Disroot-Ansible
/
base
10
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

initial commit

This commit is contained in:
muppeth 2023-05-01 11:12:23 +02:00
parent 388fa9174f
commit c997368470
Signed by: muppeth
GPG Key ID: 0EBC7B9848D04031
22 changed files with 1158 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -1,3 +1,16 @@
# base
# Basic role
Simple role to deploy some basics
This role sets up defaults we use across all newly created containers. It preconfigures various things as well as install few basic packages etc.
example playbook:
```
---
- hosts: all
roles:
- base
```
All configurable variables reside in `defaults/main.yml`. If you wish to modify them per host, add them to your `/etc/ansible/host_vars/yourhostname.yml` of for group of hosts in `/etc/ansible/group_vars/yourgroup/main.yml` etc.

48
defaults/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
base_extra_path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt'
ssh_permit_root: 'yes'
ssh_port: '22'
ssh_agent_forwarding: 'no'
ssh_authkey_file: '/etc/ssh/authorized_keys/%u'
bash_prompt_color: 'Green'
deploy_hosts_file: 'false'
base_apt_list:
- htop
- vim
- file
- cron
- mc
- git
- ca-certificates
- apt-transport-https
- sudo
- rsync
- dialog
- systemd
- systemd-sysv
- dirmngr
base_ssh_authkey:
- user: 'user1'
key: 'key1 - user1'
- user: 'user2'
key: 'key2 - user2'
base_ssh_user_config:
- config_path: '/root/.ssh/config'
setting: 'Host example.com'
options:
- 'IdentityFile ~/.ssh/key'
- 'User user'
base_journald_conf: 'true'
base_journald_items:
- name: 'SystemMaxUse'
value: '100M'
- name: 'Compress'
value: 'yes'
#shouter
base_shouter_jid: 'user@example.org'
base_shouter_server: 'example.org'
base_shouter_resource: 'my bot'
base_shouter_pwd: 'changeme'
base_shouter_muc: 'my_room@chat.example.org'
#dialogrc
base_dialogrc: 'false'

1
files/99force-ipv4 Normal file
View File

@ -0,0 +1 @@
Acquire::ForceIPv4 "true";

