Reorganization including fixing blockinfile being used multiple times on the same file causing entries to get overwritten.

facts/workstation/package.yml

@@ -4,6 +4,7 @@
 
 - name: Facts | Workstation | Package | Pop OS
   set_fact:
+    flatpak_distro: yes sir
     firefox: firefox
     firefox_esr: firefox-esr
     thunderbird: thunderbird
@@ -13,6 +14,7 @@
 
 - name: Facts | Workstation | Package | Debian and Ubuntu
   set_fact:
+    flatpak_distro: yes sir
     firefox: firefox
     firefox_esr: firefox-esr
     thunderbird: thunderbird
@@ -22,6 +24,7 @@
 
 - name: Facts | Workstation | Package | FreeBSD
   set_fact:
+    flatpak_distro: false
     firefox: firefox
     firefox_esr: firefox-esr
     thunderbird: thunderbird

facts/workstation/system.yml

@@ -1,19 +0,0 @@
----
-# Define file, folder, and other facts per OS.
-
-- name: Facts | Workstation | System | Pop OS
-  set_fact:
-    flatpak_distro: yes sir
-  when: ansible_distribution == "Pop!_OS"
-
-
-- name: Facts | Workstation | System | Debian and Ubuntu
-  set_fact:
-    flatpak_distro: yes sir
-  when: ansible_distribution in ("Debian","Ubuntu")
-
-
-- name: Facts | Workstation | System | FreeBSD
-  set_fact:
-    flatpak_distro: false
-  when: ansible_system == "FreeBSD"

local.yml

@@ -15,6 +15,8 @@
 
   tasks:
     - include: tasks/general/software/packages.yml
+    - include: tasks/general/software/services.yml
+      ignore_errors: yes
 
     - include: facts/general/gather.yml
 
@@ -26,9 +28,6 @@
 
     - include: tasks/general/cron/ansible.yml
 
-    - include: tasks/general/software/harden.yml
-      ignore_errors: yes
-
 
 # Additional setup for systems with GUI.
 - name: Main | Workstation UI Setup
@@ -37,10 +36,14 @@
   become: true
 
   pre_tasks:
-    - include: facts/workstation/system.yml
     - include: facts/workstation/package.yml
 
   tasks:
+    # Set up any systems that do not come with Desktop Environments
+    - include: tasks/freebsd/software/gui.yml
+      when: ansible_system == "FreeBSD"
+
+    # Additional tasks to configure Desktop Environments
     - include: tasks/linux/software/flatpaks.yml
       when: ansible_system == "Linux" and
             flatpak_distro == "yes sir"
@@ -49,9 +52,6 @@
       when: ansible_system == "Linux" and
             flatpak_distro != "yes sir"
 
-    - include: tasks/freebsd/software/gui.yml
-      when: ansible_system == "FreeBSD"
-
 
 # Create reports to analyze security.
 - name: Main | Hardness Tests

tasks/freebsd/software/gui.yml

@@ -20,18 +20,31 @@
 - name: Workstation | FreeBSD | GUI | Create rc.conf Entries
   blockinfile:
     path: /etc/rc.conf
+    marker: "# {mark} MANAGED BY ANSIBLE | GUI Components"
     block: |
       dbus_enable="YES"
       hald_enable="YES"
       gnome_enable="YES"
       gdm_enable="YES"
-
-      fusefs_enable="YES"
     backup: yes
 
-- name: Workstation | FreeBSD | GUI | Create fstab Entries
+- name: Workstation | FreeBSD | GUI | Create proc fstab Entry
-  blockinfile:
+  lineinfile:
     path: /etc/fstab
-    block: |
+    regexp: '^proc'
-      proc            /proc           procfs  rw      0       0
+    line: proc            /proc           procfs  rw      0       0
+    state: present
     backup: yes
+
+- name: Workstation | FreeBSD | GUI | Create proc fstab Comment
+  lineinfile:
+    path: /etc/fstab
+    regexp: '^# MANAGED BY ANSIBLE | Leet Share'
+    line: '# MANAGED BY ANSIBLE | Leet Share'
+    state: present
+    insertbefore: '^proc'
+
+- name: Workstation | FreeBSD | GUI | Mount All
+  shell: mount -a
+  args:
+    warn: false

tasks/general/acct_mgmt/mounts.yml

@@ -7,13 +7,22 @@
     state: directory
     mode: '0755'
 
-- name: General | Account Management | Mounts | Create fstab Entries
+- name: General | Account Management | Mounts | Create 1337 fstab Entry
-  blockinfile:
+  lineinfile:
     path: /etc/fstab
-    block: |
+    regexp: '^ling@leet'
-      ling@leet: /mnt/leet fuse.sshfs defaults,_netdev,allow_other,delay_connect 0 0
+    line: "ling@leet: /mnt/leet fuse.sshfs defaults,_netdev,allow_other,delay_connect 0 0"
+    state: present
     backup: yes
 
+- name: General | Account Management | Mounts | Create 1337 fstab Comment
+  lineinfile:
+    path: /etc/fstab
+    regexp: '^# MANAGED BY ANSIBLE | Leet Share'
+    line: '# MANAGED BY ANSIBLE | Leet Share'
+    state: present
+    insertbefore: '^ling@leet'
+
 - name: General | Account Management | Mounts | Mount All
   shell: mount -a
   args:

tasks/general/software/harden.yml

@@ -1,15 +0,0 @@
----
-
-- name: General | Software | Harden | Remove CUPS Daemon
-  service:
-    name: "{{ cups }}"
-    pattern: "{{ cups_pattern }}"
-    state: stopped
-    enabled: no
-
-- name: General | Software | Harden | Remove CUPS-Browse Daemon
-  service:
-    name: "{{ cups_browse }}"
-    pattern: "{{ cups_browse_pattern }}"
-    state: stopped
-    enabled: no

tasks/general/software/services.yml

@@ -0,0 +1,40 @@
+---
+# Enable and disable services.
+
+- name: General | Software | Services | Create SSHFS rc.conf Entry (FreeBSD)
+  lineinfile:
+    path: /etc/rc.conf
+    regexp: '^fusefs_enable='
+    line: fusefs_enable="YES"
+    state: present
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: General | Software | Services | Create SSHFS rc.conf Comment (FreeBSD)
+  lineinfile:
+    path: /etc/fstab
+    regexp: '^# MANAGED BY ANSIBLE | SSHFS'
+    line: '# MANAGED BY ANSIBLE | SSHFS'
+    state: present
+    insertbefore: '^fusefs_enable='
+  when: ansible_system == "FreeBSD"
+
+- name: General | Software | Services | Load SSHFS (FreeBSD)
+  shell: kldload fusefs
+  args:
+    warn: false
+  when: ansible_system == "FreeBSD"
+
+- name: General | Software | Services | Disable CUPS Daemon
+  service:
+    name: "{{ cups }}"
+    pattern: "{{ cups_pattern }}"
+    state: stopped
+    enabled: no
+
+- name: General | Software | Services | Disable CUPS-Browse Daemon
+  service:
+    name: "{{ cups_browse }}"
+    pattern: "{{ cups_browse_pattern }}"
+    state: stopped
+    enabled: no