Ansible Role: system

This Ansible role sets up basic software and important settings.

:warning: IMPORTANT NOTICE

THIS PROJECT IS NO LONGER MAINTAINED. WE ARE NOT ACCEPTING ANY NEW ISSUES OR PULL REQUESTS.

Overview

This role provides basic system configuration. Here’s what it does:

• Sets global HTTP proxy settings
• Creates a message of the day (motd)
• Configures locale (only for Ubuntu)
• Upgrades the system and enables security upgrades
• Disables IPv6 networking
• Optimizes network performance
• Adjusts sysctl variables

It also installs the following software:

• haveged
• vim
• lsof
• tree
• mlocate
• curl
• htop
• SSH client
• SSH server

Dependencies

This role works best with the following roles:

• dev-sec.os-hardening
• dev-sec.ssh-hardening

Overrides for dev-sec.ssh-hardening:

sysctl_overwrite:
  net.core.somaxconn: 1024
  net.ipv4.tcp_max_syn_backlog: 4096
  net.ipv4.tcp_tw_reuse: 1
  net.ipv4.tcp_tw_recycle: 0

Overrides for dev-sec.ssh-hardening:

ssh_banner: true

To allow connections to a bastion host, set this variable:

ssh_allow_tcp_forwarding: true

Example usage

You can use it in a playbook like this:

- hosts: all
  become: true
  roles:
    - dev-sec.os-hardening
    - dev-sec.ssh-hardening
    - SoInteractive.system
  vars:
    - ssh_banner: true
    - system_upgrade: True

Check the defaults/main.yml for variables that can be changed in this role.