diff --git a/facts/general/service.yml b/facts/general/service.yml index 36a1ad5..bc8d4eb 100644 --- a/facts/general/service.yml +++ b/facts/general/service.yml @@ -7,7 +7,6 @@ cups_pattern: cupsd cups_browse: cups-browsed cups_browse_pattern: cups-browsed - sshfs_leet_cmd: "sshfs {{ leet_ssh }}: /mnt/leet -o allow_other,_netdev" sshd: sshd sshd_pattern: sshd sshd_config: /etc/ssh/sshd_config @@ -25,14 +24,3 @@ crond: cronie crond_pattern: cronie when: ansible_distribution == "Archlinux" - - -- name: General | Facts | Service | Non-FreeBSD - set_fact: - load_fusefs: "echo ''" - when: ansible_system != "FreeBSD" - -- name: General | Facts | Service | FreeBSD - set_fact: - load_fusefs: "kldload fusefs" - when: ansible_system == "FreeBSD" diff --git a/facts/general/system.yml b/facts/general/system.yml index 8d89356..cf9c4db 100644 --- a/facts/general/system.yml +++ b/facts/general/system.yml @@ -3,8 +3,6 @@ - name: General | Facts | System | Global set_fact: - leet_ssh: '{{ user }}@leet' - leet_drive: /mnt/leet lynis_install_dir: /usr/local/src/lynis dwm_install_dir: /usr/local/src/dwm st_install_dir: /usr/local/src/st @@ -39,53 +37,10 @@ when: ansible_system == "FreeBSD" -- name: General | Facts | System | 1337 Drive Mounted? - stat: - path: "{{ leet_drive }}/Temp/ansible" - register: leet_drive_details - - -- name: General | Facts | System | Report Location = 1337 - set_fact: - report_location: "{{ leet_drive }}/Temp/ansible" - when: leet_drive_details.stat.exists - -- name: General | Facts | System | Report Location = /root - set_fact: - report_location: "/root" - report_scp_location: "Temp/ansible" - when: not leet_drive_details.stat.exists - - name: General | Facts | System | Report File Names set_fact: - heartbeat_report_name: "{{ ansible_hostname }}.txt" - ansible_pull_report_name: "{{ ansible_hostname }}_last_pull_times.txt" - lynis_report_name: "{{ ansible_hostname }}_lynis.txt" - nmap_report_name: "{{ ansible_hostname }}_nmap.txt" - -- name: General | Facts | System | Report Locations (SSHFS) - set_fact: - heartbeat_report: "{{ report_location }}/{{ heartbeat_report_name }}" - ansible_pull_report: "{{ report_location }}/pull/{{ ansible_pull_report_name }}" - lynis_report: "{{ report_location }}/lynis/{{ lynis_report_name }}" - nmap_report: "{{ report_location }}/nmap/{{ nmap_report_name }}" - when: leet_drive_details.stat.exists - -- name: General | Facts | System | Report Locations (Local) - set_fact: - heartbeat_report: "{{ report_location }}/{{ heartbeat_report_name }}" - ansible_pull_report: "{{ report_location }}/{{ ansible_pull_report_name }}" - lynis_report: "{{ report_location }}/{{ lynis_report_name }}" - nmap_report: "{{ report_location }}/{{ nmap_report_name }}" - when: not leet_drive_details.stat.exists - -- name: General | Facts | System | Report Destinations (SCP) - set_fact: - heartbeat_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/{{ heartbeat_report_name }}" - ansible_pull_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/pull/{{ ansible_pull_report_name }}" - lynis_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/lynis/{{ lynis_report_name }}" - nmap_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/nmap/{{ nmap_report_name }}" - when: not leet_drive_details.stat.exists + lynis_report: "{{ lynis_install_dir }}/run.txt" + nmap_report: "{{ lynis_install_dir }}/nmap.txt" - name: General | Facts | System | Ansible Branch diff --git a/local.yml b/local.yml index 9f1e48e..ba63fc4 100644 --- a/local.yml +++ b/local.yml @@ -16,8 +16,6 @@ - include: facts/general/service.yml - include: facts/general/user.yml - - include: tasks/general/start.yml - - include: tasks/general/software/packages.yml - include: tasks/general/software/services.yml ignore_errors: yes @@ -30,14 +28,11 @@ - include: tasks/general/acct_mgmt/groups.yml - include: tasks/general/acct_mgmt/users.yml - include: tasks/general/acct_mgmt/sudo.yml - - include: tasks/general/acct_mgmt/keys.yml - - include: tasks/general/acct_mgmt/mounts.yml - include: tasks/general/scripts/root.yml - include: tasks/general/scripts/user.yml - include: tasks/general/cron/ansible.yml - - include: tasks/general/cron/root.yml # TODO Need to refactor. Maybe tasks/general/cron/freebsd.yml - include: tasks/workstation/freebsd/cron/ansible.yml @@ -73,9 +68,6 @@ - include: tasks/workstation/linux/software/flatpaks.yml when: ansible_system == "Linux" and flatpak_distro - - include: tasks/workstation/linux/software/debs.yml - when: ansible_pkg_mgr == "apt" - - include: tasks/workstation/linux/software/brave.yml when: ansible_pkg_mgr in ("apt", "dnf") @@ -85,9 +77,6 @@ - include: tasks/workstation/mac-os/software/brew.yml when: ansible_system == "Darwin" - - include: tasks/workstation/mac-os/software/dmg.yml - when: ansible_system == "Darwin" - # Configuration Tasks # - include: tasks/workstation/shared/settings/gnome.yml @@ -192,5 +181,3 @@ - include: tasks/general/tests/nmap.yml - include: tasks/general/tests/lynis.yml - - - include: tasks/general/finish.yml diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..61ce123 --- /dev/null +++ b/setup.sh @@ -0,0 +1,60 @@ +#!/bin/bash +# Script to initialize a system into Ansible collection. + +branch="main" +if [[ $1 != "" ]]; then + branch="$1" +fi + +os="$(cat /etc/os-release)" +os="$os $(uname -a)" + +echo "Making sure all necessary packages are installed..." +if [[ `which ansible > /dev/null; echo $?` != 0 ]]; then + if [[ $os == *Debian* || $os == *Ubuntu* || $os == *"Pop!_OS"* || $os == *Mint* || $os == *Parrot* ]]; then + sudo apt update + sudo apt install -y ansible git <<< N + sudo mkdir -p /etc/ansible + sudo sh -c 'echo "localhost ansible_connection=local" > /etc/ansible/hosts' + elif [[ $os == *FreeBSD* ]]; then + sudo pkg install -y py38-ansible git + sudo mkdir -p /usr/local/etc/ansible + sudo sh -c 'echo "localhost ansible_connection=local" > /usr/local/etc/ansible/hosts' + elif [[ $os == *Arch* || $os == *Manjaro* || $os == *Artix* ]]; then + sudo pacman -Sy --noconfirm ansible git + sudo mkdir -p /etc/ansible + sudo sh -c 'echo "localhost ansible_connection=local" > /etc/ansible/hosts' + elif [[ $os == *Darwin* ]]; then + bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + echo "TESTING - EXIT!" + exit 0 + brew install ansible git + elif [[ $os == *Fedora* ]]; then + sudo dnf install -y ansible git python3-libselinux + sudo mkdir -p /etc/ansible + sudo sh -c 'echo "localhost ansible_connection=local" > /etc/ansible/hosts' + else + echo -e "ERROR: OS not detected." + echo -e "$os" + exit 1 + fi +fi +echo "Installed!" + +#echo "Adding Ansible Collections..." +#ansible-galaxy collection install community.general +#echo "Added!" + +echo "Running ansible-pull..." +sudo ansible-pull -U https://github.com/Hyperling/ansible.git --checkout $branch +echo "Pulled!" + +echo "Mounting all drives..." +mount -a +echo "Mounted!" + +echo "Don't forget to set any new users' passwords!" + +echo "We're done!" + +exit 0 diff --git a/tasks/general/acct_mgmt/keys.yml b/tasks/general/acct_mgmt/keys.yml deleted file mode 100644 index d6d8ac1..0000000 --- a/tasks/general/acct_mgmt/keys.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# SSH keys for day-to-day system usage. - -# Debian's ansible is too old to use this. -#- name: Create Root's SSH Key -# openssh_keypair: -# path: /root/.ssh/id_rsa - -- name: General | Account Management | Keys | Root | Create SSH - shell: ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa <<< n - args: - executable: "{{ bash_exec.stdout }}" - ignore_errors: yes - -- name: General | Account Management | Keys | Root | Copy SSH to 1337 - shell: ssh-copy-id -i /root/.ssh/id_rsa {{ leet_ssh }} diff --git a/tasks/general/acct_mgmt/mounts.yml b/tasks/general/acct_mgmt/mounts.yml deleted file mode 100644 index f5ec7bf..0000000 --- a/tasks/general/acct_mgmt/mounts.