diff --git a/README.md b/README.md index 2f9dda9..7b59dbb 100644 --- a/README.md +++ b/README.md @@ -22,12 +22,11 @@ Still testing, but so far so good! 100% at some point. ## Currently Supported Unix Systems -### FreeBSD -100% but untested since 12.1. -Software choices are slightly more limited since not flatpak-enabled. +### FreeBSD 12, 13 +100%, although GUI has not been tested on 13 yet. +Software choices are slightly more limited since not `flatpak`-enabled and not feeling a `ports` setup. ## Waiting To Be Tested -### FreeBSD 13 ### Kali Linux ### Arch Linux ARM Specifically for the Pinephone. diff --git a/facts/general/package.yml b/facts/general/package.yml index 979d55f..f2d49ad 100644 --- a/facts/general/package.yml +++ b/facts/general/package.yml @@ -30,5 +30,6 @@ sshfs: fusefs-sshfs locate: htop # Placeholder to prevent errors, locate built into FreeBSD. opensshd: htop # sshd comes installed on FreeBSD + ansible_python_interpreter: "/usr/local/bin/python3.8" when: ansible_system == "FreeBSD" diff --git a/facts/general/service.yml b/facts/general/service.yml index c493651..36a1ad5 100644 --- a/facts/general/service.yml +++ b/facts/general/service.yml @@ -27,6 +27,12 @@ when: ansible_distribution == "Archlinux" -#- name: General | Facts | Service | FreeBSD -# set_fact: -# when: ansible_system == "FreeBSD" \ No newline at end of file +- name: General | Facts | Service | Non-FreeBSD + set_fact: + load_fusefs: "echo ''" + when: ansible_system != "FreeBSD" + +- name: General | Facts | Service | FreeBSD + set_fact: + load_fusefs: "kldload fusefs" + when: ansible_system == "FreeBSD" diff --git a/facts/general/system.yml b/facts/general/system.yml index b73651d..c7ee259 100644 --- a/facts/general/system.yml +++ b/facts/general/system.yml @@ -3,6 +3,7 @@ - name: General | Facts | System | Linux set_fact: + rc_conf: /dev/null lynis_install_dir: /usr/local/lynis sudoers_install_dir: /etc/sudoers.d/ when: ansible_system == "Linux" @@ -10,6 +11,7 @@ - name: General | Facts | System | FreeBSD set_fact: + rc_conf: /etc/rc.conf lynis_install_dir: /usr/local/lynis sudoers_install_dir: /usr/local/etc/sudoers.d/ when: ansible_system == "FreeBSD" @@ -66,4 +68,10 @@ ansible_pull_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/pull/{{ ansible_pull_report_name }}" lynis_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/lynis/{{ lynis_report_name }}" nmap_report_scp: "{{ leet_ssh }}:{{ report_scp_location }}/nmap/{{ nmap_report_name }}" - when: not leet_drive_details.stat.exists \ No newline at end of file + when: not leet_drive_details.stat.exists + + +- name: General | Facts | System | Ansible Branch + set_fact: + branch: main + when: branch is not defined \ No newline at end of file diff --git a/facts/server/system.yml b/facts/server/system.yml index 4367742..d8c88f3 100644 --- a/facts/server/system.yml +++ b/facts/server/system.yml @@ -1,5 +1,10 @@ --- # Network related variables. -- name: Facts | Server | System | Not Used Yet - set_fact: \ No newline at end of file +#- name: Facts | Server | System | Not Used Yet +# set_fact: + +- name: Workstation | Facts | Package | FreeBSD + set_fact: + ansible_python_interpreter: "/usr/local/bin/python3.8" + when: ansible_system == "FreeBSD" diff --git a/facts/workstation/package.yml b/facts/workstation/package.yml index 65ab037..2abb616 100644 --- a/facts/workstation/package.yml +++ b/facts/workstation/package.yml @@ -73,6 +73,7 @@ set_fact: flatpak_distro: false firefox_esr: firefox-esr - psutil: py37-psutil + psutil: py38-psutil + ansible_python_interpreter: "/usr/local/bin/python3.8" when: ansible_system == "FreeBSD" diff --git a/hosts b/hosts index 4510e6b..257c77b 