diff --git a/admin-cli.yml b/admin-cli.yml index dc35b2e..699edd2 100755 --- a/admin-cli.yml +++ b/admin-cli.yml @@ -21,6 +21,9 @@ - include_role: name: opensuse-leap when: ansible_distribution == 'openSUSE Leap' + - include_role: + name: opensuse-tumbleweed + when: ansible_distribution == 'openSUSE Tumbleweed' - include_role: name: freebsd when: ansible_distribution == 'FreeBSD' diff --git a/admin-gui.yml b/admin-gui.yml index 11baec3..2ea161b 100755 --- a/admin-gui.yml +++ b/admin-gui.yml @@ -20,6 +20,9 @@ - include_role: name: opensuse-leap when: ansible_distribution == 'openSUSE Leap' + - include_role: + name: opensuse-tumbleweed + when: ansible_distribution == 'openSUSE Tumbleweed' - include_role: name: freebsd when: ansible_distribution == 'FreeBSD' diff --git a/roles/opensuse-tumbleweed/files/70-solokeys-access.rules b/roles/opensuse-tumbleweed/files/70-solokeys-access.rules new file mode 100644 index 0000000..0243401 --- /dev/null +++ b/roles/opensuse-tumbleweed/files/70-solokeys-access.rules @@ -0,0 +1,19 @@ +# Notify ModemManager this device should be ignored +ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end" +SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end" +ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_end" + +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1" + +LABEL="mm_usb_device_blacklist_end" + + +# Solo bootloader + firmware access +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" +SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" + +# ST DFU access +SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess" + +# U2F Zero +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess" diff --git a/roles/opensuse-tumbleweed/tasks/main.yml b/roles/opensuse-tumbleweed/tasks/main.yml new file mode 100644 index 0000000..98be231 --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: modules.yml +- include: ssh.yml + when: wsl_distro is not defined +- include: solokeys.yml + when: wsl_distro is not defined diff --git a/roles/opensuse-tumbleweed/tasks/modules.yml b/roles/opensuse-tumbleweed/tasks/modules.yml new file mode 100644 index 0000000..c3e93e4 --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/modules.yml @@ -0,0 +1,13 @@ +--- +- name: Blacklist pcspkr module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist pcspkr + create: yes +- name: Blacklist dvb_usb_rtl28xxu module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist dvb_usb_rtl28xxu + create: yes diff --git a/roles/opensuse-tumbleweed/tasks/packages-cli.yml b/roles/opensuse-tumbleweed/tasks/packages-cli.yml new file mode 100644 index 0000000..27129dc --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/packages-cli.yml @@ -0,0 +1,44 @@ +--- +# The zypper module requires python-xml on openSUSE. +- name: Install CLI patterns + become: true + zypper: + name: '{{ patterns }}' + state: present + type: pattern + vars: + patterns: + - devel_C_C++ + - devel_rpm_build +- name: Install CLI packages + become: true + zypper: + name: '{{ packages }}' + state: present + type: package + vars: + packages: + - ansible + - aspell-en + - bc + - bind-utils + - clang + - gcc-c++ + - git + - gpg2 + - libstdc++-devel + - lldb + - mc + - nmap + - nodejs10 + - onedrive + - openssh + - python-xml + - python3 + - python3-psutil + - ruby2.5-rubygem-asciidoctor + - sqlite3 + - sudo + - tmux + - vim + - zsh diff --git a/roles/opensuse-tumbleweed/tasks/packages-gui.yml b/roles/opensuse-tumbleweed/tasks/packages-gui.yml new file mode 100644 index 0000000..d6b03a7 --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/packages-gui.yml @@ -0,0 +1,16 @@ +--- +# The zypper module requires python-xml on openSUSE. +- name: Install GUI packages + become: true + zypper: + name: '{{ packages }}' + state: present + type: package + vars: + packages: + - emacs-x11 + - galculator + - git-gui + - gvim + - liberation-fonts + - remmina diff --git a/roles/opensuse-tumbleweed/tasks/solokeys.yml b/roles/opensuse-tumbleweed/tasks/solokeys.yml new file mode 100644 index 0000000..bea6284 --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/solokeys.yml @@ -0,0 +1,15 @@ +--- +- name: Install solokeys udev rule + become: true + copy: + src: 70-solokeys-access.rules + dest: /etc/udev/rules.d/70-solokeys-access.rules + register: solokeys_copy +- name: Reload udevadm rules + become: true + command: udevadm control --reload-rules + when: solokeys_copy.changed +- name: Trigger udevadm + become: true + command: udevadm trigger + when: solokeys_copy.changed diff --git a/roles/opensuse-tumbleweed/tasks/ssh.yml b/roles/opensuse-tumbleweed/tasks/ssh.yml new file mode 100644 index 0000000..81d098e --- /dev/null +++ b/roles/opensuse-tumbleweed/tasks/ssh.yml @@ -0,0 +1,29 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: sshd.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: sshd.service + state: restarted + when: changed_ssh_config.changed == true +- name: Allow SSH through firewall + become: true + firewalld: + service: ssh + permanent: yes + state: enabled + immediate: yes + vars: + ansible_python_interpreter: /usr/bin/python3