diff --git a/gui.yml b/gui.yml index b642db4..17a76db 100755 --- a/gui.yml +++ b/gui.yml @@ -2,12 +2,22 @@ --- - name: Setup GUI hosts: localhost + vars: + gui: true tasks: - include_role: - name: distro + name: debian + when: ansible_distribution == 'Debian' - include_role: - name: distro-gui + name: freebsd + when: ansible_distribution == 'FreeBSD' - include_role: - name: home + name: netbsd + when: ansible_distribution == 'NetBSD' + - include_role: + name: ubuntu + when: ansible_distribution == 'Ubuntu' + - include_role: + name: home-cli - include_role: name: home-gui diff --git a/main.yml b/main.yml index cf78199..e777dd3 100755 --- a/main.yml +++ b/main.yml @@ -2,8 +2,20 @@ --- - name: Setup CLI hosts: localhost + vars: + gui: false tasks: - include_role: - name: distro + name: debian + when: ansible_distribution == 'Debian' - include_role: - name: home + name: freebsd + when: ansible_distribution == 'FreeBSD' + - include_role: + name: netbsd + when: ansible_distribution == 'NetBSD' + - include_role: + name: ubuntu + when: ansible_distribution == 'Ubuntu' + - include_role: + name: home-cli diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml new file mode 100644 index 0000000..200b3c0 --- /dev/null +++ b/roles/debian/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: modules.yml +- include: ssh.yml diff --git a/roles/distro/tasks/modules.yml b/roles/debian/tasks/modules.yml similarity index 100% rename from roles/distro/tasks/modules.yml rename to roles/debian/tasks/modules.yml diff --git a/roles/distro/tasks/ubuntu.yml b/roles/debian/tasks/packages-cli.yml similarity index 93% rename from roles/distro/tasks/ubuntu.yml rename to roles/debian/tasks/packages-cli.yml index aa4c17d..7ed9173 100644 --- a/roles/distro/tasks/ubuntu.yml +++ b/roles/debian/tasks/packages-cli.yml @@ -1,5 +1,5 @@ --- -- name: Install Ubuntu CLI packages +- name: Install CLI packages become: true apt: name: '{{ packages }}' diff --git a/roles/distro-gui/tasks/debian.yml b/roles/debian/tasks/packages-gui.yml similarity index 92% rename from roles/distro-gui/tasks/debian.yml rename to roles/debian/tasks/packages-gui.yml index 89f5a91..bd3fb70 100644 --- a/roles/distro-gui/tasks/debian.yml +++ b/roles/debian/tasks/packages-gui.yml @@ -1,5 +1,5 @@ --- -- name: Install Debian GUI packages +- name: Install GUI packages become: true apt: name: '{{ packages }}' diff --git a/roles/debian/tasks/ssh.yml b/roles/debian/tasks/ssh.yml new file mode 100644 index 0000000..85b9093 --- /dev/null +++ b/roles/debian/tasks/ssh.yml @@ -0,0 +1,20 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: ssh.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: ssh.service + state: restarted + when: changed_ssh_config.changed == true diff --git a/roles/distro-gui/tasks/main.yml b/roles/distro-gui/tasks/main.yml deleted file mode 100644 index cab8681..0000000 --- a/roles/distro-gui/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- include: debian.yml - when: ansible_distribution == 'Debian' -- include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' -- include: freebsd.yml - when: ansible_distribution == 'FreeBSD' -- include: netbsd.yml - when: ansible_distribution == 'NetBSD' diff --git a/roles/distro/tasks/freebsd.yml b/roles/distro/tasks/freebsd.yml deleted file mode 100644 index 05a3edc..0000000 --- a/roles/distro/tasks/freebsd.