diff --git a/README.md b/README.md index 01b1eca..c84e09b 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,20 @@ # ansible Getting real with system management via ansible-pull. -Per-system configuration is handled via local files to the provisioned machine, rather than using a hosts file. This keeps future hosts private and allows changing what's on the machine without code changes and releases. The files are accessed via the show-config and edit-config aliases. +Per-system configuration is handled via local files to the provisioned machine, +rather than using a hosts file. This keeps future hosts private and allows +changing what's on the machine without code changes and releases. The files are +accessed via the show-config and edit-config aliases. ## Disclaimer -This setup is specific to the maintainer's devices and needs. You're welcome to use it as an example for your needs, but do not expect it to work as-is. +This setup is specific to the maintainer's devices and needs. You're welcome to +use it as an example for your needs, but do not expect it to work as-is. ## Currently Supported Linux Systems ### Debian Family #### Debian -100%, but only if using a recent enough version of Ansible. `pip` usually has a better version than `apt`. +100%, but only if using a recent enough version of Ansible. `pip` usually has a +better version than `apt`. #### Ubuntu 100%, both server and desktop. #### Pop!_OS @@ -17,7 +22,8 @@ This setup is specific to the maintainer's devices and needs. You're welcome to #### Mint 100%, but not really used, just tested once for fun. #### Parrot Security OS (MATE) -100% for a while, but OS did not serve maintainer's needs and 404 errors were terrible while updating. Ubuntu Rolling Rhino filled the gap. +100% for a while, but OS did not serve maintainer's needs and 404 errors were +terrible while updating. Ubuntu Rolling Rhino filled the gap. ### Arch Family #### Manjaro @@ -37,6 +43,10 @@ Workstation: 100% Generic: 100% Workstation: Currently failing at `[Workstation | Linux | Flatpak Distro | Package Manager | Install From Repo]` with message `Problem: nothing provides libedataserver-1.2.so.24 needed by the to be installed evolution-data-server-32bit-3.34.4-3.3.1.x86_64`. +### NixOS +99%, still need to get Telegraf going and refactor local.yml but everything else +is working well. It is automatically implementing github.com/Hyperling/NixOS. + ## Currently Supported Unix Systems ### FreeBSD 12, 13 100%, although GUI is not working completely on 13 yet (dash-to-dock doesn't compile). @@ -44,18 +54,26 @@ Software choices are slightly more limited since not `flatpak`-enabled and not f ## Waiting To Be Tested ### Kali Linux -### Arch Linux ARM +### Arch Linux ARM Specifically for the Pinephone. ### Arch Linux x86 -Would be great to have Arch get built up by this. Used for many years but left after update problems due to a long computer hiatus. +Would be great to have Arch get built up by this. Used for many years but left +after update problems due to a long computer hiatus. ### Fedora Mobile Specifically for the Pinephone. ## Future Goals -Eventually some of the scripts and install files will be put into the files folder. This will allow initializing systems outside of the maintainer's home network. +Eventually some of the scripts and install files will be put into the files +folder. This will allow initializing systems outside of the maintainer's home +network. -There may also be a refactor of task-specific facts to be in their task file so that some playbooks can be more self-sufficient and be provided to the community without hacking. The original goal was to never define facts in tasks, but the benefit has yet to be seen for some tasks. Shared facts will definitely continue to exist under the facts tree. +There may also be a refactor of task-specific facts to be in their task file so +that some playbooks can be more self-sufficient and be provided to the community +without hacking. The original goal was to never define facts in tasks, but the +benefit has yet to be seen for some tasks. Shared facts will definitely continue +to exist under the facts tree. ## Other Notes ### Get Setup Values -Use this command to see the variables for a system: `ansible localhost -m setup --connection=local`. \ No newline at end of file +Use this command to see the variables for a system: +`ansible localhost -m setup --connection=local`. \ No newline at end of file diff --git a/facts/general/package.yml b/facts/general/package.yml index 1546deb..a85736c 100644 --- a/facts/general/package.yml +++ b/facts/general/package.yml @@ -65,6 +65,7 @@ - name: General | Facts | Package | Update Commands | Helpers set_fact: update_accept_var: '$accept' + nix_days: 14 - name: General | Facts | Package | Update Commands | Helpers | pacman set_fact: @@ -76,7 +77,7 @@ update_package_manager: | echo "*** Apt ***" && sudo apt update && - sudo apt autoremove {{ update_accept_var }} && + sudo apt autoremove {{ update_accept_var }} && sudo apt clean {{ update_accept_var }} && sudo dpkg --configure -a && sudo apt --fix-broken --fix-missing install && @@ -96,7 +97,7 @@ - name: General | Facts | Package | Update Commands | pkg set_fact: update_package_manager: | - echo "*** FreeBSD-Update ***" + echo "*** FreeBSD-Update ***" clean="" [[ "{{ update_accept_var }}" == "-y" ]] || echo "Are you sure you'd like to clean /var/db/freebsd-update? [y/N] " [[ "{{ update_accept_var }}" == "-y" ]] || read -N 1 clean @@ -112,7 +113,7 @@ sudo pkg update && sudo pkg clean {{ update_accept_var }} && sudo pkg autoremove {{ update_accept_var }} && - sudo pkg upgrade {{ update_accept_var }} && + sudo pkg upgrade {{ update_accept_var }} && when: ansible_pkg_mgr in ("pkg", "pkgng") - name: General | Facts | Package | Update Commands | parrot-upgrade @@ -152,11 +153,47 @@ sudo zypper patch {{ update_accept_var }} && sudo zypper update {{ update_accept_var }} && sudo zypper dist-upgrade {{ update_accept_var }} && - # This is a neat feature, but is installing things like GIMP from the + # This is a neat feature, but is installing things like GIMP from the # repos when it is already installed through Flatpak, so not needed. #sudo zypper install-new-recommends && when: ansible_pkg_mgr in ("zypper") +- name: General | Facts | Package | Update Commands | NixOS + set_fact: + update_package_manager: | + sudo echo "*** NixOS ***" + # Clean up! + # https://specific.solutions.limited/blog/recovering-diskspace-in-nixos + + echo -en "\n * Delete any existing garbage and snapshots older than " + echo -e "{{ nix_days }} days.\n" + echo "User:" + nix-collect-garbage --delete-older-than '{{ nix_days }}d' + echo "Root:" + sudo nix-collect-garbage --delete-older-than '{{ nix_days }}d' + + ls ~/.cache/*nix* /root/.cache/*nix* 2>/dev/null 1>&2 && + echo -e "\n * Delete any cache.\n" + du -hs ~/.cache/*nix* 2>/dev/null && + echo "User:" && + rm -rfv ~/.cache/*nix* + sudo du -hs /root/.cache/*nix* 2>/dev/null && + echo "Root:" && + sudo rm -rfv /root/.cache/*nix* + + echo -e "\n * Update channels with the latest expressions.\n" + echo "User:" + nix-channel --update + echo "Root:" + sudo nix-channel --update + + echo -e "\n * Rebuild using the existing *.nix files.\n" + sudo nixos-rebuild switch + + echo -e "\n * Hard link duplicates, saves 25-35% of store size.