Compare commits
9 commits
chore/rena
...
main
Author | SHA1 | Date | |
---|---|---|---|
ab5c374990 | |||
4960068555 | |||
da9662533a | |||
ab83e7c30c | |||
7d8d187e97 | |||
f5335e0f0c | |||
4ca89d7641 | |||
a79bfb5551 | |||
fb94b38a57 |
24 changed files with 64 additions and 110 deletions
|
@ -1,5 +1,8 @@
|
||||||
certbot_email: "{{ vault_certbot_email }}"
|
certbot_email: "{{ vault_certbot_email }}"
|
||||||
|
|
||||||
|
cockpit_2fa: true
|
||||||
|
cockpit_has_reverse_proxy: true
|
||||||
|
|
||||||
host_fqdn: "{{ vault_host_fqdn }}"
|
host_fqdn: "{{ vault_host_fqdn }}"
|
||||||
|
|
||||||
porkbun_apikey: "{{ vault_porkbun_apikey }}"
|
porkbun_apikey: "{{ vault_porkbun_apikey }}"
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
- role: os_el
|
- role: os_el
|
||||||
become: true
|
become: true
|
||||||
when: ansible_distribution in [ "AlmaLinux", "CentOS" ]
|
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Rocky" ]
|
||||||
|
|
||||||
# Upgrade all packages and install the basic-bitch ones
|
# Upgrade all packages and install the basic-bitch ones
|
||||||
- role: base_system
|
- role: base_system
|
||||||
|
|
|
@ -4,16 +4,16 @@
|
||||||
name: "*"
|
name: "*"
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
when: ansible_distribution in [ "Debian", "Ubuntu" ]
|
when: ansible_facts.pkg_mgr == "apt"
|
||||||
|
|
||||||
- name: Upgrade all packages with ‹dnf›
|
- name: Upgrade all packages with ‹dnf›
|
||||||
ansible.builtin.dnf:
|
ansible.builtin.dnf:
|
||||||
name: "*"
|
name: "*"
|
||||||
state: latest
|
state: latest
|
||||||
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
|
when: ansible_facts.pkg_mgr.startswith("dnf")
|
||||||
|
|
||||||
- name: Upgrade all packages with ‹zypper›
|
- name: Upgrade all packages with ‹zypper›
|
||||||
community.general.zypper:
|
community.general.zypper:
|
||||||
name: "*"
|
name: "*"
|
||||||
state: latest
|
state: latest
|
||||||
when: "'openSUSE' in ansible_distribution"
|
when: ansible_facts.pkg_mgr == "zypper"
|
||||||
|
|
|
@ -3,3 +3,9 @@
|
||||||
# reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
|
# reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
|
||||||
# and checks for SSL/TLS connections)
|
# and checks for SSL/TLS connections)
|
||||||
cockpit_has_reverse_proxy: false
|
cockpit_has_reverse_proxy: false
|
||||||
|
|
||||||
|
# Boolean variable that denotes whether to install dependencies for 2FA auth
|
||||||
|
# to Cockpit (Google Authenticator and QR encoding utilities for enrolling the
|
||||||
|
# OTP), also installs the rule to the ‹pam.d› so that the 2FA is required for
|
||||||
|
# logging in to the Cockpit.
|
||||||
|
cockpit_2fa: false
|
||||||
|
|
|
@ -3,3 +3,11 @@
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name: cockpit
|
name: cockpit
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Install deps for 2FA in Cockpit
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- google-authenticator
|
||||||
|
- qrencode-libs
|
||||||
|
state: present
|
||||||
|
when: cockpit_2fa
|
||||||
|
|
|
@ -12,6 +12,16 @@
|
||||||
group: root
|
group: root
|
||||||
when: cockpit_has_reverse_proxy
|
when: cockpit_has_reverse_proxy
|
||||||
|
|
||||||
|
- name: Require 2FA for logging into the Cockpit
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
line: auth required pam_google_authenticator.so nullok
|
||||||
|
path: /etc/pam.d/cockpit
|
||||||
|
create: true
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
when: cockpit_2fa
|
||||||
|
|
||||||
- name: Enable cockpit
|
- name: Enable cockpit
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: "cockpit.socket"
|
name: "cockpit.socket"
|
||||||
|
|
1
roles/editor_helix/tasks/install_Rocky.yml
Symbolic link
1
roles/editor_helix/tasks/install_Rocky.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_fedora-family.yml
|
|
@ -1,11 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: Enable the Copr
|
|
||||||
community.general.copr:
|
|
||||||
name: varlad/helix
|
|
||||||
state: enabled
|
|
||||||
when: ansible_distribution not in ("AlmaLinux")
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install the Helix
|
- name: Install the Helix
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name: helix
|
name: helix
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
[Desktop Entry]
|
|
||||||
Name=Visual Studio Code - URL Handler
|
|
||||||
Comment=Code Editing. Redefined.