118
files/bash.bashrc Normal file
View File

@ -0,0 +1,118 @@
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt"
genpasswd() {
local l=$1
[ "$l" == "" ] && l=16
tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?=' < /dev/urandom | head -c ${l} | xargs
}
source /usr/share/git/completion/git-prompt.sh
HOSTNAME=`/bin/hostname -A`
# Customize BASH PS1 prompt to show current GIT repository and branch.
# by Mike Stewart - http://MediaDoneRight.com
# SETUP CONSTANTS
# Bunch-o-predefined colors. Makes reading code easier than escape sequences.
# I don't remember where I found this. o_O
# Reset
Color_Off="\[\033[0m\]" # Text Reset
# Regular Colors
Black="\[\033[0;30m\]" # Black
Red="\[\033[0;31m\]" # Red
Green="\[\033[0;32m\]" # Green
Yellow="\[\033[0;33m\]" # Yellow
Blue="\[\033[0;34m\]" # Blue
Purple="\[\033[0;35m\]" # Purple
Cyan="\[\033[0;36m\]" # Cyan
White="\[\033[0;37m\]" # White
# Bold
BBlack="\[\033[1;30m\]" # Black
BRed="\[\033[1;31m\]" # Red
BGreen="\[\033[1;32m\]" # Green
BYellow="\[\033[1;33m\]" # Yellow
BBlue="\[\033[1;34m\]" # Blue
BPurple="\[\033[1;35m\]" # Purple
BCyan="\[\033[1;36m\]" # Cyan
BWhite="\[\033[1;37m\]" # White
# Underline
UBlack="\[\033[4;30m\]" # Black
URed="\[\033[4;31m\]" # Red
UGreen="\[\033[4;32m\]" # Green
UYellow="\[\033[4;33m\]" # Yellow
UBlue="\[\033[4;34m\]" # Blue
UPurple="\[\033[4;35m\]" # Purple
UCyan="\[\033[4;36m\]" # Cyan
UWhite="\[\033[4;37m\]" # White
# Background
On_Black="\[\033[40m\]" # Black
On_Red="\[\033[41m\]" # Red
On_Green="\[\033[42m\]" # Green
On_Yellow="\[\033[43m\]" # Yellow
On_Blue="\[\033[44m\]" # Blue
On_Purple="\[\033[45m\]" # Purple
On_Cyan="\[\033[46m\]" # Cyan
On_White="\[\033[47m\]" # White
# High Intensty
IBlack="\[\033[0;90m\]" # Black
IRed="\[\033[0;91m\]" # Red
IGreen="\[\033[0;92m\]" # Green
IYellow="\[\033[0;93m\]" # Yellow
IBlue="\[\033[0;94m\]" # Blue
IPurple="\[\033[0;95m\]" # Purple
ICyan="\[\033[0;96m\]" # Cyan
IWhite="\[\033[0;97m\]" # White
# Bold High Intensty
BIBlack="\[\033[1;90m\]" # Black
BIRed="\[\033[1;91m\]" # Red
BIGreen="\[\033[1;92m\]" # Green
BIYellow="\[\033[1;93m\]" # Yellow
BIBlue="\[\033[1;94m\]" # Blue
BIPurple="\[\033[1;95m\]" # Purple
BICyan="\[\033[1;96m\]" # Cyan
BIWhite="\[\033[1;97m\]" # White
# High Intensty backgrounds
On_IBlack="\[\033[0;100m\]" # Black
On_IRed="\[\033[0;101m\]" # Red
On_IGreen="\[\033[0;102m\]" # Green
On_IYellow="\[\033[0;103m\]" # Yellow
On_IBlue="\[\033[0;104m\]" # Blue
On_IPurple="\[\033[10;95m\]" # Purple
On_ICyan="\[\033[0;106m\]" # Cyan
On_IWhite="\[\033[0;107m\]" # White
# Various variables you might want for your PS1 prompt instead
Time12h="\T"
Time12a="\@"
PathShort="\w"
PathFull="\W"
NewLine="\n"
Jobs="\j"
# This PS1 snippet was adopted from code for MAC/BSD I saw from: http://allancraig.net/index.php? option=com_content&view=article&id=108:ps1-export-command-for-git&catid=45:general&Itemid=96
# I tweaked it to work on UBUNTU 11.04 & 11.10 plus made it mo' better
export PS1=$Color_Off'<'$__COLOR__$HOSTNAME$Color_Off'>'$IBlack$Color_Off'$(git branch &>/dev/null;\
if [ $? -eq 0 ]; then \
echo "$(echo `git status` | grep "nothing to commit" > /dev/null 2>&1; \
if [ "$?" -eq "0" ]; then \
# @4 - Clean repository - nothing to commit
echo "'$Green'"$(__git_ps1 " (%s)"); \
else \
# @5 - Changes to working tree
echo "'$IRed'"$(__git_ps1 " {%s}"); \
fi) '$BYellow$PathShort$Color_Off'\$ "; \
else \
# @2 - Prompt when not in GIT repo
echo " '$Yellow$PathShort$Color_Off'\$ "; \
fi)'
[ -f ~/.fzf.bash ] && source ~/.fzf.bash

