ansible-anu VS debops

I prefer to run Ubuntu machines and at least in terms of provisioning a new secure server I built an Ansible playbook I called 'ANU' (as in A New Ubuntu). I'd expand to other distros, but then I'd have to change the name!

https://github.com/MitchellCash/ansible-anu

It is based on the DevSec OS/SSH hardening playbooks, but I lean closer towards ease-of-use over security where I think it makes sense. For example, I disable forced password rotation and I keep the default umask value of '022' instead of the more secure '027'.

When I come across something the upstream playbooks change that "gets in my way", I will disable it if the security trade off makes sense for me. I'm not running highly sensitive systems, so these trade-offs make sense for me, and maybe they will for you as well!

In terms of ongoing security upkeep, I run the usual `apt update && apt dist-upgrade` when I can, but I’ll be keeping my eye on this thread for additional advice.

I'm planning on adding to the litany of tutorials on this soon. My process is to use debops to provision and secure a VPS and install the docker service. The app is spun up with docker-compose and the appropriate containers - if you use something like cookiecutter-django you can get a basis for the docker compose files you need. This uses traefik as the proxy for gunicorn instead of nginx, and then you'll need to serve static and media either with whitenoise or with S3.

I wrote a set of Ansible roles in DebOps that let you build and install LXD from source on Debian. You can check out the role itself and it's documentation. It's not a perfect solution, but it can enable you to use LXD without snaps on Debian.

If you are committed to Debian environment, perhaps DebOps would be an interesting alternative (disclaimer: I'm the maintainer of the project). DebOps is a set of Ansible playbooks and roles + some scripts that let you deploy and manage Debian-based clusters. It has extensive documentation, supports LDAP deployment and is actively maintained.

GitHub: https://github.com/debops/debops/releases/tag/v2.3.0

It's not strictly for Azure, but you can check out DebOps (disclaimer: I'm the maintainer). It's a set of Ansible playbooks and roles to manage Debian-based infrastructure, created completely in the open. You can use it as a base to build up your own infrastructure. Roles are designed to be reusable and can pass configuration between them using dependent variables, everything can be configured through Ansible inventory since you are not expected to modify the roles themselves.

Looks like that apt role has a Linuxmint dictionary key missing, somewhere where OS distributions are specified. You can look at the apt role defaults and add it in a few places where Debian, Devuan and Ubuntu are specified. The role's fact script could also be fixed to handle cases like that gracefully. I'll see what I can do.

DebOps has you covered - there are roles for slapd, nslcd, nscd, ldap role can be used to manage objects in the LDAP directory itself from other roles, and so on. Check the slapd role documentation for the server-side details, and the ldap role documentation for the client-side details.