From c4578d646a63e12fbc7d03d93b50cf533509b005 Mon Sep 17 00:00:00 2001
From: Sangelo <contact@sangelo.space>
Date: Sat, 6 Jan 2024 17:47:21 +0100
Subject: [PATCH] Update requirements.yml

---
 collections/requirements.yml                  |  2 +-
 roles/common/tasks/main.yml                   | 10 --
 roles/common_secure/defaults/main.yml         | 16 ---
 roles/common_secure/files/sangelo.pub         |  1 -
 roles/common_secure/handlers/main.yml         |  4 -
 roles/common_secure/tasks/main.yml            | 99 -------------------
 roles/common_tools/tasks/main.yml             |  9 --
 roles/common_tweaks/defaults/main.yml         |  1 -
 .../files/etc/update-motd.d/01-motd           | 45 ---------
 roles/common_tweaks/tasks/main.yml            | 42 --------
 10 files changed, 1 insertion(+), 228 deletions(-)
 delete mode 100644 roles/common/tasks/main.yml
 delete mode 100644 roles/common_secure/defaults/main.yml
 delete mode 100644 roles/common_secure/files/sangelo.pub
 delete mode 100644 roles/common_secure/handlers/main.yml
 delete mode 100644 roles/common_secure/tasks/main.yml
 delete mode 100644 roles/common_tools/tasks/main.yml
 delete mode 100644 roles/common_tweaks/defaults/main.yml
 delete mode 100644 roles/common_tweaks/files/etc/update-motd.d/01-motd
 delete mode 100644 roles/common_tweaks/tasks/main.yml

diff --git a/collections/requirements.yml b/collections/requirements.yml
index 57a15de..56a1d7d 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -1,4 +1,4 @@
 ---
 collections:
-  - name: community.general
+  # - name: community.general
   - name: ansible.posix
\ No newline at end of file
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
deleted file mode 100644
index 755f8ee..0000000
--- a/roles/common/tasks/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: Run all common tasks
-  ansible.builtin.include_role:
-    name: '{{ common_role }}'
-  loop:
-    - 'common_secure'
-    # - 'common_mgmt'
-    - 'common_tools'
-    - 'common_tweaks'
-  loop_control:
-    loop_var: common_role
diff --git a/roles/common_secure/defaults/main.yml b/roles/common_secure/defaults/main.yml
deleted file mode 100644
index 885d9e3..0000000
--- a/roles/common_secure/defaults/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# Make a full system upgrade (using apt-get full-upgrade)
-common_full_upgrade: false
-
-# Install and configure UFW Firewall on the system
-common_firewall_enable: true
-common_firewall_reject: false # reject all connections by default
-common_firewall_ssh: true # allow ssh connections
-common_firewall_https: false # allow https connections
-common_firewall_http: false # allow http connections
-
-# Configure SSH to only accept SSH Keys
-common_ssh_configure: true
-
-# This locks the root account *password*, but still allows SSH Key and sudo logins
-# To unlock the password, set this to false.
-common_lock_root: true
\ No newline at end of file
diff --git a/roles/common_secure/files/sangelo.pub b/roles/common_secure/files/sangelo.pub
deleted file mode 100644
index ba331d7..0000000
--- a/roles/common_secure/files/sangelo.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFg9CWMZHj6ksnVsxsZf/6sP6ae1kP2FSMPcfguYmXs1 contact@sangelo.space
diff --git a/roles/common_secure/handlers/main.yml b/roles/common_secure/handlers/main.yml
deleted file mode 100644
index a7a1530..0000000
--- a/roles/common_secure/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: restart ssh
-  ansible.builtin.service:
-    name: sshd
-    state: restarted
\ No newline at end of file
diff --git a/roles/common_secure/tasks/main.yml b/roles/common_secure/tasks/main.yml
deleted file mode 100644
index 7f40fcc..0000000
--- a/roles/common_secure/tasks/main.yml
+++ /dev/null
@@ -1,99 +0,0 @@
----
-# roles/common_secure/tasks/main.yml
-
-- name: Upgrade system packages
-  ansible.builtin.apt:
-    update_cache: true
-    upgrade: full
-  when: common_full_upgrade
-
-- name: Install UFW Firewall
-  ansible.builtin.apt:
-    name: ufw
-    # update_cache: true
-    state: present
-  when: common_firewall_enable
-
-- name: Enable UFW
-  community.general.ufw:
-    state: enabled
-    logging: 'on'
-  when: common_firewall_enable
-
-- name: Disable UFW Firewall
-  ansible.builtin.apt:
-    name: ufw
-    state: absent
-  when: not common_firewall_enable
-
-- name: Reject incoming connections by default
-  community.general.ufw:
-    policy: reject
-    comment: 'Reject all by default'
-  when: common_firewall_reject and common_firewall_enable
-
-- name: Allow SSH Connections
-  community.general.ufw:
-    rule: limit
-    port: ssh
-    proto: tcp
-    comment: 'Allow SSH'
-  when: common_firewall_ssh and common_firewall_enable
-
-- name: Allow HTTPS Connections
-  community.general.ufw:
-    rule: allow
-    port: https
-    proto: tcp
-    comment: 'Allow HTTPS'
-  when: common_firewall_https and common_firewall_enable
-
-- name: Allow HTTP Connections
-  community.general.ufw:
