--- source: - https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04 - https://github.com/jasonheecs/ubuntu-server-setup/blob/master/setupLibrary.sh - https://www.linode.com/stackscripts/view/1 - https://gist.github.com/parente/0227cfbbd8de1ce8ad05 tasks: - description: Updating server with latest packages task: remote_execute command: apt-get update && apt-get upgrade -y - description: Choose which tasks to execute task: multiselect question: Which tasks do you want to execute? options: set_server_hostname: Set server hostname add_sudo_user: Add new user with sudo access disable_password_authentication: Disable password authentication to the server setup_uncomplicated_firewall: Setup Uncomplicated FireWall setup_timezone: Setup server timezone install_network_time_protocol: Install Network Time Protocol deny_root_login: Deny root login to the server - description: Setting the server hostname task: when boolean: set_server_hostname run: - task: input question: Enter hostname for the server as: hostname - task: remote_execute command: - echo '{{ hostname }}' > /etc/hostname - hostname -F /etc/hostname - description: Creating new sudo user task: when boolean: add_sudo_user run: - task: input question: Enter username for the new sudo user as: username - task: input question: Enter location of your public SSH key default: ~/.ssh/id_rsa.pub as: public_key - task: remote_execute command: adduser --disabled-password --gecos '' {{ username }} - description: Granting administrative privileges task: remote_execute command: usermod -aG sudo {{ username }} - description: Copying public SSH key task: execute command: cat {{ public_key }} as: public_key - description: Installing public SSH key on server task: remote_execute user: "{{ username }}" command: - mkdir -p ~/.ssh - touch ~/.ssh/authorized_keys - echo {{{ public_key }}} >> ~/.ssh/authorized_keys - chmod 700 ~/.ssh - chmod 600 ~/.ssh/authorized_keys - description: Disabling sudo password for new user task: remote_execute command: - cp /etc/sudoers /etc/sudoers.bak - sh -c 'echo "{{ username }} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' - description: Disabling password authentication task: when boolean: disable_password_authentication run: - task: remote_execute command: - sed -i 's/#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config - sed -i 's/#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - service ssh restart - description: Denying root login to the server task: when boolean: deny_root_login run: - task: remote_execute command: - sed -i 's/#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config - service ssh restart - description: Setting up Uncomplicated FireWall task: when boolean: setup_uncomplicated_firewall run: - task: remote_execute command: - ufw allow OpenSSH - ufw allow http - ufw allow https - yes y | ufw enable - description: Setting up the server timezone task: when boolean: setup_timezone run: - task: remote_execute command: export timezone=`wget -qO - http://geoip.ubuntu.com/lookup | sed -n -e 's/.*\(.*\)<\/TimeZone>.*/\1/p'` && timedatectl set-timezone $timezone && echo $timezone - description: Installing Network Time Protocol task: when boolean: install_network_time_protocol run: - task: remote_execute command: - apt-get update - apt-get --assume-yes install ntp