\n" + sudo nix-store --optimize + when: ansible_distribution == "NixOS" + - name: General | Facts | Package | Update Commands | flatpak | check shell: which flatpak @@ -166,14 +203,14 @@ - name: General | Facts | Package | Update Commands | flatpak | exists set_fact: update_flatpak: | - echo "*** Flatpak ***" - [[ {{ battery }} != 'True' ]] && sudo flatpak repair + echo "*** Flatpak ***" + [[ {{ battery }} != 'True' ]] && sudo flatpak repair sudo flatpak uninstall --unused {{ update_accept_var }} && sudo flatpak update {{ update_accept_var }} && when: flatpak_exec is defined and flatpak_exec.failed is defined and not flatpak_exec.failed - + - name: General | Facts | Package | Update Commands | flatpak | not exists set_fact: update_flatpak: | - echo "*** Flatpak Not Installed ***" && + echo "*** Flatpak Not Installed ***" && when: update_flatpak is not defined diff --git a/facts/general/service.yml b/facts/general/service.yml index 5f64d7d..aa340ea 100644 --- a/facts/general/service.yml +++ b/facts/general/service.yml @@ -14,6 +14,8 @@ crond_pattern: cron acpi: acpid acpi_pattern: acpid + bluetooth: bluetooth + bluetooth_pattern: bluetooth - name: General | Facts | Service | Arch Linux set_fact: diff --git a/facts/workstation/package.yml b/facts/workstation/package.yml index 2731f58..4b05217 100644 --- a/facts/workstation/package.yml +++ b/facts/workstation/package.yml @@ -99,3 +99,9 @@ font_awesome: fontawesome-fonts nfs: utils-libnfs when: ansible_os_family == "Suse" + + +- name: Workstation | Facts | Package | NixOS + set_fact: + flatpak_distro: false + when: ansible_distribution == "NixOS" diff --git a/files/scripts/compress-images.sh b/files/scripts/compress_image.sh similarity index 74% rename from files/scripts/compress-images.sh rename to files/scripts/compress_image.sh index 128f472..cde7441 100755 --- a/files/scripts/compress-images.sh +++ b/files/scripts/compress_image.sh @@ -7,7 +7,7 @@ DIR="$(dirname -- "${BASH_SOURCE[0]}")" PROG="$(basename -- "${BASH_SOURCE[0]}")" -echo "Running $DIR/$PROG" +echo "Running '$DIR/$PROG'." # Integers typeset -i size status @@ -28,7 +28,7 @@ function usage() { # Parameters: # 1) The exit status to use. status=$1 - echo "Usage: $PROG [-s SIZE] [-l LOCATION] [-r] [-f] [-d] [-h] [-x]" >&2 + echo "Usage: $PROG [-s SIZE] [-l LOCATION] [-r] [-f] [-d] [-c] [-h] [-x]" >&2 cat <<- EOF Compress JPG or PNG image(s). Can handle folders and work recursively. @@ -38,6 +38,7 @@ function usage() { -r : Recursively shrink images based on the location passed. -f : Force the image to be shrunk even if a file already exists for it. -d : Delete the original image if the compressed image is smaller. + -c : Clean the filename of underscores, dashes, 'IMG', etc. -h : Display this usage text. -x : Enable BASH debugging. EOF @@ -46,13 +47,14 @@ function usage() { ## Parameters ## -while getopts ":s:l:rfdhx" opt; do +while getopts ":s:l:rfdchx" opt; do case $opt in s) in_size="$OPTARG" && size="$in_size" ;; l) location="$OPTARG" ;; r) recurse="Y" && search="find" ;; f) force="Y" ;; d) delete="Y" ;; + c) clean="Y" ;; h) usage 0 ;; x) set -x ;; *) echo "ERROR: Option $OPTARG not recognized." >&2 && usage 1 ;; @@ -66,6 +68,13 @@ if [[ -n "$in_size" && "$size" != "$in_size" ]]; then usage 1 fi +convert_exe="`which convert`" +if [[ "$convert_exe" == "" ]]; then + echo "ERROR: 'convert' command could not be found, " + echo "please install 'imagemagick'." + usage 2 +fi + ## Main ## # If using ls, make sure full path is passed to the loop by adding '/*'. @@ -73,7 +82,6 @@ if [[ -z "$recurse" && -d "$location" && "$location" != *'/*' ]]; then if [[ "$location" != *'/' ]]; then location="${location}/" fi - location="${location}*" fi $search "$location" | sort | while read image; do @@ -98,20 +106,40 @@ $search "$location" | sort | while read image; do new_image="${image//.$extension/}.$tag-$date_YYYYMMDD.$extension" + # Clean the filename of extra junk so that they can be chronological order. + new_image_clean="${new_image//IMG/}" + new_image_clean="${new_image_clean//_/}" + new_image_clean="${new_image_clean//-/}" + new_image_clean="${new_image_clean// /}" + # Delete the existing shrunk image if we are forcing a new compression. - if [[ -n "$force" && -e "$new_image" ]]; then + if [[ -n "$force" && (-e "$new_image" || -e $new_image_clean) ]]; then echo -n " FORCE: " - rm -v "$new_image" + rm -v "$new_image" "$new_image_clean" 2>/dev/null fi # Skip if a compressed image was already created today. - if [[ -e "$new_image" ]]; then + if [[ -e "$new_image" || -e $new_image_clean ]]; then echo " SKIP: Image has already been shrunk previously, moving on." continue fi + # Whether or not to use the cleaned version or the normal version. + if [[ -n $clean ]]; then + new_image="$new_image_clean" + fi + + ### TBD Instead of this, only alter the file names, and set a dirname var? + # Create a new directory if the directory names were altered. + mkdir -pv "`dirname "$new_image"`" + # This modifies the image to be $size at its longest end, not be a square. - convert "$image" -resize ${size}x${size} "$new_image" + $convert_exe "$image" -resize ${size}x${size} "$new_image" + status="$?" + if [[ "$status" != 0 ]]; then + echo " SKIP: '$convert_exe' returned a status of '$status'." + continue + fi # Check file sizes and if the new one is larger then flag it as large. echo " Checking file sizes:" @@ -130,7 +158,12 @@ $search "$location" | sort | while read image; do continue fi - echo " SUCCESS: Conversion succeeded, file has been compressed." + if [[ -e "$new_image" ]]; then + echo " SUCCESS: Conversion succeeded, file has been compressed." + else + echo " ERROR: New image '$new_image' could not be found. Aborting." + break; + fi if [[ -n "$delete" ]]; then echo -n " DELETE: " @@ -143,7 +176,6 @@ $search "$location" | sort | while read image; do done # If large files do end up being created, allow the user to bulk delete them. -echo "FORTEST" if [[ -e "$large_created" ]]; then echo -e "\n*********************************************************" echo -e "WARNING: The files below are larger than their originals!\n" diff --git a/files/scripts/compress-video.sh b/files/scripts/compress_video.sh similarity index 64% rename from files/scripts/compress-video.sh rename to files/scripts/compress_video.sh index ac6433c..6430c95 100755 --- a/files/scripts/compress-video.sh +++ b/files/scripts/compress_video.sh @@ -4,20 +4,20 @@ ## Setup ## -DIR=`dirname $0` -PROG=`basename $0` -if [[ "$DIR" == '.' ]]; then - DIR=`pwd` -fi -echo "Running $DIR/$PROG" +DIR="$(dirname -- "${BASH_SOURCE[0]}")" +PROG="$(basename -- "${BASH_SOURCE[0]}")" +echo "Running '$DIR/$PROG'." filename_flag='compressed' date_YYYYMMDD="`date "+%Y%m%d"`" +large_extension='DoNotUse-LargerThanOriginal' +large_created=".$PROG.large_created.true" ## Functions ## function usage { - echo "Usage: $PROG [-i file/folder] [-v bitrate] [-a bitrate] [-c vcodec] [-r] [-f] [-m] [-V] [-x] [-h]" + echo -n "Usage: $PROG [-i file/folder] [-v bitrate] [-a bitrate] [-c vcodec]" + echo " [-r] [-f] [-d] [-m] [-V] [-x] [-h]" cat <<- EOF Reduce the filesize of a video file to make it stream well. It also helps with the file size for placing the file into a backup system. @@ -31,6 +31,7 @@ function usage { -c vcodec : The video codec you'd like to use, such as libopenh264. -r : Recurse the entire directory structure, compressing all video files. -f : Force recompressing any files by deleting it if it already exists. + -d : Delete the original video if the compressed version is smaller. -m : Measure the time it takes to compress each video and do the loop. -V : Add verbosity, such as printing all the variable values. -x : Set the shell's x flag to display every action which is taken. @@ -41,7 +42,7 @@ function usage { ## Parameters ## -while getopts ":i:v:a:c:rfmVxh" opt; do +while getopts ":i:v:a:c:rfdmVxh" opt; do case $opt in i) input="$OPTARG" ;; @@ -55,6 +56,8 @@ while getopts ":i:v:a:c:rfmVxh" opt; do ;; f) force="Y" ;; + d) delete="Y" + ;; m) time_command="time -p" ;; V) verbose="Y" @@ -109,6 +112,7 @@ if [[ "$verbose" == "Y" ]]; then codec='$codec' search_command='$search_command' force='$force' + delete='$delete' time_command='$time_command' verbose='$verbose' set_x='$set_x' @@ -119,7 +123,7 @@ if [[ "$verbose" == "Y" ]]; then fi SECONDS=0 -$search_command $input | sort | while read file; do +$search_command "$input" | sort | while read file; do echo -e "\n$file" if [[ -n "$time_command" ]]; then @@ -140,13 +144,16 @@ $search_command $input | sort | while read file; do extension="${file##*.}" newfile="${file//$extension/$filename_flag-$date_YYYYMMDD.$extension}" - # Convert spaces to underscores. - newfile="${newfile// /_}" + #### Convert spaces to underscores. + ###newfile="${newfile// /_}" + ### + #### Ensure any directories that had spaces get recreated without them. + ###mkdir -pv "`dirname "$newfile"`" # More exception checks based on the new file. if [[ -e "$newfile" ]]; then if [[ "$force" == "Y" ]]; then - echo "FORCE: Removing $newfile." + echo "FORCE: Removing '$newfile'." rm -vf "$newfile" else echo "SKIP: Already has a compressed version ($newfile)." @@ -155,24 +162,66 @@ $search_command $input | sort | while read file; do fi # Convert the file. - echo "Converting to $newfile." + echo "Converting to '$newfile'." $time_command bash -c "ffmpeg -nostdin -hide_banner -loglevel quiet \ -i '$file' -b:v $video_bitrate -b:a $audio_bitrate \ - $vcodec -movflags +faststart $newfile" + $vcodec -movflags +faststart '$newfile'" + status="$?" + if [[ "$status" != 0 ]]; then + echo "SKIP: ffmpeg returned a status of '$status'." + continue + fi # Check the filesize compared to the original and note if it is larger. echo "Checking file sizes:" - ls -sh $file $newfile | sort -hr - smaller_file=`ls -sh $file $newfile | sort -h | awk '{print $2}' | head -n 1` + ls -sh "$file" "$newfile" | sort -hr + smaller_file=`ls -sh "$file" "$newfile" | sort -h | awk '{print $2}' | head -n 1` if [[ "$smaller_file" == "$file" ]]; then echo -n "Conversion had the opposite effect, original was likely lesser " echo "quality. Adding a suffix to the file to signify that it grew." - mv -v $newfile $newfile.DoNotUse-LargerThanOriginal - else + mv -v "$newfile" "$newfile.