Fixes and Enhancements (#24)

* Add TODO.

* Add note.

* Fix hang from NFS sometimes not being up.

* Remove noauto so that `mount -a` works.

* Allow Arch to use BASH.

* Add programs needed for playbook but missing from Arch Base.

* Explicit rename of old install since Github connection is unreliable. Call executable from current directory after chdir.

* Ensure shells are set up correctly on Arch.

* Begin explicitly using microcode packages on dev machines.

* Fix _ typos to -.

* Add Delta Chat.

* Fix equals typo and allow command to fail.

* Delta Chat Desktop works great, add it to Favorites.

* Add Element.

* Add Element.

* Change spot for Element.

* Add new file(s) to call in-development project.

* Remove extra comma.

* Change FreeBSD update checker to weekly.

* Use Github again for pulling updates.

facts/general/package.yml

@@ -14,6 +14,8 @@
     locate: locate
     opensshd: openssh-server
     tar: tar
+    microcode_amd: amd64-microcode
+    microcode_intel: intel-microcode
   when: ansible_pkg_mgr == "apt"
 
 - name: General | Facts | Package | pacman
@@ -22,6 +24,8 @@
     locate: mlocate
     opensshd: openssh
     tar: tar
+    microcode_amd: linux-firmware
+    microcode_intel: intel-ucode
   when: ansible_pkg_mgr == "pacman"
 
 - name: General | Facts | Package | FreeBSD
@@ -31,6 +35,8 @@
     opensshd: htop # sshd comes installed on FreeBSD
     ansible_python_interpreter: "/usr/local/bin/python3.8"
     tar: htop # tar already provided in FreeBSD
+    microcode_amd: htop # TODO
+    microcode_intel: htop # TODO
   when: ansible_system == "FreeBSD"
 
 - name: General | Facts | Package | dnf
@@ -39,6 +45,8 @@
     locate: mlocate
     opensshd: openssh
     tar: tar
+    microcode_amd: microcode_ctl
+    microcode_intel: microcode_ctl
   when: ansible_pkg_mgr == "dnf"
 
 

facts/general/system.yml

@@ -11,11 +11,15 @@
     global_bin: /usr/local/bin
     x_desktops: /usr/share/xsessions
     repo_github: https://github.com/Hyperling/ansible.git
-    repo_local: https://git.hyperling.com/ansible.git
+    #repo_local: https://git.hyperling.com/ansible.git
+    # Local server not working yet, go back to Github even though they throttle me.
+    repo_local: https://github.com/Hyperling/ansible.git
 
 - name: General | Facts | System | Dev
   set_fact:
-    repo_local: https://git.hyperling.com/ansible-dev.git
+    #repo_local: https://git.hyperling.com/ansible-dev.git
+    # Local server not working yet, go back to Github even though they throttle me.
+    repo_local: https://github.com/Hyperling/ansible.git
   when: branch == "dev"
 
 

tasks/general/acct_mgmt/users.yml

@@ -7,10 +7,32 @@
   set_fact:
     user_shell: "{{ bash_exec.stdout }}"
 
-- name: General | Account Management | Users | Use ZSH (Arch+Manjaro)
-  set_fact:
-    user_shell: "{{ zsh_exec.stdout }}"
+- name: General | Account Management | Users | Allow BASH (Arch)
+  lineinfile:
+    path: /etc/shells
+    regexp: "{{ bash_exec.stdout }}"
+    line: "{{ bash_exec.stdout }}"
+    insertbefore: "# End of file"
+    backup: yes
+    create: no
+    state: present
   when: ansible_distribution == "Archlinux"
+  
+#- name: General | Account Management | Users | Use ZSH (Arch+Manjaro)
+#  set_fact:
+#    user_shell: "{{ zsh_exec.stdout }}"
+#  when: ansible_distribution == "Archlinux"
+#
+#- name: General | Account Management | Users | Allow ZSH (Arch)
+#  lineinfile:
+#    path: /etc/shells
+#    regexp: "{{ zsh_exec.stdout }}"
+#    line: "{{ zsh_exec.stdout }}"
+#    insertbefore: "# End of file"
+#    backup: yes
+#    create: no
+#    state: present
+#  when: ansible_distribution == "Archlinux"
 
 
 ## Root ##

tasks/general/scripts/root.yml

@@ -68,3 +68,28 @@
   file: 
     path: "{{ user_root.home }}/bin/scm-dev.sh"
     mode: '0755'
+
+
+- name: General | Scripts | Root | scm-local.sh
+  blockinfile:
+    path: "{{ user_root.home }}/bin/scm-local.sh"
+    block: |
+      # 20220312 - Make life easier for development! Especially when Github can't be reached.
+      
+      ## Variables ##
+
+
+      ## Main ##
+
+      time ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
+
+    marker: '{mark}'
+    marker_begin: "#!{{ bash_exec.stdout }}"
+    marker_end: "exit 0"
+    state: present
+    create: yes
+
+- name: General | Scripts | Root | scm-local.sh Permissions
+  file: 
+    path: "{{ user_root.home }}/bin/scm-local.sh"
+    mode: '0755'