531
files/git-prompt.sh Normal file
View File

@ -0,0 +1,531 @@
# bash/zsh git prompt support
#
# Copyright (C) 2006,2007 Shawn O. Pearce <spearce@spearce.org>
# Distributed under the GNU General Public License, version 2.0.
#
# This script allows you to see repository status in your prompt.
#
# To enable:
#
# 1) Copy this file to somewhere (e.g. ~/.git-prompt.sh).
# 2) Add the following line to your .bashrc/.zshrc:
# source ~/.git-prompt.sh
# 3a) Change your PS1 to call __git_ps1 as
# command-substitution:
# Bash: PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '
# ZSH: setopt PROMPT_SUBST ; PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '
# the optional argument will be used as format string.
# 3b) Alternatively, for a slightly faster prompt, __git_ps1 can
# be used for PROMPT_COMMAND in Bash or for precmd() in Zsh
# with two parameters, <pre> and <post>, which are strings
# you would put in $PS1 before and after the status string
# generated by the git-prompt machinery. e.g.
# Bash: PROMPT_COMMAND='__git_ps1 "\u@\h:\w" "\\\$ "'
# will show username, at-sign, host, colon, cwd, then
# various status string, followed by dollar and SP, as
# your prompt.
# ZSH: precmd () { __git_ps1 "%n" ":%~$ " "|%s" }
# will show username, pipe, then various status string,
# followed by colon, cwd, dollar and SP, as your prompt.
# Optionally, you can supply a third argument with a printf
# format string to finetune the output of the branch status
#
# The repository status will be displayed only if you are currently in a
# git repository. The %s token is the placeholder for the shown status.
#
# The prompt status always includes the current branch name.
#
# In addition, if you set GIT_PS1_SHOWDIRTYSTATE to a nonempty value,
# unstaged (*) and staged (+) changes will be shown next to the branch
# name. You can configure this per-repository with the
# bash.showDirtyState variable, which defaults to true once
# GIT_PS1_SHOWDIRTYSTATE is enabled.
#
# You can also see if currently something is stashed, by setting
# GIT_PS1_SHOWSTASHSTATE to a nonempty value. If something is stashed,
# then a '$' will be shown next to the branch name.
#
# If you would like to see if there're untracked files, then you can set
# GIT_PS1_SHOWUNTRACKEDFILES to a nonempty value. If there're untracked
# files, then a '%' will be shown next to the branch name. You can
# configure this per-repository with the bash.showUntrackedFiles
# variable, which defaults to true once GIT_PS1_SHOWUNTRACKEDFILES is
# enabled.
#
# If you would like to see the difference between HEAD and its upstream,
# set GIT_PS1_SHOWUPSTREAM="auto". A "<" indicates you are behind, ">"
# indicates you are ahead, "<>" indicates you have diverged and "="
# indicates that there is no difference. You can further control
# behaviour by setting GIT_PS1_SHOWUPSTREAM to a space-separated list
# of values:
#
# verbose show number of commits ahead/behind (+/-) upstream
# name if verbose, then also show the upstream abbrev name
# legacy don't use the '--count' option available in recent
# versions of git-rev-list
# git always compare HEAD to @{upstream}
# svn always compare HEAD to your SVN upstream
#
# You can change the separator between the branch name and the above
# state symbols by setting GIT_PS1_STATESEPARATOR. The default separator
# is SP.
#
# By default, __git_ps1 will compare HEAD to your SVN upstream if it can
# find one, or @{upstream} otherwise. Once you have set
# GIT_PS1_SHOWUPSTREAM, you can override it on a per-repository basis by
# setting the bash.showUpstream config variable.