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Install FreeBSD core CLI packages - become: true - pkgng: - name: drm-kmod en-freebsd-doc git pkg py36-ansible sudo - state: present -- name: Install FreeBSD additional CLI packages - become: true - pkgng: - name: '{{ packages }}' - state: present - vars: - packages: - - fusefs-ntfs - - gnu-watch - - gnupg - - mc - - nmap - - openvpn - - py36-psutil - - rubygem-asciidoctor - - sqlite3 - - tmux - - zsh -- name: Disable core dumps - become: true - sysctl: - name: kern.coredump - value: '0' - sysctl_set: yes -- name: Use IPv6 temporary addresses (sysctl.conf) - become: true - sysctl: - name: net.inet6.ip6.use_tempaddr - value: '1' - sysctl_set: yes -- name: Prefer IPv6 temporary addresses (sysctl.conf) - become: true - sysctl: - name: net.inet6.ip6.prefer_tempaddr - value: '1' - sysctl_set: yes -- name: Disable VT bell - become: true - sysctl: - name: kern.vt.enable_bell - value: '0' - sysctl_set: yes -- name: Enable IPv6 privacy (rc.conf) - become: true - lineinfile: - path: /etc/rc.conf - regexp: '^ipv6_privacy=.*' - line: 'ipv6_privacy="YES"' -- name: Set wlan0 arguments - become: true - lineinfile: - path: /etc/rc.conf - regexp: '^create_args_wlan0=.*' - line: 'create_args_wlan0="country GB"' -- name: Enable WPA/DHCP for wlan0 - become: true - lineinfile: - path: /etc/rc.conf - regexp: '^ifconfig_wlan0=.*' - line: 'ifconfig_wlan0="WPA SYNCDHCP"' -- name: Enable IPv6 for wlan0 - become: true - lineinfile: - path: /etc/rc.conf - regexp: '^ifconfig_wlan0_ipv6=.*' - line: 'ifconfig_wlan0_ipv6="inet6 accept_rtadv"' -- name: Enable wheel group to use sudo - become: true - lineinfile: - path: /usr/local/etc/sudoers.d/wheel - regexp: 'wheel' - line: '%wheel ALL=(ALL) ALL' - create: yes - mode: '0644' diff --git a/roles/distro/tasks/main.yml b/roles/distro/tasks/main.yml deleted file mode 100644 index 7caa732..0000000 --- a/roles/distro/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- include: debian.yml - when: ansible_distribution == 'Debian' -- include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' -- include: freebsd.yml - when: ansible_distribution == 'FreeBSD' -- include: netbsd.yml - when: ansible_distribution == 'NetBSD' -- include: modules.yml - when: ansible_system == 'Linux' -- include: ssh.yml diff --git a/roles/distro/tasks/ssh.yml b/roles/distro/tasks/ssh.yml deleted file mode 100644 index e831a56..0000000 --- a/roles/distro/tasks/ssh.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Disable SSH passwords - become: true - lineinfile: - path: /etc/ssh/sshd_config - regexp: '^#?\w*PasswordAuthentication (yes|no)' - line: 'PasswordAuthentication no' - register: changed_ssh_config -- name: Enable SSH (Linux) - become: true - systemd: - name: ssh.service - enabled: yes - state: started - when: ansible_system == 'Linux' -- name: Enable SSH (FreeBSD) - become: true - service: - name: sshd - enabled: yes - state: started - when: ansible_system == 'FreeBSD' -- name: Restart SSH (Linux) - become: true - systemd: - name: ssh.service - state: restarted - when: changed_ssh_config.changed == true and ansible_system == 'Linux' -- name: Restart SSH (FreeBSD) - become: true - service: - name: sshd - state: restarted - when: changed_ssh_config.changed == true and ansible_system == 'FreeBSD' diff --git a/roles/distro-gui/files/keyboard-gb.conf b/roles/freebsd/files/keyboard-gb.conf similarity index 100% rename from roles/distro-gui/files/keyboard-gb.conf rename to roles/freebsd/files/keyboard-gb.conf diff --git a/roles/freebsd/tasks/main.yml b/roles/freebsd/tasks/main.yml new file mode 100644 index 0000000..16b9fec --- /dev/null +++ b/roles/freebsd/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: rc.yml +- include: sysctl.yml +- include: sudo.yml +- include: ssh.yml +- include: xorg.yml + when: gui == true diff --git a/roles/freebsd/tasks/packages-cli.yml b/roles/freebsd/tasks/packages-cli.yml new file mode 100644 index 0000000..811f3ea --- /dev/null +++ b/roles/freebsd/tasks/packages-cli.yml @@ -0,0 +1,24 @@ +--- +- name: Install core CLI packages + become: true + pkgng: + name: drm-kmod en-freebsd-doc git pkg py36-ansible sudo + state: present +- name: Install additional CLI packages + become: true + pkgng: + name: '{{ packages }}' + state: present + vars: + packages: + - fusefs-ntfs + - gnu-watch + - gnupg + - mc + - nmap + - openvpn + - py36-psutil + - rubygem-asciidoctor + - sqlite3 + - tmux + - zsh diff --git a/roles/distro-gui/tasks/freebsd.yml b/roles/freebsd/tasks/packages-gui.yml similarity index 50% rename from roles/distro-gui/tasks/freebsd.yml rename to roles/freebsd/tasks/packages-gui.yml index 602898c..3cd11b9 100644 --- a/roles/distro-gui/tasks/freebsd.yml +++ b/roles/freebsd/tasks/packages-gui.yml @@ -1,10 +1,10 @@ --- -- name: Install FreeBSD core GUI packages +- name: Install core GUI packages become: true pkgng: name: drm-kmod mate xdm xorg xterm state: present -- name: Install FreeBSD additional GUI packages +- name: Install additional GUI packages become: true pkgng: name: '{{ packages }}' @@ -29,20 +29,3 @@ - seahorse - vim - xinput -- name: Start DBUS service - become: true - service: - name: dbus - state: started - enabled: yes -- name: Enable XDM - become: true - lineinfile: - path: /etc/ttys - regexp: '^ttyv8\s.*' - line: 'ttyv8 "/usr/local/bin/xdm -nodaemon" xterm on secure' -- name: Set xorg keyboard layout - become: true - copy: - src: keyboard-gb.conf - dest: /usr/local/etc/X11/xorg.conf.d/keyboard-gb.conf diff --git a/roles/freebsd/tasks/rc.yml b/roles/freebsd/tasks/rc.yml new file mode 100644 index 0000000..66bf931 --- /dev/null +++ b/roles/freebsd/tasks/rc.yml @@ -0,0 +1,25 @@ +--- +- name: Enable IPv6 privacy + become: true + lineinfile: + path: /etc/rc.conf + regexp: '^ipv6_privacy=.*' + line: 'ipv6_privacy="YES"' +- name: Set wlan0 arguments + become: true + lineinfile: + path: /etc/rc.conf + regexp: '^create_args_wlan0=.*' + line: 'create_args_wlan0="country GB"' +- name: Enable WPA/DHCP for wlan0 + become: true + lineinfile: + path: /etc/rc.conf + regexp: '^ifconfig_wlan0=.*' + line: 'ifconfig_wlan0="WPA SYNCDHCP"' +- name: Enable IPv6 for wlan0 + become: true + lineinfile: + path: /etc/rc.conf + regexp: '^ifconfig_wlan0_ipv6=.*' + line: 'ifconfig_wlan0_ipv6="inet6 accept_rtadv"' diff --git a/roles/freebsd/tasks/ssh.yml b/roles/freebsd/tasks/ssh.yml new file mode 100644 index 0000000..c71f872 --- /dev/null +++ b/roles/freebsd/tasks/ssh.yml @@ -0,0 +1,20 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + service: + name: sshd + enabled: yes + state: started +- name: Restart SSH + become: true + service: + name: sshd + state: restarted + when: changed_ssh_config.changed == true diff --git a/roles/freebsd/tasks/sudo.yml b/roles/freebsd/tasks/sudo.yml new file mode 100644 index 0000000..731464c --- /dev/null +++ b/roles/freebsd/tasks/sudo.yml @@ -0,0 +1,9 @@ +--- +- name: Enable wheel group to use sudo + become: true + lineinfile: + path: /usr/local/etc/sudoers.d/wheel + regexp: 'wheel' + line: '%wheel ALL=(ALL) ALL' + create: yes + mode: '0644' diff --git a/roles/freebsd/tasks/sysctl.yml b/roles/freebsd/tasks/sysctl.yml new file mode 100644 index 0000000..9e2fa65 --- /dev/null +++ b/roles/freebsd/tasks/sysctl.yml @@ -0,0 +1,25 @@ +--- +- name: Disable core dumps + become: true + sysctl: + name: kern.coredump + value: '0' + sysctl_set: yes +- name: Use IPv6 temporary addresses + become: true + sysctl: + name: net.inet6.ip6.use_tempaddr + value: '1' + sysctl_set: yes +- name: Prefer IPv6 temporary addresses + become: true + sysctl: + name: net.inet6.ip6.prefer_tempaddr + value: '1' + sysctl_set: yes +- name: Disable VT bell + become: true + sysctl: + name: kern.vt.enable_bell + value: '0' + sysctl_set: yes diff --git a/roles/freebsd/tasks/xorg.yml b/roles/freebsd/tasks/xorg.yml new file mode 100644 index 0000000..a0a7684 --- /dev/null +++ b/roles/freebsd/tasks/xorg.yml @@ -0,0 +1,18 @@ +--- +- name: Start DBUS service + become: true + service: + name: dbus + state: started + enabled: yes +- name: Enable XDM + become: true + lineinfile: + path: /etc/ttys + regexp: '^ttyv8\s.