Add general core server configuration

ansible/roles/core/files/.gitconfig

@@ -0,0 +1,3 @@
+[user]
+	email = "{{ git_email }}"
+	name = "{{ git_name }}"

ansible/roles/core/files/motd

@@ -0,0 +1,7 @@
+//  ██╗  ██╗█████╗██████╗██████╗█████████████╗
+//  ██║ ██╔██╔══████╔══████╔══████╔════██╔══██╗
+//  █████╔╝█████████████╔██████╔█████╗ ██████╔╝
+//  ██╔═██╗██╔══████╔═══╝██╔═══╝██╔══╝ ██╔══██╗
+//  ██║  ████║  ████║    ██║    █████████║  ██║
+//  ╚═╝  ╚═╚═╝  ╚═╚═╝    ╚═╝    ╚══════╚═╝  ╚═╝
+// Host: {{ hostname }} - {{ domain_name }}

ansible/roles/core/files/setup-vim.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# Author: Shaun Reed | Contact: shaunrd0@gmail.com | URL: www.shaunreed.com ##
+## A custom bash script to configure vim with my preferred settings          ##
+## Run as user with sudo within directory to store / stash .vimrc configs    ##
+###############################################################################
+
+
+printf "\nUpdating, upgrading required packages...\n"
+sudo apt -y update && sudo apt -y upgrade
+sudo apt install vim git 
+
+# Clone klips repository in a temp directory
+git clone https://github.com/shaunrd0/klips temp/
+# Relocate the files we need and remove the temp directory
+mkdir -pv /etc/config-vim
+mv -fuv temp/README.md /etc/config-vim/ && mv -fuv temp/configs/.vimrc* /etc/config-vim/
+rm -Rf temp/
+printf "\n${GREEN}Klips config files updated"\
+  "\nSee $PWD/etc/config-vim/README.md for more information.${NORMAL}\n\n"
+
+# Create backup dir for .vimrc
+mkdir -pv /etc/config-vim/backup/
+printf "\n${GREEN}Backup directory created - $PWD/etc/config-vim/backup/${NORMAL}\n"
+
+# Stash the current .vimrc
+mv -bv /home/kansible/.vimrc /etc/config-vim/backup/
+printf "${RED}Your local .vimrc has been stashed in $PWD/etc/config-vim/backup/${NORMAL}\n\n"
+
+# Copy our cloned config into the user home directory
+cp /etc/config-vim/.vimrc /home/kansible/
+printf "${GREEN}New /home/kansible/.vimrc configuration installed.${NORMAL}\n"
+
+# Reinstall Pathogen plugin manager for vim
+# https://github.com/tpope/vim-pathogen
+printf "\n${RED}Removing any previous installations of Pathogen...${NORMAL}\n"
+sudo rm -f /home/kansible/.vim/autoload/pathogen.vim
+
+# Install Pathogen
+printf "\n${GREEN}Installing Pathogen plugin manager for Vim....\n"\
+  "\nIf they don't exist, we will create the following directories:\n"\
+  "/home/kansible/.vim/autoload/    ~/.vim/bundle/${NORMAL}"
+mkdir -pv /home/kansible/.vim/autoload ~/.vim/bundle && \
+  sudo curl -LSso /home/kansible/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
+printf "\n${GREEN}Pathogen has been installed! Plugins plugins can now be easily installed.\n"\
+  "Clone any plugin repositories into /home/kansible/.vim/bundles${NORMAL}\n"
+
+# Remove any plugins managed by this config tool (Klips)
+printf "\n${RED}Removing plugins installed by this tool...${NORMAL}\n"
+sudo rm -R /home/kansible/.vim/bundle/*
+
+# Clone plugin repos into pathogen plugin directory 
+printf "\n${GREEN}Installing updated plugins...${NORMAL}\n"
+git clone https://github.com/ervandew/supertab /home/kansible/.vim/bundle/supertab && \
+  printf "\n${GREEN}Supertab plugin has been installed${NORMAL}\n\n" && \
+  git clone https://github.com/xavierd/clang_complete /home/kansible/.vim/bundle/clang_complete && \
+  printf "\n${GREEN}Clang Completion plugin has been installed${NORMAL}\n\n"
+vimConf=( "\n${UNDERLINE}Vim has been configured with the Klips repository.${NORMAL}" \
+  "\nConfiguration Changes: " )
+printf '%b\n' "${vimConf[@]}"
+sudo cat /etc/klips/configs/.vimrc-README
+

ansible/roles/core/files/sshd

@@ -0,0 +1,71 @@
+# PAM configuration for the Secure Shell service
+
+
+# Allow specified users to bypass any further PAM settings
+auth sufficient pam_listfile.so item=user sense=allow file=/etc/authusers
+
+# Prompt for YubiKey first, to gate off all other auth methods
+auth required pam_yubico.so id=12345 id key=gbsdS8adW\OsBfdsZhga12Z2AT34Q+saM= key authfile=/etc/ssh/authorized_yubikeys
+
+# Prompt for the local password associated with user attempting login
+# nullok allows for empty passwords, though it is not recommended.
+auth required pam_unix.so nullok
+
+# If /etc/nologin exists, do not allow users to login
+# Outputs content of /etc/nologin and denies auth attempt
+auth required pam_nologin.so
+
+
+# Standard Un*x authentication.
+#@include common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account    required     pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account  required     pam_access.so
+
+# Standard Un*x authorization.
+@include common-account
+
+# SELinux needs to be the first session rule.  This ensures that any
+# lingering context has been cleared.  Without this it is possible that a
+# module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+
+# Set the loginuid process attribute.
+session    required     pam_loginuid.so
+
+# Create a new session keyring.
+session    optional     pam_keyinit.so force revoke
+
+# Standard Un*x session setup and teardown.
+@include common-session
+
+# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session    optional     pam_motd.so  motd=/run/motd.dynamic
+session    optional     pam_motd.so noupdate
+
+# Print the status of the user's mailbox upon successful login.
+session    optional     pam_mail.so standard noenv # [1]
+
+# Set up user limits from /etc/security/limits.conf.
+session    required     pam_limits.so
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session    required     pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context.  Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+
+# Standard Un*x password updating.
+@include common-password

ansible/roles/core/files/sshd_config

@@ -0,0 +1,15 @@
+Port {{ ssh_port }}
+AuthenticationMethods {{ auth_methods }}
+PermitRootLogin no
+PasswordAuthentication no
+ChallengeResponseAuthentication yes
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+
+
+Match User kansible LocalPort {{ ssh_port }}
+  PasswordAuthentication no
+  AuthenticationMethods publickey