#
# If you would like to see more information about the identity of
# commits checked out as a detached HEAD, set GIT_PS1_DESCRIBE_STYLE
# to one of these values:
#
# contains relative to newer annotated tag (v1.6.3.2~35)
# branch relative to newer tag or branch (master~4)
# describe relative to older annotated tag (v1.6.3.1-13-gdd42c2f)
# default exactly matching tag
#
# If you would like a colored hint about the current dirty state, set
# GIT_PS1_SHOWCOLORHINTS to a nonempty value. The colors are based on
# the colored output of "git status -sb" and are available only when
# using __git_ps1 for PROMPT_COMMAND or precmd.
#
# If you would like __git_ps1 to do nothing in the case when the current
# directory is set up to be ignored by git, then set
# GIT_PS1_HIDE_IF_PWD_IGNORED to a nonempty value. Override this on the
# repository level by setting bash.hideIfPwdIgnored to "false".
# check whether printf supports -v
__git_printf_supports_v=
printf -v __git_printf_supports_v -- '%s' yes >/dev/null 2>&1
# stores the divergence from upstream in $p
# used by GIT_PS1_SHOWUPSTREAM
__git_ps1_show_upstream ()
{
local key value
local svn_remote svn_url_pattern count n
local upstream=git legacy="" verbose="" name=""
svn_remote=()
# get some config options from git-config
local output="$(git config -z --get-regexp '^(svn-remote\..*\.url|bash\.showupstream)$' 2>/dev/null | tr '\0\n' '\n ')"
while read -r key value; do
case "$key" in
bash.showupstream)
GIT_PS1_SHOWUPSTREAM="$value"
if [[ -z "${GIT_PS1_SHOWUPSTREAM}" ]]; then
p=""
return
fi
;;
svn-remote.*.url)
svn_remote[$((${#svn_remote[@]} + 1))]="$value"
svn_url_pattern="$svn_url_pattern\\|$value"
upstream=svn+git # default upstream is SVN if available, else git
;;
esac
done <<< "$output"
# parse configuration values
for option in ${GIT_PS1_SHOWUPSTREAM}; do
case "$option" in
git|svn) upstream="$option" ;;
verbose) verbose=1 ;;
legacy) legacy=1 ;;
name) name=1 ;;
esac
done
# Find our upstream
case "$upstream" in
git) upstream="@{upstream}" ;;
svn*)
# get the upstream from the "git-svn-id: ..." in a commit message
# (git-svn uses essentially the same procedure internally)
local -a svn_upstream
svn_upstream=($(git log --first-parent -1 \
--grep="^git-svn-id: \(${svn_url_pattern#??}\)" 2>/dev/null))
if [[ 0 -ne ${#svn_upstream[@]} ]]; then
svn_upstream=${svn_upstream[${#svn_upstream[@]} - 2]}
svn_upstream=${svn_upstream%@*}
local n_stop="${#svn_remote[@]}"
for ((n=1; n <= n_stop; n++)); do
svn_upstream=${svn_upstream#${svn_remote[$n]}}
done
if [[ -z "$svn_upstream" ]]; then
# default branch name for checkouts with no layout:
upstream=${GIT_SVN_ID:-git-svn}
else
upstream=${svn_upstream#/}
fi
elif [[ "svn+git" = "$upstream" ]]; then
upstream="@{upstream}"
fi
;;
esac
# Find how many commits we are ahead/behind our upstream
if [[ -z "$legacy" ]]; then
count="$(git rev-list --count --left-right \
"$upstream"...HEAD 2>/dev/null)"
else
# produce equivalent output to --count for older versions of git
local commits
if commits="$(git rev-list --left-right "$upstream"...HEAD 2>/dev/null)"
then
local commit behind=0 ahead=0
for commit in $commits
do
case "$commit" in
"<"*) ((behind++)) ;;
*) ((ahead++)) ;;
esac
done
count="$behind $ahead"
else
count=""
fi
fi
# calculate the result
if [[ -z "$verbose" ]]; then
case "$count" in
"") # no upstream
p="" ;;
"0 0") # equal to upstream
p="=" ;;
"0 "*) # ahead of upstream
p=">" ;;
*" 0") # behind upstream
p="<" ;;
*) # diverged from upstream
p="<>" ;;
esac
else
case "$count" in
"") # no upstream
p="" ;;
"0 0") # equal to upstream
p=" u=" ;;
"0 "*) # ahead of upstream
p=" u+${count#0 }" ;;
*" 0") # behind upstream
p=" u-${count% 0}" ;;
*) # diverged from upstream
p=" u+${count#* }-${count% *}" ;;
esac
if [[ -n "$count" && -n "$name" ]]; then
__git_ps1_upstream_name=$(git rev-parse \
--abbrev-ref "$upstream" 2>/dev/null)
if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
p="$p \${__git_ps1_upstream_name}"
