init

roles/avahi/files/nsswitch.conf

@@ -0,0 +1,13 @@
+# Ansible managed
+
+passwd:         files
+group:          files
+shadow:         files
+gshadow:        files
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+netgroup:       nis

roles/avahi/handlers/main.yaml

@@ -0,0 +1,9 @@
+- name: Restart Avahi Daemon
+  ansible.builtin.service:
+    name: avahi-daemon
+    state: restarted
+
+- name: Autoremove and autoclean packages
+  ansible.builtin.apt:
+    autoremove: yes
+    autoclean: yes

roles/avahi/tasks/main.yaml

@@ -0,0 +1,30 @@
+- name: Populate service facts
+  ansible.builtin.service_facts:
+
+- name: Stop and disable systemd-resolved
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: stopped
+    enabled: false
+  when: "'systemd-resolved' in services"
+
+- name: Install Avahi Daemon and helpers
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: yes
+    install_recommends: no
+  with_items:
+    - avahi-daemon
+    - avahi-utils
+    - libnss-mdns
+  notify: Autoremove and autoclean packages
+
+- name: Configure /etc/nsswitch.conf
+  ansible.builtin.copy:
+    src: nsswitch.conf
+    dest: /etc/nsswitch.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart Avahi Daemon

roles/docker/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: Autoremove and autoclean packages
+  ansible.builtin.apt:
+    autoremove: yes
+    autoclean: yes

roles/docker/tasks/main.yaml

@@ -0,0 +1,46 @@
+- name: Check and install prerequisites
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: yes
+    install_recommends: no
+  with_items:
+    - ca-certificates
+    - curl
+    - gnupg
+    - lsb-release
+
+- name: Add Docker repository
+  block:
+    - name: Make APT keyrings dir
+      ansible.builtin.file:
+        path: /etc/apt/keyrings
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: Add Docker APT key
+      ansible.builtin.get_url:
+        url: "https://download.docker.com/linux/debian/gpg"
+        dest: /etc/apt/keyrings/docker.asc
+
+    - name: Add Docker APT list
+      ansible.builtin.apt_repository:
+        repo: "deb [arch={{ architectures[ansible_architecture] }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+        filename: docker
+        state: present
+
+- name: Install Docker Engine
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: yes
+    install_recommends: no
+  with_items:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+  notify: Autoremove and autoclean packages

roles/dotfiles/files/dot.bash_profile

@@ -0,0 +1,3 @@
+# Ansible managed
+
+[ -f ~/.bashrc ] && . ~/.bashrc

roles/dotfiles/files/dot.bashrc

@@ -0,0 +1,31 @@
+# Ansible managed
+
+[ -f ~/.profile ] && . ~/.profile
+
+[ -f ~/.profile.extra ] && . ~/.profile.extra
+
+alias grep='grep --color=auto'
+alias diff='diff --color=auto'
+alias ls='ls -F --color=auto'
+alias l='ls -hl'
+alias ll='ls -alh'
+alias tree='tree -F'
+alias qq='history -c; exit'
+
+shopt -s autocd
+shopt -s histappend
+
+HISTCONTROL=ignoreboth
+HISTSIZE=20000
+HISTFILESIZE=20000
+HISTTIMEFORMAT="%d %b %Y %T %z "
+
+if [ "$EUID" -eq 0 ]; then
+    if [ -f /etc/armbian-release ]; then
+        PS1='\[\033[38;5;208;1m\]\u@\H\[\033[00m\]:\w\[\033[00m\]\$ '
+    else
+        PS1='\[\033[1m\]\u@\H\[\033[00m\]:\w\[\033[00m\]\$ '
+    fi
+else
+    PS1='\u@\H:\w\$ '
+fi

roles/dotfiles/files/dot.profile

@@ -0,0 +1,7 @@
+# Ansible managed
+
+PATH=$HOME/.local/bin:$PATH
+EDITOR=vim
+VISUAL=vim
+LESS=-R
+export PATH EDITOR VISUAL LESS

roles/dotfiles/files/dot.screenrc

@@ -0,0 +1,5 @@
+# Ansible managed
+
+startup_message off
+hardstatus alwayslastline
+hardstatus string '%S: %-w%>(%n %t)%{-}%+w%<'

roles/dotfiles/files/dot.vimrc

@@ -0,0 +1,20 @@
+" Ansible managed
+
+colorscheme default
+filetype plugin on
+syntax on
+let python_highlight_all = 1
+set mouse-=a
+set tabstop=4
+set shiftwidth=4
+set smarttab
+set expandtab
+set softtabstop=4
+set autoindent
+set listchars=tab:▸\ ,trail:·
+set list
+set t_Co=256
+set enc=utf-8
+set fenc=utf-8
+set termencoding=utf-8
+set modeline

roles/dotfiles/tasks/main.yaml

@@ -0,0 +1,26 @@
+- name: Copy dotfiles
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0644
+  with_items:
+    - { src: 'dot.vimrc',         dest: '/etc/skel/.vimrc' }
+    - { src: 'dot.screenrc',      dest: '/etc/skel/.screenrc' }
+    - { src: 'dot.profile',       dest: '/etc/skel/.profile' }
+    - { src: 'dot.bashrc',        dest: '/etc/skel/.bashrc' }
+    - { src: 'dot.bash_profile',  dest: '/etc/skel/.bash_profile' }
+    - { src: 'dot.vimrc',         dest: '/root/.vimrc' }
+    - { src: 'dot.screenrc',      dest: '/root/.screenrc' }
+    - { src: 'dot.profile',       dest: '/root/.profile' }
+    - { src: 'dot.bashrc',        dest: '/root/.bashrc' }
+    - { src: 'dot.bash_profile',  dest: '/root/.bash_profile' }
+
+- name: Remove unwanted dotfiles
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/skel/.bash_logout
+    - /root/resize.log