|
|
||||||
GenericName=Text Editor
|
|
||||||
Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --open-url %U
|
|
||||||
Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
|
|
||||||
Type=Application
|
|
||||||
NoDisplay=true
|
|
||||||
StartupNotify=true
|
|
||||||
Categories=Utility;TextEditor;Development;IDE;
|
|
||||||
MimeType=x-scheme-handler/vscode-insiders;
|
|
||||||
Keywords=vscode;
|
|
|
@ -1,18 +0,0 @@
|
||||||
[Desktop Entry]
|
|
||||||
Name=Visual Studio Code Insiders
|
|
||||||
Comment=Code Editing. Refined.
|
|
||||||
GenericName=Text Editor
|
|
||||||
Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --unity-launch %F
|
|
||||||
Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
|
|
||||||
Type=Application
|
|
||||||
StartupNotify=false
|
|
||||||
StartupWMClass=code - insiders
|
|
||||||
Categories=Utility;TextEditor;Development;IDE;
|
|
||||||
MimeType=text/plain;inode/directory;
|
|
||||||
Actions=new-empty-window;
|
|
||||||
Keywords=vscode;
|
|
||||||
|
|
||||||
[Desktop Action new-empty-window]
|
|
||||||
Name=New Empty Window
|
|
||||||
Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --new-window %F
|
|
||||||
Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
|
|
|
@ -1,31 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# for upstream
|
|
||||||
URL='https://code.visualstudio.com/sha/download?build=insider&os=linux-x64'
|
|
||||||
|
|
||||||
# for local
|
|
||||||
# URL='https://maxwell.mfocko.xyz/code-insiders.tar.gz'
|
|
||||||
|
|
||||||
# for local over VPN (also use --no-check-certificate)
|
|
||||||
# URL='https://172.16.0.2/code-insiders.tar.gz'
|
|
||||||
|
|
||||||
echo ">>> Downloading";
|
|
||||||
wget $URL -O /tmp/code.tar.gz
|
|
||||||
|
|
||||||
echo ">>> Removing and extracting";
|
|
||||||
rm -rf /opt/VSCode-linux-x64
|
|
||||||
tar xvaf /tmp/code.tar.gz -C /opt/
|
|
||||||
|
|
||||||
# Check for binaries
|
|
||||||
if ! [ -x /usr/local/bin/code-insiders ]; then
|
|
||||||
echo ">>> Linking binaries";
|
|
||||||
ln -s /opt/VSCode-linux-x64/bin/code-insiders /usr/local/bin/
|
|
||||||
ln -s /opt/VSCode-linux-x64/bin/code-insiders /usr/local/bin/code
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check for *.desktop
|
|
||||||
if ! ls /usr/share/applications | grep visual-studio-code; then
|
|
||||||
echo ">>> Installing desktop files";
|
|
||||||
PATH_TO_APPS=/home/mfocko/.local/share/visual-studio-code-insiders
|
|
||||||
sudo cp $PATH_TO_APPS{,-url-handler}.desktop /usr/share/applications/;
|
|
||||||
fi
|
|
1
roles/editor_vscode/tasks/install_AlmaLinux.yml
Symbolic link
1
roles/editor_vscode/tasks/install_AlmaLinux.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_rhel.yml
|
1
roles/editor_vscode/tasks/install_CentOS.yml
Symbolic link
1
roles/editor_vscode/tasks/install_CentOS.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_rhel.yml
|
1
roles/editor_vscode/tasks/install_Fedora.yml
Symbolic link
1
roles/editor_vscode/tasks/install_Fedora.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_rhel.yml
|
1
roles/editor_vscode/tasks/install_Rocky.yml
Symbolic link
1
roles/editor_vscode/tasks/install_Rocky.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_rhel.yml
|
12
roles/editor_vscode/tasks/install_rhel.yml
Normal file
12
roles/editor_vscode/tasks/install_rhel.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Resolve URL to the VSCode RPM
|
||||||
|
ansible.builtin.uri:
|
||||||
|
url: https://code.visualstudio.com/sha/download?build=insider&os=linux-rpm-x64
|
||||||
|
register: _vscode_rpm_response
|
||||||
|
|
||||||
|
- name: Install VSCode via RPM
|
||||||
|
ansible.builtin.dnf:
|
||||||
|
name: "{{ _vscode_rpm_response.url }}"
|
||||||
|
disable_gpg_check: true
|
||||||
|
state: present
|
||||||
|
become: true
|
|
@ -1,28 +1,13 @@
|
||||||
---
|
---
|
||||||
|
- name: Install VSCode
|
||||||
|
ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml"
|
||||||
|
tags: install
|
||||||
|
|
||||||
- name: Create directories for VSCode
|
- name: Create directories for VSCode
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "$HOME/.config/Code - Insiders/User"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0740
|
mode: 0740
|
||||||
loop:
|
|
||||||
- ~/.local/bin
|
|
||||||
- ~/.local/share
|
|
||||||
- "$HOME/.config/Code - Insiders/User"
|
|
||||||
|
|
||||||
