Bump to version 2.0.0 (#34)

- Add Debian Bullseye support - Drop Kali Linux and Debian/Devuan Jessie support - Modern Ansible (use collections) - Improve code and CI with lintters - Migrate from legacy Travis to new Travis
HanXHX · Aug 31, 2021 · d9ce490 · d9ce490
1 parent c6ac7ca
commit d9ce490
Show file tree

Hide file tree

Showing 33 changed files with 322 additions and 258 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,2 @@
+enable_list:
+  - fqcn-builtins
diff --git a/.travis.yml b/.travis.yml
@@ -1,27 +1,39 @@
-env:
-  - PLATFORM='docker-debian-jessie'  ANSIBLE_VERSION='ansible>=2.9,<2.10'
-  - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.9,<2.10'
-  - PLATFORM='docker-debian-buster'  ANSIBLE_VERSION='ansible>=2.9,<2.10'
-  - PLATFORM='docker-ubuntu-bionic'  ANSIBLE_VERSION='ansible>=2.9,<2.10'
-
-sudo: required
+---
 
-dist: trusty
+env:
+  global:
+    - VAGRANT_VERSION='2.2.18'
+  jobs:
+    - PLATFORM='docker-debian-stretch'  ANSIBLE_VERSION='>=2.11,<2.12'
+    - PLATFORM='docker-debian-bullseye' ANSIBLE_VERSION='>=2.11,<2.12'
+    - PLATFORM='docker-debian-buster'   ANSIBLE_VERSION='>=2.11,<2.12'
+    - PLATFORM='docker-ubuntu-bionic'   ANSIBLE_VERSION='>=2.11,<2.12'
+
+jobs:
+  allow_failures:
+    - env: PLATFORM='docker-ubuntu-bionic'   ANSIBLE_VERSION='>=2.11,<2.12'
+
+os:
+  - linux
+dist: focal
 
 language: python
 python:
-  - 2.7
-  - 3.6
+  - 3.8
 
 services:
   - docker
 
 before_install:
-  - wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
-  - sudo dpkg -i vagrant_2.0.1_x86_64.deb
+  - sudo apt-get -q update
+  - sudo apt-get install -y yamllint
+  - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
+  - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
 
 install:
-  - pip install "$ANSIBLE_VERSION"
+  - sudo pip install "ansible-core$ANSIBLE_VERSION"
+  - sudo pip install ansible-lint
+  - ansible-galaxy collection install ansible.posix community.general
 
 script:
   - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
@@ -31,6 +43,14 @@ script:
     && (echo 'Idempotence test: pass' && exit 0)
     || (echo 'Idempotence test: fail' && exit 1)
   - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
+  - >
+    yamllint .
+    && (echo 'YAML lint test: pass' && exit 0)
+    || (echo 'YAML lint test: fail' && exit 1)
+  - >
+    ansible-lint -v tests/test.yml
+    && (echo 'Ansible lint test: pass' && exit 0)
+    || (echo 'Ansible lint test: fail' && exit 1)
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/.yamllint.yml b/.yamllint.yml
@@ -0,0 +1,4 @@
+---
+
+rules:
+  line-length: disable
diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
-Ansible Debian/Devuan/Kali/Ubuntu/Raspbian bootstrap
+Ansible Debian/Devuan/Ubuntu/Raspbian bootstrap
 ====================================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.debian_bootstrap-blue.svg)](https://galaxy.ansible.com/HanXHX/debian_bootstrap) [![Build Status](https://travis-ci.org/HanXHX/ansible-debian-bootstrap.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-debian-bootstrap)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.debian_bootstrap-blue.svg)](https://galaxy.ansible.com/HanXHX/debian_bootstrap) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-debian-bootstrap.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-debian-bootstrap)
 
-This role bootstraps Debian/Devuan/Kali/Ubuntu/Raspbian hosts:
+This role bootstraps Debian/Devuan/Ubuntu/Raspbian hosts:
 