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Mount shares that all systems should have. - -# Test if this machine can use SSHFS -- name: General | Account Management | Mounts | Create Test Folder - file: - path: "/mnt/test" - state: directory - mode: '0755' - -- name: General | Account Management | Mounts | Enable SSHFS (FreeBSD) - shell: "{{ load_fusefs }}" - ignore_errors: yes - when: ansible_system == "FreeBSD" - -- name: General | Account Management | Mounts | Test SSHFS - shell: "sshfs {{ leet_ssh }}: /mnt/test -o allow_other" - register: sshfs_test - ignore_errors: yes - - -# Begin setting up 1337 -- name: General | Account Management | Mounts | Create 1337 Folder - file: - path: "{{ leet_drive }}" - state: directory - mode: '0755' - - -# Linux uses fstab -- name: General | Account Management | Mounts | Create 1337 fstab Entry - blockinfile: - path: /etc/fstab - block: | - {{ leet_ssh }}: /mnt/leet fuse.sshfs defaults,_netdev,allow_other 0 0 - marker: '# {mark} MANAGED BY ANSIBLE | 1337 Share' - state: present - backup: yes - when: ansible_system == "Linux" and - (not sshfs_test.failed or leet_drive_details.stat.exists) - -- name: General | Account Management | Mounts | Mount All (Linux) - shell: mount -a - args: - warn: false - when: ansible_system == "Linux" and - (not sshfs_test.failed or leet_drive_details.stat.exists) - - -# FreeBSD has to do this via root cron job, fstab is unhappy -- name: General | Account Management | Mounts | Unmount 1337 (FreeBSD) - shell: umount -f /mnt/leet - args: - warn: false - when: ansible_system == "FreeBSD" and - (not sshfs_test.failed or leet_drive_details.stat.exists) - ignore_errors: yes - -- name: General | Account Management | Mounts | Remount 1337 (FreeBSD) - shell: "{{ sshfs_leet_cmd }}" - when: ansible_system == "FreeBSD" and - (not sshfs_test.failed or leet_drive_details.stat.exists) - - -# Ensure correct cron jobs and other downstream dependencies are done properly. -- name: General | Account Management | Mounts | Refresh Variable leet_drive_details - stat: - path: "{{ leet_drive }}/Temp/ansible" - register: leet_drive_details diff --git a/tasks/general/cron/ansible.yml b/tasks/general/cron/ansible.yml index 5366a36..a44d1cf 100644 --- a/tasks/general/cron/ansible.yml +++ b/tasks/general/cron/ansible.yml @@ -18,41 +18,3 @@ job: "{{ user_root.home }}/bin/scm.sh" state: present disabled: no - -- name: General | Cron | Ansible | Create Heartbeat Job - cron: - user: ansible - name: "Create Heartbeat Report" - minute: "*/15" - job: "neofetch --stdout | sudo tee {{ heartbeat_report }}; sudo chmod 777 {{ heartbeat_report }}" - state: present - disabled: no - -- name: General | Cron | Ansible | Enable Secure Copy Reports - cron: - user: ansible - name: "{{ item.name }}" - minute: "05,20,35,50" - job: "ls {{ item.src }} 2>/dev/null 1>&2 && sudo scp {{ item.src }} {{ item.dest }} && sudo sh -c 'rm -rfv {{ item.src }}'" - state: present - disabled: no - loop: - - { name: 'Ansible Pull Report', src: '{{ ansible_pull_report }}', dest: '{{ ansible_pull_report_scp }}' } - - { name: 'Heartbeat Report', src: '{{ heartbeat_report }}', dest: '{{ heartbeat_report_scp }}' } - - { name: 'Lynis Report', src: '{{ lynis_report }}', dest: '{{ lynis_report_scp }}' } - - { name: 'NMap Report', src: '{{ nmap_report }}', dest: '{{ nmap_report_scp }}' } - when: not leet_drive_details.stat.exists - -- name: General | Cron | Ansible | Disable Secure Copy Reports - cron: - user: ansible - name: "{{ item.name }}" - job: "As a wise man once said, I'm disabled." - state: absent - #disabled: yes - loop: - - { name: 'Ansible Pull Report' } - - { name: 'Heartbeat Report' } - - { name: 'Lynis Report' } - - { name: 'NMap Report' } - when: leet_drive_details.stat.exists diff --git a/tasks/general/cron/root.yml b/tasks/general/cron/root.yml deleted file mode 100644 index 439444b..0000000 --- a/tasks/general/cron/root.