Add initial HUGO support, FreeBSD 13 support, and script for Ansible to hit dev branch. (#4)

* Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * Newlines, comments, and HUGO path. (#2) (#3) * Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * FreeBSD is complaining about certbot not having dict object stdout. This whole playbook is supposed to be skipped though, lol. * FreeBSD 13 is still mad. Ansible 2.11.2, jinja 2.11.2 (same version number??), Python 3.8.10. * Fix root group to be existing variable. FreeBSD uses wheel. * Allow choosing Github branch dynamically. * `branch` needs to be at General level. Testing if this works... * Change other `localhost` to `everything`. * Update FreeBSD status. * Goodbye, Code-OSS on Linux! * Delete a terrible file. * Remove excess tag. * "Fix" SSHFS for FreeBSD. * Variablize FreeBSD's loading of fusefs. * Variablize /etc/rc.conf. Enable FuseFS more properly. * Add beginning ticks. * Add missing playbook. * Enable FreeBSD mount job. * Rearrange items to be more consistent with comment. * It seems FreeBSD removed the `gnome3` metapackage. Use `gnome3-lite` instead. Also add Telegram. * Python is to 3.8 now. * Expand on FreeBSD work. * Expand on FreeBSD work. * Add placeholders for Gitlab. * Add parameter for Gitlab install. * Add Gitlab playbook. * Ensure FreeBSD uses the correct Python install. * Add newline. * Fix NFS for FreeBSD workstations. * Remove unnecessary line, restricted install to Linux in playbook. * Fix mount options for FreeBSD. * Fix mount number, as well as system-specific facts. * Add placeholders for remote viewing. * Add RDP for FreeBSD. * Omg! It works! Add setting enforcement. * Always remove OSS. * Remove hosts from explicit dev testing.
2021-07-19 07:07:03 -05:00
parent bdf3ffa456
commit c59e706c17
24 changed files with 185 additions and 78 deletions
--- a/tasks/general/acct_mgmt/mounts.yml
+++ b/tasks/general/acct_mgmt/mounts.yml
@ -8,6 +8,11 @@
    state: directory
    mode: '0755'

+- name: General | Account Management | Mounts | Enable SSHFS (FreeBSD)
+  shell: "{{ load_fusefs }}"
+  ignore_errors: yes 
+  when: ansible_system == "FreeBSD"
+
 - name: General | Account Management | Mounts | Test SSHFS
  shell: "sshfs {{ leet_ssh }}: /mnt/test -o allow_other"
  register: sshfs_test
--- a/tasks/general/cron/ansible.yml
+++ b/tasks/general/cron/ansible.yml
@ -6,7 +6,7 @@
    user: ansible
    name: "Ansible Sync"
    minute: "*/15"
-    job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout main"
+    job: "sudo {{ ansible_pull_exec.stdout }} -o -U https://github.com/Hyperling/ansible.git --checkout {{ branch }}"
    state: present
    disabled: no

--- a/tasks/general/cron/root.yml
+++ b/tasks/general/cron/root.yml
@ -6,8 +6,8 @@
    user: root
    name: "1337 SSHFS"
    special_time: reboot
-    job: "{{ sshfs_leet_cmd }}"
-    state: absent
+    job: "{{ load_fusefs }} && {{ sshfs_leet_cmd }}"
+    state: present
    disabled: no
  when: ansible_system == "FreeBSD"

--- a/tasks/general/software/services.yml
+++ b/tasks/general/software/services.yml
@ -13,7 +13,17 @@

 ## SSHFS ##

- name: General | Software | Services | Enable SSHD (Linux?)
+- name: General | Software | Services | Enable FuseFS (FreeBSD rc.conf)
+  lineinfile:
+    path: "{{ rc_conf }}"
+    regexp: 'fusefs_enable='
+    line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: General | Software | Services | Enable SSHFS (FreeBSD service)
  service:
    name: fusefs
    pattern: fusefs
--- a/tasks/general/tests/lynis.yml
+++ b/tasks/general/tests/lynis.yml
@ -14,7 +14,7 @@
    state: directory
    mode: '0644'
    owner: root
-    group: root
+    group: "{{ root_group }}"
    recurse: yes

