https://github.com/infertux/chef-sanity

Chef cookbook to standardize configuration of various machines (VM, cloud, bare metal, etc.) with a common set of packages and settings
https://github.com/infertux/chef-sanity

chef chef-cookbook debian sanity

Last synced: about 2 months ago
JSON representation

Chef cookbook to standardize configuration of various machines (VM, cloud, bare metal, etc.) with a common set of packages and settings

• Host: GitHub
• URL: https://github.com/infertux/chef-sanity
• Owner: infertux
• License: mit
• Created: 2018-02-17T15:20:18.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2026-03-01T03:11:38.000Z (4 months ago)
• Last Synced: 2026-03-01T06:40:05.710Z (4 months ago)
• Topics: chef, chef-cookbook, debian, sanity
• Language: Ruby
• Homepage: https://supermarket.chef.io/cookbooks/sanity
• Size: 275 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Audit: auditor.sh

Awesome Lists containing this project

README

          
# Sanity Cookbook

[![Funding](https://img.shields.io/liberapay/patrons/infertux.svg?logo=liberapay)](https://liberapay.com/infertux/donate)

[![Cookbook](https://img.shields.io/cookbook/v/sanity.svg)](https://supermarket.getchef.com/cookbooks/sanity)

[![Build Status](https://github.com/infertux/chef-sanity/actions/workflows/test.yml/badge.svg)](https://github.com/infertux/chef-sanity/actions)

***chef-sanity brings back your sanity as a sysadmin.***

This cookbook helps you standardize configuration on various machines.

It applies a common set of packages and settings to any machine (VM, cloud, bare metal, etc.) so you have a solid base to build on.

Here are some highlights of what it does:

- sets up a basic firewall with nftables or iptables to block incoming connections (IPv4 and IPv6)

- sets up NTP and set timezone to UTC

- sets up a reliable DNS resolver

- sets up automatic package updates

- hardens sshd config with public key authentication and strong ciphers

- sets up a local Mail Transfer Agent using Postfix to send emails to sysadmin

- sets up Monit to alert sysadmin when CPU, memory, disk, etc. is overused

- sets up SMART to monitor hard drive failures

- installs a few useful packages like tmux, btop, curl, etc.

- hardens various OS settings for better security

## Recipes

[`sanity::default`](https://github.com/infertux/chef-sanity/tree/master/recipes/default.rb) is a curated list of recipes that should fit most setups.

You can include [extra recipes](https://github.com/infertux/chef-sanity/tree/master/recipes) as you see fit.

## License

MIT