else
p="$p ${__git_ps1_upstream_name}"
# not needed anymore; keep user's
# environment clean
unset __git_ps1_upstream_name
fi
fi
fi
}
# Helper function that is meant to be called from __git_ps1. It
# injects color codes into the appropriate gitstring variables used
# to build a gitstring.
__git_ps1_colorize_gitstring ()
{
if [[ -n ${ZSH_VERSION-} ]]; then
local c_red='%F{red}'
local c_green='%F{green}'
local c_lblue='%F{blue}'
local c_clear='%f'
else
# Using \[ and \] around colors is necessary to prevent
# issues with command line editing/browsing/completion!
local c_red='\[\e[31m\]'
local c_green='\[\e[32m\]'
local c_lblue='\[\e[1;34m\]'
local c_clear='\[\e[0m\]'
fi
local bad_color=$c_red
local ok_color=$c_green
local flags_color="$c_lblue"
local branch_color=""
if [ $detached = no ]; then
branch_color="$ok_color"
else
branch_color="$bad_color"
fi
c="$branch_color$c"
z="$c_clear$z"
if [ "$w" = "*" ]; then
w="$bad_color$w"
fi
if [ -n "$i" ]; then
i="$ok_color$i"
fi
if [ -n "$s" ]; then
s="$flags_color$s"
fi
if [ -n "$u" ]; then
u="$bad_color$u"
fi
r="$c_clear$r"
}
__git_eread ()
{
local f="$1"
shift
test -r "$f" && read "$@" <"$f"
}
# __git_ps1 accepts 0 or 1 arguments (i.e., format string)
# when called from PS1 using command substitution
# in this mode it prints text to add to bash PS1 prompt (includes branch name)
#
# __git_ps1 requires 2 or 3 arguments when called from PROMPT_COMMAND (pc)
# in that case it _sets_ PS1. The arguments are parts of a PS1 string.
# when two arguments are given, the first is prepended and the second appended
# to the state string when assigned to PS1.
# The optional third parameter will be used as printf format string to further
# customize the output of the git-status string.
# In this mode you can request colored hints using GIT_PS1_SHOWCOLORHINTS=true
__git_ps1 ()
{
# preserve exit status
local exit=$?
local pcmode=no
local detached=no
local ps1pc_start='\u@\h:\w '
local ps1pc_end='\$ '
local printf_format=' (%s)'
case "$#" in
2|3) pcmode=yes
ps1pc_start="$1"
ps1pc_end="$2"
printf_format="${3:-$printf_format}"
# set PS1 to a plain prompt so that we can
# simply return early if the prompt should not
# be decorated
PS1="$ps1pc_start$ps1pc_end"
;;
0|1) printf_format="${1:-$printf_format}"
;;
*) return $exit
;;
esac
# ps1_expanded: This variable is set to 'yes' if the shell
# subjects the value of PS1 to parameter expansion:
#
# * bash does unless the promptvars option is disabled
# * zsh does not unless the PROMPT_SUBST option is set
# * POSIX shells always do
#
# If the shell would expand the contents of PS1 when drawing
# the prompt, a raw ref name must not be included in PS1.
# This protects the user from arbitrary code execution via
# specially crafted ref names. For example, a ref named
# 'refs/heads/$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)' might cause the
# shell to execute 'sudo rm -rf /' when the prompt is drawn.
#
# Instead, the ref name should be placed in a separate global
# variable (in the __git_ps1_* namespace to avoid colliding
# with the user's environment) and that variable should be
# referenced from PS1. For example:
#
# __git_ps1_foo=$(do_something_to_get_ref_name)
# PS1="...stuff...\${__git_ps1_foo}...stuff..."
#
# If the shell does not expand the contents of PS1, the raw
# ref name must be included in PS1.
#
# The value of this variable is only relevant when in pcmode.
#
# Assume that the shell follows the POSIX specification and
# expands PS1 unless determined otherwise. (This is more
# likely to be correct if the user has a non-bash, non-zsh
# shell and safer than the alternative if the assumption is
# incorrect.)
#
local ps1_expanded=yes
[ -z "$ZSH_VERSION" ] || [[ -o PROMPT_SUBST ]] || ps1_expanded=no