roles/hostname/tasks/main.yaml

@@ -0,0 +1,23 @@
+- name: Set a hostname via hostnamectl
+  ansible.builtin.hostname:
+    name: "{{ server_hostname }}"
+    use: systemd
+  when: ansible_virtualization_type == "kvm" or
+        ansible_virtualization_type == "openstack" or
+        ansible_virtualization_type == "NA"
+
+- name: Set a hostname and FQDN in /etc/hosts
+  ansible.builtin.template:
+    src: hosts
+    dest: /etc/hosts
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Set a hostname in /etc/hostname
+  ansible.builtin.template:
+    src: hostname
+    dest: /etc/hostname
+    owner: root
+    group: root
+    mode: 0644

roles/hostname/templates/hostname

@@ -0,0 +1 @@
+{{ server_hostname }}

roles/hostname/templates/hosts

@@ -0,0 +1,10 @@
+# Ansible managed
+
+127.0.0.1   localhost
+::1         localhost6
+127.0.0.1   {{ server_fqdn }} {{ server_hostname }}
+::1         localhost ip6-localhost ip6-loopback
+fe00::0     ip6-localnet
+ff02::1     ip6-allnodes
+ff02::2     ip6-allrouters
+ff02::3     ip6-allhosts

roles/locale/tasks/main.yaml

@@ -0,0 +1,8 @@
+- name: Generate en_US.UTF-8 locale
+  community.general.locale_gen:
+    name: en_US.UTF-8
+    state: present
+
+- name: Set en_US.UTF-8 as default locale
+  ansible.builtin.command: localectl set-locale LANG=en_US.utf8
+  when: ansible_env.LANG != "en_US.utf8"

roles/motd/files/motd.cube

@@ -0,0 +1,9 @@
+
+   +------+.
+   |`.    | `.
+   |  `+--+---+
+   |   |  |   |
+   +---+--+.  |
+    `. |    `.|
+      `+------+
+

roles/motd/files/motd.orangepi

@@ -0,0 +1,8 @@
+         ____
+     _\\/_/_
+    / ____  \
+   / /\ | /\ \
+   | |-|+|-| |
+   \ \/_|_\/ /
+    \_______/
+

roles/motd/tasks/main.yaml

@@ -0,0 +1,39 @@
+- name: Find unwanted motd scripts
+  ansible.builtin.find:
+    paths: /etc/update-motd.d/
+    file_type: any
+  register: collected_files
+
+- name: Delete unwanted motd scripts
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ collected_files.files }}"
+
+- name: Remove Debian legal notice (/etc/motd)
+  ansible.builtin.file:
+    path: /etc/motd
+    state: absent
+
+- name: Detect Armbian
+  ansible.builtin.stat:
+    path: /etc/armbian-release
+  register: armbian
+
+- name: Add custom /etc/motd for Armbian
+  ansible.builtin.copy:
+    src: motd.orangepi
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: 0755
+  when: armbian.stat.exists == True
+
+- name: Add common custom /etc/motd
+  ansible.builtin.copy:
+    src: motd.cube
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: 0755
+  when: armbian.stat.exists == False

roles/packages/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: Autoremove and autoclean packages
+  ansible.builtin.apt:
+    autoremove: yes
+    autoclean: yes

roles/packages/tasks/main.yaml

@@ -0,0 +1,35 @@
+- name: Install base packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+    update_cache: yes
+    install_recommends: no
+  with_items:
+    - cron
+    - logrotate
+    - dmidecode
+    - lshw
+    - sysstat
+    - iotop
+    - iftop
+    - inetutils-telnet
+    - inetutils-ping
+    - inetutils-ftp
+    - ethtool
+    - tcpdump
+    - mtr
+    - curl
+    - wget
+    - rsync
+    - psmisc
+    - screen
+    - vim
+    - file
+    - tree
+    - plocate
+    - findutils
+    - diffutils
+    - git
+    - htop
+    - unzip
+  notify: Autoremove and autoclean packages

roles/sshd/files/sshd_config

@@ -0,0 +1,11 @@
+# Ansible managed
+
+Include /etc/ssh/sshd_config.d/*.conf
+PermitRootLogin yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server

roles/sshd/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: Restart sshd
+  ansible.builtin.service:
+    name: sshd
+    state: restarted

roles/sshd/tasks/main.yaml

@@ -0,0 +1,8 @@
+- name: Update sshd_config
+  ansible.builtin.copy:
+    src: sshd_config
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart sshd

roles/tz/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: Restart Cron
+  ansible.builtin.service:
+    name: cron
+    state: restarted

roles/tz/tasks/main.yaml

@@ -0,0 +1,4 @@
+- name: Set timezone to Europe/Moscow
+  community.general.timezone:
+    name: Europe/Moscow
+  notify: Restart Cron

roles/ufw/tasks/main.yaml

@@ -0,0 +1,14 @@
+- name: Install UFW
+  ansible.builtin.apt:
+    name: ufw
+    state: latest
+    update_cache: yes
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH
+
+- name: Enable Firewall
+  community.general.ufw:
+    state: enabled