 - Configure APT (sources.list)
 - Install minimal packages (vim, htop...)
@@ -20,20 +20,19 @@ Supported versions
 
 | OS                    | Working      | Stable (active support) |
 | --------------------- | -------      | ----------------------- |
-| Debian Jessie (8)     | Yes          | Yes                     |
 | Debian Stretch (9)    | Yes          | Yes                     |
 | Debian Buster (10)    | Yes          | Yes                     |
-| Devuan Jessie (1)     | Yes          | No                      |
+| Debian Bullseye (11)  | Yes          | Yes                     |
 | Devuan Ascii (2)      | Yes          | No                      |
-| Kali Linux            | Partial      | No                      |
 | Raspbian Stretch (9)  | Experimental | No                      |
 | Raspbian Buster (10)  | Experimental | No                      |
 | Ubuntu Bionic (18.04) | Yes          | No                      |
 
 Requirements
 ------------
 
-Min Ansible 2.9
+- Ansible >= 2.11
+- Collections: [ansible.posix collection](https://galaxy.ansible.com/ansible/posix) / [community.general](https://galaxy.ansible.com/community/general)
 
 Role Variables
 --------------

diff --git a/Vagrantfile b/Vagrantfile
@@ -6,25 +6,22 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-jessie",           :box => "debian/jessie64",  :vars => { dbs_use_systemd: true, dbs_set_apt: false  } },
-    { :name => "debian-jessie-sysvinit",  :box => "debian/jessie64",  :vars => { dbs_use_systemd: false, dbs_set_apt: false} },
-    { :name => "debian-stretch",          :box => "debian/stretch64", :vars => { dbs_use_systemd: true  } },
-    { :name => "debian-stretch-sysvinit", :box => "debian/stretch64", :vars => { dbs_use_systemd: false } },
-    { :name => "debian-buster",           :box => "debian/buster64",  :vars => { dbs_use_systemd: true  } },
-    { :name => "debian-buster-sysvinit",  :box => "debian/buster64",  :vars => { dbs_use_systemd: false } },
-    { :name => "devuan-jessie",           :box => "https://files.devuan.org/devuan_jessie/virtual/devuan_jessie_1.0.0_amd64_vagrant.box" },
-    { :name => "devuan-ascii",            :box => "https://files.devuan.org/devuan_ascii/virtual/devuan_ascii_2.0.0_amd64_vagrant.box" },
-    { :name => "kali",                    :box => "offensive-security/kali-linux-light", :vars => { dbs_use_systemd: true  } },
-    { :name => "kali-sysvinit",           :box => "offensive-security/kali-linux-light", :vars => { dbs_use_systemd: false } },
-    { :name => "raspbian-stretch",        :box => "gvfoster/raspbian",:vars => { dbs_use_systemd: true } },
-    { :name => "ubuntu-bionic",           :box => "ubuntu/bionic64",  :vars => { dbs_use_systemd: true  } },
+    { :name => "debian-stretch",           :box => "debian/stretch64", :vars => { dbs_use_systemd: true  } },
+    { :name => "debian-stretch-sysvinit",  :box => "debian/stretch64", :vars => { dbs_use_systemd: false } },
+    { :name => "debian-buster",            :box => "debian/buster64",  :vars => { dbs_use_systemd: true  } },
+    { :name => "debian-buster-sysvinit",   :box => "debian/buster64",  :vars => { dbs_use_systemd: false } },
+    { :name => "debian-bullseye",          :box => "debian/bullseye64",  :vars => { dbs_use_systemd: true  } },
+    { :name => "debian-bullseye-sysvinit", :box => "debian/bullseye64",  :vars => { dbs_use_systemd: false } },
+    { :name => "devuan-ascii",             :box => "https://files.devuan.org/devuan_ascii/virtual/devuan_ascii_2.0.0_amd64_vagrant.box" },
+    { :name => "raspbian-stretch",         :box => "gvfoster/raspbian",:vars => { dbs_use_systemd: true } },
+    { :name => "ubuntu-bionic",            :box => "ubuntu/bionic64",  :vars => { dbs_use_systemd: true  } },
   ]
 