$large_extension" + continue + fi + + if [[ -e "$newfile" ]]; then echo "Conversion succeeded, file has been compressed." + else + echo "ERROR: Converted file '$newfile' could not be found. Aborting." + break + fi + + if [[ -n "$delete" ]]; then + echo -n "Original has been deleted: " + if [[ -d ~/TRASH ]]; then + mv -v "$file" ~/TRASH/ + else + rm -v "$file" + fi fi done +# If large files do end up being created, allow the user to bulk delete them. +if [[ -e "$large_created" ]]; then + echo -e "\n*********************************************************" + echo -e "WARNING: The files below are larger than their originals!\n" + find "$input" -name "*"$large_extension + echo -e "*********************************************************" + + echo -en "\nWould you like to delete them? (Y/n): " + typeset -u confirm_delete + read confirm_delete + + if [[ -z "$confirm_delete" || "$confirm_delete" == "Y"* ]]; then + echo "" + find "$input" -name "*"$large_extension -exec rm -v {} \; + else + echo -e "\nKeeping files. Please use this if you change your mind:" + echo " find \"$input\" -name \"*\"$large_extension -exec rm -v {} \;" + fi + + rm "$large_created" +fi + echo -e "\nDone!" # Display elapsed time diff --git a/files/scripts/nixos.sh b/files/scripts/nixos.sh new file mode 100755 index 0000000..18ee7c9 --- /dev/null +++ b/files/scripts/nixos.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash +# Script to consistently install configuration.nix. +# To be called by Ansible via setup.sh and nixos.yml, as well as CLI by users. + +## Variables ## + +DIR="$(dirname -- "${BASH_SOURCE[0]}")" +PROG="$(basename -- "${BASH_SOURCE[0]}")" + +nixos_working_dir=~/nixos-config-deleteme +nixos_working_exe=activate.sh + +## Functions ## + +function usage { + echo -e "\nUsage: $PROG -b BRANCH" >&2 + cat <<- EOF + Run a setup script for NixOS based on the https://github.com/Hyperling/NixOS project. + + Parameters: + -b BRANCH: The branch which should be installed, likely 'main' or 'dev'. + EOF + echo "" + exit $1 +} + +function cleanup { + sh -c "rm -rfv $nixos_working_dir" >/dev/null +} + +## Parameters ## + +while getopts ":b:h" opt; do + case $opt in + b) branch="$OPTARG" ;; + h) usage 0 ;; + *) echo "ERROR: Parameter $OPTARG was not recognized." && usage 1 ;; + esac +done + +if [[ -z $branch ]]; then + echo "ERROR: Branch is required. $branch" >&2 + usage 2 +fi + +## Main ## + +cleanup + +# Install the Hyperling NixOS configurations. +git clone https://github.com/Hyperling/NixOS --branch $branch $nixos_working_dir +chmod 755 $nixos_working_dir/$nixos_working_exe +$nixos_working_dir/$nixos_working_exe + +cleanup + +exit 0 diff --git a/local.yml b/local.yml index fab2929..515bb90 100644 --- a/local.yml +++ b/local.yml @@ -5,9 +5,13 @@ - name: Main | Default Setup hosts: localhost connection: local - become: true + become: true tasks: + + ####### Gather ####### + # Load facts for all systems. + - include_tasks: facts/general/gather.yml - include_tasks: tasks/general/acct_mgmt/provision_config.yml @@ -16,35 +20,89 @@ - include_tasks: facts/general/service.yml - include_tasks: facts/general/user.yml - - include_tasks: tasks/general/software/packages.yml - - include_tasks: tasks/general/software/services.yml - - include_tasks: tasks/general/software/sendmail.yml - when: ansible_system == "FreeBSD" - - include_tasks: facts/general/gather.yml + ####### NixOS ####### + # Install the .nix files and do a little data setup. - - include_tasks: tasks/general/acct_mgmt/groups.yml - - include_tasks: tasks/general/acct_mgmt/users.yml - - include_tasks: tasks/general/acct_mgmt/sudo.yml - - include_tasks: tasks/general/acct_mgmt/doas.yml + - name: Main | NixOS Setup + block: - - include_tasks: tasks/general/scripts/root.yml - - include_tasks: tasks/general/scripts/user.yml - - include_tasks: tasks/general/scripts/install.yml + - include_tasks: tasks/general/software/nixos.yml - - include_tasks: tasks/general/cron/ansible.yml - - # TODO Need to refactor. Maybe tasks/general/cron/freebsd.yml - - include_tasks: tasks/workstation/freebsd/cron/ansible.yml - when: ansible_system == "FreeBSD" - - include_tasks: tasks/general/software/metasploit.yml - when: pentesting == true + # TBD if we are going to use this many, then just have IF statements + # and use blocks within the General area for NixOS vs not-NixOS. + - include_tasks: tasks/general/software/swap.yml + + - include_tasks: tasks/general/acct_mgmt/groups.yml + - include_tasks: tasks/general/acct_mgmt/users.yml + - include_tasks: tasks/general/acct_mgmt/sudo.yml + - include_tasks: tasks/general/acct_mgmt/doas.yml + + - include_tasks: tasks/general/scripts/root.yml + - include_tasks: tasks/general/scripts/user.yml + - include_tasks: tasks/general/scripts/install.yml + + - include_tasks: tasks/general/cron/ansible.yml + + # psutil does not work in NixOS. Cannot figure out how to fix it. Maybe + # time to start looking into home-manager but still not wanting to + # maintain two different GNOME setups. HMMMM! + - include_tasks: tasks/workstation/shared/settings/gnome.yml + when: workstation == true + + # Try including these. Really need to get NixOS working with the rest! + #- include_tasks: tasks/general/software/telegraf.yml # "Could not find a module for unknown."" + - include_tasks: tasks/general/tests/services.yml + - include_tasks: tasks/general/tests/lynis.yml + - include_tasks: tasks/general/tests/nmap.yml + + - name: NixOS | Complete + meta: end_play + + when: ansible_distribution == "NixOS" + + + ####### General ####### + # Basic setup for all enabled systems. + + - name: Main | General Setup + block: + + - include_tasks: tasks/general/software/swap.yml + - include_tasks: tasks/general/software/packages.yml + - include_tasks: tasks/general/software/services.yml + - include_tasks: tasks/general/software/sendmail.yml + when: ansible_system == "FreeBSD" + + + # Gather again in case missing programs have now been installed. + - include_tasks: facts/general/gather.yml + + - include_tasks: tasks/general/acct_mgmt/groups.yml + - include_tasks: tasks/general/acct_mgmt/users.yml + - include_tasks: tasks/general/acct_mgmt/sudo.yml + - include_tasks: tasks/general/acct_mgmt/doas.yml + + - include_tasks: tasks/general/scripts/root.yml + - include_tasks: tasks/general/scripts/user.yml + - include_tasks: tasks/general/scripts/install.yml + + - include_tasks: tasks/general/cron/ansible.yml + + # TODO Need to refactor. Maybe tasks/general/cron/freebsd.yml + - include_tasks: tasks/workstation/freebsd/cron/ansible.yml + when: ansible_system == "FreeBSD" + + - include_tasks: tasks/general/software/metasploit.yml + when: pentesting == true + + when: provision == true ####### Workstations ####### - # Additional setup for systems with GUI. + - name: Main | Workstation Setup block: @@ -97,7 +155,7 @@ when: workstation == true - + # No longer mining, this is now considered deprecated. # ####### Miners ####### # @@ -141,6 +199,7 @@ ####### Servers ####### # Easy to deploy server configurations. + - name: Main | Server Setup block: @@ -180,5 +239,6 @@ - include_tasks: tasks/general/software/telegraf.yml + - include_tasks: tasks/general/tests/services.yml - include_tasks: tasks/general/tests/lynis.yml - include_tasks: tasks/general/tests/nmap.yml diff --git a/setup.sh b/setup.sh index 4dc45af..aa105b0 100755 --- a/setup.sh +++ b/setup.sh @@ -1,10 +1,11 @@ -#!/bin/bash +#!