Add initial HUGO support, FreeBSD 13 support, and script for Ansible to hit dev branch. (#4)

* Create HUGO file.

* Add HUGO.

* Add script for running system against development branch.

* Add newline to end of file.

* Comment unused blocks.

* Add path of site that HUGO should host.

* Newlines, comments, and HUGO path. (#2) (#3)

* Create HUGO file.

* Add HUGO.

* Add script for running system against development branch.

* Add newline to end of file.

* Comment unused blocks.

* Add path of site that HUGO should host.

* FreeBSD is complaining about certbot not having dict object stdout. This whole playbook is supposed to be skipped though, lol.

* FreeBSD 13 is still mad. Ansible 2.11.2, jinja 2.11.2 (same version number??), Python 3.8.10.

* Fix root group to be existing variable. FreeBSD uses wheel.

* Allow choosing Github branch dynamically.

* `branch` needs to be at General level. Testing if this works...

* Change other `localhost` to `everything`.

* Update FreeBSD status.

* Goodbye, Code-OSS on Linux!

* Delete a terrible file.

* Remove excess tag.

* "Fix" SSHFS for FreeBSD.

* Variablize FreeBSD's loading of fusefs.

* Variablize /etc/rc.conf. Enable FuseFS more properly.

* Add beginning ticks.

* Add missing playbook.

* Enable FreeBSD mount job.

* Rearrange items to be more consistent with comment.

* It seems  FreeBSD removed the `gnome3` metapackage. Use `gnome3-lite` instead. Also add Telegram.

* Python is to 3.8 now.

* Expand on FreeBSD work.

* Expand on FreeBSD work.

* Add placeholders for Gitlab.

* Add parameter for Gitlab install.

* Add Gitlab playbook.

* Ensure FreeBSD uses the correct Python install.

* Add newline.

* Fix NFS for FreeBSD workstations.

* Remove unnecessary line, restricted install to Linux in playbook.

* Fix mount options for FreeBSD.

* Fix mount number, as well as system-specific facts.

* Add placeholders for remote viewing.

* Add RDP for FreeBSD.

* Omg! It works! Add setting enforcement.

* Always remove OSS.

* Remove hosts from explicit dev testing.

README.md

@@ -22,12 +22,11 @@ Still testing, but so far so good!
 100% at some point.
 
 ## Currently Supported Unix Systems
-### FreeBSD
-100% but untested since 12.1.
-Software choices are slightly more limited since not flatpak-enabled.
+### FreeBSD 12, 13
+100%, although GUI has not been tested on 13 yet.
+Software choices are slightly more limited since not `flatpak`-enabled and not feeling a `ports` setup.
 
 ## Waiting To Be Tested
-### FreeBSD 13
 ### Kali Linux
 ### Arch Linux ARM 
 Specifically for the Pinephone.

facts/general/package.yml

@@ -30,5 +30,6 @@
     sshfs: fusefs-sshfs
     locate: htop # Placeholder to prevent errors, locate built into FreeBSD.
     opensshd: htop # sshd comes installed on FreeBSD
+    ansible_python_interpreter: "/usr/local/bin/python3.8"
   when: ansible_system == "FreeBSD"
 

facts/general/service.yml

@@ -27,6 +27,12 @@
   when: ansible_distribution == "Archlinux"
 
 
-#- name: General | Facts | Service | FreeBSD
-#  set_fact:
-#  when: ansible_system == "FreeBSD"
+- name: General | Facts | Service | Non-FreeBSD
+  set_fact:
+    load_fusefs: "echo ''"
+  when: ansible_system != "FreeBSD"
+
+- name: General | Facts | Service | FreeBSD
+  set_fact:
+    load_fusefs: "kldload fusefs"
+  when: ansible_system == "FreeBSD"

facts/general/system.yml

@@ -3,6 +3,7 @@
 
 - name: General | Facts | System | Linux
   set_fact:
+    rc_conf: /dev/null
     lynis_install_dir: /usr/local/lynis
     sudoers_install_dir: /etc/sudoers.d/
   when: ansible_system == "Linux"
@@ -10,6 +11,7 @@
 