   conts = [
-    { :name => "docker-debian-jessie",  :docker => "hanxhx/vagrant-ansible:debian8", :vars => { dbs_set_apt: false } },
-    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => {} },
-    { :name => "docker-debian-buster",  :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
-    { :name => "docker-ubuntu-bionic",  :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => {} }
+    { :name => "docker-debian-stretch",  :docker => "hanxhx/vagrant-ansible:debian9", :vars => {} },
+    { :name => "docker-debian-buster",   :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
+    { :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} },
+    { :name => "docker-ubuntu-bionic",   :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => {} }
   ]
 
   config.vm.network "private_network", type: "dhcp"
@@ -36,12 +33,18 @@ Vagrant.configure("2") do |config|
         d.remains_running = true
         d.has_ssh = true
       end
+
+      if opts[:name].include? "bullseye"
+        m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
+      end
+
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
         ansible.become = true
         ansible.extra_vars = opts[:vars]
         ansible.raw_arguments = ["-D"]
+        ansible.compatibility_mode = "2.0"
       end
     end
   end
@@ -51,23 +54,29 @@ Vagrant.configure("2") do |config|
       if opts[:name].include? "devuan" or opts[:name].include? "ubuntu"
         m.vm.provision "shell", inline: "apt-get update -qq && apt-get -y install python"
       end
+
+      if opts[:name].include? "bullseye"
+        m.vm.provision "shell", inline: "apt-get update -qq && apt-get -y dist-upgrade"
+      end
+
       if opts[:name].include? "devuan"
         m.vm.box_url = opts[:box]
         m.vm.box = opts[:name]
       else
         m.vm.box = opts[:box]
       end
+
       m.vm.provider "virtualbox" do |v|
         v.cpus = 1
-        v.memory = 256
-        v.gui = false # Force hide gui with Kali Linux
+        v.memory = 512
       end
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
         ansible.become = true
         ansible.extra_vars = opts[:vars]
         ansible.raw_arguments = ["-D"]
+        ansible.compatibility_mode = "2.0"
       end
     end
   end

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,3 +1,5 @@
+---
+
 # -------------------------
 # APT configuration
 # -------------------------
@@ -57,60 +59,60 @@ dbs_groups: []
 # Sysctl
 # -------------------------
 dbs_sysctl_config:
-### IMPROVE SYSTEM MEMORY MANAGEMENT ###
-# Increase size of file handles and inode cache
+  ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
+  # Increase size of file handles and inode cache
   'fs.file-max': '2097152'
-# Do less swapping
+  # Do less swapping
   'vm.swappiness': '10'
   'vm.dirty_ratio': '60'
   'vm.dirty_background_ratio': '2'
-### GENERAL NETWORK SECURITY OPTIONS ###
-# Number of times SYNACKs for passive TCP connection.
+  ### GENERAL NETWORK SECURITY OPTIONS ###
+  # Number of times SYNACKs for passive TCP connection.
   'net.ipv4.tcp_synack_retries': '2'
-# Allowed local port range
+  # Allowed local port range
   'net.ipv4.ip_local_port_range': '2000 65535'
-# Protect Against TCP Time-Wait
+  # Protect Against TCP Time-Wait
   'net.ipv4.tcp_rfc1337': '1'
-# Decrease the time default value for tcp_fin_timeout connection
+  # Decrease the time default value for tcp_fin_timeout connection
   'net.ipv4.tcp_fin_timeout': '15'
-# Decrease the time default value for connections to keep alive
+  # Decrease the time default value for connections to keep alive
   'net.ipv4.tcp_keepalive_time': '300'
   'net.ipv4.tcp_keepalive_probes': '5'
   'net.ipv4.tcp_keepalive_intvl': '15'
-# Resist SYN flood attack
+  # Resist SYN flood attack
   'net.ipv4.tcp_syncookies': '1'
-### TUNING NETWORK PERFORMANCE ###
-# Default Socket Receive Buffer
+  ### TUNING NETWORK PERFORMANCE ###
+  # Default Socket Receive Buffer
   'net.core.rmem_default': '31457280'
-# Maximum Socket Receive Buffer
+  # Maximum Socket Receive Buffer
   'net.core.rmem_max': '12582912'
-# Default Socket Send Buffer
+  # Default Socket Send Buffer
   'net.core.wmem_default': '31457280'
-# Maximum Socket Send Buffer
+  # Maximum Socket Send Buffer
   'net.core.wmem_max': '12582912'
-# Increase number of incoming connections
+  # Increase number of incoming connections
   'net.core.somaxconn': '65536'
-# Increase number of incoming connections backlog
+  # Increase number of incoming connections backlog
   'net.core.netdev_max_backlog': '65536'
-# Increase the maximum amount of option memory buffers
+  # Increase the maximum amount of option memory buffers
   'net.core.optmem_max': '25165824'
-# Increase the maximum total buffer-space allocatable
-# This is measured in units of pages (4096 bytes)
+  # Increase the maximum total buffer-space allocatable
+  # This is measured in units of pages (4096 bytes)
   'net.ipv4.tcp_mem': '65536 131072 262144'
   'net.ipv4.udp_mem': '65536 131072 262144'
-# Increase the read-buffer space allocatable
+  # Increase the read-buffer space allocatable
   'net.ipv4.tcp_rmem': '8192 87380 16777216'
   'net.ipv4.udp_rmem_min': '16384'
-# Increase the write-buffer-space allocatable
+  # Increase the write-buffer-space allocatable
   'net.ipv4.tcp_wmem': '8192 65536 16777216'
   'net.ipv4.udp_wmem_min': '16384'
-# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
+  # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
   'net.ipv4.tcp_max_tw_buckets': '1440000'
-# Reuse TIME-WAIT state for outgoing connexion (safe)
+  # Reuse TIME-WAIT state for outgoing connexion (safe)
   'net.ipv4.tcp_tw_reuse': '1'
-# Increase system IP port limits to allow for more connections
+  # Increase system IP port limits to allow for more connections
   'net.ipv4.tcp_window_scaling': '1'
-# number of packets to keep in backlog before the kernel starts dropping them
+  # number of packets to keep in backlog before the kernel starts dropping them
   'net.ipv4.tcp_max_syn_backlog': '3240000'
 