/usr/bin/env bash # Script to initialize a system into Ansible collection. ## Global Variables ## -PROG=`basename $0` -LOCAL=`dirname $0`/local.yml +DIR="$(dirname -- "${BASH_SOURCE[0]}")" +PROG="$(basename -- "${BASH_SOURCE[0]}")" +LOCAL=$DIR/local.yml URL="https://github.com/Hyperling/ansible" BRANCH="main" @@ -19,12 +20,12 @@ function usage { $URL Parameters: - -l : Run the local playbook associated with this $PROG. + -l : Run the local playbook associated with this $PROG. This is helpful for development or just saving bandwidth. It also provides prettier colors than the plaintext from ansible-pull. ;) -b branch_name: Download and run a specific branch. Default is $BRANCH. -h : Display this help text - + EOF exit $1 } @@ -33,22 +34,10 @@ function usage { while getopts ":lb:h" arg; do case $arg in - l) - echo "Running $LOCAL as the playbook." - local="Y" - ;; - b) - echo -n "Using branch " - branch="$OPTARG" - echo "$branch instead of $BRANCH." - ;; - h) - usage - ;; - *) - echo "ERROR: A parameter was not recognized. Please check your command and try again." - usage 1 - ;; + l) local="Y" && echo "Running $LOCAL as the playbook." ;; + b) branch="$OPTARG" && echo "Using branch $branch instead of $BRANCH." ;; + h) usage ;; + *) echo "ERROR: Parameter $OPTARG was not recognized." && usage 1 ;; esac done @@ -96,6 +85,10 @@ if [[ `which ansible > /dev/null; echo $?` != 0 ]]; then sudo zypper install -y ansible git sudo mkdir -p /etc/ansible sudo sh -c 'echo "localhost ansible_connection=local" > /etc/ansible/hosts' + elif [[ $os == *NixOS* ]]; then + $DIR/files/scripts/nixos.sh -b $branch + sudo mkdir -p /etc/ansible + sudo sh -c 'echo "localhost ansible_connection=local" > /etc/ansible/hosts' else echo -e "ERROR: OS not detected." echo -e "$os" diff --git a/tasks/general/acct_mgmt/provision_config.yml b/tasks/general/acct_mgmt/provision_config.yml index ff44130..6a10a64 100644 --- a/tasks/general/acct_mgmt/provision_config.yml +++ b/tasks/general/acct_mgmt/provision_config.yml @@ -14,7 +14,7 @@ srv_file: "{{ prov_dir }}/server.ini" - name: General | Account Management | Provisioning Configuration | Create Directory - file: + file: path: "{{ prov_dir }}" state: directory mode: '0755' @@ -29,24 +29,46 @@ ;;;;;;; Available options - all require lowercase values ;;;;;; ; ; enable : Provide true for the provision to occur. + ; Default: false ; ; user : Provide the name of the user account. ; Example: tom, jerry, kim, sarah + ; Default: ling ; ; user_desc : Provide the description of the user account. ; Example: Thomas, Jerry, Kimberly, Sarah + ; Default: Hyperling ; ; branch : Provide the Github branch that the machine should poll. ; Example: main, dev + ; Default: main ; - ; pentesting : Set to true to install tools such as metasploit (nmap is already provided for reporting) + ; pentesting : Set to true to install tools such as metasploit. + ; nmap is already provided for reporting + ; Default: false ; ; no_telem : Set to true to avoid setting up telemetry services. - ; Disables GitHub updates to this project. - ; Disables all telegraf pings. + ; Disables GitHub updates to this project. + ; Disables all telegraf pings. + ; Default: false ; ; battery : Set to true to attempt to save battery life. - ; Slows down the rate of services such as telegraf and cron. + ; Slows down the rate of services such as telegraf and cron. + ; Default: false + ; + ; swap_block : Set to the block size if dd should create a swapfile. + ; Preferably keep this under 2G for integrity sakes, the + ; value is multiplied by count if you need a larger file. + ; Example: 500M, 512MB, 1G + ; Default: false + ; + ; swap_count : Set to the number of blocks to multiply the file size by. + ; Example: 8 + ; Default: 1 + ; + ; swap_file : Set to the name and location of where the file should be. + ; Example: /usr/local/swap + ; Default: /swapfile ; [global] marker: '; {mark} MANAGED BY ANSIBLE | Generic Config' @@ -63,9 +85,12 @@ pentesting: "{{ lookup('ini', 'pentesting file={{gen_file}} default=false') }}" no_telem: "{{ lookup('ini', 'no_telem file={{gen_file}} default=false') }}" battery: "{{ lookup('ini', 'battery file={{gen_file}} default=false') }}" + swap_block: "{{ lookup('ini', 'swap_block file={{gen_file}} default=false') }}" + swap_count: "{{ lookup('ini', 'swap_count file={{gen_file}} default=1') }}" + swap_file: "{{ lookup('ini', 'swap_file file={{gen_file}} default=/swapfile') }}" - name: General | Account Management | Provisioning Configuration | General | List - set_fact: + set_fact: provision_variables: "{{ provision_variables | combine(item) }}" loop: - { 'provision': "{{ provision }}" } @@ -75,6 +100,9 @@ - { 'pentesting': "{{ pentesting }}" } - { 'no_telem': "{{ no_telem }}" } - { 'battery': "{{ battery }}" } + - { 'swap_block': "{{ swap_block }}" } + - { 'swap_count': "{{ swap_count }}" } + - { 'swap_file': "{{ swap_file }}" } ## Workstation ## @@ -123,7 +151,7 @@ mobile: "{{ lookup('ini', 'mobile file={{wrk_file}} default=false') }}" - name: General | Account Management | Provisioning Configuration | Workstation | List - set_fact: + set_fact: provision_variables: "{{ provision_variables | combine(item) }}" loop: - { 'workstation': "{{ workstation }}" } @@ -150,7 +178,7 @@ # ; # ; nanominer : Set to true for installation of nanominer # ; -# ; nanominer_cpu : Set to coin code that you'd like the CPU to work on +# ; nanominer_cpu : Set to coin code that you'd like the CPU to work on # ; Valid values: xmr # ; # ; nanominer_cpu_pool : Set to pool organization to use for CPU mining @@ -199,7 +227,7 @@ # xmr_stak_cpu: "{{ lookup('ini', 'xmr_stak_cpu file={{mnr_file}} default=false') }}" # #- name: General | Account Management | Provisioning Configuration | Miner | List -# set_fact: +# set_fact: # provision_variables: "{{ provision_variables | combine(item) }}" # loop: # - { 'miner': "{{ miner }}" } @@ -253,7 +281,7 @@ ; Regardless of whether you choose http or https, the Certbot config will be skipped since the maintainer uses a reverse proxy. ; Example: https://gitlab ; - ; git : Set to true for this server to be configured as an HTTP git server. + ; git : Set to true for this server to be configured as an HTTP git server. ; ; git_name : Name(s) of project(s) that the Git server should host. ; Example: ansible#ansible-dev @@ -293,7 +321,7 @@ git_sep: "{{ lookup('ini', 'git_sep file={{srv_file}} default=false') }}" - name: General | Account Management | Provisioning Configuration | Server | List - set_fact: + set_fact: provision_variables: "{{ provision_variables | combine(item) }}" loop: - { 'server': "{{ server }}" } @@ -323,5 +351,5 @@ ## Display values ## - name: General | Account Management | Provisioning Configuration | Print - debug: + debug: var: provision_variables diff --git a/tasks/general/acct_mgmt/users.yml b/tasks/general/acct_mgmt/users.yml index 0b25b3c..6697264 100644 --- a/tasks/general/acct_mgmt/users.yml +++ b/tasks/general/acct_mgmt/users.yml @@ -1,5 +1,5 @@ --- -# Create users for all machines. +# Create and configure default users for all machines. ## Variables ## @@ -58,7 +58,7 @@ ## Superuser ## -- name: General | Account Management | Users | Hyperling +- name: General | Account Management | Users | User user: name: "{{ user }}" comment: "{{ user_desc }}" @@ -72,7 +72,7 @@ generate_ssh_key: yes register: user_user -- name: General | Account Management | Users | Hyperling | Test Logging In +- name: General | Account Management | Users | User | Test Logging In shell: "echo SUCCESS" args: executable: "{{ user_shell }}" @@ -81,7 +81,7 @@ ## Folders ## -- name: General | Account Management | Users | Folders | Root | Create bin, Downloads, TRASH +- name: General | Account Management | Users | Root | Create Folders file: path: "{{ item }}" state: directory @@ -92,7 +92,7 @@ - "{{ user_root.home }}/TRASH" when: user_root.home != "" -- name: General | Account Management | Users | Folders | Hyperling | Create bin, LBRY, TRASH +- name: General | Account Management | Users | User | Create Folders file: path: "{{ item }}" state: directory @@ -106,7 +106,7 @@ become_user: "{{ user }}" when: user_user.home != "" -- name: General | Account Management | Users | Folders | Home Directories 700 +- name: General | Account Management | Users | Home Permissions shell: "chmod 700 {{ user_user.home }}/../*" @@ -119,7 +119,7 @@ alias_rm: alias rm='echo "Use mv ~/TRASH/ instead!"' alias_clean_dir: alias clean-dir='mv * ~/TRASH/' alias_clean_trash: alias clean-trash='sh -c "rm -rfv ~/TRASH/*"' - export_path_additions: export PATH="~/bin:$PATH" + export_path_additions: export PATH="~/bin:"{{ global_bin }}":$PATH" function_wttr: | function weather() { # 20210301 - Someone showed me an awesome weather API! Had to implement it! @@ -138,7 +138,14 @@ curl "https://wttr.in/${1//\ /+}" } export_PS1: export PS1='[\u@\h \w]\$ ' - alias_remount: alias remount='sudo umount /mnt/*; sudo umount /mnt/*/*; sudo mount -a; echo -e "\nRemount completed!"; mount | grep /mnt' + alias_remount: | + alias remount=' + sudo umount /mnt/* + sudo umount /mnt/*/* + sudo mount -a + echo -e "\nRemount completed!" + mount | grep /mnt + ' function_update: | function update() { PROG=$FUNCNAME @@ -171,9 +178,18 @@ alias_sync: alias sync='date && echo "Syncing!" && sync && date' export_editor: export EDITOR='vi' init_aliases: | - alias init-video='mkdir -v raw; mkdir -v exports; cp ~/Templates/*video* ./' + alias init-video=' + mkdir -v raw + mkdir -v exports + cp ~/Templates/*video* ./ + ' alias init-vid=init-video - alias init-program='echo -e "#!