 - name: General | Facts | System | FreeBSD
   set_fact:
+    rc_conf: /etc/rc.conf
     lynis_install_dir: /usr/local/lynis
     sudoers_install_dir: /usr/local/etc/sudoers.d/
   when: ansible_system == "FreeBSD"
@@ -66,4 +68,10 @@
     ansible_pull_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/pull/{{ ansible_pull_report_name }}"
     lynis_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/lynis/{{ lynis_report_name }}"
     nmap_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/nmap/{{ nmap_report_name }}"
-  when: not leet_drive_details.stat.exists
+  when: not leet_drive_details.stat.exists
+
+
+- name: General | Facts | System | Ansible Branch
+  set_fact:
+    branch: main
+  when: branch is not defined

facts/server/system.yml

@@ -1,5 +1,10 @@
 ---
 # Network related variables.
 
-- name: Facts | Server | System | Not Used Yet
-  set_fact:
+#- name: Facts | Server | System | Not Used Yet
+#  set_fact:
+
+- name: Workstation | Facts | Package | FreeBSD
+  set_fact:
+    ansible_python_interpreter: "/usr/local/bin/python3.8"
+  when: ansible_system == "FreeBSD"

facts/workstation/package.yml

@@ -73,6 +73,7 @@
   set_fact:
     flatpak_distro: false
     firefox_esr: firefox-esr
-    psutil: py37-psutil
+    psutil: py38-psutil
+    ansible_python_interpreter: "/usr/local/bin/python3.8"
   when: ansible_system == "FreeBSD"
 

hosts

@@ -1,20 +1,34 @@
 [everything]
+;;;;;;; Available options - all require lowercase values ;;;;;;
+;
+; branch : Provide the Github branch that the machine should poll.
+;            Exampel: main, dev
+;
 localhost
+freeboy   branch=dev
 
 [workstation]
 ;;;;;;; Available options - all require lowercase values ;;;;;;
+;
 ;  coding : Define for installation of code editors (VSCode, PyCharm, Android Studio)
 ;
 ; editing : Define for installation of Audio/Video editors (Shotcut, Audacity, OBS Stdio, GIMP)
 ;
 ;  gaming : Define for installation of gaming software (Steam, Lutris)
 ;
+;     rdp : Define for installation of gaming software (Steam, Lutris)
+;             CURRENTLY FREEBSD-ONLY
+;
+;     vnc : Define for installation of gaming software (Steam, Lutris)
+;             NOT IMPLEMENTED YET
+;
 dell-laptop coding=true editing=true
 usb-workstation
 lbry-server-1
 lbry-server-2
 lbry-server-3
 aspire
+freeboy rdp=true
 
 [mobile]
 pinephone
@@ -72,9 +86,14 @@ x570 amdgpu=true nanominer=true nanominer_gpu=eth nanominer_gpus=0 nanominer_gpu
 ;       hugo : Set to anything to install HUGO static website generator.
 ;                Example: true
 ;
+;     gitlab : Set to anything to install Gitlab project management tool.
+;                Example: true
+;                NOT IMPLEMENTED YET
+;
 onlyoffice domain=hyperling.com onlyoffice=true
 grafana domain=hyperling.com grafana=true influxdb1=true
 test
+freeboy branch=dev
 hyperling     certbot=true
 hyperling.com certbot=true
 tmcvideos     certbot=true
@@ -83,5 +102,6 @@ reverse-proxy certbot=true
 nextcloud     certbot=true
 wordpress     certbot=true
 usb-server
-parrotsec-dev-www    domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/parrotsec/website
-my-parrotsec-dev-www hugo=true domain=hyperling.com hugo_site_path=/mnt/leet/Code/parrotsec/website-hyperling
+parrotsec-dev-www    domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/ParrotOS/website
+my-parrotsec-dev-www domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/ParrotOS/website-hyperling
+gitlab domain=hyperling.com gitlab=true certbot=true

local.yml

@@ -3,7 +3,7 @@
 
 # Setup of any device connected to this repo.
 - name: Main | Default Setup
-  hosts: localhost
+  hosts: everything
   connection: local
   become: true  
 