tasks/general/scripts/user.yml

@@ -68,3 +68,28 @@
   file: 
     path: "{{ user_user.home }}/bin/scm-dev.sh"
     mode: '0755'
+
+
+- name: General | Scripts | User | scm-local.sh
+  blockinfile:
+    path: "{{ user_user.home }}/bin/scm-local.sh"
+    block: |
+      # 20220312 - Make life easier for development! Especially when Github can't be reached.
+      
+      ## Variables ##
+
+
+      ## Main ##
+
+      time sudo ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
+
+    marker: '{mark}'
+    marker_begin: "#!{{ bash_exec.stdout }}"
+    marker_end: "exit 0"
+    state: present
+    create: yes
+
+- name: General | Scripts | User | scm-local.sh Permissions
+  file: 
+    path: "{{ user_user.home }}/bin/scm-local.sh"
+    mode: '0755'

tasks/general/software/packages.yml

@@ -51,6 +51,15 @@
     - "{{ tar }}"
     state: present
 
+- name: General | Software | Packages | Install Software (DEV)
+  package: 
+    name:
+    - "{{ microcode_amd }}"
+    - "{{ microcode_intel }}"
+    state: present
+  when: branch == "dev"
+  ignore_errors: yes
+
 - name: General | Software | Services | Install CROND (Looking at you, Fedora)
   package:
     name: cronie
@@ -63,6 +72,14 @@
     state: present
   when: ansible_distribution == "Debian"
 
+- name: General | Software | Services | Install "Bloat" (Looking at you, Arch Base)
+  package:
+    name: 
+      - which
+      - cronie
+    state: present
+  when: ansible_distribution == "Archlinux"
+
 - name: General | Software | Packages | Update Software (Disabled)
   package: 
     name:

tasks/general/tests/lynis.yml

@@ -1,6 +1,10 @@
 ---
 # Lynis hardness check.
 
+- name: General | Tests | Lynis | Rename Old Install
+  shell: mv "/usr/local/lynis" "/usr/local/src/"
+  ignore_errors: yes
+
 - name: General | Tests | Lynis | Install
   git: 
     repo: https://github.com/CISOfy/lynis
@@ -24,9 +28,10 @@
     mode: '0755'
 
 - name: General | Tests | Lynis | Run System Audit
-  shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"
+  shell: "./lynis audit system --no-colors > {{ lynis_report }} 2>&1"
   args:
     executable: "{{ bash_exec.stdout }}"
+    chdir: "{{ lynis_install_dir }}"
 
 - name: General | Tests | Lynis | Make Report Readable
   file:

tasks/server/software/git.yml

@@ -2,6 +2,13 @@
 # Webserver to replace calling GitHub for projects.
 # https://www.howtoforge.com/how-to-install-http-git-server-with-nginx-on-debian-11/
 
+#TODO: Use gitweb instead??? I knew there was an easier way than apache/nginx/python stuff...
+# https://git-scm.com/docs/gitweb
+
+# Gitweb is nice but doesn;t seem like it allowes cloning. 
+# Need to figure out how to get git:// to work, fix SSL locally, or somehow use http local and https when external..
+
+
 ## Variables ##
 
 - name: Server | Software | HTTPS Git Server | Check Config Variables

tasks/workstation/freebsd/cron/ansible.yml

@@ -5,7 +5,7 @@
   cron:
     user: ansible
     name: "Security Update"
-    special_time: daily
+    special_time: weekly
     job: "sudo freebsd-update cron -t me@hyperling.com"
     state: present
     disabled: no

tasks/workstation/linux/software/flatpaks.yml

@@ -38,6 +38,8 @@
       - { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" }
       - { app: "org.signal.Signal", name: "signal", extra: "" }
       - { app: "io.gitlab.librewolf-community", name: "librewolf", extra: "" }
+      - { app: "chat.delta.desktop", name: "deltachat", extra: "" }
+      - { app: "im.riot.Riot", name: "element", extra: "" }
     flatpaks_coding:
       - { app: "com.vscodium.codium", name: "codium", extra: "" }
       - { app: "com.google.AndroidStudio", name: "android-studio", extra: "" }

tasks/workstation/shared/settings/gnome.yml

@@ -167,12 +167,14 @@
 - name: Workstation | Account Management | GNOME | Favorites (Linux)
   dconf: 
     key: /org/gnome/shell/favorite-apps
-    value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop', 
-             'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop', 
-             'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop', 
-             'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 
-             'io.lbry.lbry-app.desktop',
-             'com.valvesoftware.Steam.desktop']"
+    value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop'
+            ,'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop'
+            ,'chat.delta.desktop.desktop'
+            ,'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop'
+            ,'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 'im.riot.Riot.desktop'
+            ,'io.lbry.lbry-app.desktop'
+            ,'com.valvesoftware.Steam.desktop'
+            ]"
     state: present
   become_user: "{{ user }}"
   when: ansible_system == "Linux"

tasks/workstation/shared/settings/nfs.yml

@@ -8,7 +8,7 @@
 
 - name: Workstation | Settings | NFS | Facts (Linux)
   set_fact:
-    mount_options: defaults
+    mount_options: defaults,_netdev
   when: ansible_system == "Linux"
 
 - name: Workstation | Settings | NFS | Facts (FreeBSD)