*' + line: 'ttyv8 "/usr/local/bin/xdm -nodaemon" xterm on secure' +- name: Set xorg keyboard layout + become: true + copy: + src: keyboard-gb.conf + dest: /usr/local/etc/X11/xorg.conf.d/keyboard-gb.conf diff --git a/roles/home/files/Xresources b/roles/home-cli/files/Xresources similarity index 100% rename from roles/home/files/Xresources rename to roles/home-cli/files/Xresources diff --git a/roles/home/files/bash_profile b/roles/home-cli/files/bash_profile similarity index 100% rename from roles/home/files/bash_profile rename to roles/home-cli/files/bash_profile diff --git a/roles/home/files/bashrc b/roles/home-cli/files/bashrc similarity index 100% rename from roles/home/files/bashrc rename to roles/home-cli/files/bashrc diff --git a/roles/home/files/gitconfig b/roles/home-cli/files/gitconfig similarity index 100% rename from roles/home/files/gitconfig rename to roles/home-cli/files/gitconfig diff --git a/roles/home/files/hushlogin b/roles/home-cli/files/hushlogin similarity index 100% rename from roles/home/files/hushlogin rename to roles/home-cli/files/hushlogin diff --git a/roles/home/files/inputrc b/roles/home-cli/files/inputrc similarity index 100% rename from roles/home/files/inputrc rename to roles/home-cli/files/inputrc diff --git a/roles/home/files/openpgp.asc b/roles/home-cli/files/openpgp.asc similarity index 100% rename from roles/home/files/openpgp.asc rename to roles/home-cli/files/openpgp.asc diff --git a/roles/home/files/profile b/roles/home-cli/files/profile similarity index 100% rename from roles/home/files/profile rename to roles/home-cli/files/profile diff --git a/roles/home/files/shrc b/roles/home-cli/files/shrc similarity index 100% rename from roles/home/files/shrc rename to roles/home-cli/files/shrc diff --git a/roles/home/files/tmux.conf b/roles/home-cli/files/tmux.conf similarity index 100% rename from roles/home/files/tmux.conf rename to roles/home-cli/files/tmux.conf diff --git a/roles/home/files/zshrc b/roles/home-cli/files/zshrc similarity index 100% rename from roles/home/files/zshrc rename to roles/home-cli/files/zshrc diff --git a/roles/home/tasks/dirs.yml b/roles/home-cli/tasks/dirs.yml similarity index 100% rename from roles/home/tasks/dirs.yml rename to roles/home-cli/tasks/dirs.yml diff --git a/roles/home/tasks/dotfiles.yml b/roles/home-cli/tasks/dotfiles.yml similarity index 100% rename from roles/home/tasks/dotfiles.yml rename to roles/home-cli/tasks/dotfiles.yml diff --git a/roles/home/tasks/main.yml b/roles/home-cli/tasks/main.yml similarity index 100% rename from roles/home/tasks/main.yml rename to roles/home-cli/tasks/main.yml diff --git a/roles/home/tasks/shell.yml b/roles/home-cli/tasks/shell.yml similarity index 100% rename from roles/home/tasks/shell.yml rename to roles/home-cli/tasks/shell.yml diff --git a/roles/home/tasks/ssh-authorized-keys.yml b/roles/home-cli/tasks/ssh-authorized-keys.yml similarity index 100% rename from roles/home/tasks/ssh-authorized-keys.yml rename to roles/home-cli/tasks/ssh-authorized-keys.yml diff --git a/roles/home/tasks/vim.yml b/roles/home-cli/tasks/vim.yml similarity index 100% rename from roles/home/tasks/vim.yml rename to roles/home-cli/tasks/vim.yml diff --git a/roles/netbsd/tasks/main.yml b/roles/netbsd/tasks/main.yml new file mode 100644 index 0000000..530e518 --- /dev/null +++ b/roles/netbsd/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: sudo.yml +- include: xorg.yml diff --git a/roles/distro/tasks/netbsd.yml b/roles/netbsd/tasks/packages-cli.yml similarity index 58% rename from roles/distro/tasks/netbsd.yml rename to roles/netbsd/tasks/packages-cli.yml