A comprehensive collection of Ansible roles for infrastructure automation, security hardening, and development environment setup. Part of the SOLTI (Systems Oriented Laboratory Testing & Integration) ecosystem.
This collection provides battle-tested Ansible roles covering everything from security auditing to development tooling. Each role is designed with best practices, security, and maintainability in mind, featuring advanced testing frameworks and AI-powered analysis capabilities.
The collection provides integrated automation with clear patterns:
- claude_sectest: Multi-script security auditing with Git-based change tracking and Claude AI analysis
- sshd_harden: SSH daemon hardening with modern cryptographic algorithms
- mariadb: Database server with security-focused setup and backup functionality
- nfs-client: Storage integration for distributed deployments with optimized performance
- vs_code: Development environment setup with official repositories
- gitea: Self-hosted Git service with complete lifecycle management
- podman: Rootless container engine as Docker alternative
- wireguard: Modern VPN client with secure key management
ISPConfig Security Audit Role (v1.1) - A comprehensive security auditing framework for ISPConfig3 servers featuring multiple specialized audit scripts, Git-based change tracking, and professional Claude AI analysis integration. Implements a "build small scripts, collect all for you" approach covering configuration security, database inventory, DNS records, and intrusion prevention systems.
SSH Hardening Role - Hardens SSH daemon configuration according to sshaudit.com recommendations. Restricts cryptographic algorithms to secure options, configures connection timeouts, disables dangerous features, generates secure key pairs, and filters weak Diffie-Hellman moduli.
MariaDB Database Server - Automated MariaDB installation and configuration with security-focused setup, database initialization scripts, built-in backup functionality, and support for both Debian 12 and Rocky Linux 9.
NFS Client Management - Manages NFS client installation and mount configuration with support for multiple NFS shares, cross-platform compatibility, and optimized mount options for performance and reliability.
Visual Studio Code Installation - Installs Visual Studio Code on Red Hat-based distributions using Microsoft's official repository with GPG verification and automatic updates.
Gitea Git Service - Lightweight, self-hosted Git service installation and configuration supporting SSL, multiple databases (SQLite, MySQL, PostgreSQL), user management, and complete lifecycle management.
Podman Container Engine - Daemonless container engine installation with rootless container support, Podman Compose functionality, and secure registry configuration as a Docker alternative.
WireGuard VPN Client - Modern VPN client installation and configuration for Rocky Linux 9 and Debian 12 with secure key generation, automatic backups, and comprehensive tag-based execution control.
The collection includes comprehensive security analysis frameworks in the claude_sectest role:
- ISPConfig Audit Guide - Professional security analysis criteria
- MySQL Hardening Guide - Database security assessment framework
- Fail2Ban Audit Guide - Intrusion prevention analysis
- BIND/Named Audit Guide - DNS security evaluation
- SSH Hardening Guide - SSH security enhancement companion
- Molecule Integration: Container and VM-based testing scenarios
- Cross-Platform Validation: Debian, Ubuntu, Rocky Linux support
- Git-Based Versioning: Configuration change tracking and rollback capabilities
- Component Testing: Individual role functionality
- Integration Testing: Role interaction validation
- System Testing: Complete stack verification
Many roles in this collection are designed to work with Claude AI for professional security analysis. The audit scripts and security guides provide structured output that Claude can analyze to deliver expert-level security recommendations, compliance assessments, and specific remediation steps.
Key Benefits:
- Professional Expertise: Trained on security standards (PCI DSS, NIST, CIS)
- Cost-Effective: $20/month vs $200/hour security consultants
- 24/7 Availability: Get analysis anytime, not just business hours
- Actionable Results: Specific commands and priority-ranked recommendations
ansible-galaxy collection install jackaltx.solti_ensemble- hosts: servers
roles:
- jackaltx.solti_ensemble.sshd_harden
- jackaltx.solti_ensemble.mariadbThis collection is part of the broader SOLTI (Systems Oriented Laboratory Testing & Integration) framework:
- solti-monitoring: System monitoring and metrics collection
- solti-ensemble: Support tools and shared utilities (this collection)
- solti-conductor: Proxmox management and orchestration
- solti-containers: Testing containers
- solti-score: Documentation and playbooks
MIT-0 - Use freely for any purpose without restriction.
- jackaltx - Retired but not dead wet-ware dreamer
- Claude AI - AI-powered development assistant
Want to try professional AI-powered security analysis? Sign up for Claude with my referral if ya want!