diff options
53 files changed, 551 insertions, 232 deletions
diff --git a/dotfiles.yml b/dotfiles.yml index 42e8c7d..8726967 100644 --- a/dotfiles.yml +++ b/dotfiles.yml @@ -1,7 +1,11 @@ - name: Copy necessary dotfiles hosts: localhost vars: - user: '{{ lookup("env", "USER") }}' - homedir: '{{ lookup("env", "HOME") }}' + dotfiles_user: '{{ lookup("env", "USER") }}' + # Ideally group should be something like `id -gn {{ dotfiles_user }}` + # instead. + dotfiles_group: "{{ lookup('ansible.builtin.vars', 'user') \ + if ansible_os_family != \"Darwin\" else 'staff' }}" + dotfiles_homedir: '{{ lookup("env", "HOME") }}' roles: - { role: dotfiles } diff --git a/misc/dotfiles/bash_profile b/misc/dotfiles/bash_profile index bdcb007..0a86499 100644 --- a/misc/dotfiles/bash_profile +++ b/misc/dotfiles/bash_profile @@ -1,5 +1,5 @@ export EDITOR=vim -export PATH="$HOME/bin:/usr/local/sbin:$PATH" +export PATH="$HOME/bin:/opt/homebrew/bin:$PATH" if [ -f $HOME/.bashrc ]; then . $HOME/.bashrc diff --git a/misc/dotfiles/goenv.j2 b/misc/dotfiles/goenv.j2 new file mode 100644 index 0000000..c6561c7 --- /dev/null +++ b/misc/dotfiles/goenv.j2 @@ -0,0 +1,2 @@ +GOPATH={{ goenv_homedir }}/.go +GOMODCACHE={{ goenv_homedir }}/.go/pkg/mod diff --git a/misc/dotfiles/screenrc.j2 b/misc/dotfiles/screenrc.j2 index 02cfcf6..cc15679 100644 --- a/misc/dotfiles/screenrc.j2 +++ b/misc/dotfiles/screenrc.j2 @@ -40,7 +40,7 @@ attrcolor b ".I" # current background color. defbce "on" -{% if jumphost %} +{% if screenrc_jumphost %} # Make ssh-agent forwarding work with screen. setenv SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock {% endif %} diff --git a/misc/dotfiles/templates/benchmark.cpp b/misc/dotfiles/templates/benchmark.cpp new file mode 100644 index 0000000..ff0519b --- /dev/null +++ b/misc/dotfiles/templates/benchmark.cpp @@ -0,0 +1,17 @@ +#include <benchmark/benchmark.h> + +static void BM_Baseline(benchmark::State& state) { + for (auto _ : state) { + __asm__("nop"); + } +} +BENCHMARK(BM_Baseline); + +static void BM_Treatment(benchmark::State& state) { + for (auto _ : state) { + __asm__("nop"); + } +} +BENCHMARK(BM_Treatment); + +BENCHMARK_MAIN(); diff --git a/misc/dotfiles/wireguard/onion-dns-down.sh b/misc/dotfiles/wireguard/onion-dns-down.sh new file mode 100755 index 0000000..b271700 --- /dev/null +++ b/misc/dotfiles/wireguard/onion-dns-down.sh @@ -0,0 +1,7 @@ +#! /usr/bin/env sh + +iface=$1 + +/usr/sbin/scutil <<EOF +remove State:/Network/Service/$iface/DNS +EOF diff --git a/misc/dotfiles/wireguard/onion-dns-up.sh b/misc/dotfiles/wireguard/onion-dns-up.sh new file mode 100755 index 0000000..d8f69b9 --- /dev/null +++ b/misc/dotfiles/wireguard/onion-dns-up.sh @@ -0,0 +1,18 @@ +#! /usr/bin/env sh + +# macOS as usual has it is own way to do DNS. Even when we set DNS in +# WireGuard config, onion addresses will not be resolved anyway. Moreover, +# nslookup (and probably other standard cli utilities will work properly), but +# Firefox at the same time will not. +# The only workaround I found it to set `SupplementalMatchDomains` manually +# with `scutil`. This trick worked for OpenVPN for long time as well. + +iface=$1 +dns=$2 + +scutil <<EOF +d.init +d.add ServerAddresses * $dns +d.add SupplementalMatchDomains * onion +set State:/Network/Service/$iface/DNS +EOF diff --git a/misc/dotfiles/wireguard/wgtor0.conf b/misc/dotfiles/wireguard/wgtor0.conf new file mode 100644 index 0000000..3f217c3 --- /dev/null +++ b/misc/dotfiles/wireguard/wgtor0.conf @@ -0,0 +1,22 @@ +$ANSIBLE_VAULT;1.1;AES256 +66653962643936356331393865643262303630343363346232636461666633383938366562346135 +3334336566326662393835393061313034353337613039340a386633333537626466373034343933 +37336666326364353438353666663138306531636334386434633238356233343439616538336635 +3762666439353563350a373331663732313665626566613965326365626638396361323038333436 +66303766303261633966646634656161346464616538356530666461346665316366613938383330 +63336436343934316236303335306331313638343930623061343536666139653330363133346330 +32633665346136653664383464373365663063613832373263626366646633373037363263643830 +38636238303030373134343631643930626537356135363831663864373339303739616639363838 +64306633613439366462393935646535376331396537616164656263363862396131313538366330 +30383732323565366166303831373061356239326262306361373837663032623631643564313639 +39333064623534313336366161633435343062653136333539383764366366653639353534343335 +64343331356632643061313263336362323836343738393332333832353465343237356365326635 +62333661373365623463343931633530613466356330303833613035613933323830616664393937 +36613330326265383035623536303865393733663733316636633731373533636132633031613339 +63333666343331353833643263343731306234313435373331353235353131383563633935653339 +35373865303962383837373862346630663633653638323533323037613539663364306635393365 +39613931653338646163333461326534663535306334626134316563646438666536643136376635 +39346338646563376462313564643137373030666330663863633835663165376462646234333239 +66616630326262623734613232666132366337656565306638346132323166383165633961313033 +34393437623336323565386531613737353739303064393764613366363136363035343039396463 +6531 diff --git a/misc/dotfiles/wireguard/wgvpn0.conf b/misc/dotfiles/wireguard/wgvpn0.conf new file mode 100644 index 0000000..97691b7 --- /dev/null +++ b/misc/dotfiles/wireguard/wgvpn0.conf @@ -0,0 +1,17 @@ +$ANSIBLE_VAULT;1.1;AES256 +61366266653839616332383237343332373262313963343564636431336533303034346434636233 +3037376439386635323531333838366564303565663535390a383763623731323633396433326237 +37326438303662313337313239626461303464316566623639376330303338383934306238666331 +6564393861316231370a636432343934343830393439303739636630626137326463636634613463 +66333461383964656235383363626365373066663962393137343364643537396433366634336439 +61303832373039633636666364393432333863613462313539313063666263336363623833396233 +66366133613563613036383636333334343830373464396662353637323630336232653431326465 +66356630353336373731306130643438653736366331343139643765643633366439633566656534 +63343235663032366531663561356161646537623665613535656132356139366461643361646436 +32336530323435623938623561363966616638333637653862313161616139373235316334373233 +30646265393337326565326161386461356663663064353130356136363266653163363164636234 +33396334323264303264303563346439326530646531356463346562383235303538643066656366 +31326533373466346430303461323237623031643730313566333561333162636632656332313637 +61333038336466356561353237306430313032616639383539663731343031663731636333326631 +34663831353832386638666131313737636631303237663761376434313935613438376532666261 +32633835386431663238 diff --git a/requirements.txt b/requirements.txt index 3e1af89..e07bffb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,12 +1,13 @@ -ansible==9.1.0 -ansible-core==2.16.3 +ansible==8.7.0 +ansible-core==2.15.13 cffi==1.17.1 -cryptography==42.0.4 -Jinja2==3.1.4 -MarkupSafe==2.1.3 -packaging==23.2 +cryptography==45.0.5 +importlib-resources==5.0.7 +Jinja2==3.1.6 +MarkupSafe==3.0.2 +packaging==25.0 pathspec==0.12.1 -pycparser==2.21 -PyYAML==6.0.1 +pycparser==2.22 +PyYAML==6.0.2 resolvelib==1.0.1 -yamllint==1.35.1 +yamllint==1.37.1 diff --git a/roles/bash/tasks/main.yml b/roles/bash/tasks/main.yml index 6d61ed3..7a09047 100644 --- a/roles/bash/tasks/main.yml +++ b/roles/bash/tasks/main.yml @@ -5,21 +5,7 @@ state: present - name: Configure bash for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/bashrc.j2 - dest: /home/d/.bashrc - owner: d - group: d - mode: u+rw,g+r,o+r - tags: - - dotfiles - -- name: Add bash_profile for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/bash_profile - dest: /home/d/.bash_profile - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: bashrc tags: - dotfiles diff --git a/roles/bashrc/defaults/main.yml b/roles/bashrc/defaults/main.yml new file mode 100644 index 0000000..50ff004 --- /dev/null +++ b/roles/bashrc/defaults/main.yml @@ -0,0 +1,3 @@ +bashrc_user: d +bashrc_group: d +bashrc_homedir: /home/{{ bashrc_user }} diff --git a/roles/bashrc/tasks/main.yml b/roles/bashrc/tasks/main.yml new file mode 100644 index 0000000..17615bd --- /dev/null +++ b/roles/bashrc/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Copy bash_profile to home directory + ansible.builtin.copy: + src: misc/dotfiles/bash_profile + dest: '{{ bashrc_homedir }}/.bash_profile' + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles + +- name: Template bashrc to home directory + ansible.builtin.template: + src: misc/dotfiles/bashrc.j2 + dest: '{{ bashrc_homedir }}/.bashrc' + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles + +- name: Disable session save/restore mechanism + ansible.builtin.file: + path: '{{ bashrc_homedir }}/.bash_sessions_disable' + state: touch + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + when: ansible_os_family == "Darwin" + tags: + - dotfiles diff --git a/roles/cgit/files/cgitrc b/roles/cgit/files/cgitrc index bb6c2db..859fc58 100644 --- a/roles/cgit/files/cgitrc +++ b/roles/cgit/files/cgitrc @@ -4,7 +4,7 @@ cache-size=1000 # Specify some default clone urls using macro expansion. -clone-url=git://git.ilvokhin.com/$CGIT_REPO_URL git@git.ilvokhin.com:$CGIT_REPO_URL +clone-url=https://git.ilvokhin.com/$CGIT_REPO_URL git://git.ilvokhin.com/$CGIT_REPO_URL git@git.ilvokhin.com:$CGIT_REPO_URL # Show owner on index page. enable-index-owner=0 @@ -59,3 +59,13 @@ repo.desc=Ansible playbooks for personal infrastructure. repo.url=flatbot.git repo.path=/srv/git/flatbot.git repo.desc=Telegram notification tool for rightmove.co.uk URLs. + +# Histogram. +repo.url=histogram.git +repo.path=/srv/git/histogram.git +repo.desc=CLI tool to generate text histograms. + +# Misc. +repo.url=misc.git +repo.path=/srv/git/misc.git +repo.desc=Miscellaneous code that is useful to have around. diff --git a/roles/dev/meta/main.yml b/roles/dev/meta/main.yml index ea00667..e212daa 100644 --- a/roles/dev/meta/main.yml +++ b/roles/dev/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: gdb - role: git - role: vim + - role: go diff --git a/roles/dev/tasks/main.yml b/roles/dev/tasks/main.yml index 4808447..4f4231e 100644 --- a/roles/dev/tasks/main.yml +++ b/roles/dev/tasks/main.yml @@ -4,7 +4,6 @@ - gcc - clang - python - - go - perf - autoconf - make diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index d791c8b..cec3b6e 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -1,3 +1,4 @@ -user: d -homedir: /home/{{ user }} -jumphost: false +dotfiles_user: d +dotfiles_group: d +dotfiles_homedir: /home/{{ dotfiles_user }} +dotfiles_jumphost: false diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 17228a5..73c9a90 