vps-ansible-setup
Ansible Playbook to setup a Debian-based Server
This playbook includes the following steps:
- Set a locale from vars
- Update apt preferences
- Install
aptitude
- Upgrade the system using
safe-upgrade
- Install sudo
- [Optionally] change the
root
password - Create new user and add it to
sudo
andsystemd-journal
groups - Copy public ssh key to
authorized_keys
- Disable SSH password authentication
- Install UFW
- Setup UFW to block all incoming connections but SSH
- Install custom packages defined in vars
- Reboot machine
Configuration
Vars
Before running the playbook you need to create global.yml
file under vars
directory. Use global.example.yml
as a source.
Variables are pretty self-explanatory, except the password hashes. To generate hashes use openssl passwd -6 -salt <some-random-salt>
or just openssl passwd -6
. This will produce sha512 hash.
If you wish to change the root
's user password, fill the root_password_hash
field. This step is optional. user_password_hash
on the other hand should be filled.
Running the playbook
- Make sure your SSH public key has been deployed to the root account as the playbook is using root as the
remote_user
. If you'd rather SSH into your own account and use sudo to run the playbook, then you'll have to replaceremote_user
withbecome_user
in site.yml - Set a host:
- Edit the inventory (
/etc/ansible/hosts
or a custom inventory file) to add your server's IP or hostname- Change the hosts entry in
setup.yml
to your server's IP or hostname
- Change the hosts entry in
- Or use
-i
argument to pass the ad-hoc host, like-i "xxx.xxx.xxx.xxx," setup.yml
. Note the trailing comma.- In this case do not change the
setup.yml
- In this case do not change the
- Edit the inventory (
- Run the playbook with
ansible-playbook setup.yml
oransible-playbook -i "xxx.xxx.xxx.xxx," setup.yml
if you're using ad-hoc host