Fixes and Enhancements (#24)
* Add TODO. * Add note. * Fix hang from NFS sometimes not being up. * Remove noauto so that `mount -a` works. * Allow Arch to use BASH. * Add programs needed for playbook but missing from Arch Base. * Explicit rename of old install since Github connection is unreliable. Call executable from current directory after chdir. * Ensure shells are set up correctly on Arch. * Begin explicitly using microcode packages on dev machines. * Fix _ typos to -. * Add Delta Chat. * Fix equals typo and allow command to fail. * Delta Chat Desktop works great, add it to Favorites. * Add Element. * Add Element. * Change spot for Element. * Add new file(s) to call in-development project. * Remove extra comma. * Change FreeBSD update checker to weekly. * Use Github again for pulling updates.
This commit is contained in:
parent
791dc245a6
commit
cdfb257b21
@ -14,6 +14,8 @@
|
|||||||
locate: locate
|
locate: locate
|
||||||
opensshd: openssh-server
|
opensshd: openssh-server
|
||||||
tar: tar
|
tar: tar
|
||||||
|
microcode_amd: amd64-microcode
|
||||||
|
microcode_intel: intel-microcode
|
||||||
when: ansible_pkg_mgr == "apt"
|
when: ansible_pkg_mgr == "apt"
|
||||||
|
|
||||||
- name: General | Facts | Package | pacman
|
- name: General | Facts | Package | pacman
|
||||||
@ -22,6 +24,8 @@
|
|||||||
locate: mlocate
|
locate: mlocate
|
||||||
opensshd: openssh
|
opensshd: openssh
|
||||||
tar: tar
|
tar: tar
|
||||||
|
microcode_amd: linux-firmware
|
||||||
|
microcode_intel: intel-ucode
|
||||||
when: ansible_pkg_mgr == "pacman"
|
when: ansible_pkg_mgr == "pacman"
|
||||||
|
|
||||||
- name: General | Facts | Package | FreeBSD
|
- name: General | Facts | Package | FreeBSD
|
||||||
@ -31,6 +35,8 @@
|
|||||||
opensshd: htop # sshd comes installed on FreeBSD
|
opensshd: htop # sshd comes installed on FreeBSD
|
||||||
ansible_python_interpreter: "/usr/local/bin/python3.8"
|
ansible_python_interpreter: "/usr/local/bin/python3.8"
|
||||||
tar: htop # tar already provided in FreeBSD
|
tar: htop # tar already provided in FreeBSD
|
||||||
|
microcode_amd: htop # TODO
|
||||||
|
microcode_intel: htop # TODO
|
||||||
when: ansible_system == "FreeBSD"
|
when: ansible_system == "FreeBSD"
|
||||||
|
|
||||||
- name: General | Facts | Package | dnf
|
- name: General | Facts | Package | dnf
|
||||||
@ -39,6 +45,8 @@
|
|||||||
locate: mlocate
|
locate: mlocate
|
||||||
opensshd: openssh
|
opensshd: openssh
|
||||||
tar: tar
|
tar: tar
|
||||||
|
microcode_amd: microcode_ctl
|
||||||
|
microcode_intel: microcode_ctl
|
||||||
when: ansible_pkg_mgr == "dnf"
|
when: ansible_pkg_mgr == "dnf"
