Add CentOS roles

admin-cli.yml

@@ -9,6 +9,9 @@
     - include_role:
         name: arch
       when: ansible_distribution == 'Archlinux'
+    - include_role:
+        name: centos
+      when: ansible_distribution == 'CentOS'
     - include_role:
         name: debian
       when: ansible_distribution == 'Debian'

admin-gui.yml

@@ -8,6 +8,9 @@
     - include_role:
         name: arch
       when: ansible_distribution == 'Archlinux'
+    - include_role:
+        name: centos
+      when: ansible_distribution == 'CentOS'
     - include_role:
         name: debian
       when: ansible_distribution == 'Debian'

roles/centos/files/70-solokeys-access.rules

@@ -0,0 +1,19 @@
+# Notify ModemManager this device should be ignored
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
+
+ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+
+
+# Solo bootloader + firmware access
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+
+# ST DFU access
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+# U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess"

roles/centos/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- include: packages-cli.yml
+- include: packages-gui.yml
+  when: gui == true
+- include: modules.yml
+- include: ssh.yml
+- include: solokeys.yml

roles/centos/tasks/modules.yml

@@ -0,0 +1,13 @@
+---
+- name: Blacklist pcspkr module
+  become: true
+  lineinfile:
+    path: /etc/modprobe.d/blacklist.conf
+    line: blacklist pcspkr
+    create: yes
+- name: Blacklist dvb_usb_rtl28xxu module
+  become: true
+  lineinfile:
+    path: /etc/modprobe.d/blacklist.conf
+    line: blacklist dvb_usb_rtl28xxu
+    create: yes

roles/centos/tasks/packages-cli.yml

@@ -0,0 +1,33 @@
+---
+- name: Install Ansible repo
+  become: true
+  dnf:
+    name: centos-release-ansible-29
+    state: present
+- name: Install CLI packages
+  become: true
+  dnf:
+    name: '{{ packages }}'
+    state: present
+  vars:
+    packages:
+      - "@development"
+      - ansible
+      - aspell-en
+      - bc
+      - bind-utils
+      - clang
+      - git
+      - gnupg2
+      - lldb
+      - mc
+      - nmap
+      - nodejs
+      - openssh-server
+      - python38
+      - python38-psutil
+      - sqlite
+      - sudo
+      - tmux
+      - vim-enhanced
+      - zsh

roles/centos/tasks/packages-gui.yml

@@ -0,0 +1,12 @@
+---
+- name: Install GUI packages
+  become: true
+  dnf:
+    name: '{{ packages }}'
+    state: present
+  vars:
+    packages:
+      - emacs
+      - git-gui
+      - liberation-fonts
+      - vim-X11

roles/centos/tasks/solokeys.yml

@@ -0,0 +1,15 @@
+---
+- name: Install solokeys udev rule
+  become: true
+  copy:
+    src: 70-solokeys-access.rules
+    dest: /etc/udev/rules.d/70-solokeys-access.rules
+  register: solokeys_copy
+- name: Reload udevadm rules
+  become: true
+  command: udevadm control --reload-rules
+  when: solokeys_copy.changed
+- name: Trigger udevadm
+  become: true
+  command: udevadm trigger
+  when: solokeys_copy.changed

roles/centos/tasks/ssh.yml

@@ -0,0 +1,27 @@
+---
+- name: Disable SSH passwords
+  become: true
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?\w*PasswordAuthentication (yes|no)'
+    line: 'PasswordAuthentication no'
+  register: changed_ssh_config
+- name: Enable SSH
+  become: true
+  systemd:
+    name: sshd.service
+    enabled: yes
+    state: started
+- name: Restart SSH
+  become: true
+  systemd:
+    name: sshd.service
+    state: restarted
+  when: changed_ssh_config.changed == true
+- name: Allow SSH through firewall
+  become: true
+  firewalld:
+    service: ssh
+    permanent: yes
+    state: enabled
+    immediate: yes