index dd5680e..0407f85 100644 --- a/roles/distro/tasks/netbsd.yml +++ b/roles/netbsd/tasks/packages-cli.yml @@ -6,16 +6,8 @@ regexp: '^CHECK_OSABI=' line: 'CHECK_OSABI=no' create: yes -- name: Install NetBSD CLI packages +- name: Install CLI packages become: true pkgin: name: git,gnupg2,mc,mozilla-rootcerts-openssl,nmap,openvpn,pkgin,py37-pip,python37,sqlite3,sudo,tmux,zsh state: present -- name: Enable wheel group to use sudo - become: true - lineinfile: - path: /usr/pkg/etc/sudoers.d/wheel - regexp: 'wheel' - line: '%wheel ALL=(ALL) ALL' - create: yes - mode: '0644' diff --git a/roles/netbsd/tasks/packages-gui.yml b/roles/netbsd/tasks/packages-gui.yml new file mode 100644 index 0000000..0613895 --- /dev/null +++ b/roles/netbsd/tasks/packages-gui.yml @@ -0,0 +1,6 @@ +--- +- name: Install GUI packages + become: true + pkgin: + name: adwaita-icon-theme,atril,firefox,fvwm,liberation-ttf,mate-terminal,rxvt-unicode,vim-gtk3,xlockmore-lite + state: present diff --git a/roles/netbsd/tasks/sudo.yml b/roles/netbsd/tasks/sudo.yml new file mode 100644 index 0000000..a0d7122 --- /dev/null +++ b/roles/netbsd/tasks/sudo.yml @@ -0,0 +1,9 @@ +--- +- name: Enable wheel group to use sudo + become: true + lineinfile: + path: /usr/pkg/etc/sudoers.d/wheel + regexp: 'wheel' + line: '%wheel ALL=(ALL) ALL' + create: yes + mode: '0644' diff --git a/roles/distro-gui/tasks/netbsd.yml b/roles/netbsd/tasks/xorg.yml similarity index 70% rename from roles/distro-gui/tasks/netbsd.yml rename to roles/netbsd/tasks/xorg.yml index d8344eb..0b8d33a 100644 --- a/roles/distro-gui/tasks/netbsd.yml +++ b/roles/netbsd/tasks/xorg.yml @@ -1,9 +1,4 @@ --- -- name: Install NetBSD GUI packages - become: true - pkgin: - name: adwaita-icon-theme,atril,firefox,fvwm,liberation-ttf,mate-terminal,rxvt-unicode,vim-gtk3,xlockmore-lite - state: present - name: Enable xdm become: true lineinfile: diff --git a/roles/ubuntu/tasks/main.yml b/roles/ubuntu/tasks/main.yml new file mode 100644 index 0000000..200b3c0 --- /dev/null +++ b/roles/ubuntu/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: modules.yml +- include: ssh.yml diff --git a/roles/ubuntu/tasks/modules.yml b/roles/ubuntu/tasks/modules.yml new file mode 100644 index 0000000..c3e93e4 --- /dev/null +++ b/roles/ubuntu/tasks/modules.yml @@ -0,0 +1,13 @@ +--- +- name: Blacklist pcspkr module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist pcspkr + create: yes +- name: Blacklist dvb_usb_rtl28xxu module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist dvb_usb_rtl28xxu + create: yes diff --git a/roles/distro/tasks/debian.yml b/roles/ubuntu/tasks/packages-cli.yml similarity index 93% rename from roles/distro/tasks/debian.yml rename to roles/ubuntu/tasks/packages-cli.yml index 0f8a5b7..7ed9173 100644 --- a/roles/distro/tasks/debian.yml +++ b/roles/ubuntu/tasks/packages-cli.yml @@ -1,5 +1,5 @@ --- -- name: Install Debian CLI packages +- name: Install CLI packages become: true apt: name: '{{ packages }}' diff --git a/roles/distro-gui/tasks/ubuntu.yml b/roles/ubuntu/tasks/packages-gui.yml similarity index 91% rename from roles/distro-gui/tasks/ubuntu.yml rename to roles/ubuntu/tasks/packages-gui.yml index fbf66f0..0298d98 100644 --- a/roles/distro-gui/tasks/ubuntu.yml +++ b/roles/ubuntu/tasks/packages-gui.yml @@ -1,5 +1,5 @@ --- -- name: Install Ubuntu GUI packages +- name: Install GUI packages become: true apt: name: '{{ packages }}' diff --git a/roles/ubuntu/tasks/ssh.yml b/roles/ubuntu/tasks/ssh.yml new file mode 100644 index 0000000..85b9093 --- /dev/null +++ b/roles/ubuntu/tasks/ssh.yml @@ -0,0 +1,20 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: ssh.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: ssh.service + state: restarted + when: changed_ssh_config.changed == true