@@ -30,6 +30,7 @@
     - include: tasks/general/scripts/root.yml
 
     - include: tasks/general/cron/ansible.yml
+    - include: tasks/general/cron/root.yml
     
     # TODO Need to refactor. Maybe tasks/general/cron/freebsd.yml
     - include: tasks/workstation/freebsd/cron/ansible.yml
@@ -48,10 +49,14 @@
     - include: facts/workstation/package.yml
 
     # Set up any systems that do not come with Desktop Environments
-    # TODO Need to refactor. Maybe tasks/workstation/setup_gui/freebsd.yml
     - include: tasks/workstation/freebsd/software/gui.yml
       when: ansible_system == "FreeBSD"
 
+    - include: tasks/workstation/linux/software/gnome.yml
+      when: ansible_system == "Linux"
+
+    - include: tasks/workstation/settings/gnome.yml
+
     # Additional tasks to configure systems with Desktop Environments
     - include: tasks/workstation/linux/software/flatpaks.yml
       when: ansible_system == "Linux" and flatpak_distro
@@ -65,12 +70,12 @@
     - include: tasks/workstation/linux/cron/ansible.yml
       when: ansible_system == "Linux"
 
-    - include: tasks/workstation/linux/software/gnome.yml
-      when: ansible_system == "Linux"
-
-    - include: tasks/workstation/settings/gnome.yml
-
     - include: tasks/workstation/settings/nfs.yml
+
+    - include: tasks/workstation/settings/rdp.yml
+      when: rdp is defined
+    - include: tasks/workstation/settings/vnc.yml
+      when: vnc is defined
   
 
 
@@ -143,11 +148,14 @@
     - include: tasks/server/software/hugo.yml
       when: hugo is defined
 
+    - include: tasks/server/software/gitlab.yml
+      when: gitlab is defined
+
 
 
 # Provide information for analysis.
 - name: Main | Reporting
-  hosts: localhost
+  hosts: everything
   connection: local
   become: true
 

tasks/general/acct_mgmt/mounts.yml

@@ -8,6 +8,11 @@
     state: directory
     mode: '0755'
 
+- name: General | Account Management | Mounts | Enable SSHFS (FreeBSD)
+  shell: "{{ load_fusefs }}"
+  ignore_errors: yes 
+  when: ansible_system == "FreeBSD"
+
 - name: General | Account Management | Mounts | Test SSHFS
   shell: "sshfs {{ leet_ssh }}: /mnt/test -o allow_other"
   register: sshfs_test

tasks/general/cron/ansible.yml

@@ -6,7 +6,7 @@
     user: ansible
     name: "Ansible Sync"
     minute: "*/15"
-    job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout main"
+    job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout {{ branch }}"
     state: present
     disabled: no
 

tasks/general/cron/root.yml

@@ -6,8 +6,8 @@
     user: root
     name: "1337 SSHFS"
     special_time: reboot
-    job: "{{ sshfs_leet_cmd }}"
-    state: absent
+    job: "{{ load_fusefs }} && {{ sshfs_leet_cmd }}"
+    state: present
     disabled: no
   when: ansible_system == "FreeBSD"
 

tasks/general/software/services.yml

@@ -13,7 +13,17 @@
 
 ## SSHFS ##
 
-- name: General | Software | Services | Enable SSHD (Linux?)
+- name: General | Software | Services | Enable FuseFS (FreeBSD rc.conf)
+  lineinfile:
+    path: "{{ rc_conf }}"
+    regexp: 'fusefs_enable='
+    line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: General | Software | Services | Enable SSHFS (FreeBSD service)
   service:
     name: fusefs
     pattern: fusefs

tasks/general/tests/lynis.yml

@@ -14,7 +14,7 @@
     state: directory
     mode: '0644'
     owner: root
-    group: root
+    group: "{{ root_group }}"
     recurse: yes
 
