Skip to content

punktDe/ansible-proserver-system

BranchesTags

Repository files navigation

ansible-proserver-system

system role for Proserver

Supported Operating Systems

  • Debian 12, 13
  • Ubuntu 24.04, 22.04
  • FreeBSD Proserver

Role Arguments

Options for system

Option Description Type Required Default
root_group Root group name (automatically determined based on OS) str no {{ 'root' if ansible_facts['os_family'] == 'Debian' else 'wheel' }}
sshd SSH daemon configuration dict of 'sshd' options no {}
rsyslog Rsyslog configuration dict of 'rsyslog' options no {}
features Feature flags to enable/disable various role components dict of 'features' options no {}
prefix Path prefixes for various system components dict of 'prefix' options no {}
proserver_fact Proserver fact configuration dict of 'proserver_fact' options no {}
network Network configuration dict of 'network' options no {}
hostname Hostname configuration str no None
timezone System timezone str no None
netplan Netplan configuration dict no
ufw UFW firewall configuration dict of 'ufw' options no {}
sysctl Sysctl kernel parameters dict no
hosts /etc/hosts entries dict no
environment System-wide environment variables dict no
apt APT package management configuration dict of 'apt' options no {}
unattended_upgrades Unattended upgrades configuration dict of 'unattended_upgrades' options no {}
postfix Postfix mail server configuration dict of 'postfix' options no {}
sudoers Sudoers configuration files dict no
groups System groups to create dict no
users System users to create dict no
users_delete List of users to delete list of 'str' no []
motd Message of the day configuration dict of 'motd' options no {}

Options for system.sshd

Option Description Type Required Default
config SSH daemon configuration parameters dict no {"MaxStartups": "100:30:100", "PasswordAuthentication": false, "PermitRootLogin": false}

Options for system.rsyslog

Option Description Type Required Default
precise_timestamps Enable precise timestamps in rsyslog bool no False

Options for system.features

Option Description Type Required Default
rsyslog Enable rsyslog configuration bool no {{ ansible_facts['system'] == 'Linux' }}
sshd Enable SSH daemon configuration bool no {{ ansible_facts['system'] == 'Linux' }}
proserver_fact Enable proserver fact generation bool no False
hostname Enable hostname configuration bool no True
timezone Enable timezone configuration bool no True
netplan Enable netplan configuration bool no {{ ansible_facts['distribution'] == 'Ubuntu' }}
systemd_resolved Enable systemd-resolved configuration bool no False
ufw Enable UFW firewall configuration bool no {{ ansible_facts['distribution'] == 'Ubuntu' }}
sysctl Enable sysctl configuration bool no {{ ansible_facts['system'] == 'Linux' }}
hosts Enable /etc/hosts configuration bool no True
environment Enable system-wide environment variables bool no True
apt Enable APT package management (Debian/Ubuntu only) bool no {{ ansible_facts['os_family'] == 'Debian' }}
proserver_user Enable proserver user configuration bool no False
postfix Enable Postfix mail server configuration bool no False
users Enable user management bool no True
sudoers Enable sudoers configuration bool no True
authorized_keys Enable SSH authorized keys management bool no True
authorized_keys_delete Enable deletion of SSH authorized keys bool no False
motd Enable message of the day configuration bool no True
unattended_upgrades Enable unattended upgrades configuration (Debian/Ubuntu only) bool no False

Options for system.prefix

Option Description Type Required Default
sudoers Path prefix for sudoers configuration str no {{ '/etc' if ansible_facts['system'] == 'Linux' else '/usr/local/etc' }}

Options for system.proserver_fact

Option Description Type Required Default
python Python interpreter path for proserver facts str no {{ '/usr/bin/env python3.8' if (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] == '18.04') else '/usr/bin/env python3' }}

Options for system.network

Option Description Type Required Default
public_interfaces List of public network interfaces list of 'str' no []
public_subnets List of public subnets list of 'str' no []

Options for system.ufw

Option Description Type Required Default
reset Reset UFW to default state bool no {{ system_ufw_reset
state UFW state (enabled/disabled) str no None
policy UFW default policy str no None
rules UFW firewall rules dict no

Options for system.apt

Option Description Type Required Default
proxy APT proxy configuration str no None
packages APT packages to install (dict with package names as keys and boolean values) dict no
version_locks APT package version locks (dict with package names as keys and version constraint values) dict no

Options for system.unattended_upgrades

Option Description Type Required Default
config Unattended upgrades configuration parameters dict of 'config' options no

Options for system.unattended_upgrades.config

Option Description Type Required Default
feature_updates By default, only security updates are installed. Setting this to 'true' will install feature updates as well bool no False
auto_clean Whether to automatically run apt-clean after the updates are installed bool no True
auto_reboot Automatic reboot configuration dict no {"enabled": true, "time": "03:00"}
blacklist A list of packages that shouldn't be automatically updated list of '' no []
schedule Update schedule in systemd OnCalendar format str no 20:00
mail dict of 'mail' options no

Options for system.unattended_upgrades.config.mail

Option Description Type Required Default
enable Enable unattended_upgrades mail reports bool no True
only_on_error Only send e-mails about errors bool no True
to The email address to send the e-mails to str no None

Options for system.postfix

Option Description Type Required Default
prefix Postfix configuration path prefix dict of 'prefix' options no {}
hash_maps Postfix hash maps dict no
main.cf Postfix main.cf configuration dict no

Options for system.postfix.prefix

Option Description Type Required Default
config Postfix configuration directory path str no {{ '/etc/postfix' if ansible_facts['system'] == 'Linux' else '/usr/local/etc/postfix' }}

Options for system.motd

Option Description Type Required Default
project Project name for MOTD str no None
banner_string Banner string for MOTD str no punkt.de Proserver ASCII art
details Additional details for MOTD str no List of dehydrated domains and system hostnames

Dependencies

None.

Installation

Add this role to the requirements.yml of your playbook as follows:

roles:
  - name: ansible-proserver-system
    src: https://github.com/punktDe/ansible-proserver-system

Afterwards, install the role by running ansible-galaxy install -r requirements.yml

Example Playbook

- hosts: all
  roles:
    - name: system

About

Ansible role for setting up basic system settings

Topics

ansible proserver

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases 19

3.0.1 Latest
Jan 22, 2026
+ 18 releases

Contributors

Languages