https://github.com/punktde/ansible-proserver-system

Ansible role for setting up basic system settings
https://github.com/punktde/ansible-proserver-system
ansible proserver
Last synced: 5 months ago
JSON representation
Ansible role for setting up basic system settings
Host: GitHub
URL: https://github.com/punktde/ansible-proserver-system
Owner: punktDe
License: mit
Created: 2020-06-17T09:29:45.000Z (about 6 years ago)
Default Branch: main
Last Pushed: 2025-10-21T09:02:55.000Z (8 months ago)
Last Synced: 2025-10-21T10:36:24.057Z (8 months ago)
Topics: ansible, proserver
Language: Python
Homepage:
Size: 180 KB
Stars: 0
Watchers: 5
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

          

# ansible-proserver-system

system role for Proserver

## Supported Operating Systems

- Debian 12, 13

- Ubuntu 24.04, 22.04

- FreeBSD [Proserver](https://infrastructure.punkt.de/de/produkte/proserver.html)

## Role Arguments

#### Options for `system`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `root_group` | Root group name (automatically determined based on OS) | str | no | {{ 'root' if ansible_facts['os_family'] == 'Debian' else 'wheel' }} |

| `sshd` | SSH daemon configuration | dict of 'sshd' options | no | {} |

| `rsyslog` | Rsyslog configuration | dict of 'rsyslog' options | no | {} |

| `features` | Feature flags to enable/disable various role components | dict of 'features' options | no | {} |

| `prefix` | Path prefixes for various system components | dict of 'prefix' options | no | {} |

| `proserver_fact` | Proserver fact configuration | dict of 'proserver_fact' options | no | {} |

| `network` | Network configuration | dict of 'network' options | no | {} |

| `hostname` | Hostname configuration | str | no | None |

| `timezone` | System timezone | str | no | None |

| `netplan` | Netplan configuration | dict | no |  |

| `ufw` | UFW firewall configuration | dict of 'ufw' options | no | {} |

| `sysctl` | Sysctl kernel parameters | dict | no |  |

| `hosts` | /etc/hosts entries | dict | no |  |

| `environment` | System-wide environment variables | dict | no |  |

| `apt` | APT package management configuration | dict of 'apt' options | no | {} |

| `unattended_upgrades` | Unattended upgrades configuration | dict of 'unattended_upgrades' options | no | {} |

| `postfix` | Postfix mail server configuration | dict of 'postfix' options | no | {} |

| `sudoers` | Sudoers configuration files | dict | no |  |

| `groups` | System groups to create | dict | no |  |

| `users` | System users to create | dict | no |  |

| `users_delete` | List of users to delete | list of 'str' | no | [] |

| `motd` | Message of the day configuration | dict of 'motd' options | no | {} |

#### Options for `system.sshd`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `config` | SSH daemon configuration parameters | dict | no | {"MaxStartups": "100:30:100", "PasswordAuthentication": false, "PermitRootLogin": false} |

#### Options for `system.rsyslog`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `precise_timestamps` | Enable precise timestamps in rsyslog | bool | no | False |

#### Options for `system.features`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `rsyslog` | Enable rsyslog configuration | bool | no | {{ ansible_facts['system'] == 'Linux' }} |

| `sshd` | Enable SSH daemon configuration | bool | no | {{ ansible_facts['system'] == 'Linux' }} |

| `proserver_fact` | Enable proserver fact generation | bool | no | False |

| `hostname` | Enable hostname configuration | bool | no | True |

| `timezone` | Enable timezone configuration | bool | no | True |

| `netplan` | Enable netplan configuration | bool | no | {{ ansible_facts['distribution'] == 'Ubuntu' }} |

| `systemd_resolved` | Enable systemd-resolved configuration | bool | no | False |

| `ufw` | Enable UFW firewall configuration | bool | no | {{ ansible_facts['distribution'] == 'Ubuntu' }} |

| `sysctl` | Enable sysctl configuration | bool | no | {{ ansible_facts['system'] == 'Linux' }} |

| `hosts` | Enable /etc/hosts configuration | bool | no | True |

| `environment` | Enable system-wide environment variables | bool | no | True |

| `apt` | Enable APT package management (Debian/Ubuntu only) | bool | no | {{ ansible_facts['os_family'] == 'Debian' }} |

