A basic Ansible role to update and configure an Ubuntu server.
Note
Do not use this role without first testing in a non-operational environment.
Note
There is a SLSA artifact present under the slsa action workflow for verification.
- Install local facts
- Configure local facts and install Python dependencies
- Configure package manager
- Configure systemd timesyncd
- Configure needrestart, install and remove various packages
- Configure apport
- Configure motdnews
- Configure sudo
- Add issue message
system_upgrade: true
packages_blocklist:
- apport*
- beep
- pastebinit
- popularity-contest
- prelink
- rpcbind
- rsh*
- talk*
- telnet*
- tftp*
- whoopsie
- xinetd
- yp-tools
- ypbind
packages_installation:
- debsums
- gnupg2
- haveged
- libpam-tmpdir
- lsb-release
- needrestart
- unattended-upgrades
system_upgrade: true
will run apt upgrade
.
packages_installation
is packages to be installed and
packages_blocklist
is packages to be removed.
---
manage_timesyncd: true
fallback_ntp:
- ntp.netnod.se
- ntp.ubuntu.com
ntp:
- 2.pool.ntp.org
- time.nist.gov
If enable_timesyncd: true
then configure systemd
timesyncd.
Do you want to contribute? Great! Contributions are always welcome, no matter how large or small. If you found something odd, feel free to submit a issue, improve the code by creating a pull request, or by sponsoring this project.
Apache License Version 2.0