100644 --- a/hosts +++ b/hosts @@ -1,20 +1,34 @@ [everything] +;;;;;;; Available options - all require lowercase values ;;;;;; +; +; branch : Provide the Github branch that the machine should poll. +; Exampel: main, dev +; localhost +freeboy branch=dev [workstation] ;;;;;;; Available options - all require lowercase values ;;;;;; +; ; coding : Define for installation of code editors (VSCode, PyCharm, Android Studio) ; ; editing : Define for installation of Audio/Video editors (Shotcut, Audacity, OBS Stdio, GIMP) ; ; gaming : Define for installation of gaming software (Steam, Lutris) ; +; rdp : Define for installation of gaming software (Steam, Lutris) +; CURRENTLY FREEBSD-ONLY +; +; vnc : Define for installation of gaming software (Steam, Lutris) +; NOT IMPLEMENTED YET +; dell-laptop coding=true editing=true usb-workstation lbry-server-1 lbry-server-2 lbry-server-3 aspire +freeboy rdp=true [mobile] pinephone @@ -72,9 +86,14 @@ x570 amdgpu=true nanominer=true nanominer_gpu=eth nanominer_gpus=0 nanominer_gpu ; hugo : Set to anything to install HUGO static website generator. ; Example: true ; +; gitlab : Set to anything to install Gitlab project management tool. +; Example: true +; NOT IMPLEMENTED YET +; onlyoffice domain=hyperling.com onlyoffice=true grafana domain=hyperling.com grafana=true influxdb1=true test +freeboy branch=dev hyperling certbot=true hyperling.com certbot=true tmcvideos certbot=true @@ -83,5 +102,6 @@ reverse-proxy certbot=true nextcloud certbot=true wordpress certbot=true usb-server -parrotsec-dev-www domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/parrotsec/website -my-parrotsec-dev-www hugo=true domain=hyperling.com hugo_site_path=/mnt/leet/Code/parrotsec/website-hyperling +parrotsec-dev-www domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/ParrotOS/website +my-parrotsec-dev-www domain=hyperling.com hugo=true hugo_site_path=/mnt/leet/Code/ParrotOS/website-hyperling +gitlab domain=hyperling.com gitlab=true certbot=true diff --git a/local.yml b/local.yml index 14a0b1e..5c8b313 100644 --- a/local.yml +++ b/local.yml @@ -3,7 +3,7 @@ # Setup of any device connected to this repo. - name: Main | Default Setup - hosts: localhost + hosts: everything connection: local become: true @@ -30,6 +30,7 @@ - include: tasks/general/scripts/root.yml - include: tasks/general/cron/ansible.yml + - include: tasks/general/cron/root.yml # TODO Need to refactor. Maybe tasks/general/cron/freebsd.yml - include: tasks/workstation/freebsd/cron/ansible.yml @@ -48,10 +49,14 @@ - include: facts/workstation/package.yml # Set up any systems that do not come with Desktop Environments - # TODO Need to refactor. Maybe tasks/workstation/setup_gui/freebsd.yml - include: tasks/workstation/freebsd/software/gui.yml when: ansible_system == "FreeBSD" + - include: tasks/workstation/linux/software/gnome.yml + when: ansible_system == "Linux" + + - include: tasks/workstation/settings/gnome.yml + # Additional tasks to configure systems with Desktop Environments - include: tasks/workstation/linux/software/flatpaks.yml when: ansible_system == "Linux" and flatpak_distro @@ -65,12 +70,12 @@ - include: tasks/workstation/linux/cron/ansible.yml when: ansible_system == "Linux" - - include: tasks/workstation/linux/software/gnome.yml - when: ansible_system == "Linux" - - - include: tasks/workstation/settings/gnome.yml - - include: tasks/workstation/settings/nfs.yml + + - include: tasks/workstation/settings/rdp.yml + when: rdp is defined + - include: tasks/workstation/settings/vnc.yml + when: vnc is defined @@ -143,11 +148,14 @@ - include: tasks/server/software/hugo.yml when: hugo is defined + - include: tasks/server/software/gitlab.yml + when: gitlab is defined + # Provide information for analysis. - name: Main | Reporting - hosts: localhost + hosts: everything connection: local become: true diff --git a/tasks/general/acct_mgmt/mounts.yml b/tasks/general/acct_mgmt/mounts.yml index 923f477..a7f3cb8 100644 --- a/tasks/general/acct_mgmt/mounts.yml +++ b/tasks/general/acct_mgmt/mounts.yml @@ -8,6 +8,11 @@ state: directory mode: '0755' +- name: General | Account Management | Mounts | Enable SSHFS (FreeBSD) + shell: "{{ load_fusefs }}" + ignore_errors: yes + when: ansible_system == "FreeBSD" + - name: General | Account Management | Mounts | Test SSHFS shell: "sshfs {{ leet_ssh }}: /mnt/test -o allow_other" register: sshfs_test diff --git a/tasks/general/cron/ansible.yml b/tasks/general/cron/ansible.yml index 0b74049..3604108 100644 --- a/tasks/general/cron/ansible.yml +++ b/tasks/general/cron/ansible.yml @@ -6,7 +6,7 @@ user: ansible name: "Ansible Sync" minute: "*/15" - job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout main" + job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout {{ branch }}" state: present disabled: no diff --git a/tasks/general/cron/root.yml b/tasks/general/cron/root.yml index 6701944..cf369b6 100644 --- a/tasks/general/cron/root.yml +++ b/tasks/general/cron/root.yml @@ -6,8 +6,8 @@ user: root name: "1337 SSHFS" special_time: reboot - job: "{{ sshfs_leet_cmd }}" - state: absent + job: "{{ load_fusefs }} && {{ sshfs_leet_cmd }}" + state: present disabled: no when: ansible_system == "FreeBSD" diff --git a/tasks/general/software/services.yml b/tasks/general/software/services.yml index 2a5e609..f7abe3a 100644 --- a/tasks/general/software/services.yml +++ b/tasks/general/software/services.yml @@ -13,7 +13,17 @@ ## SSHFS ## -- name: General | Software | Services | Enable SSHD (Linux?) +- name: General | Software | Services | Enable FuseFS (FreeBSD rc.conf) + lineinfile: + path: "{{ rc_conf }}" + regexp: 'fusefs_enable=' + line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE' + state: present + create: yes + backup: yes + when: ansible_system == "FreeBSD" + +- name: General | Software | Services | Enable SSHFS (FreeBSD service) service: name: fusefs pattern: fusefs diff --git a/tasks/general/tests/lynis.yml b/tasks/general/tests/lynis.yml index 47a9b44..6a5517b 100644 --- a/tasks/general/tests/lynis.yml +++ b/tasks/general/tests/lynis.yml @@ -14,7 +14,7 @@ state: directory mode: '0644' owner: root - group: root + group: "{{ root_group }}" recurse: yes - name: General | Tests | Lynis | Ensure Permissions 2 diff --git a/tasks/server/.fuse_hidden0000002c00000002 b/tasks/server/.fuse_hidden0000002c00000002 deleted file mode 100644 index 9042584..0000000 --- a/tasks/server/.fuse_hidden0000002c00000002 +++ /dev/null @@ -1,38 +0,0 @@ ---- -# DB for analytics, used for Grafana. - -# Installing from source seems a bit too complicated since `make` and `make build` isn't working -# Try this: https://devopscube.com/install-configure-prometheus-linux/ -# Release: https://github.com/prometheus/prometheus/releases/download/v2.25.1/prometheus-2.25.1.linux-amd64.tar.gz -# Client?: https://prometheus.io/docs/guides/node-exporter/ - -## Variables ## - -#- name: Server | Prometheus | Variables -# set_facts: -# prom_path: /usr/local/prometheus - -## Pre-reqs ## - -#- name: Server | Prometheus | Pre-Requirements | Install -# package: -# name: -# - make -# - golang-go -# - nodejs -# - yarn -# state: present - -#- name: Server | Prometheus | Pre-Requirements | Path -# shell: '{{ item }}' -# loop: -# - mkdir -p {{ prom_path }} - -## Install ## - -#- name: Server | Prometheus | Install -# shell: "{{ item }}" -# loop: -# - - -## Configure ## diff --git a/tasks/server/cron/certbot.yml b/tasks/server/cron/certbot.yml index 5a83f1a..edc1792 100644 --- a/tasks/server/cron/certbot.yml +++ b/tasks/server/cron/certbot.yml @@ -12,4 +12,5 @@ job: "{{ certbot.stdout }} renew" special_time: weekly state: present - disabled: no \ No newline at end of file + disabled: no + when: certbot is defined and certbot.stdout is defined \ No newline at end of file diff --git a/tasks/server/software/certbot.yml b/tasks/server/software/certbot.yml index f504bbb..767d17c 100644 --- a/tasks/server/software/certbot.yml +++ b/tasks/server/software/certbot.yml @@ -4,8 +4,8 @@ - name: Server | Software | Certbot | FreeBSD package: name: - - py37-certbot - - py37-certbot-nginx + - py38-certbot + - py38-certbot-nginx state: present when: ansible_system == "FreeBSD" diff --git a/tasks/server/software/gitlab.yml b/tasks/server/software/gitlab.yml new file mode 100644 index 0000000..fc0369c --- /dev/null +++ b/tasks/server/software/gitlab.yml @@ -0,0 +1,3 @@ +--- +# Install a Gitlab server. +# https://about.gitlab.com/install/#ubuntu \ No newline at end of file diff --git a/tasks/server/software/hugo.yml b/tasks/server/software/hugo.yml index 6d89d6e..73f8cd3 100644 --- a/tasks/server/software/hugo.yml +++ b/tasks/server/software/hugo.yml @@ -1,3 +1,4 @@ +--- # Install HUGO to host sites like parrotsec.org - name: Server | Software | HUGO | Variables (apt) diff --git a/tasks/workstation/freebsd/software/gui.yml b/tasks/workstation/freebsd/software/gui.yml index 9d85106..356a43c 100644 --- a/tasks/workstation/freebsd/software/gui.yml +++ b/tasks/workstation/freebsd/software/gui.yml @@ -5,11 +5,12 @@ package: name: - xorg - - gnome3 + - gnome3-lite - "{{ firefox_esr }}" - "{{ thunderbird }}" - vscode - gimp + - telegram-desktop state: present - name: Workstation | FreeBSD | GUI | Uninstall Bloat @@ -21,13 +22,14 @@ - name: Workstation | FreeBSD | GUI | Create rc.conf Entries blockinfile: - path: /etc/rc.conf + path: "{{ rc_conf }}" marker: "# {mark} MANAGED BY ANSIBLE | GUI Components" block: | dbus_enable="YES" hald_enable="YES" gnome_enable="YES" gdm_enable="YES" + create: yes backup: yes - name: Workstation | FreeBSD | GUI | Create proc fstab Entry diff --git a/tasks/workstation/linux/software/flatpaks.yml b/tasks/workstation/linux/software/flatpaks.yml index e305adc..a626e20 100644 --- a/tasks/workstation/linux/software/flatpaks.yml +++ b/tasks/workstation/linux/software/flatpaks.yml @@ -37,7 +37,6 @@ remote: flathub state: present loop: - - com.visualstudio.code-oss - com.vscodium.codium - com.google.AndroidStudio - com.jetbrains.PyCharm-Community @@ -50,14 +49,13 @@ remote: flathub state: absent loop: - - com.visualstudio.code-oss - com.vscodium.codium - com.google.AndroidStudio - com.jetbrains.PyCharm-Community ignore_errors: yes when: coding is not defined -# Editor # +# Media Editors # - name: Workstation | Linux | Flatpak Distro | Flatpak | Audio/Video Editor Installs flatpak: name: "{{ item }}" @@ -84,7 +82,7 @@ ignore_errors: yes when: editing is not defined -# Games # +# Gaming # - name: Workstation | Linux | Flatpak Distro | Flatpak | Gaming Installs flatpak: name: "{{ item }}" @@ -114,6 +112,7 @@ loop: - org.mozilla.firefox - com.visualstudio.code # Why does this throw an error? It's the correct ID. + - com.visualstudio.code-oss - org.midori_browser.Midori - com.github.Eloston.UngoogledChromium ignore_errors: yes diff --git a/tasks/workstation/settings/gnome.yml b/tasks/workstation/settings/gnome.yml index 08be1cb..39905e8 100644 --- a/tasks/workstation/settings/gnome.yml +++ b/tasks/workstation/settings/gnome.yml @@ -128,7 +128,7 @@ key: /org/gnome/shell/favorite-apps value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop', '{{ browser }}', 'org.mozilla.Thunderbird.desktop', - 'com.vscodium.codium.desktop', 'com.visualstudio.code-oss.desktop', + 'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop', 'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 'rhythmbox.desktop', 'io.lbry.lbry-app.desktop', diff --git a/tasks/workstation/settings/nfs.yml b/tasks/workstation/settings/nfs.yml index a4f0732..9e214a4 100644 --- a/tasks/workstation/settings/nfs.yml +++ b/tasks/workstation/settings/nfs.yml @@ -1,15 +1,48 @@ --- -# Use Apt specific because they're consistent! :) +# Mount network shares. - name: Workstation | Settings | NFS | Facts set_fact: media_folder: /mnt/media - -- name: Workstation | Settings | NFS | Install + mount_number: 0 + +- name: Workstation | Settings | NFS | Facts (Linux) + set_fact: + mount_options: defaults + when: ansible_system == "Linux" + +- name: Workstation | Settings | NFS | Facts (FreeBSD) + set_fact: + mount_options: rw + when: ansible_system == "FreeBSD" + + +- name: Workstation | Settings | NFS | Install (Linux) package: name: - "{{ nfs }}" state: present + when: ansible_system == "Linux" + +# https://www.unixmen.com/setup-nfs-server-on-freebsd/ +- name: Workstation | Settings | NFS | Install (FreeBSD) + blockinfile: + path: "{{ rc_conf }}" + marker: "# {mark} MANAGED BY ANSIBLE | NFS Components" + block: | + nfs_server_enable="YES" + nfs_server_flags="-u -t -n 4" + rpcbind_enable="YES" + mountd_flags="-r" + mountd_enable="YES" + nfs_client_enable="YES" + nfs_client_flags="-n 4" + rpc_lockd_enable="YES" + rpc_statd_enable="YES" + create: yes + backup: yes + when: ansible_system == "FreeBSD" + - name: Workstation | Settings | NFS | Create Folders file: @@ -19,10 +52,11 @@ loop: - "{{ media_folder }}" + - name: Workstation | Settings | NFS | Create Mount Instructions blockinfile: path: /etc/fstab marker: "# {mark} MANAGED BY ANSIBLE | Media" block: | - htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs defaults 0 0 + htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs {{ mount_options }} {{ mount_number }} {{ mount_number }} backup: yes \ No newline at end of file diff --git a/tasks/workstation/settings/rdp.yml b/tasks/workstation/settings/rdp.yml new file mode 100644 index 0000000..d37698a --- /dev/null +++ b/tasks/workstation/settings/rdp.yml @@ -0,0 +1,40 @@ +--- +# Allow remote viewing via open/free RDP. + +- name: Workstation | Settings | RDP | FreeBSD | Install + package: + name: xrdp + state: present + when: ansible_system == "FreeBSD" + +- name: Workstation | Settings | RDP | FreeBSD | Enable + blockinfile: + path: "{{ rc_conf }}" + marker: "# {mark} MANAGED BY ANSIBLE | RDP Components" + block: | + xrdp_enable="YES" + xrdp_sesman_enable="YES" + state: present + create: yes + backup: yes + when: ansible_system == "FreeBSD" + +- name: Workstation | Settings | RDP | FreeBSD | Enable GNOME + lineinfile: + path: /usr/local/etc/xrdp/startwm.sh + regexp: 'gnome-session' + line: 'exec gnome-session # MANAGED BY ANSIBLE' + state: present + create: yes + backup: yes + when: ansible_system == "FreeBSD" + +- name: Workstation | Settings | RDP | FreeBSD | Disable xterm + lineinfile: + path: /usr/local/etc/xrdp/startwm.sh + regexp: 'xterm' + line: '#exec xterm # MANAGED BY ANSIBLE' + state: present + create: yes + backup: yes + when: ansible_system == "FreeBSD" diff --git a/tasks/workstation/settings/vnc.yml b/tasks/workstation/settings/vnc.yml new file mode 100644 index 0000000..741d47d --- /dev/null +++ b/tasks/workstation/settings/vnc.yml @@ -0,0 +1,2 @@ +--- +# Allow remote viewing desktops via VNC.