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -13,16 +13,12 @@ failed_when: false register: has_bash - - name: Copy bash_profile to home directory - ansible.builtin.copy: - src: misc/dotfiles/bash_profile - dest: '{{ homedir }}/.bash_profile' - when: has_bash.rc == 0 - - - name: Template bashrc to home directory - ansible.builtin.template: - src: misc/dotfiles/bashrc.j2 - dest: '{{ homedir }}/.bashrc' + - ansible.builtin.include_role: + name: bashrc + vars: + bashrc_user: '{{ dotfiles_user }}' + bashrc_group: '{{ dotfiles_group }}' + bashrc_homedir: '{{ dotfiles_homedir }}' when: has_bash.rc == 0 - name: Configure vim if installed @@ -34,10 +30,12 @@ failed_when: false register: has_vim - - name: Copy vimrc to home directory - ansible.builtin.copy: - src: misc/dotfiles/vimrc - dest: '{{ homedir }}/.vimrc' + - ansible.builtin.include_role: + name: vimrc + vars: + vimrc_user: '{{ dotfiles_user }}' + vimrc_group: '{{ dotfiles_group }}' + vimrc_homedir: '{{ dotfiles_homedir }}' when: has_vim.rc == 0 - name: Configure screen if installed @@ -49,10 +47,13 @@ failed_when: false register: has_screen - - name: Template screenrc to home directory - ansible.builtin.template: - src: misc/dotfiles/screenrc.j2 - dest: '{{ homedir }}/.screenrc' + - ansible.builtin.include_role: + name: screenrc + vars: + screenrc_user: '{{ dotfiles_user }}' + screenrc_group: '{{ dotfiles_group }}' + screenrc_homedir: '{{ dotfiles_homedir }}' + screenrc_jumphost: '{{ dotfiles_jumphost }}' when: has_screen.rc == 0 - name: Configure ssh if installed @@ -64,31 +65,37 @@ failed_when: false register: has_ssh - - name: Setup ssh directory - ansible.builtin.file: - path: '{{ user }}/.ssh' - state: directory - owner: '{{ user }}' - mode: u+rw,g-rw,o-rw + - ansible.builtin.include_role: + name: sshconfig + vars: + sshconfig_user: '{{ dotfiles_user }}' + sshconfig_group: '{{ dotfiles_group }}' + sshconfig_homedir: '{{ dotfiles_homedir }}' + sshconfig_jumphost: '{{ dotfiles_jumphost }}' when: has_ssh.rc == 0 - - name: Template ssh config to home directory - ansible.builtin.template: - src: misc/dotfiles/ssh/config.j2 - dest: '{{ homedir }}/.ssh/config' - owner: '{{ user }}' - mode: u+rw,g-rw,o-rw - when: has_ssh.rc == 0 +- name: Configure wireguard if installed + tags: wireguard + block: + - name: Check if wireguard is installed + ansible.builtin.command: wg --version + changed_when: false + failed_when: false + register: has_wireguard - - name: Copy ssh rc to home directory - ansible.builtin.copy: - src: misc/dotfiles/ssh/rc - dest: '{{ homedir }}/.ssh/rc' - owner: '{{ user }}' - mode: u+rwx,g-rw,o-rw - when: - - has_ssh.rc == 0 - - jumphost + - name: Get actual hostname + ansible.builtin.command: hostname + changed_when: false + failed_when: false + register: hostname + + - ansible.builtin.include_role: + name: wgconfig + vars: + wgconfig_user: '{{ dotfiles_user }}' + wgconfig_group: '{{ dotfiles_group }}' + wgconfig_homedir: '{{ dotfiles_homedir }}' + when: has_wireguard.rc == 0 and hostname.stdout == "silver" - name: Configure git if installed tags: git @@ -99,13 +106,12 @@ failed_when: false register: has_git - - name: Copy git config files to home directory - ansible.builtin.copy: - src: misc/dotfiles/{{ item }} - dest: '{{ homedir }}/.