Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/infertux/chef-sanity

Chef cookbook to standardize configuration of various machines (VM, cloud, bare metal, etc.) with a common set of packages and settings
https://github.com/infertux/chef-sanity

chef chef-cookbook debian sanity

Last synced: 6 days ago
JSON representation

Chef cookbook to standardize configuration of various machines (VM, cloud, bare metal, etc.) with a common set of packages and settings

Host: GitHub
URL: https://github.com/infertux/chef-sanity
Owner: infertux
License: mit
Created: 2018-02-17T15:20:18.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-10-30T05:00:24.000Z (7 days ago)
Last Synced: 2024-10-30T08:29:44.617Z (7 days ago)
Topics: chef, chef-cookbook, debian, sanity
Language: Ruby
Homepage: https://supermarket.chef.io/cookbooks/sanity
Size: 277 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Audit: auditor.sh

Awesome Lists containing this project

README

        # Sanity Cookbook

[![Funding](https://img.shields.io/liberapay/patrons/infertux.svg?logo=liberapay)](https://liberapay.com/infertux/donate)

[![Cookbook](https://img.shields.io/cookbook/v/sanity.svg)](https://supermarket.getchef.com/cookbooks/sanity)

[![Build Status](https://github.com/infertux/chef-sanity/actions/workflows/test.yml/badge.svg)](https://github.com/infertux/chef-sanity/actions)

This cookbook helps you standardize configuration on various machines.

It applies a common set of packages and settings to any machine (VM, cloud, bare metal, etc.) so you have a solid base to build on.

Here are some highlights of what it does:

- sets up a basic firewall with nftables or iptables to block incoming connections (IPv4 and IPv6)

- sets up NTP and set timezone to UTC

- sets up a reliable DNS resolver

- sets up automatic package updates

- hardens sshd config with public key authentication and strong ciphers

- sets up a local MTA using Postfix to send emails to sysadmin

- sets up Monit to alert sysadmin when CPU, memory, disk, etc. is overused

- sets up SMART to monitor hard drive failures

- installs a few useful packages like tmux, htop, curl, etc.

- hardens various OS settings for better security

## Recipes

[`sanity::default`](https://github.com/infertux/chef-sanity/tree/master/recipes/default.rb) is a curated list of recipes that should fit most setups.

You can include [extra recipes](https://github.com/infertux/chef-sanity/tree/master/recipes) as you see fit.

## License

MIT