https://github.com/programmer-ke/ansible-ubuntu-common
An ansible script that bootstraps an ubuntu server
https://github.com/programmer-ke/ansible-ubuntu-common
ansible-role fail2ban reboot ssh ubuntu-server
Last synced: 8 months ago
JSON representation
An ansible script that bootstraps an ubuntu server
- Host: GitHub
- URL: https://github.com/programmer-ke/ansible-ubuntu-common
- Owner: programmer-ke
- Created: 2017-01-09T12:06:11.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-02-09T11:47:56.000Z (over 8 years ago)
- Last Synced: 2025-01-03T21:43:42.588Z (9 months ago)
- Topics: ansible-role, fail2ban, reboot, ssh, ubuntu-server
- Language: Shell
- Size: 11.7 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ansible-ubuntu-common
An ansible script that bootstraps an ubuntu server
The overall steps are:
- Lock down ssh
- Lock down sudoers
- Set up hostname
- NTP for time synchronization
- Locale configuration
- Firewall setup with fail2ban to block ssh bruteforce attempts
- Unattended security upgrades
- Useful tools/packages from default ubuntu repo e.g. emacs :)
## Required Variables
- `short_name` - system name
- `ip_address` - Static IP address of the server
- `etc_hosts_entry` - An entry in /etc/hosts mapping your static ip to your fqdn
- `locale` - Your default system locale e.g. en_US.UTF-8
- `timezone` - Timezone as appears in tzdata e.g. 'Africa/Nairobi'
- `allowed_tcp_ports` - Allowed iptables INPUT TCP ports (including ssh)
- `additional_iptables_rules` - A list of additional iptables rules
- `fail2ban_mail_recipient` - Mail recepient for fail2ban notifications (default root@localhost)
- `reboot_on_upgrade` - whether to reboot when unattended upgrades require it (default "no")
- `reboot_time` - What time to reboot in format HH:MM (default "now")
- `additional_packages` - Additional packages from default repo that should be present (default: emacs-nox)
## TODO
- Add tests
- add to galaxy