{{ item }}' - loop: - - gitconfig - - gitignore + - ansible.builtin.include_role: + name: gitconfig + vars: + gitconfig_user: '{{ dotfiles_user }}' + gitconfig_group: '{{ dotfiles_group }}' + gitconfig_homedir: '{{ dotfiles_homedir }}' when: has_git.rc == 0 - name: Configure gdb if installed @@ -117,10 +123,12 @@ failed_when: false register: has_gdb - - name: Copy gdbinit to home directory - ansible.builtin.copy: - src: misc/dotfiles/gdbinit - dest: '{{ homedir }}/.gdbinit' + - ansible.builtin.include_role: + name: gdbinit + vars: + gdbinit_user: '{{ dotfiles_user }}' + gdbinit_group: '{{ dotfiles_group }}' + gdbinit_homedir: '{{ dotfiles_homedir }}' when: has_gdb.rc == 0 - name: Configure mutt if installed @@ -132,12 +140,31 @@ failed_when: false register: has_mutt - - name: Copy muttrc to home directory - ansible.builtin.copy: - src: misc/dotfiles/muttrc - dest: '{{ homedir }}/.muttrc' + - ansible.builtin.include_role: + name: muttrc + vars: + muttrc_user: '{{ dotfiles_user }}' + muttrc_group: '{{ dotfiles_group }}' + muttrc_homedir: '{{ dotfiles_homedir }}' when: has_mutt.rc == 0 +- name: Configure go if installed + tags: go + block: + - name: Check if go is installed + ansible.builtin.command: go version + changed_when: false + failed_when: false + register: has_go + + - ansible.builtin.include_role: + name: goenv + vars: + goenv_user: '{{ dotfiles_user }}' + goenv_group: '{{ dotfiles_group }}' + goenv_homedir: '{{ dotfiles_homedir }}' + when: has_go.rc == 0 + - name: Copy templates files if necessary tags: templates block: @@ -155,19 +182,36 @@ - name: Setup templates directory ansible.builtin.file: - path: '{{ homedir }}/.templates' + path: '{{ dotfiles_homedir }}/.templates' state: directory - owner: '{{ user }}' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_cpp.rc == 0 or has_python.rc == 0 - name: Copy template.cpp to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.cpp - dest: '{{ homedir }}/.templates/template.cpp' + dest: '{{ dotfiles_homedir }}/.templates/template.cpp' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r + when: has_cpp.rc == 0 + + - name: Copy benchmark.cpp to home directory + ansible.builtin.copy: + src: misc/dotfiles/templates/benchmark.cpp + dest: '{{ dotfiles_homedir }}/.templates/benchmark.cpp' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_cpp.rc == 0 - name: Copy template.py to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.py - dest: '{{ homedir }}/.templates/template.py' + dest: '{{ dotfiles_homedir }}/.templates/template.py' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_python.rc == 0 diff --git a/roles/dovecot/files/dovecot.conf b/roles/dovecot/files/dovecot.conf index 3271cbd..4c59141 100644 --- a/roles/dovecot/files/dovecot.conf +++ b/roles/dovecot/files/dovecot.conf @@ -1,15 +1,23 @@ +# Freeze configuration syntax. +dovecot_config_version = 2.4.0 + +# Freeze storage file format version. +dovecot_storage_version = 2.4.0 + # Protocols we want to be serving. protocols = imap pop3 lmtp # Path to the mail directory. -mail_location = maildir:/var/mail/%d/%n/Maildir +mail_home = /var/mail/%{user | domain}/%{user | username} +mail_path = ~/Maildir +mail_driver = maildir # Path to SSL certificate files. -ssl_cert = </etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem -ssl_key = </etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem +ssl_server_cert_file = /etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem +ssl_server_key_file = /etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem # Disable plaintext authentication, only SSL is allowed. -disable_plaintext_auth = yes +auth_allow_cleartext = no service auth { # Postfix smtp-auth. @@ -42,7 +50,7 @@ service pop3-login { } } -namespace { +namespace inbox { inbox = yes separator = / @@ -69,14 +77,18 @@ namespace { } # Use separate passwd