Update requirements.yml

2024-01-06 17:47:21 +01:00 · 2024-01-06 17:47:21 +01:00 · c4578d646a
commit c4578d646a
parent 2f44ff08b0
10 changed files with 1 additions and 228 deletions
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@ -1,4 +1,4 @@
 ---
 collections:
-  - name: community.general
+  # - name: community.general
  - name: ansible.posix
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,10 +0,0 @@
 - name: Run all common tasks
  ansible.builtin.include_role:
    name: '{{ common_role }}'
  loop:
    - 'common_secure'
    # - 'common_mgmt'
    - 'common_tools'
    - 'common_tweaks'
  loop_control:
    loop_var: common_role
--- a/roles/common_secure/defaults/main.yml
+++ b/roles/common_secure/defaults/main.yml
@ -1,16 +0,0 @@
 # Make a full system upgrade (using apt-get full-upgrade)
 common_full_upgrade: false
 # Install and configure UFW Firewall on the system
 common_firewall_enable: true
 common_firewall_reject: false # reject all connections by default
 common_firewall_ssh: true # allow ssh connections
 common_firewall_https: false # allow https connections
 common_firewall_http: false # allow http connections
 # Configure SSH to only accept SSH Keys
 common_ssh_configure: true
 # This locks the root account *password*, but still allows SSH Key and sudo logins
 # To unlock the password, set this to false.
 common_lock_root: true
--- a/roles/common_secure/files/sangelo.pub
+++ b/roles/common_secure/files/sangelo.pub
@ -1 +0,0 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFg9CWMZHj6ksnVsxsZf/6sP6ae1kP2FSMPcfguYmXs1 contact@sangelo.space
--- a/roles/common_secure/handlers/main.yml
+++ b/roles/common_secure/handlers/main.yml
@ -1,4 +0,0 @@
 - name: restart ssh
  ansible.builtin.service:
    name: sshd
    state: restarted
--- a/roles/common_secure/tasks/main.yml
+++ b/roles/common_secure/tasks/main.yml
@ -1,99 +0,0 @@
 ---
 # roles/common_secure/tasks/main.yml
 - name: Upgrade system packages
  ansible.builtin.apt:
    update_cache: true
    upgrade: full
  when: common_full_upgrade
 - name: Install UFW Firewall
  ansible.builtin.apt:
    name: ufw
    # update_cache: true
    state: present
  when: common_firewall_enable
 - name: Enable UFW
  community.general.ufw:
    state: enabled
    logging: 'on'
  when: common_firewall_enable
 - name: Disable UFW Firewall
  ansible.builtin.apt:
    name: ufw
    state: absent
  when: not common_firewall_enable
 - name: Reject incoming connections by default
  community.general.ufw:
    policy: reject
    comment: 'Reject all by default'
  when: common_firewall_reject and common_firewall_enable
 - name: Allow SSH Connections
  community.general.ufw:
    rule: limit
    port: ssh
    proto: tcp
    comment: 'Allow SSH'
  when: common_firewall_ssh and common_firewall_enable
 - name: Allow HTTPS Connections
  community.general.ufw:
    rule: allow
    port: https
    proto: tcp
    comment: 'Allow HTTPS'
  when: common_firewall_https and common_firewall_enable
 - name: Allow HTTP Connections
  community.general.ufw:
    rule: allow
    port: http
    proto: tcp
    comment: 'Allow HTTP'
  when: common_firewall_http and common_firewall_enable
 - name: Configure SSH to disallow passwords
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "{{ ssh_config_entry.regexp }}"
    line: "{{ ssh_config_entry.line }}"
    state: present
  loop:
    - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
  loop_control:
    loop_var: ssh_config_entry
  notify: restart ssh
  when: common_ssh_configure
 - name: Add authorized ssh keys for root
  ansible.posix.authorized_key:
    user: root
    state: present
    key: "{{ lookup('file', ssh_key_file) }}"
  loop: "{{ query('fileglob', '../files/*') }}"
  loop_control:
    loop_var: ssh_key_file
 - name: Lock the root account
  ansible.builtin.user:
    name: root
    password_lock: "{{ 'no' if common_lock_root is defined and not common_lock_root else 'yes' }}"
 # - name: Configure SSH to disallow root login
 #   ansible.builtin.lineinfile:
 #     path: /etc/ssh/sshd_config
 #     regexp: '^PermitRootLogin'
 #     line: 'PermitRootLogin no'
 #     state: present
 #   notify: restart ssh
 #   when: common_ssh_configure
 # - name: Disable root shell
 #   ansible.builtin.user:
 #     name: root
 #     shell: /usr/sbin/nologin
 #   when: common_disable_root
--- a/roles/common_tools/tasks/main.yml
+++ b/roles/common_tools/tasks/main.yml
@ -1,9 +0,0 @@
 ---
 # roles/common_tools/tasks/main.yml
 - name: Install common tools
  ansible.builtin.apt:
    pkg:
    - vim
    - curl
    update_cache: true
    state: present
--- a/roles/common_tweaks/defaults/main.yml
+++ b/roles/common_tweaks/defaults/main.yml
@ -1 +0,0 @@
 proxmox_id: "'PLEASE SET IN ANSIBLE'"
--- a/roles/common_tweaks/files/etc/update-motd.d/01-motd
+++ b/roles/common_tweaks/files/etc/update-motd.d/01-motd
@ -1,45 +0,0 @@
 #!/bin/bash
 source /etc/environment
 # Function to get usage and colorize based on the percentage
 get_usage_color() {
    local usage=$1
    if [ $usage -lt 60 ]; then
        echo -e "\e[32m${usage}%\e[0m" # Dark Green for < 60%
    elif [ $usage -lt 80 ]; then
        echo -e "\e[92m${usage}%\e[0m" # Green for >= 60% and < 80%
    elif [ $usage -lt 90 ]; then
        echo -e "\e[93m${usage}%\e[0m" # Orange for >= 80% and < 90%
    else
        echo -e "\e[91m${usage}%\e[0m" # Red for >= 90%
    fi
 }
 echo "===================="
 # Hostname
 echo "Connecting to: $(hostname) ($PROXMOX_ID)"
 # CPU Usage
 cpu_usage=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage}')
 cpu_color=$(get_usage_color ${cpu_usage%.*})
 echo "CPU Usage: $cpu_color"
 # RAM Usage
 ram_usage=$(free | grep Mem | awk '{print $3/$2 * 100.0}')
 ram_color=$(get_usage_color ${ram_usage%.*})
 echo "RAM Usage: $ram_color"
 # Disk Usage
 disk_usage=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//g')
 disk_color=$(get_usage_color $disk_usage)
 echo "Disk Usage: $disk_color"
 # Swap Usage
 swap_usage=$(free | grep Swap | awk '{print $3/$2 * 100.0}')
 swap_color=$(get_usage_color ${swap_usage%.*})
 echo "Swap Usage: $swap_color"
 echo -e "====================
 "
--- a/roles/common_tweaks/tasks/main.yml
+++ b/roles/common_tweaks/tasks/main.yml
@ -1,42 +0,0 @@
 ---
 # roles/common_tweaks/tasks/main.yml
 - name: Find existing files in /etc/update-motd.d
  ansible.builtin.find:
    paths: /etc/update-motd.d
  register: files_to_remove
 - name: Remove other files in /etc/update-motd.d
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  with_items: "{{ files_to_remove.files }}"
  when: item.path != '/etc/update-motd.d/01-motd'
 - name: Copy 01-motd to /etc/update-motd.d on remote host
  ansible.builtin.copy:
    src: ../files/etc/update-motd.d/01-motd
    dest: /etc/update-motd.d/01-motd
    mode: '0755'
 - name: Ensure /etc/motd is empty
  ansible.builtin.copy:
    content: ''
    dest: /etc/motd
    mode: '0644'
 - name: Add Proxmox-ID to /etc/environment ({{ proxmox_id }})
  ansible.builtin.lineinfile:
    path: /etc/environment
    regexp: '^PROXMOX_ID='
    line: 'PROXMOX_ID={{ proxmox_id }}'
    create: yes
    state: present
 - name: Add a warning comment
  ansible.builtin.lineinfile:
    path: /etc/environment
    insertbefore: "^PROXMOX_ID="
    line: "# Do not change the line below - it is set by Ansible"
    create: yes
    state: present
		`@ -1 +0,0 @@`
			`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFg9CWMZHj6ksnVsxsZf/6sP6ae1kP2FSMPcfguYmXs1 contact@sangelo.space`