| `proserver_user` | Enable proserver user configuration | bool | no | False |

| `postfix` | Enable Postfix mail server configuration | bool | no | False |

| `users` | Enable user management | bool | no | True |

| `sudoers` | Enable sudoers configuration | bool | no | True |

| `authorized_keys` | Enable SSH authorized keys management | bool | no | True |

| `authorized_keys_delete` | Enable deletion of SSH authorized keys | bool | no | False |

| `motd` | Enable message of the day configuration | bool | no | True |

| `unattended_upgrades` | Enable unattended upgrades configuration (Debian/Ubuntu only) | bool | no | False |

#### Options for `system.prefix`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `sudoers` | Path prefix for sudoers configuration | str | no | {{ '/etc' if ansible_facts['system'] == 'Linux' else '/usr/local/etc' }} |

#### Options for `system.proserver_fact`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `python` | Python interpreter path for proserver facts | str | no | {{ '/usr/bin/env python3.8' if (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] == '18.04') else '/usr/bin/env python3' }} |

#### Options for `system.network`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `public_interfaces` | List of public network interfaces | list of 'str' | no | [] |

| `public_subnets` | List of public subnets | list of 'str' | no | [] |

#### Options for `system.ufw`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `reset` | Reset UFW to default state | bool | no | {{ system_ufw_reset | bool }} |

| `state` | UFW state (enabled/disabled) | str | no | None |

| `policy` | UFW default policy | str | no | None |

| `rules` | UFW firewall rules | dict | no |  |

#### Options for `system.apt`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `proxy` | APT proxy configuration | str | no | None |

| `packages` | APT packages to install (dict with package names as keys and boolean values) | dict | no |  |

| `version_locks` | APT package version locks (dict with package names as keys and version constraint values) | dict | no |  |

#### Options for `system.unattended_upgrades`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `config` | Unattended upgrades configuration parameters | dict of 'config' options | no |  |

#### Options for `system.unattended_upgrades.config`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `feature_updates` | By default, only security updates are installed. Setting this to 'true' will install feature updates as well | bool | no | False |

| `auto_clean` | Whether to automatically run apt-clean after the updates are installed | bool | no | True |

| `auto_reboot` | Automatic reboot configuration | dict | no | {"enabled": true, "time": "03:00"} |

| `blacklist` | A list of packages that shouldn't be automatically updated | list of '' | no | [] |

| `schedule` | Update schedule in systemd OnCalendar format | str | no | 20:00 |

| `mail` |  | dict of 'mail' options | no |  |

#### Options for `system.unattended_upgrades.config.mail`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `enable` | Enable unattended_upgrades mail reports | bool | no | True |

| `only_on_error` | Only send e-mails about errors | bool | no | True |

| `to` | The email address to send the e-mails to | str | no | None |

#### Options for `system.postfix`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `prefix` | Postfix configuration path prefix | dict of 'prefix' options | no | {} |

| `hash_maps` | Postfix hash maps | dict | no |  |

| `main.cf` | Postfix main.cf configuration | dict | no |  |

#### Options for `system.postfix.prefix`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `config` | Postfix configuration directory path | str | no | `{{ '/etc/postfix' if ansible_facts['system'] == 'Linux' else '/usr/local/etc/postfix' }}` |

#### Options for `system.motd`

|Option|Description|Type|Required|Default|

|---|---|---|---|---|

| `project` | Project name for MOTD | str | no | None |

| `banner_string` | Banner string for MOTD | str | no | punkt.de Proserver ASCII art |

| `details` | Additional details for MOTD | str | no | List of dehydrated domains and system hostnames |

## Dependencies

None.

## Installation

Add this role to the requirements.yml of your playbook as follows:

```yaml

roles:

  - name: ansible-proserver-system

    src: https://github.com/punktDe/ansible-proserver-system

```

Afterwards, install the role by running `ansible-galaxy install -r requirements.yml`

## Example Playbook

```yaml

- hosts: all

  roles:

    - name: system

```
ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/punktde/ansible-proserver-system

Awesome Lists containing this project

README