/bin/bash\n# `date +%Y-%m-%d` by Hyperling\n# REASON\n\nexit 0\n"' + alias init-program=' + echo "#!/usr/bin/env bash" + echo "# `date +%Y-%m-%d` Hyperling" + echo "" + echo "exit 0" + ' alias init-prog=init-program bye_aliases: | alias bye="{{ shutdown_command }}" @@ -186,7 +202,15 @@ alias show-config-wrk="cat {{ wrk_file }}" alias show-config-mnr="cat {{ mnr_file }}" alias show-config-srv="cat {{ srv_file }}" - alias show-config-all="show-config-gen && echo '' && show-config-wrk && echo '' && show-config-mnr && echo '' && show-config-srv" + alias show-config-all=" + show-config-gen && + echo '' && + show-config-wrk && + echo '' && + show-config-mnr && + echo '' && + show-config-srv + " alias show-config="show-config-all" edit_config_aliases: | alias edit-config-gen="sudo $EDITOR {{ gen_file }}" @@ -278,14 +302,26 @@ function flatpak-purge() { flatpak remove --all --delete-data && flatpak repair && - echo "Finished purging all Flatpak apps. Executable may still need uninstalled." && + echo -n "Finished purging all Flatpak apps. " && + echo "Executable may still need uninstalled." && return echo "ERROR: Something went wrong while removing Flatpak apps!" >&2 } alias_vim: alias vi=vim alias_here: alias here='ls -alh `pwd`/*' - alias_docker_reload: alias docker-reload='docker compose down && docker compose build && docker compose up -d' - alias_docker_update: alias docker-update='docker compose down && docker compose pull && docker compose build && docker compose up -d' + alias_docker_reload: | + alias docker-reload=' + docker compose down && + docker compose build && + docker compose up -d + ' + alias_docker_update: | + alias docker-update=' + docker compose down && + docker compose pull && + docker compose build && + docker compose up -d + ' function_docker_upgrade: | function docker-upgrade() { # Wrapper for a full-scale upgrade and log view of a container. @@ -320,8 +356,72 @@ echo "Press ^C to escape." && docker logs -f $container } - alias_docker_restart: alias docker-restart='docker compose down && docker compose up -d' - alias_code_check: alias code-check='ls -d ~/Code/* | while read project; do echo "*** `basename $project` ***"; cd $project; git push; git pull; done' + alias_docker_restart: | + alias docker-restart='docker compose down && docker compose up -d' + alias_code_check: | + alias code-check=' + ls -d ~/Code/* | while read project; do + echo "*** `basename $project` ***" + cd $project + git pull + git push + done + ' + alias_code_reset: | + alias code-reset=' + ls -d ~/Code/* | while read project + do echo "*** `basename $project` ***" + cd $project + git switch main + git pull + git branch -D dev + git checkout dev + done + ' + alias_code_reseed: | + alias code-reseed=' + unseed_dir="$HOME/TRASH/`date +%Y-%m-%d`_UnseededCodeProjects" + mkdir -pv "$unseed_dir" + mv -v ~/Code/*{ansible,docker,nix,break,habit}* \ + "$unseed_dir"/ 2>/dev/null + git clone git@github.com:Hyperling/Ansible \ + --branch dev ~/Code/ansible-dev + git clone git@github.com:Hyperling/Docker \ + --branch dev ~/Code/docker-dev + git clone git@github.com:Hyperling/NixOS \ + --branch dev ~/Code/nixos-dev + git clone git@github.com:Hyperling/BreakTheHabit \ + --branch dev ~/Code/breakthehabit-dev + ' + function_clean_filenames: | + function clean-filenames() { + # Must provide the directory you'd like to clean all the filenames in. + # Otherwise defaults to the current directory and all of its files. + dir="$1" + if [[ -z $dir ]]; then + echo -e "Using current directory." + dir="." + fi + ls "$dir" | while read file; do + clean="${file//IMG/}" + clean="${clean//_/}" + clean="${clean//-/}" + clean="${clean// /}" + if [[ "$file" != "$clean" && ! -d "$file" ]]; then + mv -v "$dir"/"$file" "$dir"/"$clean" + fi + done + } + function_clean_filenames_tree: | + function clean-filenames-tree() { + find ./ | while read folder; do + if [[ -d "$folder" ]]; then + echo -e "\n*** Checking '$folder' ***" + clean-filenames "$folder" + fi + done + echo -e "\nDone!\n" + } - name: General | Account Management | Users | Files | Common Variable set_fact: @@ -354,13 +454,18 @@ {{ function_docker_upgrade }} {{ alias_docker_restart }} {{ alias_code_check }} + {{ alias_code_reset }} + {{ alias_code_reseed }} + {{ function_clean_filenames }} + {{ function_clean_filenames_tree }} - name: General | Account Management | Users | Files | .bashrc blockinfile: path: "{{ item }}/.bashrc" block: | {{ rc_common }} - [[ $(whoami) != "root" ]] && echo "`date` - Ansible .bashrc preferences loaded successfully!" + [[ $(whoami) != "root" ]] && + echo "`date` - Ansible .bashrc loaded successfully!" marker: '# {mark} MANAGED BY ANSIBLE | Aliases' state: present create: yes @@ -376,7 +481,8 @@ path: "{{ item }}/.zshrc" block: | {{ rc_common }} - [[ $(whoami) != "root" ]] && echo "`date` - Ansible .zshrc preferences loaded successfully!" + [[ $(whoami) != "root" ]] && + echo "`date` - Ansible .zshrc loaded successfully!" marker: '# {mark} MANAGED BY ANSIBLE | Aliases' state: present create: yes @@ -411,3 +517,13 @@ - "{{ user_user.home }}" ignore_errors: yes when: user_root.home != "" and user_user.home != "" + +- name: General | Account Management | Users | Files | Ownership + file: + path: "{{ user_user.home }}/{{ item }}" + owner: "{{ user }}" + mode: '0755' + loop: + - .bashrc + - .zshrc + - .vimrc diff --git a/tasks/general/scripts/install.yml b/tasks/general/scripts/install.yml index 8714f99..1ca81d3 100644 --- a/tasks/general/scripts/install.yml +++ b/tasks/general/scripts/install.yml @@ -14,3 +14,13 @@ owner: root group: "{{ root_group }}" mode: '0755' + +- name: General | Scripts | Install | Remove Old Scripts + shell: | + if [[ -e {{ global_bin }}/{{ item }} ]]; then + rm -v {{ global_bin }}/{{ item }} + fi + loop: + - compress-video.sh + - compress-images.sh + ignore_errors: true diff --git a/tasks/general/scripts/root.yml b/tasks/general/scripts/root.yml index 4b7f26b..899f67d 100644 --- a/tasks/general/scripts/root.yml +++ b/tasks/general/scripts/root.yml @@ -16,7 +16,7 @@ create: yes - name: General | Scripts | Root | scm.sh Permissions - file: + file: path: "{{ user_root.home }}/bin/scm.sh" mode: '0755' @@ -26,7 +26,7 @@ path: "{{ user_root.home }}/bin/scm-dev.sh" block: | # 20210713 - Make life easier for development! - + ## Variables ## # Use a specific branch if it was asked for. @@ -35,7 +35,6 @@ branch="$1" fi - ## Main ## time {{ ansible_pull_exec.stdout }} -U {{ repo_github }} --checkout $branch @@ -47,6 +46,6 @@ create: yes - name: General | Scripts | Root | scm-dev.sh Permissions - file: + file: path: "{{ user_root.home }}/bin/scm-dev.sh" mode: '0755' diff --git a/tasks/general/scripts/user.yml b/tasks/general/scripts/user.yml index 8b87291..9482f0b 100644 --- a/tasks/general/scripts/user.yml +++ b/tasks/general/scripts/user.yml @@ -16,7 +16,7 @@ create: yes - name: General | Scripts | User | scm.sh Permissions - file: + file: path: "{{ user_user.home }}/bin/scm.sh" mode: '0755' @@ -26,7 +26,7 @@ path: "{{ user_user.home }}/bin/scm-dev.sh" block: | # 20210713 - Make life easier for development! - + ## Variables ## # Use a specific branch if it was asked for. @@ -35,7 +35,6 @@ branch="$1" fi - ## Main ## time sudo {{ ansible_pull_exec.stdout }} -U {{ repo_github }} --checkout $branch @@ -47,6 +46,6 @@ create: yes - name: General | Scripts | User | scm-dev.sh Permissions - file: + file: path: "{{ user_user.home }}/bin/scm-dev.sh" mode: '0755' diff --git a/tasks/general/software/nix.yml b/tasks/general/software/nix.yml new file mode 100644 index 0000000..c04ee52 --- /dev/null +++ b/tasks/general/software/nix.yml @@ -0,0 +1,37 @@ +--- +# Install the Nix package manager +# https://nixos.org/download/ + +## TBD ## +# This may be able to replace Flatpak if it works well, is easy to use, takes up +# less space, is faster, etc etc. It also is supposed to have the benefit of +# working with FreeBSD and MacOS which is something that the current array of +# Ansible/package/Flatpak combo is lacking. Honestly might make FreeBSD as a +# desktop