- Installs commonly used packages
- Creates administrator accounts and adds them to the
wheel,ssh-usersandsudogroups - Removes
roots password - Sets language, locales and keyboard layout
- Configures hostname settings (hostname and
/etc/hosts)
- Remotely: A Debian-based distribution.
- Locally: Ansible 2.9 or newer with the
ansible.posixcollection installed.
| Name | Mandatory / Default | Description |
|---|---|---|
common_admin_users |
{} |
Dict of admin users, see [User configuration](#User configuration) |
common_users |
{} |
Dict of normal users, see [User configuration](#User configuration) |
common_jumphost_users |
{} |
Dict of users that are allowed to use this host as SSH proxy jump host, see [User configuration](#User configuration) |
common_default_admin_user_groups |
[adm,dialout,users,wheel,ssh-users,sudo] |
Default groups to set for admin users |
common_default_user_groups |
[] |
Default groups to set for normal users |
common_default_jumphost_user_groups |
[ssh-users] |
Default groups to set for JumpHost users |
common_ensure_system_groups |
[ssh-users,wheel,sudo] |
List of groups to create |
common_domain |
localdomain |
Search domain to set in /etc/hosts |
common_locales |
[en_US.UTF-8] |
List of locales to install |
common_keyboard_layout |
us,de |
TTY keyboard layout |
common_default_language |
en_US.UTF-8 |
Default language |
common_core_packages |
see defaults | Common core packages to install (like locales or iproute2) |
common_extra_packages |
see defaults | Common extra packages to install (like less or htop) |
common_custom_packages |
[] |
Custom packages to install, useful if you want to have some extra packages installed without copying and overriding the two lists abvove |
common_core_keys |
[] |
Common core repo key urls to install |
common_extra_keys |
see defaults | Common extra repo key urls to install |
common_custom_keys |
[] |
Custom repo key urls to install, useful if you want to have some extra keys installed without copying and overriding the two lists abvove |
common_core_repos |
[] |
Common core repo urls to install |
common_extra_repos |
see defaults | Common extra repo urls to install |
common_custom_repos |
[] |
Custom repo urls to install, useful if you want to have some extra repos installed without copying and overriding the two lists abvove |
common_extra_files |
{} |
A dict with templates for extra files to create on the machine. See [#extra-files]. |
Each key in the respective users dict shall be a username (used to log in), with the following dict as a value:
| Name | Mandatory / Default | Description |
|---|---|---|
name |
✔️ | The full name of the admin user |
shell |
/bin/bash |
Path to the shell to set for this admin (this key is ignored for common_jumphost_users) |
keys |
[] |
List of SSH keys that allow this user to login or proxy-jump via SSH |
passwd |
hashed passphrase | |
allowed_hosts |
[] |
List of hosts and ports to which the user is allowed to jump to (via the current host). The format is {{ ip }}:{{ port }}. This key is only parsed for common_jumphost_users. |
groups |
[] |
List of groups the user will be added to. This key overrides the default groups mentioned above (common_default_user_groups etc.)`. |
The dict common_extra_files configures extra files to create on the machine.
Each key must be a file path on the target machine and the containing directory must already exist
on the machine.
The corresponding value is a dict containing an _module key to choose the Ansible module used to
create the file and additional key-value pairs that will be passed to that module.
Supported modules (for _module) are copy, template and get_url.
Examples:
common_extra_files:
/etc/zsh/zshrc:
_module: copy
src: zshrc # copies the file from ./files/zshrc
/usr/local/bin/hello-world.sh:
_module: copy
content: |
#!/usr/bin/env bash
echo Hello, World!
mode: 0755
/etc/systemd/resolved.conf:
_module: template
src: resolved.conf.j2 # instantiates the file from ./templates/resolved.conf.j2
/usr/local/bin/danebot.py:
_module: get_url
url: https://raw.githubusercontent.com/stuvusIT/danebot/main/src/danebot.py
mode: 0755- hosts: web01
roles:
- role: common
common_admin_users:
max:
name: Max Mustermann
shell: /usr/bin/zsh
keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5aaaaIEFmmHsB7LgVMmujy51QfoSS9hnN7GMEm+Mkcg1YVJnn max123
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5aaaaIEFmmHsB7LgVMmujy51QfoSS9hnN7GMEm+Mkcg1YVJnn max321
passwd: $6$mDFWEb5pDY$C9ZTuNjTTSyh0uIBoZALAV6isFY4dO8gBN2/xJ0yX2rejvr2wKp/wMmHwvoC.gD8NaeozxjhWvNHp3rJEJdJj1
lena:
name: Lena Mustermann
keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5aaaaIEFmmHsB7LgVMmujy51QfoSS9hnN7GMEm+Mkcg1YVJnn max123
groups:
- users
- ssh-users
- wheel
common_jumphost_users:
tim:
name: Tim Mustermann
keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5aaaaIEFmmHsB7LgVMmujy51QfoSS9hnN7GMEm+Mkcg1YVJnn timey
allowed_hosts:
- 196.168.1.5:22
common_users:
tom:
name: Tom Haverford
groups:
- users
- ssh-users
common_default_language: de_DE.UTF-8
common_keyboard_layout: de
common_locales:
- de_DE.UTF-8
- en_US.UTF-8
# common_extra_files: # see the subsection above
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
