration/lists"}