me/env-ansible
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Share Drives (#28)

Browse Source 
* Add another requirement for Debian to download key.

* Add setup script instead of using scm.hyperling.com.

* Fix setup permissions.

* Starting effort to remove share drives from script. Downsizing homelab.

* Remove files which are no longer useful without mounts.

* Allow initializing on alternate branches.

* Fix Lynis and NMap log locations.

* Remove deleted files from main.

* Fix nmap filename.

* Remove _name from report variables.
This commit is contained in:
Hyperling
2022-08-23 19:22:27 -05:00
committed by GitHub
parent cb9ae5eb18
commit 3109891a7e
17 changed files with 63 additions and 405 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tasks/general/acct_mgmt/keys.yml
View File

@ -1,16 +0,0 @@
---
# SSH keys for day-to-day system usage.
# Debian's ansible is too old to use this.
#- name: Create Root's SSH Key
# openssh_keypair:
# path: /root/.ssh/id_rsa
- name: General | Account Management | Keys | Root | Create SSH
shell: ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa <<< n
args:
executable: "{{ bash_exec.stdout }}"
ignore_errors: yes
- name: General | Account Management | Keys | Root | Copy SSH to 1337
shell: ssh-copy-id -i /root/.ssh/id_rsa {{ leet_ssh }}

69
tasks/general/acct_mgmt/mounts.yml
View File

@ -1,69 +0,0 @@
---
# Mount shares that all systems should have.
# Test if this machine can use SSHFS
- name: General | Account Management | Mounts | Create Test Folder
file:
path: "/mnt/test"
state: directory
mode: '0755'
- name: General | Account Management | Mounts | Enable SSHFS (FreeBSD)
shell: "{{ load_fusefs }}"
ignore_errors: yes
when: ansible_system == "FreeBSD"
- name: General | Account Management | Mounts | Test SSHFS
shell: "sshfs {{ leet_ssh }}: /mnt/test -o allow_other"
register: sshfs_test
ignore_errors: yes
# Begin setting up 1337
- name: General | Account Management | Mounts | Create 1337 Folder
file:
path: "{{ leet_drive }}"
state: directory
mode: '0755'
# Linux uses fstab
- name: General | Account Management | Mounts | Create 1337 fstab Entry
blockinfile:
path: /etc/fstab
block: |
{{ leet_ssh }}: /mnt/leet fuse.sshfs defaults,_netdev,allow_other 0 0
marker: '# {mark} MANAGED BY ANSIBLE | 1337 Share'
state: present
backup: yes
when: ansible_system == "Linux" and
(not sshfs_test.failed or leet_drive_details.stat.exists)
- name: General | Account Management | Mounts | Mount All (Linux)
shell: mount -a
args:
warn: false
when: ansible_system == "Linux" and
(not sshfs_test.failed or leet_drive_details.stat.exists)
# FreeBSD has to do this via root cron job, fstab is unhappy
- name: General | Account Management | Mounts | Unmount 1337 (FreeBSD)
shell: umount -f /mnt/leet
args:
warn: false
when: ansible_system == "FreeBSD" and
(not sshfs_test.failed or leet_drive_details.stat.exists)
ignore_errors: yes
- name: General | Account Management | Mounts | Remount 1337 (FreeBSD)
shell: "{{ sshfs_leet_cmd }}"
when: ansible_system == "FreeBSD" and
(not sshfs_test.failed or leet_drive_details.stat.exists)
# Ensure correct cron jobs and other downstream dependencies are done properly.
- name: General | Account Management | Mounts | Refresh Variable leet_drive_details
stat:
path: "{{ leet_drive }}/Temp/ansible"
register: leet_drive_details

38
tasks/general/cron/ansible.yml
View File

@ -18,41 +18,3 @@
job: "{{ user_root.home }}/bin/scm.sh"
state: present
disabled: no
- name: General | Cron | Ansible | Create Heartbeat Job
cron:
user: ansible
name: "Create Heartbeat Report"
minute: "*/15"
job: "neofetch --stdout | sudo tee {{ heartbeat_report }}; sudo chmod 777 {{ heartbeat_report }}"
state: present
disabled: no
- name: General | Cron | Ansible | Enable Secure Copy Reports
cron:
user: ansible
name: "{{ item.name }}"
minute: "05,20,35,50"
job: "ls {{ item.src }} 2>/dev/null 1>&2 && sudo scp {{ item.src }} {{ item.dest }} && sudo sh -c 'rm -rfv {{ item.src }}'"
state: present
disabled: no
loop:
- { name: 'Ansible Pull Report', src: '{{ ansible_pull_report }}', dest: '{{ ansible_pull_report_scp }}' }
- { name: 'Heartbeat Report', src: '{{ heartbeat_report }}', dest: '{{ heartbeat_report_scp }}' }
- { name: 'Lynis Report', src: '{{ lynis_report }}', dest: '{{ lynis_report_scp }}' }
- { name: 'NMap Report', src: '{{ nmap_report }}', dest: '{{ nmap_report_scp }}' }
when: not leet_drive_details.stat.exists
- name: General | Cron | Ansible | Disable Secure Copy Reports
cron:
user: ansible
name: "{{ item.name }}"
job: "As a wise man once said, I'm disabled."
state: absent
#disabled: yes
loop:
- { name: 'Ansible Pull Report' }
- { name: 'Heartbeat Report' }
- { name: 'Lynis Report' }
- { name: 'NMap Report' }
when: leet_drive_details.stat.exists

