Linux Lore

Ahh, Linux. It does what you say when you say it… even when you didn’t mean it.
A little harder than Windows? Sure. But you can do so much more. The trick in internal IT: make users’ lives easier—even if it makes yours spicier.

Ansible & AWX Automated Deployments Ubuntu + AD/DC

Shell-fu Ansible AWX Autoinstall SSSD realmd

Philosophy

Simple tools, scripted workflows, happy users. If it can be automated, it should be.

My principles

Automation

Ansible + AWX for repeatable builds, updates, and fixes—minus the click-athons.

See playbooks

Identity

Ubuntu + AD integration that “just works” for users and policies.

Integration steps

Guiding ideas

🧰 Prefer scripts > manuals. Humans forget; scripts don’t.
🧑‍🚀 Users first. If a task is 10% harder for me and 90% easier for them, that’s a win.
🧪 Small, safe experiments. (And yes, I’ve read my own disaster story.)

Ansible + AWX: My daily driver

From baseline hardening to app installs, Ansible keeps machines consistent. AWX schedules, approves, and logs it.

# site.yml — example baseline
- hosts: linux_fleet
  become: true
  vars:
    ssh_allow_groups: "ssh-users"
  roles:
    - common
    - hardening
    - sshd
    - packages

# roles/sshd/tasks/main.yml
- name: Ensure OpenSSH present
  apt: { name: openssh-server, state: present, update_cache: yes }

- name: Harden sshd_config
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^{{ item.key }}'
    line: "{{ item.key }} {{ item.val }}"
  loop:
    - { key: 'PasswordAuthentication', val: 'no' }
    - { key: 'PermitRootLogin',       val: 'no' }
    - { key: 'AllowGroups',           val: '{{ ssh_allow_groups }}' }

- name: Restart sshd
  service: { name: ssh, state: restarted, enabled: yes }

Automated Linux deployment

Ubuntu Autoinstall + cloud-init to get from bare metal → “ready for Ansible” without touching a mouse.

# autoinstall user-data (snippet)
autoinstall:
  version: 1
  identity:
    hostname: ubuntu-node
    username: devops
    password: "$6$rounds=4096$...hashed..."
  packages: [curl, git, python3, python3-pip]
  late-commands:
    - curtin in-target -- apt-get -y install openssh-server
    - curtin in-target -- systemctl enable ssh
    - curtin in-target -- bash -c "curl -s https://get.ansible.com | bash || true"

Ubuntu + Microsoft AD/DC

Seamless logins for users, your policies still work, and you keep the Linux flexibility.

# Core packages
sudo apt update
sudo apt install -y realmd sssd-ad sssd-tools adcli oddjob oddjob-mkhomedir packagekit

# Discover & join
realm discover EXAMPLE.LOCAL
sudo realm join -U Administrator EXAMPLE.LOCAL

# Ensure home dirs + sudo group mapping
sudo bash -c 'echo "%domain^admins@EXAMPLE.LOCAL ALL=(ALL) ALL" >/etc/sudoers.d/ad-admins'
sudo authselect select sssd with-mkhomedir --force
sudo systemctl restart sssd

Linux is freedom with sharp edges. I’m here for both. If you’re curious—or you want a safer script before trying something chaotic—reach out. And if you need a laugh first, enjoy the Disasters page.