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Jobs relating to the root user. - -- name: General | Cron | Root | Enable SSHFS Job (FreeBSD) - cron: - user: root - name: "1337 SSHFS" - special_time: reboot - job: "{{ load_fusefs }} && {{ sshfs_leet_cmd }}" - state: present - disabled: no - when: ansible_system == "FreeBSD" - -- name: General | Cron | Root | Enable Secure Copy Reports - cron: - user: root - name: "Copy Reports" - minute: "05,20,35,50" - job: "scp {{ ansible_pull_report }} {{ heartbeat_report }} {{ lynis_report }} {{ nmap_report }} {{ leet_ssh }}:{{ report_scp_location }}" - state: absent - disabled: no - when: not leet_drive_details.stat.exists - -- name: General | Cron | Root | Disable Secure Copy Reports - cron: - user: root - name: "Copy Reports" - job: "As a wise man once said, I'm disabled." - state: absent - disabled: yes - when: leet_drive_details.stat.exists diff --git a/tasks/general/finish.yml b/tasks/general/finish.yml deleted file mode 100644 index 6b24074..0000000 --- a/tasks/general/finish.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Tasks related to finishing ansible-pull -# EG: End timer, start conflicting jobs, etc - -- name: General | Finish | Ansible Pull Report | Finish File - shell: "echo 'FINISH' >> {{ ansible_pull_report }}" - when: leet_drive_details.stat.exists - -- name: General | Finish | Ansible Pull Report | Add Date Entry - shell: "date >> {{ ansible_pull_report }}" - when: leet_drive_details.stat.exists diff --git a/tasks/general/scripts/root.yml b/tasks/general/scripts/root.yml index a886220..4a8b925 100644 --- a/tasks/general/scripts/root.yml +++ b/tasks/general/scripts/root.yml @@ -20,24 +20,6 @@ mode: '0755' -- name: General | Scripts | Root | push.sh - blockinfile: - path: "{{ user_root.home }}/bin/push.sh" - block: | - # 20210215 - Make life even easier! - ssh {{ user }}@leet "cd Code/Ansible/ansible-pull; git push" - marker: '{mark}' - marker_begin: "#!{{ bash_exec.stdout }}" - marker_end: "exit 0" - state: present - create: yes - -- name: General | Scripts | Root | push.sh Permissions - file: - path: "{{ user_root.home }}/bin/push.sh" - mode: '0755' - - - name: General | Scripts | Root | scm-dev.sh blockinfile: path: "{{ user_root.home }}/bin/scm-dev.sh" @@ -68,28 +50,3 @@ file: path: "{{ user_root.home }}/bin/scm-dev.sh" mode: '0755' - - -- name: General | Scripts | Root | scm-local.sh - blockinfile: - path: "{{ user_root.home }}/bin/scm-local.sh" - block: | - # 20220312 - Make life easier for development! Especially when Github can't be reached. - - ## Variables ## - - - ## Main ## - - time ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml - - marker: '{mark}' - marker_begin: "#!{{ bash_exec.stdout }}" - marker_end: "exit 0" - state: present - create: yes - -- name: General | Scripts | Root | scm-local.sh Permissions - file: - path: "{{ user_root.home }}/bin/scm-local.sh" - mode: '0755' diff --git a/tasks/general/scripts/user.yml b/tasks/general/scripts/user.yml index 408df2f..5bed260 100644 --- a/tasks/general/scripts/user.yml +++ b/tasks/general/scripts/user.yml @@ -20,24 +20,6 @@ mode: '0755' -- name: General | Scripts | User | push.sh - blockinfile: - path: "{{ user_user.home }}/bin/push.sh" - block: | - # 20210215 - Make life even easier! - ssh {{ user }}@leet "cd Code/Ansible/ansible-pull; git push" - marker: '{mark}' - marker_begin: "#!{{ bash_exec.stdout }}" - marker_end: "exit 0" - state: present - create: yes - -- name: General | Scripts | User | push.sh Permissions - file: - path: "{{ user_user.home }}/bin/push.sh" - mode: '0755' - - - name: General | Scripts | User | scm-dev.sh blockinfile: path: "{{ user_user.home }}/bin/scm-dev.sh" @@ -68,28 +50,3 @@ file: path: "{{ user_user.home }}/bin/scm-dev.sh" mode: '0755' - - -- name: General | Scripts | User | scm-local.sh - blockinfile: - path: "{{ user_user.home }}/bin/scm-local.sh" - block: | - # 20220312 - Make life easier for development! Especially when Github can't be reached. - - ## Variables ## - - - ## Main ## - - time sudo ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml - - marker: '{mark}' - marker_begin: "#!