86 lines
2.3 KiB
Markdown
86 lines
2.3 KiB
Markdown
# System Setup Role
|
|
|
|
Performs initial system configuration including user creation, SSH hardening, and package installation.
|
|
|
|
## Features
|
|
|
|
- Creates admin user with SSH key authentication
|
|
- Hardens SSH configuration
|
|
- Installs essential packages
|
|
- Optional passwordless sudo
|
|
- Optional SSH host key regeneration
|
|
- System package updates (via system_maintenance role)
|
|
|
|
## Variables
|
|
|
|
| Variable | Default | Description |
|
|
|----------|---------|-------------|
|
|
| `username` | `admin` | Username for the admin account |
|
|
| `password` | *required* | Password for the admin user |
|
|
| `shell` | `/bin/bash` | Default shell for the user |
|
|
| `passwordless_sudo` | `true` | Allow sudo without password |
|
|
| `ssh_pubkey_file` | *required* | Path to SSH public key file |
|
|
| `regenerate_ssh_host_keys` | `false` | Generate new SSH host keys |
|
|
| `extra_packages` | `[sudo, vim]` | Additional packages to install |
|
|
|
|
## Required Variables
|
|
|
|
You must provide these variables when using this role:
|
|
|
|
```yaml
|
|
password: "your_secure_password"
|
|
ssh_pubkey_file: "/path/to/your/public/key.pub"
|
|
```
|
|
|
|
## Usage
|
|
|
|
### Basic Setup
|
|
```yaml
|
|
- name: Initial system setup
|
|
include_role:
|
|
name: system_setup
|
|
vars:
|
|
password: "{{ admin_password }}"
|
|
ssh_pubkey_file: "~/.ssh/id_rsa.pub"
|
|
```
|
|
|
|
### Custom Configuration
|
|
```yaml
|
|
- name: System setup with custom user
|
|
include_role:
|
|
name: system_setup
|
|
vars:
|
|
username: myuser
|
|
password: "{{ user_password }}"
|
|
shell: /bin/zsh
|
|
ssh_pubkey_file: "keys/mykey.pub"
|
|
passwordless_sudo: false
|
|
regenerate_ssh_host_keys: true
|
|
extra_packages:
|
|
- sudo
|
|
- vim
|
|
- htop
|
|
- git
|
|
```
|
|
|
|
## What It Does
|
|
|
|
1. **System Updates** - Calls system_maintenance role for package updates
|
|
2. **Package Installation** - Installs packages from `extra_packages` list
|
|
3. **User Creation** - Creates user with password and sudo access
|
|
4. **SSH Key Setup** - Configures authorized keys for the user
|
|
5. **SSH Hardening** - Applies secure SSH configuration
|
|
6. **Host Keys** - Optionally regenerates SSH host keys
|
|
|
|
## Requirements
|
|
|
|
- Root privileges
|
|
- SSH public key file accessible to Ansible
|
|
- system_maintenance role (dependency)
|
|
|
|
## Security Notes
|
|
|
|
- SSH configuration is hardened by default
|
|
- Password authentication can be disabled via SSH config
|
|
- User is added to sudo group
|
|
- SSH host key regeneration removes old keys completely |