 - name: General | Tests | Lynis | Ensure Permissions 2

tasks/server/.fuse_hidden0000002c00000002

@@ -1,38 +0,0 @@
----
-# DB for analytics, used for Grafana.
-
-# Installing from source seems a bit too complicated since `make` and `make build` isn't working
-# Try this: https://devopscube.com/install-configure-prometheus-linux/
-# Release: https://github.com/prometheus/prometheus/releases/download/v2.25.1/prometheus-2.25.1.linux-amd64.tar.gz
-# Client?: https://prometheus.io/docs/guides/node-exporter/
-
-## Variables ##
-
-#- name: Server | Prometheus | Variables
-#  set_facts:
-#    prom_path: /usr/local/prometheus
-
-## Pre-reqs ##
-
-#- name: Server | Prometheus | Pre-Requirements | Install
-#  package: 
-#    name: 
-#      - make
-#      - golang-go
-#      - nodejs
-#      - yarn
-#    state: present
-
-#- name: Server | Prometheus | Pre-Requirements | Path
-#  shell:  '{{ item }}'
-#  loop: 
-#    - mkdir -p {{ prom_path }}
-
-## Install ##
-
-#- name: Server | Prometheus | Install
-#  shell: "{{ item }}"
-#  loop:
-#    - 
-
-## Configure ##

tasks/server/cron/certbot.yml

@@ -12,4 +12,5 @@
     job: "{{ certbot.stdout }} renew"
     special_time: weekly
     state: present
-    disabled: no
+    disabled: no
+  when: certbot is defined and certbot.stdout is defined

tasks/server/software/certbot.yml

@@ -4,8 +4,8 @@
 - name: Server | Software | Certbot | FreeBSD
   package: 
     name:
-      - py37-certbot
-      - py37-certbot-nginx
+      - py38-certbot
+      - py38-certbot-nginx
     state: present
   when: ansible_system == "FreeBSD"
 

tasks/server/software/gitlab.yml

@@ -0,0 +1,3 @@
+---
+# Install a Gitlab server.
+# https://about.gitlab.com/install/#ubuntu

tasks/server/software/hugo.yml

@@ -1,3 +1,4 @@
+---
 # Install HUGO to host sites like parrotsec.org
 
 - name: Server | Software | HUGO | Variables (apt)

tasks/workstation/freebsd/software/gui.yml

@@ -5,11 +5,12 @@
   package: 
     name:
     - xorg
-    - gnome3
+    - gnome3-lite
     - "{{ firefox_esr }}"
     - "{{ thunderbird }}"
     - vscode
     - gimp
+    - telegram-desktop
     state: present
 
 - name: Workstation | FreeBSD | GUI | Uninstall Bloat
@@ -21,13 +22,14 @@
 
 - name: Workstation | FreeBSD | GUI | Create rc.conf Entries
   blockinfile:
-    path: /etc/rc.conf
+    path: "{{ rc_conf }}"
     marker: "# {mark} MANAGED BY ANSIBLE | GUI Components"
     block: |
       dbus_enable="YES"
       hald_enable="YES"
       gnome_enable="YES"
       gdm_enable="YES"
+    create: yes
     backup: yes
 
 - name: Workstation | FreeBSD | GUI | Create proc fstab Entry

tasks/workstation/linux/software/flatpaks.yml

@@ -37,7 +37,6 @@
     remote: flathub
     state: present
   loop:
-    - com.visualstudio.code-oss
     - com.vscodium.codium
     - com.google.AndroidStudio
     - com.jetbrains.PyCharm-Community
@@ -50,14 +49,13 @@
     remote: flathub
     state: absent
   loop:
-    - com.visualstudio.code-oss
     - com.vscodium.codium
     - com.google.AndroidStudio
     - com.jetbrains.PyCharm-Community
   ignore_errors: yes
   when: coding is not defined
 
-# Editor #
+# Media Editors #
 - name: Workstation | Linux | Flatpak Distro | Flatpak | Audio/Video Editor Installs
   flatpak:
     name: "{{ item }}"
@@ -84,7 +82,7 @@
   ignore_errors: yes
   when: editing is not defined
 