[ -z "$BASH_VERSION" ] || shopt -q promptvars || ps1_expanded=no
local repo_info rev_parse_exit_code
repo_info="$(git rev-parse --git-dir --is-inside-git-dir \
--is-bare-repository --is-inside-work-tree \
--short HEAD 2>/dev/null)"
rev_parse_exit_code="$?"
if [ -z "$repo_info" ]; then
return $exit
fi
local short_sha
if [ "$rev_parse_exit_code" = "0" ]; then
short_sha="${repo_info##*$'\n'}"
repo_info="${repo_info%$'\n'*}"
fi
local inside_worktree="${repo_info##*$'\n'}"
repo_info="${repo_info%$'\n'*}"
local bare_repo="${repo_info##*$'\n'}"
repo_info="${repo_info%$'\n'*}"
local inside_gitdir="${repo_info##*$'\n'}"
local g="${repo_info%$'\n'*}"
if [ "true" = "$inside_worktree" ] &&
[ -n "${GIT_PS1_HIDE_IF_PWD_IGNORED-}" ] &&
[ "$(git config --bool bash.hideIfPwdIgnored)" != "false" ] &&
git check-ignore -q .
then
return $exit
fi
local r=""
local b=""
local step=""
local total=""
if [ -d "$g/rebase-merge" ]; then
__git_eread "$g/rebase-merge/head-name" b
__git_eread "$g/rebase-merge/msgnum" step
__git_eread "$g/rebase-merge/end" total
if [ -f "$g/rebase-merge/interactive" ]; then
r="|REBASE-i"
else
r="|REBASE-m"
fi
else
if [ -d "$g/rebase-apply" ]; then
__git_eread "$g/rebase-apply/next" step
__git_eread "$g/rebase-apply/last" total
if [ -f "$g/rebase-apply/rebasing" ]; then
__git_eread "$g/rebase-apply/head-name" b
r="|REBASE"
elif [ -f "$g/rebase-apply/applying" ]; then
r="|AM"
else
r="|AM/REBASE"
fi
elif [ -f "$g/MERGE_HEAD" ]; then
r="|MERGING"
elif [ -f "$g/CHERRY_PICK_HEAD" ]; then
r="|CHERRY-PICKING"
elif [ -f "$g/REVERT_HEAD" ]; then
r="|REVERTING"
elif [ -f "$g/BISECT_LOG" ]; then
r="|BISECTING"
fi
if [ -n "$b" ]; then
:
elif [ -h "$g/HEAD" ]; then
# symlink symbolic ref
b="$(git symbolic-ref HEAD 2>/dev/null)"
else
local head=""
if ! __git_eread "$g/HEAD" head; then
return $exit
fi
# is it a symbolic ref?
b="${head#ref: }"
if [ "$head" = "$b" ]; then
detached=yes
b="$(
case "${GIT_PS1_DESCRIBE_STYLE-}" in
(contains)
git describe --contains HEAD ;;
(branch)
git describe --contains --all HEAD ;;
(describe)
git describe HEAD ;;
(* | default)
git describe --tags --exact-match HEAD ;;
esac 2>/dev/null)" ||
b="$short_sha..."
b="($b)"
fi
fi
fi
if [ -n "$step" ] && [ -n "$total" ]; then
r="$r $step/$total"
fi
local w=""
local i=""
local s=""
local u=""
local c=""
local p=""
if [ "true" = "$inside_gitdir" ]; then
if [ "true" = "$bare_repo" ]; then
c="BARE:"
else
b="GIT_DIR!"
fi
elif [ "true" = "$inside_worktree" ]; then
if [ -n "${GIT_PS1_SHOWDIRTYSTATE-}" ] &&
[ "$(git config --bool bash.showDirtyState)" != "false" ]
then
git diff --no-ext-diff --quiet || w="*"
git diff --no-ext-diff --cached --quiet || i="+"
if [ -z "$short_sha" ] && [ -z "$i" ]; then
i="#"
fi
fi
if [ -n "${GIT_PS1_SHOWSTASHSTATE-}" ] &&
git rev-parse --verify --quiet refs/stash >/dev/null
then
s="$"
fi
if [ -n "${GIT_PS1_SHOWUNTRACKEDFILES-}" ] &&
[ "$(git config --bool bash.showUntrackedFiles)" != "false" ] &&
git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' >/dev/null 2>/dev/null
then
u="%${ZSH_VERSION+%}"
fi
if [ -n "${GIT_PS1_SHOWUPSTREAM-}" ]; then
__git_ps1_show_upstream
fi
fi
local z="${GIT_PS1_STATESEPARATOR-" "}"
# NO color option unless in PROMPT_COMMAND mode
if [ $pcmode = yes ] && [ -n "${GIT_PS1_SHOWCOLORHINTS-}" ]; then
__git_ps1_colorize_gitstring
fi
b=${b##refs/heads/}
if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
__git_ps1_branch_name=$b
b="\${__git_ps1_branch_name}"
fi
local f="$w$i$s$u"
local gitstring="$c$b${f:+$z$f}$r$p"
if [ $pcmode = yes ]; then
if [ "${__git_printf_supports_v-}" != yes ]; then
gitstring=$(printf -- "$printf_format" "$gitstring")
else
printf -v gitstring -- "$printf_format" "$gitstring"
fi
PS1="$ps1pc_start$gitstring$ps1pc_end"
else
printf -- "$printf_format" "$gitstring"
fi
return $exit
}

