ansible/ansible-collection-infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a28fcbd942ce10eac9f5cdbcdb08c0c8a25ce58e
ansible-collection-infrastr…/roles/system-setup/README.md
hiperman a28fcbd942 initial commit
2026-01-30 20:13:58 -05:00

86 lines
2.3 KiB
Markdown
Raw Blame History

# System Setup Role
Performs initial system configuration including user creation, SSH hardening, and package installation.
## Features
- Creates admin user with SSH key authentication
- Hardens SSH configuration
- Installs essential packages
- Optional passwordless sudo
- Optional SSH host key regeneration
- System package updates (via system-maintenance role)
## Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `username` | `admin` | Username for the admin account |
| `password` | *required* | Password for the admin user |
| `shell` | `/bin/bash` | Default shell for the user |
| `passwordless_sudo` | `true` | Allow sudo without password |
| `ssh_pubkey_file` | *required* | Path to SSH public key file |
| `regenerate_ssh_host_keys` | `false` | Generate new SSH host keys |
| `extra_packages` | `[sudo, vim]` | Additional packages to install |
## Required Variables
You must provide these variables when using this role:
```yaml
password: "your_secure_password"
ssh_pubkey_file: "/path/to/your/public/key.pub"
```
## Usage
### Basic Setup
```yaml
- name: Initial system setup
include_role:
name: system-setup
vars:
password: "{{ admin_password }}"
ssh_pubkey_file: "~/.ssh/id_rsa.pub"
```
### Custom Configuration
```yaml
- name: System setup with custom user
include_role:
name: system-setup
vars:
username: myuser
password: "{{ user_password }}"
shell: /bin/zsh
ssh_pubkey_file: "keys/mykey.pub"
passwordless_sudo: false
regenerate_ssh_host_keys: true
extra_packages:
- sudo
- vim
- htop
- git
```
## What It Does
1. **System Updates** - Calls system-maintenance role for package updates
2. **Package Installation** - Installs packages from `extra_packages` list
3. **User Creation** - Creates user with password and sudo access
4. **SSH Key Setup** - Configures authorized keys for the user
5. **SSH Hardening** - Applies secure SSH configuration
6. **Host Keys** - Optionally regenerates SSH host keys
## Requirements
- Root privileges
- SSH public key file accessible to Ansible
- system-maintenance role (dependency)
## Security Notes
- SSH configuration is hardened by default
- Password authentication can be disabled via SSH config
- User is added to sudo group
- SSH host key regeneration removes old keys completely
Reference in New Issue View Git Blame Copy Permalink