|
||||||
|
|
||||||
|
|
||||||
|
@ -11,11 +11,15 @@
|
|||||||
global_bin: /usr/local/bin
|
global_bin: /usr/local/bin
|
||||||
x_desktops: /usr/share/xsessions
|
x_desktops: /usr/share/xsessions
|
||||||
repo_github: https://github.com/Hyperling/ansible.git
|
repo_github: https://github.com/Hyperling/ansible.git
|
||||||
repo_local: https://git.hyperling.com/ansible.git
|
#repo_local: https://git.hyperling.com/ansible.git
|
||||||
|
# Local server not working yet, go back to Github even though they throttle me.
|
||||||
|
repo_local: https://github.com/Hyperling/ansible.git
|
||||||
|
|
||||||
- name: General | Facts | System | Dev
|
- name: General | Facts | System | Dev
|
||||||
set_fact:
|
set_fact:
|
||||||
repo_local: https://git.hyperling.com/ansible-dev.git
|
#repo_local: https://git.hyperling.com/ansible-dev.git
|
||||||
|
# Local server not working yet, go back to Github even though they throttle me.
|
||||||
|
repo_local: https://github.com/Hyperling/ansible.git
|
||||||
when: branch == "dev"
|
when: branch == "dev"
|
||||||
|
|
||||||
|
|
||||||
|
@ -7,10 +7,32 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
user_shell: "{{ bash_exec.stdout }}"
|
user_shell: "{{ bash_exec.stdout }}"
|
||||||
|
|
||||||
- name: General | Account Management | Users | Use ZSH (Arch+Manjaro)
|
- name: General | Account Management | Users | Allow BASH (Arch)
|
||||||
set_fact:
|
lineinfile:
|
||||||
user_shell: "{{ zsh_exec.stdout }}"
|
path: /etc/shells
|
||||||
|
regexp: "{{ bash_exec.stdout }}"
|
||||||
|
line: "{{ bash_exec.stdout }}"
|
||||||
|
insertbefore: "# End of file"
|
||||||
|
backup: yes
|
||||||
|
create: no
|
||||||
|
state: present
|
||||||
when: ansible_distribution == "Archlinux"
|
when: ansible_distribution == "Archlinux"
|
||||||
|
|
||||||
|
#- name: General | Account Management | Users | Use ZSH (Arch+Manjaro)
|
||||||
|
# set_fact:
|
||||||
|
# user_shell: "{{ zsh_exec.stdout }}"
|
||||||
|
# when: ansible_distribution == "Archlinux"
|
||||||
|
#
|
||||||
|
#- name: General | Account Management | Users | Allow ZSH (Arch)
|
||||||
|
# lineinfile:
|
||||||
|
# path: /etc/shells
|
||||||
|
# regexp: "{{ zsh_exec.stdout }}"
|
||||||
|
# line: "{{ zsh_exec.stdout }}"
|
||||||
|
# insertbefore: "# End of file"
|
||||||
|
# backup: yes
|
||||||
|
# create: no
|
||||||
|
# state: present
|
||||||
|
# when: ansible_distribution == "Archlinux"
|
||||||
|
|
||||||
|
|
||||||
## Root ##
|
## Root ##
|
||||||
|
@ -68,3 +68,28 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ user_root.home }}/bin/scm-dev.sh"
|
path: "{{ user_root.home }}/bin/scm-dev.sh"
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
|
|
||||||
|
- name: General | Scripts | Root | scm-local.sh
|
||||||
|
blockinfile:
|
||||||
|
path: "{{ user_root.home }}/bin/scm-local.sh"
|
||||||
|
block: |
|
||||||
|
# 20220312 - Make life easier for development! Especially when Github can't be reached.
|
||||||
|
|
||||||
|
## Variables ##
|
||||||
|
|
||||||
|
|
||||||
|
## Main ##
|
||||||
|
|
||||||
|
time ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
|
||||||
|
|
||||||
|
marker: '{mark}'
|
||||||
|
marker_begin: "#!{{ bash_exec.stdout }}"
|
||||||
|
marker_end: "exit 0"
|
||||||
|
state: present
|
||||||
|
create: yes
|
||||||
|
|
||||||
|
- name: General | Scripts | Root | scm-local.sh Permissions
|
||||||
|
file:
|
||||||
|
path: "{{ user_root.home }}/bin/scm-local.sh"
|
||||||
|
mode: '0755'
|
||||||
|
@ -68,3 +68,28 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ user_user.home }}/bin/scm-dev.sh"
|
path: "{{ user_user.home }}/bin/scm-dev.sh"
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
|
|
||||||
|
- name: General | Scripts | User | scm-local.sh
|
||||||
|
blockinfile:
|
||||||
|
path: "{{ user_user.home }}/bin/scm-local.sh"
