From cdfb257b21a91b7d456f274bc30530b0d3322e08 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sun, 27 Mar 2022 08:14:06 -0500 Subject: [PATCH] Fixes and Enhancements (#24) * Add TODO. * Add note. * Fix hang from NFS sometimes not being up. * Remove noauto so that `mount -a` works. * Allow Arch to use BASH. * Add programs needed for playbook but missing from Arch Base. * Explicit rename of old install since Github connection is unreliable. Call executable from current directory after chdir. * Ensure shells are set up correctly on Arch. * Begin explicitly using microcode packages on dev machines. * Fix _ typos to -. * Add Delta Chat. * Fix equals typo and allow command to fail. * Delta Chat Desktop works great, add it to Favorites. * Add Element. * Add Element. * Change spot for Element. * Add new file(s) to call in-development project. * Remove extra comma. * Change FreeBSD update checker to weekly. * Use Github again for pulling updates. --- facts/general/package.yml | 8 ++++++ facts/general/system.yml | 8 ++++-- tasks/general/acct_mgmt/users.yml | 28 +++++++++++++++++-- tasks/general/scripts/root.yml | 25 +++++++++++++++++ tasks/general/scripts/user.yml | 25 +++++++++++++++++ tasks/general/software/packages.yml | 17 +++++++++++ tasks/general/tests/lynis.yml | 7 ++++- tasks/server/software/git.yml | 7 +++++ tasks/workstation/freebsd/cron/ansible.yml | 2 +- tasks/workstation/linux/software/flatpaks.yml | 2 ++ tasks/workstation/shared/settings/gnome.yml | 14 ++++++---- tasks/workstation/shared/settings/nfs.yml | 2 +- 12 files changed, 131 insertions(+), 14 deletions(-) diff --git a/facts/general/package.yml b/facts/general/package.yml index c2d35c7..51d4949 100644 --- a/facts/general/package.yml +++ b/facts/general/package.yml @@ -14,6 +14,8 @@ locate: locate opensshd: openssh-server tar: tar + microcode_amd: amd64-microcode + microcode_intel: intel-microcode when: ansible_pkg_mgr == "apt" - name: General | Facts | Package | pacman @@ -22,6 +24,8 @@ locate: mlocate opensshd: openssh tar: tar + microcode_amd: linux-firmware + microcode_intel: intel-ucode when: ansible_pkg_mgr == "pacman" - name: General | Facts | Package | FreeBSD @@ -31,6 +35,8 @@ opensshd: htop # sshd comes installed on FreeBSD ansible_python_interpreter: "/usr/local/bin/python3.8" tar: htop # tar already provided in FreeBSD + microcode_amd: htop # TODO + microcode_intel: htop # TODO when: ansible_system == "FreeBSD" - name: General | Facts | Package | dnf @@ -39,6 +45,8 @@ locate: mlocate opensshd: openssh tar: tar + microcode_amd: microcode_ctl + microcode_intel: microcode_ctl when: ansible_pkg_mgr == "dnf" diff --git a/facts/general/system.yml b/facts/general/system.yml index 609f261..8d89356 100644 --- a/facts/general/system.yml +++ b/facts/general/system.yml @@ -11,11 +11,15 @@ global_bin: /usr/local/bin x_desktops: /usr/share/xsessions repo_github: https://github.com/Hyperling/ansible.git - repo_local: https://git.hyperling.com/ansible.git + #repo_local: https://git.hyperling.com/ansible.git + # Local server not working yet, go back to Github even though they throttle me. + repo_local: https://github.com/Hyperling/ansible.git - name: General | Facts | System | Dev set_fact: - repo_local: https://git.hyperling.com/ansible-dev.git + #repo_local: https://git.hyperling.com/ansible-dev.git + # Local server not working yet, go back to Github even though they throttle me. + repo_local: https://github.com/Hyperling/ansible.git when: branch == "dev" diff --git a/tasks/general/acct_mgmt/users.yml b/tasks/general/acct_mgmt/users.yml index efb571b..2824ffd 100644 --- a/tasks/general/acct_mgmt/users.yml +++ b/tasks/general/acct_mgmt/users.yml @@ -7,10 +7,32 @@ set_fact: user_shell: "{{ bash_exec.stdout }}" -- name: General | Account Management | Users | Use ZSH (Arch+Manjaro) - set_fact: - user_shell: "{{ zsh_exec.stdout }}" +- name: General | Account Management | Users | Allow BASH (Arch) + lineinfile: + path: /etc/shells + regexp: "{{ bash_exec.stdout }}" + line: "{{ bash_exec.stdout }}" + insertbefore: "# End of file" + backup: yes + create: no + state: present when: ansible_distribution == "Archlinux" + +#- name: General | Account Management | Users | Use ZSH (Arch+Manjaro) +# set_fact: +# user_shell: "{{ zsh_exec.stdout }}" +# when: ansible_distribution == "Archlinux" +# +#- name: General | Account Management | Users | Allow ZSH (Arch) +# lineinfile: +# path: /etc/shells +# regexp: "{{ zsh_exec.stdout }}" +# line: "{{ zsh_exec.stdout }}" +# insertbefore: "# End of file" +# backup: yes +# create: no +# state: present +# when: ansible_distribution == "Archlinux" ## Root ## diff --git a/tasks/general/scripts/root.yml b/tasks/general/scripts/root.yml index 4f7f2ec..a886220 100644 --- a/tasks/general/scripts/root.yml +++ b/tasks/general/scripts/root.yml @@ -68,3 +68,28 @@ file: path: "{{ user_root.home }}/bin/scm-dev.sh" mode: '0755' + + +- name: General | Scripts | Root | scm-local.sh + blockinfile: + path: "{{ user_root.home }}/bin/scm-local.sh" + block: | + # 20220312 - Make life easier for development! Especially when Github can't be reached. + + ## Variables ## + + + ## Main ## + + time ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml + + marker: '{mark}' + marker_begin: "#!{{ bash_exec.stdout }}" + marker_end: "exit 0" + state: present + create: yes + +- name: General | Scripts | Root | scm-local.sh Permissions + file: + path: "{{ user_root.home }}/bin/scm-local.sh" + mode: '0755' diff --git a/tasks/general/scripts/user.yml b/tasks/general/scripts/user.yml index 6057ef8..408df2f 100644 --- a/tasks/general/scripts/user.yml +++ b/tasks/general/scripts/user.yml @@ -68,3 +68,28 @@ file: path: "{{ user_user.home }}/bin/scm-dev.sh" mode: '0755' + + +- name: General | Scripts | User | scm-local.sh + blockinfile: + path: "{{ user_user.home }}/bin/scm-local.sh" + block: | + # 20220312 - Make life easier for development! Especially when Github can't be reached. + + ## Variables ## + + + ## Main ## + + time sudo ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml + + marker: '{mark}' + marker_begin: "#!{{ bash_exec.stdout }}" + marker_end: "exit 0" + state: present + create: yes + +- name: General | Scripts | User | scm-local.sh Permissions + file: + path: "{{ user_user.home }}/bin/scm-local.sh" + mode: '0755' diff --git a/tasks/general/software/packages.yml b/tasks/general/software/packages.yml index 3b17d74..5b1f287 100644 --- a/tasks/general/software/packages.yml +++ b/tasks/general/software/packages.yml @@ -51,6 +51,15 @@ - "{{ tar }}" state: present +- name: General | Software | Packages | Install Software (DEV) + package: + name: + - "{{ microcode_amd }}" + - "{{ microcode_intel }}" + state: present + when: branch == "dev" + ignore_errors: yes + - name: General | Software | Services | Install CROND (Looking at you, Fedora) package: name: cronie @@ -63,6 +72,14 @@ state: present when: ansible_distribution == "Debian" +- name: General | Software | Services | Install "Bloat" (Looking at you, Arch Base) + package: + name: + - which + - cronie + state: present + when: ansible_distribution == "Archlinux" + - name: General | Software | Packages | Update Software (Disabled) package: name: diff --git a/tasks/general/tests/lynis.yml b/tasks/general/tests/lynis.yml index 9706e13..ebe41de 100644 --- a/tasks/general/tests/lynis.yml +++ b/tasks/general/tests/lynis.yml @@ -1,6 +1,10 @@ --- # Lynis hardness check. +- name: General | Tests | Lynis | Rename Old Install + shell: mv "/usr/local/lynis" "/usr/local/src/" + ignore_errors: yes + - name: General | Tests | Lynis | Install git: repo: https://github.com/CISOfy/lynis @@ -24,9 +28,10 @@ mode: '0755' - name: General | Tests | Lynis | Run System Audit - shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1" + shell: "./lynis audit system --no-colors > {{ lynis_report }} 2>&1" args: executable: "{{ bash_exec.stdout }}" + chdir: "{{ lynis_install_dir }}" - name: General | Tests | Lynis | Make Report Readable file: diff --git a/tasks/server/software/git.yml b/tasks/server/software/git.yml index 98cf75b..862ac91 100644 --- a/tasks/server/software/git.yml +++ b/tasks/server/software/git.yml @@ -2,6 +2,13 @@ # Webserver to replace calling GitHub for projects. # https://www.howtoforge.com/how-to-install-http-git-server-with-nginx-on-debian-11/ +#TODO: Use gitweb instead??? I knew there was an easier way than apache/nginx/python stuff... +# https://git-scm.com/docs/gitweb + +# Gitweb is nice but doesn;t seem like it allowes cloning. +# Need to figure out how to get git:// to work, fix SSL locally, or somehow use http local and https when external.. + + ## Variables ## - name: Server | Software | HTTPS Git Server | Check Config Variables diff --git a/tasks/workstation/freebsd/cron/ansible.yml b/tasks/workstation/freebsd/cron/ansible.yml index 4090aeb..ddfd853 100644 --- a/tasks/workstation/freebsd/cron/ansible.yml +++ b/tasks/workstation/freebsd/cron/ansible.yml @@ -5,7 +5,7 @@ cron: user: ansible name: "Security Update" - special_time: daily + special_time: weekly job: "sudo freebsd-update cron -t me@hyperling.com" state: present disabled: no diff --git a/tasks/workstation/linux/software/flatpaks.yml b/tasks/workstation/linux/software/flatpaks.yml index 4b641e1..188c9a2 100644 --- a/tasks/workstation/linux/software/flatpaks.yml +++ b/tasks/workstation/linux/software/flatpaks.yml @@ -38,6 +38,8 @@ - { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" } - { app: "org.signal.Signal", name: "signal", extra: "" } - { app: "io.gitlab.librewolf-community", name: "librewolf", extra: "" } + - { app: "chat.delta.desktop", name: "deltachat", extra: "" } + - { app: "im.riot.Riot", name: "element", extra: "" } flatpaks_coding: - { app: "com.vscodium.codium", name: "codium", extra: "" } - { app: "com.google.AndroidStudio", name: "android-studio", extra: "" } diff --git a/tasks/workstation/shared/settings/gnome.yml b/tasks/workstation/shared/settings/gnome.yml index 76c9ae9..ea7c696 100644 --- a/tasks/workstation/shared/settings/gnome.yml +++ b/tasks/workstation/shared/settings/gnome.yml @@ -167,12 +167,14 @@ - name: Workstation | Account Management | GNOME | Favorites (Linux) dconf: key: /org/gnome/shell/favorite-apps - value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop', - 'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop', - 'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop', - 'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', - 'io.lbry.lbry-app.desktop', - 'com.valvesoftware.Steam.desktop']" + value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop' + ,'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop' + ,'chat.delta.desktop.desktop' + ,'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop' + ,'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 'im.riot.Riot.desktop' + ,'io.lbry.lbry-app.desktop' + ,'com.valvesoftware.Steam.desktop' + ]" state: present become_user: "{{ user }}" when: ansible_system == "Linux" diff --git a/tasks/workstation/shared/settings/nfs.yml b/tasks/workstation/shared/settings/nfs.yml index 71a40d7..5f4dcdf 100644 --- a/tasks/workstation/shared/settings/nfs.yml +++ b/tasks/workstation/shared/settings/nfs.yml @@ -8,7 +8,7 @@ - name: Workstation | Settings | NFS | Facts (Linux) set_fact: - mount_options: defaults + mount_options: defaults,_netdev when: ansible_system == "Linux" - name: Workstation | Settings | NFS | Facts (FreeBSD)