 - name: General | Tests | Lynis | Ensure Permissions 2
--- a/tasks/server/.fuse_hidden0000002c00000002
+++ b/tasks/server/.fuse_hidden0000002c00000002
@ -1,38 +0,0 @@
---
-# DB for analytics, used for Grafana.
-
-# Installing from source seems a bit too complicated since `make` and `make build` isn't working
-# Try this: https://devopscube.com/install-configure-prometheus-linux/
-# Release: https://github.com/prometheus/prometheus/releases/download/v2.25.1/prometheus-2.25.1.linux-amd64.tar.gz
-# Client?: https://prometheus.io/docs/guides/node-exporter/
-
-## Variables ##
-
-#- name: Server | Prometheus | Variables
-#  set_facts:
-#    prom_path: /usr/local/prometheus
-
-## Pre-reqs ##
-
-#- name: Server | Prometheus | Pre-Requirements | Install
-#  package: 
-#    name: 
-#      - make
-#      - golang-go
-#      - nodejs
-#      - yarn
-#    state: present
-
-#- name: Server | Prometheus | Pre-Requirements | Path
-#  shell:  '{{ item }}'
-#  loop: 
-#    - mkdir -p {{ prom_path }}
-
-## Install ##
-
-#- name: Server | Prometheus | Install
-#  shell: "{{ item }}"
-#  loop:
-#    - 
-
-## Configure ##
--- a/tasks/server/cron/certbot.yml
+++ b/tasks/server/cron/certbot.yml
@ -12,4 +12,5 @@
    job: "{{ certbot.stdout }} renew"
    special_time: weekly
    state: present
-    disabled: no
+    disabled: no
+  when: certbot is defined and certbot.stdout is defined
--- a/tasks/server/software/certbot.yml
+++ b/tasks/server/software/certbot.yml
@ -4,8 +4,8 @@
 - name: Server | Software | Certbot | FreeBSD
  package: 
    name:
-      - py37-certbot
-      - py37-certbot-nginx
+      - py38-certbot
+      - py38-certbot-nginx
    state: present
  when: ansible_system == "FreeBSD"

--- a/tasks/server/software/gitlab.yml
+++ b/tasks/server/software/gitlab.yml
@ -0,0 +1,3 @@
+---
+# Install a Gitlab server.
+# https://about.gitlab.com/install/#ubuntu
--- a/tasks/server/software/hugo.yml
+++ b/tasks/server/software/hugo.yml
@ -1,3 +1,4 @@
+---
 # Install HUGO to host sites like parrotsec.org

 - name: Server | Software | HUGO | Variables (apt)
--- a/tasks/workstation/freebsd/software/gui.yml
+++ b/tasks/workstation/freebsd/software/gui.yml
@ -5,11 +5,12 @@
  package: 
    name:
    - xorg
-    - gnome3
+    - gnome3-lite
    - "{{ firefox_esr }}"
    - "{{ thunderbird }}"
    - vscode
    - gimp
+    - telegram-desktop
    state: present

 - name: Workstation | FreeBSD | GUI | Uninstall Bloat
@ -21,13 +22,14 @@

 - name: Workstation | FreeBSD | GUI | Create rc.conf Entries
  blockinfile:
-    path: /etc/rc.conf
+    path: "{{ rc_conf }}"
    marker: "# {mark} MANAGED BY ANSIBLE | GUI Components"
    block: |
      dbus_enable="YES"
      hald_enable="YES"
      gnome_enable="YES"
      gdm_enable="YES"
+    create: yes
    backup: yes

 - name: Workstation | FreeBSD | GUI | Create proc fstab Entry
--- a/tasks/workstation/linux/software/flatpaks.yml
+++ b/tasks/workstation/linux/software/flatpaks.yml
@ -37,7 +37,6 @@
    remote: flathub
    state: present
  loop:
-    - com.visualstudio.code-oss
    - com.vscodium.codium
    - com.google.AndroidStudio
    - com.jetbrains.PyCharm-Community
@ -50,14 +49,13 @@
    remote: flathub
    state: absent
  loop:
-    - com.visualstudio.code-oss
    - com.vscodium.codium
    - com.google.AndroidStudio
    - com.jetbrains.PyCharm-Community
  ignore_errors: yes
  when: coding is not defined

-# Editor #
+# Media Editors #
 - name: Workstation | Linux | Flatpak Distro | Flatpak | Audio/Video Editor Installs
  flatpak:
    name: "{{ item }}"
@ -84,7 +82,7 @@
  ignore_errors: yes
  when: editing is not defined