|
||||||
|
block: |
|
||||||
|
# 20220312 - Make life easier for development! Especially when Github can't be reached.
|
||||||
|
|
||||||
|
## Variables ##
|
||||||
|
|
||||||
|
|
||||||
|
## Main ##
|
||||||
|
|
||||||
|
time sudo ansible-playbook /mnt/leet/Code/Ansible/ansible-pull/local.yml
|
||||||
|
|
||||||
|
marker: '{mark}'
|
||||||
|
marker_begin: "#!{{ bash_exec.stdout }}"
|
||||||
|
marker_end: "exit 0"
|
||||||
|
state: present
|
||||||
|
create: yes
|
||||||
|
|
||||||
|
- name: General | Scripts | User | scm-local.sh Permissions
|
||||||
|
file:
|
||||||
|
path: "{{ user_user.home }}/bin/scm-local.sh"
|
||||||
|
mode: '0755'
|
||||||
|
@ -51,6 +51,15 @@
|
|||||||
- "{{ tar }}"
|
- "{{ tar }}"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: General | Software | Packages | Install Software (DEV)
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- "{{ microcode_amd }}"
|
||||||
|
- "{{ microcode_intel }}"
|
||||||
|
state: present
|
||||||
|
when: branch == "dev"
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
- name: General | Software | Services | Install CROND (Looking at you, Fedora)
|
- name: General | Software | Services | Install CROND (Looking at you, Fedora)
|
||||||
package:
|
package:
|
||||||
name: cronie
|
name: cronie
|
||||||
@ -63,6 +72,14 @@
|
|||||||
state: present
|
state: present
|
||||||
when: ansible_distribution == "Debian"
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
|
- name: General | Software | Services | Install "Bloat" (Looking at you, Arch Base)
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- which
|
||||||
|
- cronie
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution == "Archlinux"
|
||||||
|
|
||||||
- name: General | Software | Packages | Update Software (Disabled)
|
- name: General | Software | Packages | Update Software (Disabled)
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
---
|
---
|
||||||
# Lynis hardness check.
|
# Lynis hardness check.
|
||||||
|
|
||||||
|
- name: General | Tests | Lynis | Rename Old Install
|
||||||
|
shell: mv "/usr/local/lynis" "/usr/local/src/"
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
- name: General | Tests | Lynis | Install
|
- name: General | Tests | Lynis | Install
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/CISOfy/lynis
|
repo: https://github.com/CISOfy/lynis
|
||||||
@ -24,9 +28,10 @@
|
|||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
- name: General | Tests | Lynis | Run System Audit
|
- name: General | Tests | Lynis | Run System Audit
|
||||||
shell: "{{ lynis_install_dir }}/lynis audit system --no-colors > {{ lynis_report }} 2>&1"
|
shell: "./lynis audit system --no-colors > {{ lynis_report }} 2>&1"
|
||||||
args:
|
args:
|
||||||
executable: "{{ bash_exec.stdout }}"
|
executable: "{{ bash_exec.stdout }}"
|
||||||
|
chdir: "{{ lynis_install_dir }}"
|
||||||
|
|
||||||
- name: General | Tests | Lynis | Make Report Readable
|
- name: General | Tests | Lynis | Make Report Readable
|
||||||
file:
|
file:
|
||||||
|
@ -2,6 +2,13 @@
|
|||||||
# Webserver to replace calling GitHub for projects.
|
# Webserver to replace calling GitHub for projects.
|
||||||
# https://www.howtoforge.com/how-to-install-http-git-server-with-nginx-on-debian-11/
|
# https://www.howtoforge.com/how-to-install-http-git-server-with-nginx-on-debian-11/
|
||||||
|
|
||||||
|
#TODO: Use gitweb instead??? I knew there was an easier way than apache/nginx/python stuff...