 # Internal use (DO NOT UPDATE)

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,21 +1,32 @@
 ---
+
 - name: restart openntpd
-  service: name=openntpd state=restarted
+  ansible.builtin.service:
+    name: openntpd
+    state: restarted
 
 - name: restart ntp
-  service: name=ntp state=restarted
+  ansible.builtin.service:
+    name: ntp
+    state: restarted
 
 - name: restart cron
-  service: name=cron state=restarted
+  ansible.builtin.service:
+    name: cron
+    state: restarted
 
 - name: restart rsyslog
-  service: name=rsyslog state=restarted
+  ansible.builtin.service:
+    name: rsyslog
+    state: restarted
 
 - name: update tzdata
-  command: dpkg-reconfigure -f noninteractive tzdata
+  ansible.builtin.command: dpkg-reconfigure -f noninteractive tzdata
 
 - name: locale-gen
-  command: locale-gen
+  ansible.builtin.command: locale-gen
 
 - name: reload networking
-  service: name=networking state=reloaded
+  ansible.builtin.service:
+    name: networking
+    state: reloaded
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,33 +1,33 @@
 ---
+
 galaxy_info:
+  role_name: debian_bootstrap
+  namespace: HanXHX
   author: Emilien Mantel
-  description: Normalize and prepare a Debian/Devuan/Kali Linux server
+  description: Normalize and prepare a Debian/Devuan/Ubuntu Linux server
   company:
   license: GPLv2
-  min_ansible_version: 2.9
+  min_ansible_version: 2.11
   platforms:
-  - name: Debian
-    versions:
-    - jessie
-    - stretch
-    - buster
-  - name: Devuan
-    versions:
-    - jessie
-    - ascii
-  - name: Kali Linux
-    versions:
-    - rolling-kali
-  - name: Ubuntu
-    versions:
-    - bionic
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+    - name: Devuan
+      versions:
+        - ascii
+    - name: Ubuntu
+      versions:
+        - bionic
   galaxy_tags:
-  - networking
-  - packaging
-  - system
-  - debian
-  - apt
-  - alternatives
-  - editor
-  - ntp
+    - networking
+    - packaging
+    - system
+    - debian
+    - apt
+    - alternatives
+    - editor
+    - ntp
+
 dependencies: []