Note 1: This repository is not a finished product ! For me it seems too complex to be used at large. For quick tasks I am using simpler playbooks and scripts, like those from the Scripts repository.
Note 2: Coding best practices, linting and so on were not a priority for this repository, some of these are tests and proof of concept code !
Note 3 begin: I am rebuilding this repository. Someof the changes that must be done:
- the settings section from
vscoderole MUST be rebuilt vscoderole should be rebuilt to include the profiles featurewordlistsrole MUST be rebuilt
Note 3 end.
This repository contains some roles meant to be used after a basic Ubuntu installation. The defined roles are:
commoninstall the apps defined incommon_apps,group_appsandhost_appsvariablesclamavinstalls clamav and freshclam then sets the number of checks per daydconf, see it's source for description of functionalityfirewallinstallsnftablesandfirewalldgitinstallsgitand sets it's global settings from thegit_global_optionsvariablehydrainstalls THC Hydrakeyboardadds custom keyboard profiles / layouts. It contains keyboard layouts for converting a laptop keyboard to a Tenkeyless-like one, using the numberpad as navigation keys. See this post for details.kicadinstalls aKiCadversion from it's ppanodejsinstallsNode.jsfromnodesource.comrepositorypodmaninstallspodman,buildah,slirp4netnsandfuse-overlayfs. In Ubuntu 20.04 uses the Kubic project provided packages. For other distributions uses the default repositories.pythoninstallspython3,python3-pipandpython3-venvruby_bundlerinstallsruby-fullandruby-bundlersetusersets basic user properties, see it's source for description of functionalityteams_insidersinstallsTeams Insidersfrom Microsoft's repositoryviminstallsvimand sets/etc/vim/vimrc.localvscodeinstallsVisual Studio Codefrom Microsoft's repository, extensions and custom user settings. For extensions I have built an Ansible module.wordlistsdownloads wordlists into user's~/wordlistsdirectory. Downloading is implemented from SkullSecurity.org, KaliLists/dirbuster and from any complete URL.zaproxyinstalls OWASP ZAP using the official ZAP Linux Repos
This is a work-in-progress and should be tested before use.
To test playbooks, roles and tasks I use physical and virtual hosts.
Using lxc, a simple virtual system container can be created with:
lxc launch images:ubuntu/22.04 jammy-container
# set a password for 'ubuntu' user
pass='uuu'
lxc exec jammy-container -- sh -c "echo \"ubuntu:$pass\" | chpasswd"
# install OpenSSH server
lxc exec jammy-container -- sh -c 'apt update && apt -y install openssh-server'
# find the IPv4 address of the container
addr="$(lxc info jammy-container | grep 'inet:' | grep -v '127.0.0.1' | cut -d: -f2 | cut -d/ -f1 | tr -d ' ')" && echo "$addr"
# try a connection to add the key to known_hosts file
ssh -l ubuntu "$addr"and cleaned up with:
lxc stop jammy-container
lxc delete jammy-containerYou may start by reading Ansible notes and quick start
On the control host (the local host if the roles will be launched from this host) run:
sudo apt update
sudo apt install software-properties-common
sudo apt install python3 python3-pip python3-venv python3-jmespath python3-psutil
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible ansible-lint
# install the requirements with
[[ -r requirements.yml ]] && ansible-galaxy collection install -r requirements.yml
# to upgrade all collections from a 'requirements.yml' file use:
# [[ -r requirements.yml ]] && ansible-galaxy collection install --upgrade -r requirements.yml
# or, to upgrade a single collection, use:
# ansible-galaxy collection install --upgrade <collection_name>In the root directory of the repository create the inventories/production directory.
Inside the inventories/production directory copy the content of the inventories/example directory.
The default configuration files are inventories/production/all.yml, where you should put the common settings, and inventories/production/desktops.yml and inventories/production/laptops.yml for specific ones.
Modify ! the files for your environment, mostly:
local_user_nameshould be the name of your standard user;- set the content of
git_global_optionsas needed; - enable the roles that you want in
site.yml.
Then, for production environment, use:
# if configuring a laptop
ansible-playbook --ask-become-pass -i inventories/production --limit laptop_local site.yml
# if configuring a desktop
ansible-playbook --ask-become-pass -i inventories/production --limit desktop_local site.ymlAll needed variables must be passed on the command line. Read Defining variables at runtime for more information.
Warning: Some roles will not work if their variables are not set.
Here are some simple examples:
# run the playbook against localhost
ansible-playbook -i 127.0.0.1, \
--become --ask-become-pass \
-e 'ansible_connection=local' \
-e 'local_user_name=your_user_name' \
site.yml
# run the playbook against the remote host 192.168.5.123
ansible-playbook -i 192.168.5.123, \
--become --ask-become-pass \
-e 'local_user_name=your_user_name' \
site.ymlWhen using Visual Studio Code as editor, add the Ansible VS Code Extension by Red Hat and install Ansible Lint:
sudo python3 -m pip install ansible-lintcd to the root directory of the repository and create a python virtual environment:
[ ! -d .venv ] && python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install psutil
deactivateTo test vscode_extension_installer.py :
# activate the venv
source .venv/bin/activate
# create a file to pass arguments to the vscode_extension_installer module
mkdir -p tmp
cat << 'EOF' > tmp/test_args.json
{
"ANSIBLE_MODULE_ARGS": {
"name": "redhat.ansible"
}
}
EOF
# test the vscode_extension_installer module
python roles/vscode/library/vscode_extension_installer.py tmp/test_args.jsonThis repository is licensed under the terms of GNU GPLv3 license. See the LICENSE-GPLv3.txt file.