Ansible baseline role for Ubuntu

A basic Ansible role to update and configure an Ubuntu server.

Note

Do not use this role without first testing in a non-operational environment.

Note

There is a SLSA artifact present under the slsa action workflow for verification.

Task list overview

• Install local facts
• Configure local facts and install Python dependencies
• Configure package manager
• Configure systemd timesyncd
• Configure needrestart, install and remove various packages
• Configure apport
• Configure motdnews
• Configure sudo
• Add issue message

Role Variables with defaults

./defaults/main/packages.yml

system_upgrade: true
packages_blocklist:
  - apport*
  - beep
  - pastebinit
  - popularity-contest
  - prelink
  - rpcbind
  - rsh*
  - talk*
  - telnet*
  - tftp*
  - whoopsie
  - xinetd
  - yp-tools
  - ypbind
packages_installation:
  - debsums
  - gnupg2
  - haveged
  - libpam-tmpdir
  - lsb-release
  - needrestart
  - unattended-upgrades

system_upgrade: true will run apt upgrade.

packages_installation is packages to be installed and packages_blocklist is packages to be removed.

./defaults/main/timesyncd.yml

---
manage_timesyncd: true

fallback_ntp:
  - ntp.netnod.se
  - ntp.ubuntu.com
ntp:
  - 2.pool.ntp.org
  - time.nist.gov

If enable_timesyncd: true then configure systemd timesyncd.

Contributing

Do you want to contribute? Great! Contributions are always welcome, no matter how large or small. If you found something odd, feel free to submit a issue, improve the code by creating a pull request, or by sponsoring this project.

License

Apache License Version 2.0

Author Information

https://github.com/konstruktoid