31
tasks/general/cron/root.yml
View File

@ -1,31 +0,0 @@
---
# Jobs relating to the root user.
- name: General | Cron | Root | Enable SSHFS Job (FreeBSD)
cron:
user: root
name: "1337 SSHFS"
special_time: reboot
job: "{{ load_fusefs }} && {{ sshfs_leet_cmd }}"
state: present
disabled: no
when: ansible_system == "FreeBSD"
- name: General | Cron | Root | Enable Secure Copy Reports
cron:
user: root
name: "Copy Reports"
minute: "05,20,35,50"
job: "scp {{ ansible_pull_report }} {{ heartbeat_report }} {{ lynis_report }} {{ nmap_report }} {{ leet_ssh }}:{{ report_scp_location }}"
state: absent
disabled: no
when: not leet_drive_details.stat.exists
- name: General | Cron | Root | Disable Secure Copy Reports
cron:
user: root
name: "Copy Reports"
job: "As a wise man once said, I'm disabled."
state: absent
disabled: yes
when: leet_drive_details.stat.exists

11
tasks/general/finish.yml
View File

@ -1,11 +0,0 @@
---
# Tasks related to finishing ansible-pull
# EG: End timer, start conflicting jobs, etc
- name: General | Finish | Ansible Pull Report | Finish File
shell: "echo 'FINISH' >> {{ ansible_pull_report }}"
when: leet_drive_details.stat.exists
- name: General | Finish | Ansible Pull Report | Add Date Entry
shell: "date >> {{ ansible_pull_report }}"
when: leet_drive_details.stat.exists

43
tasks/general/scripts/root.yml
View File

@ -20,24 +20,6 @@
mode: '0755'
- name: General | Scripts | Root | push.sh
blockinfile:
path: "{{ user_root.home }}/bin/push.sh"
block: |
# 20210215 - Make life even easier!
ssh {{ user }}@leet "cd Code/Ansible/ansible-pull; git push"
marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}"
marker_end: "exit 0"
state: present
create: yes
- name: General | Scripts | Root | push.sh Permissions
file:
path: "{{ user_root.home }}/bin/push.sh"
mode: '0755'
- name: General | Scripts | Root | scm-dev.sh
blockinfile:
path: "{{ user_root.home }}/bin/scm-dev.sh"
@ -68,28 +50,3 @@
file:
path: "{{ user_root.home }}/bin/scm-dev.sh"
mode: '0755'
- name: General | Scripts | Root | scm-local.sh
blockinfile:
path: "{{ user_root.home }}/bin/scm-local.sh"
block: |
# 20220312 - Make life easier for development! Especially when Github can't be reached.
## Variables ##
## Main ##
time ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}"
marker_end: "exit 0"
state: present
create: yes
- name: General | Scripts | Root | scm-local.sh Permissions
file:
path: "{{ user_root.home }}/bin/scm-local.sh"
mode: '0755'

43
tasks/general/scripts/user.yml
View File

@ -20,24 +20,6 @@
mode: '0755'
- name: General | Scripts | User | push.sh
blockinfile:
path: "{{ user_user.home }}/bin/push.sh"
block: |
# 20210215 - Make life even easier!
ssh {{ user }}@leet "cd Code/Ansible/ansible-pull; git push"
marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}"
marker_end: "exit 0"
state: present
create: yes
- name: General | Scripts | User | push.sh Permissions
file:
path: "{{ user_user.home }}/bin/push.sh"
mode: '0755'
- name: General | Scripts | User | scm-dev.sh
blockinfile:
path: "{{ user_user.home }}/bin/scm-dev.sh"
@ -68,28 +50,3 @@
file:
path: "{{ user_user.home }}/bin/scm-dev.sh"
mode: '0755'
- name: General | Scripts | User | scm-local.sh
blockinfile:
path: "{{ user_user.home }}/bin/scm-local.sh"
block: |
# 20220312 - Make life easier for development! Especially when Github can't be reached.
## Variables ##
## Main ##
time sudo ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}"
marker_end: "exit 0"
state: present
create: yes
- name: General | Scripts | User | scm-local.sh Permissions
file:
path: "{{ user_user.home }}/bin/scm-local.sh"
mode: '0755'

21
tasks/general/software/services.yml
View File

@ -11,27 +11,6 @@
enabled: yes
## SSHFS ##
- name: General | Software | Services | SSHFS | Enable FuseFS (FreeBSD rc.conf)
lineinfile:
path: "{{ rc_conf }}"
regexp: 'fusefs_enable='
line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'
state: present
create: yes
backup: yes
when: ansible_system == "FreeBSD"
- name: General | Software | Services | SSHFS | Enable SSHFS (FreeBSD service)
service:
name: fusefs
pattern: fusefs
state: started
enabled: yes
when: ansible_system == "FreeBSD"
## CUPS ##
- name: General | Software | Services | CUPS | Disable

21
tasks/general/start.yml
View File

@ -1,21 +0,0 @@
---
# Tasks related to starting ansible-pull
# EG: Start timer, kill conflicting jobs, etc
- name: General | Start | Ansible Pull Report | Start File
shell: "echo 'START' > {{ ansible_pull_report }}"
when: leet_drive_details.stat.exists
- name: General | Start | Ansible Pull Report | Add Provision Variables
shell: "echo '{{ provision_variables }}' >> {{ ansible_pull_report }}"
when: leet_drive_details.stat.exists
- name: General | Start | Ansible Pull Report | Make Viewable (SSHFS)
file:
path: "{{ ansible_pull_report }}"
mode: '0777'
when: leet_drive_details.stat.exists
- name: General | Start | Ansible Pull Report | Add Date Entry
shell: "date >> {{ ansible_pull_report }}"
when: leet_drive_details.stat.exists