ansible/ansible-collection-infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ansible-collection-infrastr…/roles/system_setup
T
History
patrick a0f9b06da9 refactor(system_setup): rename bare 'password' var to user_password 
The bare 'password' variable in user.yml could silently collide with any
same-named variable elsewhere in scope. Rename to user_password to
namespace it alongside username.

BREAKING CHANGE: callers passing 'password' to this role must rename it
to user_password.
2026-06-27 21:11:25 -04:00
..
defaults
fix: rename roles to use underscores instead of hyphens which was causing the roles not to be found
2026-04-14 15:19:21 -04:00
handlers
fix: rename roles to use underscores instead of hyphens which was causing the roles not to be found
2026-04-14 15:19:21 -04:00
tasks
refactor(system_setup): rename bare 'password' var to user_password
2026-06-27 21:11:25 -04:00
templates
fix: rename roles to use underscores instead of hyphens which was causing the roles not to be found
2026-04-14 15:19:21 -04:00
README.md
refactor(system_setup): rename bare 'password' var to user_password
2026-06-27 21:11:25 -04:00

README.md

System Setup Role

Performs initial system configuration including user creation, SSH hardening, and package installation.

Features

  • Creates admin user with SSH key authentication
  • Hardens SSH configuration
  • Installs essential packages
  • Optional passwordless sudo
  • Optional SSH host key regeneration
  • System package updates (via system_maintenance role)

Variables

Variable Default Description
username admin Username for the admin account
user_password required Password for the admin user
shell /bin/bash Default shell for the user
passwordless_sudo true Allow sudo without password
ssh_pubkey_file required Path to SSH public key file
regenerate_ssh_host_keys false Generate new SSH host keys
extra_packages [sudo, vim] Additional packages to install

Required Variables

You must provide these variables when using this role:

user_password: "your_secure_password"
ssh_pubkey_file: "/path/to/your/public/key.pub"

Usage

Basic Setup

- name: Initial system setup
  include_role:
    name: system_setup
  vars:
    user_password: "{{ admin_password }}"
    ssh_pubkey_file: "~/.ssh/id_rsa.pub"

Custom Configuration

- name: System setup with custom user
  include_role:
    name: system_setup
  vars:
    username: myuser
    user_password: "{{ vault_myuser_password }}"
    shell: /bin/zsh
    ssh_pubkey_file: "keys/mykey.pub"
    passwordless_sudo: false
    regenerate_ssh_host_keys: true
    extra_packages:
      - sudo
      - vim
      - htop
      - git

What It Does

  1. System Updates - Calls system_maintenance role for package updates
  2. Package Installation - Installs packages from extra_packages list
  3. User Creation - Creates user with password and sudo access
  4. SSH Key Setup - Configures authorized keys for the user
  5. SSH Hardening - Applies secure SSH configuration
  6. Host Keys - Optionally regenerates SSH host keys

Requirements

  • Root privileges
  • SSH public key file accessible to Ansible
  • system_maintenance role (dependency)

Security Notes

  • SSH configuration is hardened by default
  • Password authentication can be disabled via SSH config
  • User is added to sudo group
  • SSH host key regeneration removes old keys completely
Reference in New Issue View Git Blame Copy Permalink