{{ bash_exec.stdout }}" - marker_end: "exit 0" - state: present - create: yes - -- name: General | Scripts | User | scm-local.sh Permissions - file: - path: "{{ user_user.home }}/bin/scm-local.sh" - mode: '0755' diff --git a/tasks/general/software/services.yml b/tasks/general/software/services.yml index b3229e3..84e9f3e 100644 --- a/tasks/general/software/services.yml +++ b/tasks/general/software/services.yml @@ -11,27 +11,6 @@ enabled: yes -## SSHFS ## - -- name: General | Software | Services | SSHFS | Enable FuseFS (FreeBSD rc.conf) - lineinfile: - path: "{{ rc_conf }}" - regexp: 'fusefs_enable=' - line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE' - state: present - create: yes - backup: yes - when: ansible_system == "FreeBSD" - -- name: General | Software | Services | SSHFS | Enable SSHFS (FreeBSD service) - service: - name: fusefs - pattern: fusefs - state: started - enabled: yes - when: ansible_system == "FreeBSD" - - ## CUPS ## - name: General | Software | Services | CUPS | Disable diff --git a/tasks/general/start.yml b/tasks/general/start.yml deleted file mode 100644 index 09f0cf5..0000000 --- a/tasks/general/start.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Tasks related to starting ansible-pull -# EG: Start timer, kill conflicting jobs, etc - -- name: General | Start | Ansible Pull Report | Start File - shell: "echo 'START' > {{ ansible_pull_report }}" - when: leet_drive_details.stat.exists - -- name: General | Start | Ansible Pull Report | Add Provision Variables - shell: "echo '{{ provision_variables }}' >> {{ ansible_pull_report }}" - when: leet_drive_details.stat.exists - -- name: General | Start | Ansible Pull Report | Make Viewable (SSHFS) - file: - path: "{{ ansible_pull_report }}" - mode: '0777' - when: leet_drive_details.stat.exists - -- name: General | Start | Ansible Pull Report | Add Date Entry - shell: "date >> {{ ansible_pull_report }}" - when: leet_drive_details.stat.exists diff --git a/tasks/server/software/grafana.yml b/tasks/server/software/grafana.yml index 2b4343b..89ffc5c 100644 --- a/tasks/server/software/grafana.yml +++ b/tasks/server/software/grafana.yml @@ -10,6 +10,7 @@ - apt-transport-https - software-properties-common - wget + - gnupg state: present ## Install ## diff --git a/tasks/workstation/linux/software/debs.yml b/tasks/workstation/linux/software/debs.yml deleted file mode 100644 index 2b73f28..0000000 --- a/tasks/workstation/linux/software/debs.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Install .deb packages on Debian and Ubuntu machines. - -- name: Workstattion | Linux | Software | Apt Distro | .deb Files - apt: - deb: '{{ leet_drive }}/InstallFiles/Programs/{{ item }}.deb' - state: present - loop: - - atomicwallet - ignore_errors: yes diff --git a/tasks/workstation/mac-os/software/dmg.yml b/tasks/workstation/mac-os/software/dmg.yml deleted file mode 100644 index 4d8b92b..0000000 --- a/tasks/workstation/mac-os/software/dmg.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Download and install DMG files that are not yet in Homebrew. - -# macFUSE, sshfs, balena-etcher - -- name: Workstation | Mac OS | Software | DMGs | TBD - shell: echo TBD diff --git a/tasks/workstation/shared/settings/nfs.yml b/tasks/workstation/shared/settings/nfs.yml index 5f4dcdf..d4c98ed 100644 --- a/tasks/workstation/shared/settings/nfs.yml +++ b/tasks/workstation/shared/settings/nfs.yml @@ -1,11 +1,6 @@ --- # Mount network shares. -- name: Workstation | Settings | NFS | Facts - set_fact: - media_folder: /mnt/media - mount_number: 0 - - name: Workstation | Settings | NFS | Facts (Linux) set_fact: mount_options: defaults,_netdev @@ -42,21 +37,3 @@ create: yes backup: yes when: ansible_system == "FreeBSD" - - -- name: Workstation | Settings | NFS | Create Folders - file: - path: "{{ item }}" - state: directory - mode: '0777' - loop: - - "{{ media_folder }}" - - -- name: Workstation | Settings | NFS | Create Mount Instructions - blockinfile: - path: /etc/fstab - marker: "# {mark} MANAGED BY ANSIBLE | Media" - block: | - htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs {{ mount_options }} {{ mount_number }} {{ mount_number }} - backup: yes