-# Games #
+# Gaming #
 - name: Workstation | Linux | Flatpak Distro | Flatpak | Gaming Installs
   flatpak:
     name: "{{ item }}"
@@ -114,6 +112,7 @@
   loop:
     - org.mozilla.firefox
     - com.visualstudio.code # Why does this throw an error? It's the correct ID.
+    - com.visualstudio.code-oss
     - org.midori_browser.Midori
     - com.github.Eloston.UngoogledChromium
   ignore_errors: yes

tasks/workstation/settings/gnome.yml

@@ -128,7 +128,7 @@
     key: /org/gnome/shell/favorite-apps
     value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop', 
              '{{ browser }}', 'org.mozilla.Thunderbird.desktop',
-             'com.vscodium.codium.desktop', 'com.visualstudio.code-oss.desktop', 
+             'com.vscodium.codium.desktop',
              'org.shotcut.Shotcut.desktop', 
              'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 
              'rhythmbox.desktop', 'io.lbry.lbry-app.desktop',

tasks/workstation/settings/nfs.yml

@@ -1,15 +1,48 @@
 ---
-# Use Apt specific because they're consistent! :)
+# Mount network shares.
 
 - name: Workstation | Settings | NFS | Facts
   set_fact:
     media_folder: /mnt/media
-    
-- name: Workstation | Settings | NFS | Install
+    mount_number: 0
+
+- name: Workstation | Settings | NFS | Facts (Linux)
+  set_fact:
+    mount_options: defaults
+  when: ansible_system == "Linux"
+
+- name: Workstation | Settings | NFS | Facts (FreeBSD)
+  set_fact:
+    mount_options: rw
+  when: ansible_system == "FreeBSD"
+
+
+- name: Workstation | Settings | NFS | Install (Linux)
   package: 
     name: 
       - "{{ nfs }}"
     state: present
+  when: ansible_system == "Linux"
+
+# https://www.unixmen.com/setup-nfs-server-on-freebsd/
+- name: Workstation | Settings | NFS | Install (FreeBSD)
+  blockinfile:
+    path: "{{ rc_conf }}"
+    marker: "# {mark} MANAGED BY ANSIBLE | NFS Components"
+    block: |
+      nfs_server_enable="YES"
+      nfs_server_flags="-u -t -n 4"
+      rpcbind_enable="YES"
+      mountd_flags="-r"
+      mountd_enable="YES"
+      nfs_client_enable="YES"
+      nfs_client_flags="-n 4"
+      rpc_lockd_enable="YES"
+      rpc_statd_enable="YES"
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
 
 - name: Workstation | Settings | NFS | Create Folders
   file: 
@@ -19,10 +52,11 @@
   loop:
     - "{{ media_folder }}"
 
+
 - name: Workstation | Settings | NFS | Create Mount Instructions
   blockinfile:
     path: /etc/fstab
     marker: "# {mark} MANAGED BY ANSIBLE | Media"
     block: |
-      htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs defaults 0 0
+      htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs {{ mount_options }} {{ mount_number }} {{ mount_number }}
     backup: yes

tasks/workstation/settings/rdp.yml

@@ -0,0 +1,40 @@
+---
+# Allow remote viewing via open/free RDP.
+
+- name: Workstation | Settings | RDP | FreeBSD | Install
+  package:
+    name: xrdp
+    state: present
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Enable
+  blockinfile:
+    path: "{{ rc_conf }}"
+    marker: "# {mark} MANAGED BY ANSIBLE | RDP Components"
+    block: |
+      xrdp_enable="YES"
+      xrdp_sesman_enable="YES"
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Enable GNOME
+  lineinfile:
+    path: /usr/local/etc/xrdp/startwm.sh
+    regexp: 'gnome-session'
+    line: 'exec gnome-session # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Disable xterm
+  lineinfile:
+    path: /usr/local/etc/xrdp/startwm.sh
+    regexp: 'xterm'
+    line: '#exec xterm # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"

tasks/workstation/settings/vnc.yml

@@ -0,0 +1,2 @@
+---
+# Allow remote viewing desktops via VNC.