From b269857f7df13d658db17f108fab6a28776ad21b Mon Sep 17 00:00:00 2001 From: Anthony Perkins Date: Sun, 27 Dec 2020 16:47:18 +0000 Subject: [PATCH] Add CentOS roles --- admin-cli.yml | 3 ++ admin-gui.yml | 3 ++ roles/centos/files/70-solokeys-access.rules | 19 ++++++++++++ roles/centos/tasks/main.yml | 7 +++++ roles/centos/tasks/modules.yml | 13 ++++++++ roles/centos/tasks/packages-cli.yml | 33 +++++++++++++++++++++ roles/centos/tasks/packages-gui.yml | 12 ++++++++ roles/centos/tasks/solokeys.yml | 15 ++++++++++ roles/centos/tasks/ssh.yml | 27 +++++++++++++++++ 9 files changed, 132 insertions(+) create mode 100644 roles/centos/files/70-solokeys-access.rules create mode 100644 roles/centos/tasks/main.yml create mode 100644 roles/centos/tasks/modules.yml create mode 100644 roles/centos/tasks/packages-cli.yml create mode 100644 roles/centos/tasks/packages-gui.yml create mode 100644 roles/centos/tasks/solokeys.yml create mode 100644 roles/centos/tasks/ssh.yml diff --git a/admin-cli.yml b/admin-cli.yml index e98afd9..dc35b2e 100755 --- a/admin-cli.yml +++ b/admin-cli.yml @@ -9,6 +9,9 @@ - include_role: name: arch when: ansible_distribution == 'Archlinux' + - include_role: + name: centos + when: ansible_distribution == 'CentOS' - include_role: name: debian when: ansible_distribution == 'Debian' diff --git a/admin-gui.yml b/admin-gui.yml index d7bfdb4..11baec3 100755 --- a/admin-gui.yml +++ b/admin-gui.yml @@ -8,6 +8,9 @@ - include_role: name: arch when: ansible_distribution == 'Archlinux' + - include_role: + name: centos + when: ansible_distribution == 'CentOS' - include_role: name: debian when: ansible_distribution == 'Debian' diff --git a/roles/centos/files/70-solokeys-access.rules b/roles/centos/files/70-solokeys-access.rules new file mode 100644 index 0000000..0243401 --- /dev/null +++ b/roles/centos/files/70-solokeys-access.rules @@ -0,0 +1,19 @@ +# Notify ModemManager this device should be ignored +ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end" +SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end" +ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_end" + +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1" + +LABEL="mm_usb_device_blacklist_end" + + +# Solo bootloader + firmware access +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" +SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" + +# ST DFU access +SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess" + +# U2F Zero +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess" diff --git a/roles/centos/tasks/main.yml b/roles/centos/tasks/main.yml new file mode 100644 index 0000000..7a4d7a9 --- /dev/null +++ b/roles/centos/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: modules.yml +- include: ssh.yml +- include: solokeys.yml diff --git a/roles/centos/tasks/modules.yml b/roles/centos/tasks/modules.yml new file mode 100644 index 0000000..c3e93e4 --- /dev/null +++ b/roles/centos/tasks/modules.yml @@ -0,0 +1,13 @@ +--- +- name: Blacklist pcspkr module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist pcspkr + create: yes +- name: Blacklist dvb_usb_rtl28xxu module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist dvb_usb_rtl28xxu + create: yes diff --git a/roles/centos/tasks/packages-cli.yml b/roles/centos/tasks/packages-cli.yml new file mode 100644 index 0000000..c8bec07 --- /dev/null +++ b/roles/centos/tasks/packages-cli.yml @@ -0,0 +1,33 @@ +--- +- name: Install Ansible repo + become: true + dnf: + name: centos-release-ansible-29 + state: present +- name: Install CLI packages + become: true + dnf: + name: '{{ packages }}' + state: present + vars: + packages: + - "@development" + - ansible + - aspell-en + - bc + - bind-utils + - clang + - git + - gnupg2 + - lldb + - mc + - nmap + - nodejs + - openssh-server + - python38 + - python38-psutil + - sqlite + - sudo + - tmux + - vim-enhanced + - zsh diff --git a/roles/centos/tasks/packages-gui.yml b/roles/centos/tasks/packages-gui.yml new file mode 100644 index 0000000..c8052ce --- /dev/null +++ b/roles/centos/tasks/packages-gui.yml @@ -0,0 +1,12 @@ +--- +- name: Install GUI packages + become: true + dnf: + name: '{{ packages }}' + state: present + vars: + packages: + - emacs + - git-gui + - liberation-fonts + - vim-X11 diff --git a/roles/centos/tasks/solokeys.yml b/roles/centos/tasks/solokeys.yml new file mode 100644 index 0000000..bea6284 --- /dev/null +++ b/roles/centos/tasks/solokeys.yml @@ -0,0 +1,15 @@ +--- +- name: Install solokeys udev rule + become: true + copy: + src: 70-solokeys-access.rules + dest: /etc/udev/rules.d/70-solokeys-access.rules + register: solokeys_copy +- name: Reload udevadm rules + become: true + command: udevadm control --reload-rules + when: solokeys_copy.changed +- name: Trigger udevadm + become: true + command: udevadm trigger + when: solokeys_copy.changed diff --git a/roles/centos/tasks/ssh.yml b/roles/centos/tasks/ssh.yml new file mode 100644 index 0000000..b4fca4a --- /dev/null +++ b/roles/centos/tasks/ssh.yml @@ -0,0 +1,27 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: sshd.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: sshd.service + state: restarted + when: changed_ssh_config.changed == true +- name: Allow SSH through firewall + become: true + firewalld: + service: ssh + permanent: yes + state: enabled + immediate: yes