- name: Install VSCode script
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: files/update.sh
|
|
||||||
dest: ~/.local/bin/code-update.sh
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Create app info for VSCode
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: files/code{{ item }}.desktop
|
|
||||||
dest: ~/.local/share/applications/visual-studio-code-insiders{{ item }}.desktop
|
|
||||||
mode: 0640
|
|
||||||
loop:
|
|
||||||
- ""
|
|
||||||
- "-url-handler"
|
|
||||||
|
|
||||||
- name: Install VSCode configuration
|
- name: Install VSCode configuration
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
|
@ -32,11 +17,3 @@
|
||||||
loop:
|
loop:
|
||||||
- settings
|
- settings
|
||||||
- keybindings
|
- keybindings
|
||||||
|
|
||||||
- name: Install VSCode
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: bash /home/{{ target_user }}/.local/bin/code-update.sh
|
|
||||||
creates: /opt/VSCode-linux-x64
|
|
||||||
become: true
|
|
||||||
when: false
|
|
||||||
tags: install
|
|
||||||
|
|
1
roles/secrets_hcv/tasks/install_Rocky.yml
Symbolic link
1
roles/secrets_hcv/tasks/install_Rocky.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_el.yml
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: Install HC Vault via package manager
|
- name: Install HC Vault via package manager
|
||||||
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
|
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Rocky", "Ubuntu"]
|
||||||
tags: install
|
tags: install
|
||||||
block:
|
block:
|
||||||
- name: Enable repository
|
- name: Enable repository
|
||||||
|
|
|
@ -34,4 +34,4 @@
|
||||||
name: yad
|
name: yad
|
||||||
state: present
|
state: present
|
||||||
become: true
|
become: true
|
||||||
when: 'ansible_distribution not in [ "AlmaLinux" ] and "openSUSE" not in ansible_distribution'
|
when: 'ansible_distribution not in [ "AlmaLinux", "Rocky" ] and "openSUSE" not in ansible_distribution'
|
||||||
|
|
|
@ -55,4 +55,4 @@
|
||||||
|
|
||||||
- name: Set trusted CA
|
- name: Set trusted CA
|
||||||
ansible.builtin.include_tasks: trusted_ca.yml
|
ansible.builtin.include_tasks: trusted_ca.yml
|
||||||
when: sshd_auth_trusted_ca
|
when: ssh_server_auth_trusted_ca
|
||||||
|
|
|
@ -16,5 +16,5 @@
|
||||||
|
|
||||||
- name: Set key/pair facts
|
- name: Set key/pair facts
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
wg_private_key: _generated_private_key.stdout
|
wg_private_key: "{{ _generated_private_key.stdout }}"
|
||||||
wg_public_key: _derived_public_key.stdout
|
wg_public_key: "{{ _derived_public_key.stdout }}"
|
||||||
|
|
|
@ -6,11 +6,11 @@
|
||||||
- name: Check for existence of private key
|
- name: Check for existence of private key
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: /etc/wireguard/private.key
|
path: /etc/wireguard/private.key
|
||||||
register: _private_key_stat
|
register: _private_key
|
||||||
|
|
||||||
- name: Generate keypair
|
- name: Generate keypair
|
||||||
ansible.builtin.include_tasks: tasks/generate_keypair.yml
|
ansible.builtin.include_tasks: tasks/generate_keypair.yml
|
||||||
when: not _private_key_stat.exists
|
when: not _private_key.stat.exists
|
||||||
|
|
||||||
- name: Save private key
|
- name: Save private key
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
mode: 0700
|
mode: 0700
|
||||||
vars:
|
vars:
|
||||||
key: "{{ wg_private_key }}"
|
key: "{{ wg_private_key }}"
|
||||||
when: not _private_key_stat.exists
|
when: not _private_key.stat.exists
|
||||||
|
|
||||||
- name: Save public key
|
- name: Save public key
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
mode: 0700
|
mode: 0700
|
||||||
vars:
|
vars:
|
||||||
key: "{{ wg_public_key }}"
|
key: "{{ wg_public_key }}"
|
||||||
when: not _private_key_stat.exists
|
when: not _private_key.stat.exists
|
||||||
|
|
||||||
- name: Set dns_command for co-openSUSE
|
- name: Set dns_command for co-openSUSE
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name: pam_yubico
|
name: pam_yubico
|
||||||
state: present
|
state: present
|
||||||
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
|
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Rocky" ]
|
||||||
|
|
||||||
- name: Enable PPA on Ubuntu
|
- name: Enable PPA on Ubuntu
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
|
|
Loading…
Reference in a new issue