-    rule: allow
-    port: http
-    proto: tcp
-    comment: 'Allow HTTP'
-  when: common_firewall_http and common_firewall_enable
-
-- name: Configure SSH to disallow passwords
-  ansible.builtin.lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: "{{ ssh_config_entry.regexp }}"
-    line: "{{ ssh_config_entry.line }}"
-    state: present
-  loop:
-    - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
-  loop_control:
-    loop_var: ssh_config_entry
-  notify: restart ssh
-  when: common_ssh_configure
-
-- name: Add authorized ssh keys for root
-  ansible.posix.authorized_key:
-    user: root
-    state: present
-    key: "{{ lookup('file', ssh_key_file) }}"
-  loop: "{{ query('fileglob', '../files/*') }}"
-  loop_control:
-    loop_var: ssh_key_file
-
-- name: Lock the root account
-  ansible.builtin.user:
-    name: root
-    password_lock: "{{ 'no' if common_lock_root is defined and not common_lock_root else 'yes' }}"
-
-# - name: Configure SSH to disallow root login
-#   ansible.builtin.lineinfile:
-#     path: /etc/ssh/sshd_config
-#     regexp: '^PermitRootLogin'
-#     line: 'PermitRootLogin no'
-#     state: present
-#   notify: restart ssh
-#   when: common_ssh_configure
-
-# - name: Disable root shell
-#   ansible.builtin.user:
-#     name: root
-#     shell: /usr/sbin/nologin
-#   when: common_disable_root
diff --git a/roles/common_tools/tasks/main.yml b/roles/common_tools/tasks/main.yml
deleted file mode 100644
index b78cf49..0000000
--- a/roles/common_tools/tasks/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# roles/common_tools/tasks/main.yml
-- name: Install common tools
-  ansible.builtin.apt:
-    pkg:
-    - vim
-    - curl
-    update_cache: true
-    state: present
\ No newline at end of file
diff --git a/roles/common_tweaks/defaults/main.yml b/roles/common_tweaks/defaults/main.yml
deleted file mode 100644
index be320fb..0000000
--- a/roles/common_tweaks/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-proxmox_id: "'PLEASE SET IN ANSIBLE'"
\ No newline at end of file
diff --git a/roles/common_tweaks/files/etc/update-motd.d/01-motd b/roles/common_tweaks/files/etc/update-motd.d/01-motd
deleted file mode 100644
index c3ba54f..0000000
--- a/roles/common_tweaks/files/etc/update-motd.d/01-motd
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-
-source /etc/environment
-
-# Function to get usage and colorize based on the percentage
-get_usage_color() {
-    local usage=$1
-    if [ $usage -lt 60 ]; then
-        echo -e "\e[32m${usage}%\e[0m" # Dark Green for < 60%
-    elif [ $usage -lt 80 ]; then
-        echo -e "\e[92m${usage}%\e[0m" # Green for >= 60% and < 80%
-    elif [ $usage -lt 90 ]; then
-        echo -e "\e[93m${usage}%\e[0m" # Orange for >= 80% and < 90%
-    else
-        echo -e "\e[91m${usage}%\e[0m" # Red for >= 90%
-    fi
-}
-
-echo "===================="
-
-# Hostname
-echo "Connecting to: $(hostname) ($PROXMOX_ID)"
-
-# CPU Usage
-cpu_usage=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage}')
-cpu_color=$(get_usage_color ${cpu_usage%.*})
-echo "CPU Usage: $cpu_color"
-
-# RAM Usage
-ram_usage=$(free | grep Mem | awk '{print $3/$2 * 100.0}')
-ram_color=$(get_usage_color ${ram_usage%.*})
-echo "RAM Usage: $ram_color"
-
-# Disk Usage
-disk_usage=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//g')
-disk_color=$(get_usage_color $disk_usage)
-echo "Disk Usage: $disk_color"
-
-# Swap Usage
-swap_usage=$(free | grep Swap | awk '{print $3/$2 * 100.0}')
-swap_color=$(get_usage_color ${swap_usage%.*})
-echo "Swap Usage: $swap_color"
-
-echo -e "====================
-"
diff --git a/roles/common_tweaks/tasks/main.yml b/roles/common_tweaks/tasks/main.yml
deleted file mode 100644
index b33fc4e..0000000
--- a/roles/common_tweaks/tasks/main.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-# roles/common_tweaks/tasks/main.yml
-
-- name: Find existing files in /etc/update-motd.d
-  ansible.builtin.find:
-    paths: /etc/update-motd.d
-  register: files_to_remove
-
-- name: Remove other files in /etc/update-motd.d
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: absent
-  with_items: "{{ files_to_remove.files }}"
-  when: item.path != '/etc/update-motd.d/01-motd'
-
-- name: Copy 01-motd to /etc/update-motd.d on remote host
-  ansible.builtin.copy:
-    src: ../files/etc/update-motd.d/01-motd
-    dest: /etc/update-motd.d/01-motd
-    mode: '0755'
-
-- name: Ensure /etc/motd is empty
-  ansible.builtin.copy:
-    content: ''
-    dest: /etc/motd
-    mode: '0644'
-
-- name: Add Proxmox-ID to /etc/environment ({{ proxmox_id }})
-  ansible.builtin.lineinfile:
-    path: /etc/environment
-    regexp: '^PROXMOX_ID='
-    line: 'PROXMOX_ID={{ proxmox_id }}'
-    create: yes
-    state: present
-
-- name: Add a warning comment
-  ansible.builtin.lineinfile:
-    path: /etc/environment
-    insertbefore: "^PROXMOX_ID="
-    line: "# Do not change the line below - it is set by Ansible"
-    create: yes
-    state: present