10
handlers/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: restart ssh
service:
name: ssh
state: restarted
- name: Reload systemd
systemd:
daemon_reload: yes

14
tasks/apt.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: '[APT] - Disable IPv6 for APT'
copy:
src: 99force-ipv4
dest: /etc/apt/apt.conf.d/
owner: root
group: root
mode: 644
- name: '[APT] - Installing some base packages'
apt:
name: "{{ base_apt_list }}"
update_cache: yes

25
tasks/bashrc.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: '[BASHRC] - Create directories'
file:
path: /usr/share/git/completion
state: directory
- name: '[BASHRC] - Copy bashrc'
copy:
src: bash.bashrc
dest: /etc/bash.bashrc
owner: root
group: root
mode: 0644
- name: '[BASHRC] - Copy git highlight for bashrc'
copy:
src: git-prompt.sh
dest: /usr/share/git/completion/git-prompt.sh
owner: root
group: root
mode: 0644
- name: '[BASHRC] - Change bash prompt color'
shell: sed -i 's/__COLOR__/{{ bash_prompt_color }}/g' /etc/bash.bashrc

24
tasks/configs.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: "[CONFIG] - Setup journald"
template:
src: 'etc/journald.conf.j2'
dest: '/etc/systemd/journald.conf'
notify: reload systemd
- name: '[CONFIG] - Set sysctl rules'
sysctl: name="net.ipv6.conf.all.disable_ipv6" value=0 sysctl_set=yes state=absent reload=yes
- sysctl: name="net.ipv6.conf.default.disable_ipv6" value=0 sysctl_set=yes state=absent reload=yes
- sysctl: name="net.ipv6.conf.lo.disable_ipv6" value=0 sysctl_set=yes state=absent reload=yes
- sysctl: name="net.ipv6.conf.all.forwarding" value=1 sysctl_set=yes state=present reload=yes
- name: "[CONFIG] - Deploy dialogRC"
copy:
src: /etc/ansible/extra_files/dialogrc
dest: /etc/dialogrc
owner: root
group: root
mode: 0644
when: 'base_dialogrc is defined and base_dialogrc == true'

9
tasks/hosts.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: '[HOSTS] - Deploy /etc/hosts'
copy:
src: /etc/ansible/extra_files/hosts_file
dest: /etc/hosts
owner: root
group: root
mode: 0644

22
tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
- include: apt.yml
- include: mkdir.yml
- include: vimrc.yml
- include: bashrc.yml
- include: permissions.yml
- include: ssh.yml
- include: hosts.yml
when: deploy_hosts_file == 'true'
tags:
- hosts
- include: shouter.yml
when: base_shouter is defined
- include: configs.yml

9
tasks/mkdir.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: '[MKDIR] - Create some base directories'
file:
path: /etc/letsencrypt/live
owner: root
group: root
mode: 0644
state: directory

7
tasks/permissions.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: '[PERMISSION] - Change ping permissions'
file:
path: /bin/ping
state: touch
mode: "u=rws,g=rx,o=rx"

