From c4578d646a63e12fbc7d03d93b50cf533509b005 Mon Sep 17 00:00:00 2001 From: Sangelo Date: Sat, 6 Jan 2024 17:47:21 +0100 Subject: [PATCH] Update requirements.yml --- collections/requirements.yml | 2 +- roles/common/tasks/main.yml | 10 -- roles/common_secure/defaults/main.yml | 16 --- roles/common_secure/files/sangelo.pub | 1 - roles/common_secure/handlers/main.yml | 4 - roles/common_secure/tasks/main.yml | 99 ------------------- roles/common_tools/tasks/main.yml | 9 -- roles/common_tweaks/defaults/main.yml | 1 - .../files/etc/update-motd.d/01-motd | 45 --------- roles/common_tweaks/tasks/main.yml | 42 -------- 10 files changed, 1 insertion(+), 228 deletions(-) delete mode 100644 roles/common/tasks/main.yml delete mode 100644 roles/common_secure/defaults/main.yml delete mode 100644 roles/common_secure/files/sangelo.pub delete mode 100644 roles/common_secure/handlers/main.yml delete mode 100644 roles/common_secure/tasks/main.yml delete mode 100644 roles/common_tools/tasks/main.yml delete mode 100644 roles/common_tweaks/defaults/main.yml delete mode 100644 roles/common_tweaks/files/etc/update-motd.d/01-motd delete mode 100644 roles/common_tweaks/tasks/main.yml diff --git a/collections/requirements.yml b/collections/requirements.yml index 57a15de..56a1d7d 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,4 @@ --- collections: - - name: community.general + # - name: community.general - name: ansible.posix \ No newline at end of file diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml deleted file mode 100644 index 755f8ee..0000000 --- a/roles/common/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Run all common tasks - ansible.builtin.include_role: - name: '{{ common_role }}' - loop: - - 'common_secure' - # - 'common_mgmt' - - 'common_tools' - - 'common_tweaks' - loop_control: - loop_var: common_role diff --git a/roles/common_secure/defaults/main.yml b/roles/common_secure/defaults/main.yml deleted file mode 100644 index 885d9e3..0000000 --- a/roles/common_secure/defaults/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Make a full system upgrade (using apt-get full-upgrade) -common_full_upgrade: false - -# Install and configure UFW Firewall on the system -common_firewall_enable: true -common_firewall_reject: false # reject all connections by default -common_firewall_ssh: true # allow ssh connections -common_firewall_https: false # allow https connections -common_firewall_http: false # allow http connections - -# Configure SSH to only accept SSH Keys -common_ssh_configure: true - -# This locks the root account *password*, but still allows SSH Key and sudo logins -# To unlock the password, set this to false. -common_lock_root: true \ No newline at end of file diff --git a/roles/common_secure/files/sangelo.pub b/roles/common_secure/files/sangelo.pub deleted file mode 100644 index ba331d7..0000000 --- a/roles/common_secure/files/sangelo.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFg9CWMZHj6ksnVsxsZf/6sP6ae1kP2FSMPcfguYmXs1 contact@sangelo.space diff --git a/roles/common_secure/handlers/main.yml b/roles/common_secure/handlers/main.yml deleted file mode 100644 index a7a1530..0000000 --- a/roles/common_secure/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart ssh - ansible.builtin.service: - name: sshd - state: restarted \ No newline at end of file diff --git a/roles/common_secure/tasks/main.yml b/roles/common_secure/tasks/main.yml deleted file mode 100644 index 7f40fcc..0000000 --- a/roles/common_secure/tasks/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# roles/common_secure/tasks/main.yml - -- name: Upgrade system packages - ansible.builtin.apt: - update_cache: true - upgrade: full - when: common_full_upgrade - -- name: Install UFW Firewall - ansible.builtin.apt: - name: ufw - # update_cache: true - state: present - when: common_firewall_enable - -- name: Enable UFW - community.general.ufw: - state: enabled - logging: 'on' - when: common_firewall_enable - -- name: Disable UFW Firewall - ansible.builtin.apt: - name: ufw - state: absent - when: not common_firewall_enable - -- name: Reject incoming connections by default - community.general.ufw: - policy: reject - comment: 'Reject all by default' - when: common_firewall_reject and common_firewall_enable - -- name: Allow SSH Connections - community.general.ufw: - rule: limit - port: ssh - proto: tcp - comment: 'Allow SSH' - when: common_firewall_ssh and common_firewall_enable - -- name: Allow HTTPS Connections - community.general.ufw: - rule: allow - port: https - proto: tcp - comment: 'Allow HTTPS' - when: common_firewall_https and common_firewall_enable - -- name: Allow HTTP Connections - community.general.ufw: - rule: allow - port: http - proto: tcp - comment: 'Allow HTTP' - when: common_firewall_http and common_firewall_enable - -- name: Configure SSH to disallow passwords - ansible.builtin.lineinfile: - path: /etc/ssh/sshd_config - regexp: "{{ ssh_config_entry.regexp }}" - line: "{{ ssh_config_entry.line }}" - state: present - loop: - - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' } - loop_control: - loop_var: ssh_config_entry - notify: restart ssh - when: common_ssh_configure - -- name: Add authorized ssh keys for root - ansible.posix.authorized_key: - user: root - state: present - key: "{{ lookup('file', ssh_key_file) }}" - loop: "{{ query('fileglob', '../files/*') }}" - loop_control: - loop_var: ssh_key_file - -- name: Lock the root account - ansible.builtin.user: - name: root - password_lock: "{{ 'no' if common_lock_root is defined and not common_lock_root else 'yes' }}" - -# - name: Configure SSH to disallow root login -# ansible.builtin.lineinfile: -# path: /etc/ssh/sshd_config -# regexp: '^PermitRootLogin' -# line: 'PermitRootLogin no' -# state: present -# notify: restart ssh -# when: common_ssh_configure - -# - name: Disable root shell -# ansible.builtin.user: -# name: root -# shell: /usr/sbin/nologin -# when: common_disable_root diff --git a/roles/common_tools/tasks/main.yml b/roles/common_tools/tasks/main.yml deleted file mode 100644 index b78cf49..0000000 --- a/roles/common_tools/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# roles/common_tools/tasks/main.yml -- name: Install common tools - ansible.builtin.apt: - pkg: - - vim - - curl - update_cache: true - state: present \ No newline at end of file diff --git a/roles/common_tweaks/defaults/main.yml b/roles/common_tweaks/defaults/main.yml deleted file mode 100644 index be320fb..0000000 --- a/roles/common_tweaks/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -proxmox_id: "'PLEASE SET IN ANSIBLE'" \ No newline at end of file diff --git a/roles/common_tweaks/files/etc/update-motd.d/01-motd b/roles/common_tweaks/files/etc/update-motd.d/01-motd deleted file mode 100644 index c3ba54f..0000000 --- a/roles/common_tweaks/files/etc/update-motd.d/01-motd +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -source /etc/environment - -# Function to get usage and colorize based on the percentage -get_usage_color() { - local usage=$1 - if [ $usage -lt 60 ]; then - echo -e "\e[32m${usage}%\e[0m" # Dark Green for < 60% - elif [ $usage -lt 80 ]; then - echo -e "\e[92m${usage}%\e[0m" # Green for >= 60% and < 80% - elif [ $usage -lt 90 ]; then - echo -e "\e[93m${usage}%\e[0m" # Orange for >= 80% and < 90% - else - echo -e "\e[91m${usage}%\e[0m" # Red for >= 90% - fi -} - -echo "====================" - -# Hostname -echo "Connecting to: $(hostname) ($PROXMOX_ID)" - -# CPU Usage -cpu_usage=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage}') -cpu_color=$(get_usage_color ${cpu_usage%.*}) -echo "CPU Usage: $cpu_color" - -# RAM Usage -ram_usage=$(free | grep Mem | awk '{print $3/$2 * 100.0}') -ram_color=$(get_usage_color ${ram_usage%.*}) -echo "RAM Usage: $ram_color" - -# Disk Usage -disk_usage=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//g') -disk_color=$(get_usage_color $disk_usage) -echo "Disk Usage: $disk_color" - -# Swap Usage -swap_usage=$(free | grep Swap | awk '{print $3/$2 * 100.0}') -swap_color=$(get_usage_color ${swap_usage%.*}) -echo "Swap Usage: $swap_color" - -echo -e "==================== -" diff --git a/roles/common_tweaks/tasks/main.yml b/roles/common_tweaks/tasks/main.yml deleted file mode 100644 index b33fc4e..0000000 --- a/roles/common_tweaks/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# roles/common_tweaks/tasks/main.yml - -- name: Find existing files in /etc/update-motd.d - ansible.builtin.find: - paths: /etc/update-motd.d - register: files_to_remove - -- name: Remove other files in /etc/update-motd.d - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - with_items: "{{ files_to_remove.files }}" - when: item.path != '/etc/update-motd.d/01-motd' - -- name: Copy 01-motd to /etc/update-motd.d on remote host - ansible.builtin.copy: - src: ../files/etc/update-motd.d/01-motd - dest: /etc/update-motd.d/01-motd - mode: '0755' - -- name: Ensure /etc/motd is empty - ansible.builtin.copy: - content: '' - dest: /etc/motd - mode: '0644' - -- name: Add Proxmox-ID to /etc/environment ({{ proxmox_id }}) - ansible.builtin.lineinfile: - path: /etc/environment - regexp: '^PROXMOX_ID=' - line: 'PROXMOX_ID={{ proxmox_id }}' - create: yes - state: present - -- name: Add a warning comment - ansible.builtin.lineinfile: - path: /etc/environment - insertbefore: "^PROXMOX_ID=" - line: "# Do not change the line below - it is set by Ansible" - create: yes - state: present