|
||||||
|
# https://git-scm.com/docs/gitweb
|
||||||
|
|
||||||
|
# Gitweb is nice but doesn;t seem like it allowes cloning.
|
||||||
|
# Need to figure out how to get git:// to work, fix SSL locally, or somehow use http local and https when external..
|
||||||
|
|
||||||
|
|
||||||
## Variables ##
|
## Variables ##
|
||||||
|
|
||||||
- name: Server | Software | HTTPS Git Server | Check Config Variables
|
- name: Server | Software | HTTPS Git Server | Check Config Variables
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
cron:
|
cron:
|
||||||
user: ansible
|
user: ansible
|
||||||
name: "Security Update"
|
name: "Security Update"
|
||||||
special_time: daily
|
special_time: weekly
|
||||||
job: "sudo freebsd-update cron -t me@hyperling.com"
|
job: "sudo freebsd-update cron -t me@hyperling.com"
|
||||||
state: present
|
state: present
|
||||||
disabled: no
|
disabled: no
|
||||||
|
@ -38,6 +38,8 @@
|
|||||||
- { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" }
|
- { app: "io.lbry.lbry-app", name: "lbry", extra: "dbus-launch" }
|
||||||
- { app: "org.signal.Signal", name: "signal", extra: "" }
|
- { app: "org.signal.Signal", name: "signal", extra: "" }
|
||||||
- { app: "io.gitlab.librewolf-community", name: "librewolf", extra: "" }
|
- { app: "io.gitlab.librewolf-community", name: "librewolf", extra: "" }
|
||||||
|
- { app: "chat.delta.desktop", name: "deltachat", extra: "" }
|
||||||
|
- { app: "im.riot.Riot", name: "element", extra: "" }
|
||||||
flatpaks_coding:
|
flatpaks_coding:
|
||||||
- { app: "com.vscodium.codium", name: "codium", extra: "" }
|
- { app: "com.vscodium.codium", name: "codium", extra: "" }
|
||||||
- { app: "com.google.AndroidStudio", name: "android-studio", extra: "" }
|
- { app: "com.google.AndroidStudio", name: "android-studio", extra: "" }
|
||||||
|
@ -167,12 +167,14 @@
|
|||||||
- name: Workstation | Account Management | GNOME | Favorites (Linux)
|
- name: Workstation | Account Management | GNOME | Favorites (Linux)
|
||||||
dconf:
|
dconf:
|
||||||
key: /org/gnome/shell/favorite-apps
|
key: /org/gnome/shell/favorite-apps
|
||||||
value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop',
|
value: "['org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop', 'org.gnome.Nautilus.desktop'
|
||||||
'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop',
|
,'io.gitlab.librewolf-community.desktop', '{{ browser }}', 'org.gnome.Evolution.desktop'
|
||||||
'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop',
|
,'chat.delta.desktop.desktop'
|
||||||
'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop',
|
,'com.vscodium.codium.desktop', 'org.shotcut.Shotcut.desktop'
|
||||||
'io.lbry.lbry-app.desktop',
|
,'org.telegram.desktop.desktop', 'com.discordapp.Discord.desktop', 'im.riot.Riot.desktop'
|
||||||
'com.valvesoftware.Steam.desktop']"
|
,'io.lbry.lbry-app.desktop'
|
||||||
|
,'com.valvesoftware.Steam.desktop'
|
||||||
|
]"
|
||||||
state: present
|
state: present
|
||||||
become_user: "{{ user }}"
|
become_user: "{{ user }}"
|
||||||
when: ansible_system == "Linux"
|
when: ansible_system == "Linux"
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
- name: Workstation | Settings | NFS | Facts (Linux)
|
- name: Workstation | Settings | NFS | Facts (Linux)
|
||||||
set_fact:
|
set_fact:
|
||||||
mount_options: defaults
|
mount_options: defaults,_netdev
|
||||||
when: ansible_system == "Linux"
|
when: ansible_system == "Linux"
|
||||||
|
|
||||||
- name: Workstation | Settings | NFS | Facts (FreeBSD)
|
- name: Workstation | Settings | NFS | Facts (FreeBSD)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user