-# Games #
+# Gaming #
 - name: Workstation | Linux | Flatpak Distro | Flatpak | Gaming Installs
  flatpak:
    name: "{{ item }}"
@ -114,6 +112,7 @@
  loop:
    - org.mozilla.firefox
    - com.visualstudio.code # Why does this throw an error? It's the correct ID.
+    - com.visualstudio.code-oss
    - org.midori_browser.Midori
    - com.github.Eloston.UngoogledChromium
  ignore_errors: yes
--- a/tasks/workstation/settings/gnome.yml
+++ b/tasks/workstation/settings/gnome.yml
@ -128,7 +128,7 @@
    key: /org/gnome/shell/favorite-apps
    value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop', 
             '{{ browser }}', 'org.mozilla.Thunderbird.desktop',
-             'com.vscodium.codium.desktop', 'com.visualstudio.code-oss.desktop', 
+             'com.vscodium.codium.desktop',
             'org.shotcut.Shotcut.desktop', 
             'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 
             'rhythmbox.desktop', 'io.lbry.lbry-app.desktop',
--- a/tasks/workstation/settings/nfs.yml
+++ b/tasks/workstation/settings/nfs.yml
@ -1,15 +1,48 @@
 ---
-# Use Apt specific because they're consistent! :)
+# Mount network shares.

 - name: Workstation | Settings | NFS | Facts
  set_fact:
    media_folder: /mnt/media
-    
- name: Workstation | Settings | NFS | Install
+    mount_number: 0
+
+- name: Workstation | Settings | NFS | Facts (Linux)
+  set_fact:
+    mount_options: defaults
+  when: ansible_system == "Linux"
+
+- name: Workstation | Settings | NFS | Facts (FreeBSD)
+  set_fact:
+    mount_options: rw
+  when: ansible_system == "FreeBSD"
+
+
+- name: Workstation | Settings | NFS | Install (Linux)
  package: 
    name: 
      - "{{ nfs }}"
    state: present
+  when: ansible_system == "Linux"
+
+# https://www.unixmen.com/setup-nfs-server-on-freebsd/
+- name: Workstation | Settings | NFS | Install (FreeBSD)
+  blockinfile:
+    path: "{{ rc_conf }}"
+    marker: "# {mark} MANAGED BY ANSIBLE | NFS Components"
+    block: |
+      nfs_server_enable="YES"
+      nfs_server_flags="-u -t -n 4"
+      rpcbind_enable="YES"
+      mountd_flags="-r"
+      mountd_enable="YES"
+      nfs_client_enable="YES"
+      nfs_client_flags="-n 4"
+      rpc_lockd_enable="YES"
+      rpc_statd_enable="YES"
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+

 - name: Workstation | Settings | NFS | Create Folders
  file: 
@ -19,10 +52,11 @@
  loop:
    - "{{ media_folder }}"

+
 - name: Workstation | Settings | NFS | Create Mount Instructions
  blockinfile:
    path: /etc/fstab
    marker: "# {mark} MANAGED BY ANSIBLE | Media"
    block: |
-      htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs defaults 0 0
+      htpc:/mnt/hdd_unsafe/media {{ media_folder }} nfs {{ mount_options }} {{ mount_number }} {{ mount_number }}
    backup: yes
--- a/tasks/workstation/settings/rdp.yml
+++ b/tasks/workstation/settings/rdp.yml
@ -0,0 +1,40 @@
+---
+# Allow remote viewing via open/free RDP.
+
+- name: Workstation | Settings | RDP | FreeBSD | Install
+  package:
+    name: xrdp
+    state: present
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Enable
+  blockinfile:
+    path: "{{ rc_conf }}"
+    marker: "# {mark} MANAGED BY ANSIBLE | RDP Components"
+    block: |
+      xrdp_enable="YES"
+      xrdp_sesman_enable="YES"
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Enable GNOME
+  lineinfile:
+    path: /usr/local/etc/xrdp/startwm.sh
+    regexp: 'gnome-session'
+    line: 'exec gnome-session # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
+
+- name: Workstation | Settings | RDP | FreeBSD | Disable xterm
+  lineinfile:
+    path: /usr/local/etc/xrdp/startwm.sh
+    regexp: 'xterm'
+    line: '#exec xterm # MANAGED BY ANSIBLE'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system == "FreeBSD"
--- a/tasks/workstation/settings/vnc.yml
+++ b/tasks/workstation/settings/vnc.yml
@ -0,0 +1,2 @@
+---
+# Allow remote viewing desktops via VNC.