19
tasks/shouter.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: '[SHOUTER] - Create shouter var dir'
file:
path: /var/local/container-scripts/general
owner: root
group: root
mode: 0644
state: directory
- name: '[SHOUTER] - Deploy shouter config'
template:
src: shouter.var.j2
dest: /var/local/container-scripts/general/shouter.var
owner: root
group: root
mode: 0644
when: base_shouter is defined

46
tasks/ssh.yml Normal file
View File

@ -0,0 +1,46 @@
---
- name: '[SSH] - Create local dir'
file:
path: /root/.ssh
state: directory
mode: 0640
- name: '[SSH] - Create authorized keys dir'
file:
path: /etc/ssh/authorized_keys
state: directory
- name: '[SSH] - Deploy configuration'
template:
src: ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
notify: restart ssh
- name: '[SSH] - Deploy git poller ssh key'
copy:
src: '{{ base_ssh_poller_key }}'
dest: /root/.ssh/bs_git-key
owner: root
group: root
mode: 0600
when: base_ssh_poller_key is defined
- name: '[SSH] - Manage authorized keys'
template:
src: ssh/authorized_keys.j2
dest: "/etc/ssh/authorized_keys/{{ item.user }}"
owner: root
group: root
mode: 0644
with_items: "{{ base_ssh_authkey }}"
- name: '[SSH] - Setup ssh config'
template:
src: ssh/config.j2
dest: "{{ item.config_path }}"
with_items: "{{ base_ssh_user_config }}"
when: "base_ssh_user_config is defined"

9
tasks/vimrc.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: '[VIM] - Install vimrc'
git:
repo: https://github.com/amix/vimrc.git
dest: /root/.vim_runtime
- name: '[VIM] - Enable new vimrc'
command: /bin/bash /root/.vim_runtime/install_awesome_vimrc.sh

52
templates/etc/journald.conf.j2 Normal file
View File

@ -0,0 +1,52 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See journald.conf(5) for details.
[Journal]
{% if base_journald_conf is defined %}
{% for item in base_journald_items %}
{{ item.name }}={{ item.value }}
{% endfor %}
{% endif %}
##Examples
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
#SystemMaxUse=100M
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
#Audit=no

8
templates/shouter.var.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
XMPP_JID="{{ base_shouter_jid }}"
XMPP_SERVER="{{ base_shouter_server }}"
XMPP_RESOURCE="{{ base_shouter_resource }}"
XMPP_PWD="{{ base_shouter_pwd }}"
XMPP_MUC="{{ base_shouter_muc }}"
SENDXMPP="/opt/go/bin/go-sendxmpp -u ${XMPP_JID} -j ${XMPP_SERVER} -r ${XMPP_RESOURCE} -p ${XMPP_PWD} -c ${XMPP_MUC}"

6
templates/ssh/authorized_keys.j2 Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
{% for pubkey in item.ssh_pubkeys %}
{{ pubkey }}
{% endfor %}

9
templates/ssh/config.j2 Normal file
View File

@ -0,0 +1,9 @@
# {{ ansible_managed }}
{% for item in base_ssh_user_config %}
{{ item.settings }}
{% for option in item.options %}
{{ option }}
{% endfor %}
{% endfor %}

109
templates/ssh/sshd_config.j2 Normal file
View File

@ -0,0 +1,109 @@
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port {{ ssh_port }}
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Cipher selection
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin {{ ssh_permit_root }}
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile {{ ssh_authkey_file }}
AllowAgentForwarding {{ ssh_agent_forwarding }}
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
TCPKeepAlive no
UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
{% if ssh_2fa is defined %}
# 2FA
AuthenticationMethods publickey,keyboard-interactive
ChallengeResponseAuthentication yes
{% else %}
ChallengeResponseAuthentication no
{% endif %}
{% if base_ssh_extra_rules is defined %}
{% for item in base_ssh_extra_rules %}
# Extra SSH rules
{{ item.name }}
{% for option in item.options %}
{{ option }}
{% endfor %}
{% endfor %}
{% endif %}

67
templates/sysctl.conf.j2 Normal file
View File

@ -0,0 +1,67 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
# {{ ansible_managed }}
# Custom settings
{% for item in sysctl_rules %}
{{ item.name }} = {{ item.value }}
{% endfor %}