a possibility again since it was software availability that continues +# to be the reason to leave it. Could also get rid of all the distro-specific +# package names, and maybe packages.yml in general?? That stuff can be a mess. +### + +- name: Nix Variables + set_fact: + nix_exe: ~/.deleteme.nix.sh + +- name: Install Nix + shell: "{{ item }}" + loop: + - "curl -L https://nixos.org/nix/install > {{ nix_exe }}" + - "chmod 755 {{ nix_exe }}" + - "{{ nix_exe }} --daemon --yes" + - "rm -v {{ nix_exe }}" + become_user: "{{ user }}" + +- name: Install Nix Software + shell: "{{ item }}" + loop: + - "nix-env -iA nixpkgs.lbry" # Installs, but doesnt launch? +#$ lbry +#Gtk-Message: 16:22:43.390: Failed to load module "canberra-gtk-module" +#Gtk-Message: 16:22:43.391: Failed to load module "canberra-gtk-module" +#[35:0100/000000.410595:ERROR:angle_platform_impl.cc(44)] Display.cpp:940 (initialize): ANGLE Display::initialize error 12289: glXQueryExtensionsString returned NULL +#[35:0100/000000.482531:ERROR:gl_surface_egl.cc(808)] EGL Driver message (Critical) eglInitialize: glXQueryExtensionsString returned NULL +#[35:0100/000000.482570:ERROR:gl_surface_egl.cc(1430)] eglInitialize OpenGL failed with error EGL_NOT_INITIALIZED, trying next display type diff --git a/tasks/general/software/nixos.yml b/tasks/general/software/nixos.yml new file mode 100644 index 0000000..42dbca4 --- /dev/null +++ b/tasks/general/software/nixos.yml @@ -0,0 +1,42 @@ +--- +# Update the Nix configuration at github.com/Hyperling/NixOS. +# This is also done in setup.sh if ansible is not found. + +- name: General | Software | NixOS | Facts + set_fact: + nixos_working_dir: ~/nixos-config-deleteme + nixos_working_exe: activate.sh + +- name: General | Software | NixOS | Facts [Swap] + set_fact: + nixos_swap: "swapDevices = [ { device = \"{{ swap_file }}\";} ];" + when: swap_block != false + +- name: General | Software | NixOS | Update Config Project + shell: "files/scripts/nixos.sh -b {{ branch }}" + +- name: General | Software | NixOS | Create Ansible Nix Config + blockinfile: + path: /etc/nixos/ansible.nix + block: | + # This file was created by https://github.com/Hyperling/Ansible + # Please do not alter it by hand. Use the proper ini files instead. + { config, pkgs, nix, ... }: + + { + # tasks/general/software/swap.yml + # Use general.ini to set up the swap commands for ths field to be used. + {{ nixos_swap }} + } + state: present + backup: yes + create: yes + + +# Maybe do home manager here? Or should it be under Workstation? Or maybe +# this is the spot where I start creating workstation.nix, server.nix, etc. +#- name: General | Software | NixOS | Home Manager? *.nix file management? +# shell: +# loop: +# - ??? +# - ??? diff --git a/tasks/general/software/services.yml b/tasks/general/software/services.yml index 9743749..8c4f890 100644 --- a/tasks/general/software/services.yml +++ b/tasks/general/software/services.yml @@ -84,3 +84,15 @@ shell: journalctl --vacuum-size=100M when: ansible_system == "Linux" ignore_errors: yes + + +## Bluetooth ## +# Do people seriously depend on Bluetooth? Plug your devices in, silly! + +- name: General | Software | Services | Bluetooth | Disable + service: + name: "{{ bluetooth }}" + pattern: "{{ bluetooth_pattern }}" + state: stopped + enabled: no + ignore_errors: yes diff --git a/tasks/general/software/swap.yml b/tasks/general/software/swap.yml new file mode 100644 index 0000000..201e681 --- /dev/null +++ b/tasks/general/software/swap.yml @@ -0,0 +1,40 @@ +--- +# Setup swap file on systems without any swap available. +# Must have the swap amount preferred set up in general.ini. +# This does not handle if the user changes the file name or location later on. + +- name: General | Software | Swap + block: + + - name: General | Software | Swap | Check For Swapfile + stat: + path: "{{ swap_file }}" + register: swap_check + + - name: General | Software | Swap | Install Block + block: + + - name: General | Software | Swap | Create Swapfile + shell: "{{ item }}" + loop: + - dd if=/dev/zero of={{ swap_file }} bs={{ swap_block }} + count={{ swap_count }} status=progress + - chmod 600 {{ swap_file }} + - mkswap {{ swap_file }} + - swapon {{ swap_file }} + + # Only do the swapfile generation if it does not already exist. + when: not swap_check.stat.exists + + # NixOS's swap setup is handled in nixos.yml when ansible.nix is created. + - name: General | Software | Swap | Add to FSTAB + lineinfile: + path: /etc/fstab + regexp: '^[\#]?{{ swap_file }}' + line: '{{ swap_file }} none swap sw 0 0' + state: present + backup: yes + when: ansible_distribution != "NixOS" + + # Only run through this file if the ini has been changed from false. + when: swap_block != false diff --git a/tasks/general/tests/nmap.yml b/tasks/general/tests/nmap.yml index 39a3933..c66e34c 100644 --- a/tasks/general/tests/nmap.yml +++ b/tasks/general/tests/nmap.yml @@ -4,7 +4,7 @@ - name: General | Tests | nmap | Set Facts set_fact: nmap_file: "{{ user_user.home }}/Reports/{{ nmap_report }}" - nmap_separator: "\n*******************************\n\n" + nmap_separator: "\n*******************************\n" - name: General | Tests | nmap | Set Facts 2 set_fact: @@ -12,15 +12,15 @@ - name: General | Tests | nmap | Create Report shell: "{{ item }}" - loop: + loop: - "date > {{ nmap_temp_file }}" - "printf '{{ nmap_separator }}' >> {{ nmap_temp_file }}" - - "echo '-=Open Ports=-' >> {{ nmap_temp_file }}" + - "echo '\n-=Open Ports=-\n' >> {{ nmap_temp_file }}" - "printf 'Number of open ports: ' >> {{ nmap_temp_file }}" - "nmap --open localhost | grep -c open >> {{ nmap_temp_file }}; echo success" - "nmap --open localhost | grep open >> {{ nmap_temp_file }}; echo success" - "printf '{{ nmap_separator }}' >> {{ nmap_temp_file }}" - - "echo '-=Aggressive Vulnerability Check=-' >> {{ nmap_temp_file }}" + - "echo '\n-=Aggressive Vulnerability Check=-\n' >> {{ nmap_temp_file }}" - "nmap -A localhost >> {{ nmap_temp_file }}; echo success" - "mv {{ nmap_temp_file }} {{ nmap_file }}" diff --git a/tasks/general/tests/services.yml b/tasks/general/tests/services.yml new file mode 100644 index 0000000..ab8cb74 --- /dev/null +++ b/tasks/general/tests/services.yml @@ -0,0 +1,27 @@ +--- +# List all the services under the Reports folder. + +- name: General | Tests | Services | Set Facts + set_fact: + services_report_file: "{{ user_user.home }}/Reports/services.txt" + services_enabled_file: "{{ user_user.home }}/Reports/services-enabled.txt" + services_command: "systemctl list-unit-files" + +- name: General | Tests | Services | Create Main Report + shell: "{{ item }}" + loop: + - "date > {{ services_report_file }}" + - "echo '\n-= {{ services_command }} =-\n' >> {{ services_report_file }}" + - "{{ services_command }} >> {{ services_report_file }}" + +- name: General | Tests | Services | Create Enabled Report + shell: "{{ item }}" + loop: + - "date > {{ services_enabled_file }}" + - "echo '\n-= Enabled + Sorted =-\n' >> {{ services_enabled_file }}" + - "grep 'enabled' {{ services_report_file }} | sort >> {{ services_enabled_file }}" + +- name: General | Tests | Services | Make Viewable + file: + path: "{{ services_report_file }}" + mode: '0644' diff --git a/tasks/workstation/freebsd/software/lbry.yml b/tasks/workstation/freebsd/software/lbry.yml deleted file mode 100644 index 0f8741e..0000000 --- a/tasks/workstation/freebsd/software/lbry.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Install LBRY desktop client. - -# TODO: https://github.com/lbryio/lbry-desktop#install \ No newline at end of file diff --git a/tasks/workstation/linux/software/flatpaks.yml b/tasks/workstation/linux/software/flatpaks.yml index 031b513..5a890b9 100644 --- a/tasks/workstation/linux/software/flatpaks.yml +++ b/tasks/workstation/linux/software/flatpaks.yml @@ -36,26 +36,29 @@ set_fact: flatpaks_generic: - { app: "org.libreoffice.LibreOffice", name: "office", extra: "" } - - { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" } - { app: "io.gitlab.librewolf-community", name: "librewolf", extra: "" } - { app: "chat.delta.desktop", name: "deltachat", extra: "" } - { app: "org.signal.Signal", name: "signal", extra: "" } - { app: "org.mozilla.firefox", name: "firefox-flatpak", extra: "" } - flatpaks_coding: + - { app: "com.transmissionbt.Transmission", name: "transmission", extra: "" } + - { app: "org.gnome.Geary", name: "geary", extra: "" } + flatpaks_coding: - { app: "com.vscodium.codium", name: "codium", extra: "" } - { app: "com.google.AndroidStudio", name: "android-studio", extra: "" } - { app: "io.dbeaver.DBeaverCommunity", name: "dbeaver", extra: "" } + - { app: "org.godotengine.Godot", name: "godot", extra: "" } + - { app: "com.visualstudio.code-oss", name: "code", extra: "" } flatpaks_editing: - { app: "org.shotcut.Shotcut", name: "shotcut", extra: "" } - { app: "com.obsproject.Studio", name: "obs", extra: "" } - { app: "org.gimp.GIMP", name: "gimp", extra: "" } + - { app: "org.openshot.OpenShot", name: "openshot", extra: "" } flatpaks_gaming: - { app: "com.valvesoftware.Steam", name: "steam", extra: "" } - { app: "com.play0ad.zeroad", name: "zeroad", extra: "" } - { app: "net.supertuxkart.SuperTuxKart", name: "tuxkart", extra: "" } flatpaks_remove: - { app: "com.visualstudio.code", name: "vscode", extra: "" } # Why does this throw an error? It's the correct ID. - - { app: "com.visualstudio.code-oss", name: "code-oss", extra: "" } - { app: "org.midori_browser.Midori", name: "midori", extra: "" } - { app: "com.github.Eloston.UngoogledChromium", name: "unchrome", extra: "" } - { app: "org.gnome.Evolution", name: "evolution", extra: "" } # Doesn't pick up GNOME theme since contained. @@ -67,6 +70,7 @@ - { app: "org.telegram.desktop", name: "telegram", extra: "" } - { app: "com.jetbrains.PyCharm-Community", name: "pycharm", extra: "" } # End 2022-11-20 # + - { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" } # No longer supported, noticed 2023-09-01. # Generic # diff --git a/tasks/workstation/shared/settings/gnome.yml b/tasks/workstation/shared/settings/gnome.yml index 296d698..0064f30 100644 --- a/tasks/workstation/shared/settings/gnome.yml +++ b/tasks/workstation/shared/settings/gnome.yml @@ -1,6 +1,45 @@ --- # GNOME settings, extensions, and setup. +- name: Workstation | Account Management | GNOME | Facts + set_fact: + # Only do multiple entries per line if they are for the same exact program. + gnome_favorites: "[ 'org.gnome.Terminal.desktop' + , 'org.gnome.Console.desktop' + , 'gnome-system-monitor.desktop' + , 'org.gnome.Nautilus.desktop' + , 'io.gitlab.librewolf-community.desktop', 'librewolf.desktop' + , 'org.mozilla.firefox.desktop', 'firefox.desktop' + , 'org.gnome.Evolution.desktop' + , 'chat.delta.desktop.desktop', 'deltachat.desktop' + , 'org.gnome.Geary.desktop' + , 'org.mozilla.Thunderbird.desktop' + , 'com.vscodium.codium.desktop', 'codium.desktop' + , 'com.visualstudio.code-oss.desktop', 'code-oss.desktop' + , 'org.godotengine.Godot.desktop' + , 'org.shotcut.Shotcut.desktop' + , 'io.lbry.lbry-app.desktop', 'lbry.desktop' + , 'org.signal.Signal.desktop', 'signal-desktop.desktop' + , 'im.riot.Riot.desktop' + , 'org.telegram.desktop.desktop' + , 'com.discordapp.Discord.desktop' + , 'com.valvesoftware.Steam.desktop' + ]" + dconf_terminal: gnome-terminal + dconf_theme: Adwaita-dark + dconf_icons: Adwaita + +- name: Workstation | Account Management | GNOME | Facts (NixOS) + set_fact: + dconf_terminal: kgx + when: ansible_distribution in ("NixOS") + +- name: Workstation | Account Management | GNOME | Facts (Ubuntu) + set_fact: + dconf_theme: Yaru-purple-dark + dconf_icons: Yaru-purple-dark + when: ansible_distribution in ("Ubuntu") + # Make sure Gnome-Tweaks is installed - name: Workstation | Account Management | GNOME | Install Dependencies package: @@ -9,7 +48,7 @@ - "{{ dconf_editor }}" - "{{ psutil }}" state: present - + when: ansible_distribution not in ("NixOS") ## Dash to Dock Extension ## # Note: Validate DtD by checking /org/gnome/shell/enabled-extensions for dash-to-dock@micxgx.gmail.com @@ -136,140 +175,235 @@ state: present become_user: "{{ user }}" + when: ansible_distribution not in ("NixOS") ignore_errors: yes # End block for Dash To Dock. -# The first Firefox is from Flatpak, and firefox_firefox.desktop is snap/apt. -- name: Workstation | Account Management | GNOME + Cinnamon | Favorites (Linux) - dconf: - key: "{{ item }}" - value: "[ 'org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop' - , 'org.gnome.Nautilus.desktop' - , 'io.gitlab.librewolf-community.desktop' - , 'org.mozilla.firefox.desktop' - , 'org.gnome.Evolution.desktop', 'chat.delta.desktop.desktop' - , 'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop' - , 'io.lbry.lbry-app.desktop' - , 'org.signal.Signal.desktop', 'im.riot.Riot.desktop' - , 'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop' - , 'com.valvesoftware.Steam.desktop' - ]" +## TBD Remove this after testing the RC version is successful on Ubuntu. +#- name: Workstation | Account Management | GNOME | More Settings +# block: +# +# - name: Workstation | Account Management | GNOME + Cinnamon | Favorites (Linux) +# dconf: +# key: "{{ item }}" +# value: "{{ gnome_favorites }}" +# state: present +# become_user: "{{ user }}" +# #when: ansible_system == "Linux" +# loop: +# - /org/gnome/shell/favorite-apps +# # - /org/cinnamon/favorite-apps +# # As of 2023-07-01 this only sets the Menu Favorites on Cinnamon, not the +# # Panel Pins. Cannot find any details online of where the pinned application +# # data lives. Cloned and searched the linuxmint/cinnamon project too and +# # couldn't find which function handles it. Leaving the loop for it but it's +# # not what was hoped for and is sort of a TBD/TODO. +# +# ## This is now handled by the task above, it's OK to have values not found. +# #- name: Workstation | Account Management | GNOME | Favorites (FreeBSD) +# # dconf: +# # key: /org/gnome/shell/favorite-apps +# # value: "['org.gnome.Terminal.desktop', 'org.gnome.Nautilus.desktop', +# # 'firefox.desktop', 'org.gnome.Evolution.desktop', 'org.mozilla.Thunderbird.desktop', +# # 'code-oss.desktop', 'org.telegram.desktop.desktop']" +# # state: present +# # become_user: "{{ user }}" +# # when: ansible_system == "FreeBSD" +# +# +# ## Top Bar Settings ## +# # (Battery Percentage, Clock Weekday+Seconds, Calendar Week Numbers) +# +# - name: Workstation | Account Management | GNOME | Interface - Show Date +# dconf: +# key: /org/gnome/desktop/interface/clock-show-date +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Interface - 24h Format +# dconf: +# key: /org/gnome/desktop/interface/clock-format +# value: "'24h'" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Interface - Show Seconds +# dconf: +# key: /org/gnome/desktop/interface/clock-show-seconds +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Interface - Show Weekday +# dconf: +# key: /org/gnome/desktop/interface/clock-show-weekday +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Interface - 24h Format +# dconf: +# key: /org/gnome/desktop/interface/show-battery-percentage +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Interface - Show Week Date +# dconf: +# key: /org/gnome/desktop/calendar/show-weekdate +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# ## TBD These are done for NixOS in the section below. ## +# # Never Prompt for Removal Media +# +# # Dark theme? +# #Pop-dark on Pop +# #Adwaita-dark on everything else +# +# # Window Titlebars (Titlebar Buttons Minimize) +# - name: Workstation | Account Management | GNOME | Window Buttons +# dconf: +# key: /org/gnome/desktop/wm/preferences/button-layout +# value: "'appmenu:minimize,close'" +# state: present +# become_user: "{{ user }}" +# +# +# # Security +# - name: Workstation | Account Management | GNOME | Privacy - Camera +# dconf: +# key: /org/gnome/desktop/privacy/disable-camera +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# - name: Workstation | Account Management | GNOME | Privacy - Microphone +# dconf: +# key: /org/gnome/desktop/privacy/disable-microphone +# value: "true" +# state: present +# become_user: "{{ user }}" +# +# when: ansible_distribution not in ("NixOS") + +## NixOS support, in an odd but working fashion for now. :) +- name: Workstation | Account Management | GNOME | Dash To Dock | NixOS + blockinfile: + path: "{{ user_user.home }}/{{ item }}" + block: | + ## Temporary Variables + Functions ## + + dconf_count=1 + function inc_dconf() { + dconf_count=$(( dconf_count + 1 )) + } + + ## Dash to Dock ## + + dconf write /org/gnome/shell/extensions/dash-to-dock/dock-position "'LEFT'" && inc_dconf && + dconf write /org/gnome/shell/extensions/dash-to-dock/dock-fixed true && inc_dconf && + dconf write /org/gnome/shell/extensions/dash-to-dock/dash-max-icon-size 24 && inc_dconf && + + dconf write /org/gnome/shell/favorite-apps "{{ gnome_favorites }}" && inc_dconf && + + ## Generic ## + + dconf write /org/gnome/desktop/interface/color-scheme "'prefer-dark'" && inc_dconf && + dconf write /org/gnome/desktop/interface/gtk-theme "'{{ dconf_theme }}'" && inc_dconf && + dconf write /org/gnome/desktop/interface/icon-theme "'{{ dconf_icons }}'" && inc_dconf && + + dconf write /org/gnome/desktop/interface/clock-show-date true && inc_dconf && + dconf write /org/gnome/desktop/interface/clock-format "'24h'" && inc_dconf && + dconf write /org/gnome/desktop/interface/clock-show-seconds true && inc_dconf && + dconf write /org/gnome/desktop/interface/clock-show-weekday true && inc_dconf && + dconf write /org/gnome/desktop/calendar/show-weekdate true && inc_dconf && + + dconf write /org/gnome/desktop/interface/show-battery-percentage true && inc_dconf && + + dconf write /org/gnome/desktop/wm/preferences/button-layout "'appmenu:minimize,maximize,close'" && inc_dconf && + + dconf write /org/gnome/desktop/wm/preferences/num-workspaces 1 && inc_dconf && + dconf write /org/gnome/mutter/dynamic-workspaces false && inc_dconf && + + dconf write /org/gnome/mutter/edge-tiling true && inc_dconf && + dconf write /org/gnome/desktop/interface/enable-hot-corners false && inc_dconf && + + dconf write /org/gnome/mutter/center-new-windows true && inc_dconf && + + dconf write /org/gnome/desktop/notifications/show-banners false && inc_dconf && + dconf write /org/gnome/desktop/notifications/application/org-gnome-evolution-alarm-notify/enable-sound-alerts false && inc_dconf && + dconf write /org/gnome/desktop/notifications/application/org-gnome-evolution-alarm-notify/enable false && inc_dconf && + dconf write /org/gnome/desktop/notifications/application/org-gnome-evolution/enable-sound-alerts false && inc_dconf && + dconf write /org/gnome/desktop/notifications/application/org-gnome-evolution/enable false && inc_dconf && + + dconf write /org/gnome/settings-daemon/plugins/color/night-light-enabled true + dconf write /org/gnome/settings-daemon/plugins/color/night-light-schedule-automatic false + dconf write /org/gnome/settings-daemon/plugins/color/night-light-temperature "uint32 3170" + dconf write /org/gnome/settings-daemon/plugins/color/night-light-schedule-from 2.0 + dconf write /org/gnome/settings-daemon/plugins/color/night-light-schedule-to 1.99 + + ## Keyboard Shortcuts ## + + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/binding \ + "'t'" && inc_dconf && + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/command \ + "'{{ dconf_terminal }}'" && inc_dconf && + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/name \ + "'Open Terminal'" && inc_dconf && + + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/binding \ + "'t'" && inc_dconf && + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/command \ + "'{{ dconf_terminal }}'" && inc_dconf && + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/name \ + "'Open Terminal 2'" && inc_dconf && + + dconf write /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings " + [ '/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/' + , '/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/' + ]" && inc_dconf && + + ## Privacy ## + + dconf write /org/gnome/desktop/privacy/disable-camera true && inc_dconf && + dconf write /org/gnome/desktop/privacy/disable-microphone true && inc_dconf && + + dconf write /org/gnome/desktop/privacy/recent-files-max-age 7 && inc_dconf && + dconf write /org/gnome/desktop/privacy/remember-recent-files false && inc_dconf && + + dconf write /org/gnome/desktop/privacy/old-files-age "uint32 14" && inc_dconf && + dconf write /org/gnome/desktop/privacy/remove-old-trash-files true && inc_dconf && + dconf write /org/gnome/desktop/privacy/remove-old-temp-files true && inc_dconf && + + dconf write /org/gnome/desktop/notifications/show-in-lock-screen false && inc_dconf && + dconf write /org/gnome/desktop/screensaver/lock-enabled true && inc_dconf && + dconf write /org/gnome/desktop/screensaver/lock-delay "uint32 0" && inc_dconf && + dconf write /org/gnome/desktop/session/idle-delay "uint32 900" && inc_dconf && + dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type "'nothing'" && inc_dconf && + + dconf write /org/gnome/desktop/media-handling/autorun-never true && inc_dconf && + + ## Success ## + + sleep 0 || + + ## Error Catch ## + + echo "ERROR: DConf setting# $dconf_count failed!" + + ## Cleanup ## + + unset -f inc_dconf + unset dconf_count + marker: '# {mark} MANAGED BY ANSIBLE | NixOS GNOME Settings' state: present + create: yes + backup: yes become_user: "{{ user }}" - when: ansible_system == "Linux" loop: - - /org/gnome/shell/favorite-apps - - /org/cinnamon/favorite-apps - # As of 2023-07-01 this only sets the Menu Favorites on Cinnamon, not the - # Panel Pins. Cannot find any details online of where the pinned application - # data lives. Cloned and searched the linuxmint/cinnamon project too and - # couldn't find which function handles it. Leaving the loop for it but it's - # not what was hoped for and is sort of a TBD/TODO. - -- name: Workstation | Account Management | GNOME | Favorites (FreeBSD) - dconf: - key: /org/gnome/shell/favorite-apps - value: "['org.gnome.Terminal.desktop', 'org.gnome.Nautilus.desktop', - 'firefox.desktop', 'org.gnome.Evolution.desktop', 'org.mozilla.Thunderbird.desktop', - 'code-oss.desktop', 'org.telegram.desktop.desktop']" - state: present - become_user: "{{ user }}" - when: ansible_system == "FreeBSD" - - -## Top Bar Settings ## -# (Battery Percentage, Clock Weekday+Seconds, Calendar Week Numbers) - -- name: Workstation | Account Management | GNOME | Interface - Show Date - dconf: - key: /org/gnome/desktop/interface/clock-show-date - value: "true" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Interface - 24h Format - dconf: - key: /org/gnome/desktop/interface/clock-format - value: "'24h'" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Interface - Show Seconds - dconf: - key: /org/gnome/desktop/interface/clock-show-seconds - value: "true" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Interface - Show Weekday - dconf: - key: /org/gnome/desktop/interface/clock-show-weekday - value: "true" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Interface - 24h Format - dconf: - key: /org/gnome/desktop/interface/show-battery-percentage - value: "true" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Interface - Show Week Date - dconf: - key: /org/gnome/desktop/calendar/show-weekdate - value: "true" - state: present - become_user: "{{ user }}" - - -# Never Prompt for Removal Media - - - -# Dark theme? -#Pop-dark on Pop -#Adwaita-dark on everything else - - - -# Window Titlebars (Titlebar Buttons Minimize) -- name: Workstation | Account Management | GNOME | Window Buttons - dconf: - key: /org/gnome/desktop/wm/preferences/button-layout - value: "'appmenu:minimize,close'" - state: present - become_user: "{{ user }}" - - -# Security -- name: Workstation | Account Management | GNOME | Privacy - Camera - dconf: - key: /org/gnome/desktop/privacy/disable-camera - value: "true" - state: present - become_user: "{{ user }}" - -- name: Workstation | Account Management | GNOME | Privacy - Microphone - dconf: - key: /org/gnome/desktop/privacy/disable-microphone - value: "true" - state: present - become_user: "{{ user }}" - - - -# Schemas to try after looking at gsettings list-schemas | sort -# org.gnome.ControlCenter -- not very interesting -# org.gnome.desktop.default-applications -- nothing?? Where do we set Brave and Evolution? -# org.gnome.desktop.interface -- Good stuff in here. -# org.gnome.desktop.peripherals -- Nothing :( -# org.gnome.desktop.privacy -- Good stuff here too!! Cool! -# org.gnome.desktop.session -# org.gnome.desktop.wm.keybindings -# org.gnome.desktop.wm.preferences -# org.gnome.power-manager -# org.gnome.SessionManager -# org.gnome.shell -# org.gnome.shell.extensions.pop-shell -# org.gnome.shell.keybindings + - .bashrc + - .zshrc + #when: ansible_distribution in ("NixOS") diff --git a/tasks/workstation/shared/settings/services.yml b/tasks/workstation/shared/settings/services.yml index 62bfa70..6c7dc50 100644 --- a/tasks/workstation/shared/settings/services.yml +++ b/tasks/workstation/shared/settings/services.yml @@ -3,7 +3,7 @@ ## CUPS ## -- name: General | Software | Services | Disable CUPS Daemon +- name: General | Software | Services | Enable CUPS Daemon service: name: "{{ cups }}" pattern: "{{ cups_pattern }}" @@ -11,7 +11,7 @@ enabled: yes ignore_errors: yes -- name: General | Software | Services | Disable CUPS-Browse Daemon +- name: General | Software | Services | Enable CUPS-Browse Daemon service: name: "{{ cups_browse }}" pattern: "{{ cups_browse_pattern }}"