file for storing passwords. -passdb { - driver = passwd-file - args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd +passdb passwd-file { + default_password_scheme = SHA512-CRYPT + auth_username_format = %{user} + passwd_file_path = /etc/dovecot/passwd } # Use the same separate passwd file for user lookup. -userdb { - driver = passwd-file - args = username_format=%u /etc/dovecot/passwd - override_fields = uid=vmail gid=vmail +userdb static { + auth_username_format = %{user} + passwd_file_path = /etc/dovecot/passwd + fields { + uid = vmail + gid = vmail + } } diff --git a/roles/gdb/tasks/main.yml b/roles/gdb/tasks/main.yml index 2cb5d08..51161b3 100644 --- a/roles/gdb/tasks/main.yml +++ b/roles/gdb/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure gdb for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/gdbinit - dest: /home/d/.gdbinit - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: gdbinit tags: - dotfiles diff --git a/roles/gdbinit/defaults/main.yml b/roles/gdbinit/defaults/main.yml new file mode 100644 index 0000000..10ee8a3 --- /dev/null +++ b/roles/gdbinit/defaults/main.yml @@ -0,0 +1,3 @@ +gdbinit_user: d +gdbinit_group: d +gdbinit_homedir: /home/{{ gdbinit_user }} diff --git a/roles/gdbinit/tasks/main.yml b/roles/gdbinit/tasks/main.yml new file mode 100644 index 0000000..32e22f5 --- /dev/null +++ b/roles/gdbinit/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy gdbinit to home directory + ansible.builtin.copy: + src: misc/dotfiles/gdbinit + dest: '{{ gdbinit_homedir }}/.gdbinit' + owner: '{{ gdbinit_user }}' + group: '{{ gdbinit_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index 1a465a7..cf9ed16 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -5,14 +5,7 @@ state: present - name: Configure git for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/{{ item }} - dest: /home/d/.{{ item }} - owner: d - group: d - mode: u+rw,g+r,o+r - loop: - - gitignore - - gitconfig + ansible.builtin.include_role: + name: gitconfig tags: - dotfiles diff --git a/roles/gitconfig/defaults/main.yml b/roles/gitconfig/defaults/main.yml new file mode 100644 index 0000000..b828ce7 --- /dev/null +++ b/roles/gitconfig/defaults/main.yml @@ -0,0 +1,3 @@ +gitconfig_user: d +gitconfig_group: d +gitconfig_homedir: /home/{{ gitconfig_user }} diff --git a/roles/gitconfig/tasks/main.yml b/roles/gitconfig/tasks/main.yml new file mode 100644 index 0000000..82f1095 --- /dev/null +++ b/roles/gitconfig/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Copy git config files to home directory + ansible.builtin.copy: + src: misc/dotfiles/{{ item }} + dest: '{{ gitconfig_homedir }}/.{{ item }}' + owner: '{{ gitconfig_user }}' + group: '{{ gitconfig_group }}' + mode: u+rw,g+r,o+r + loop: + - gitconfig + - gitignore + tags: + - dotfiles diff --git a/roles/gitserver/files/git.conf b/roles/gitserver/files/git.conf index 3d6d6a3..575d977 100644 --- a/roles/gitserver/files/git.conf +++ b/roles/gitserver/files/git.conf @@ -1,19 +1,13 @@ # Source: https://gist.github.com/kierdwyn/3745400e6a184f621b92 location ~ /.+/(info/refs|git-upload-pack|git-receive-pack) { - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/auth/git/.htpasswd; - # Set chunks to unlimited, as the body's can be huge. client_max_body_size 0; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /srv/git; fastcgi_param PATH_INFO $uri; - # Forward REMOTE_USER as we want to know when we are authenticated. - fastcgi_param REMOTE_USER $remote_user; fastcgi_pass unix:/run/fcgiwrap.sock; } diff --git a/roles/gitserver/files/gitconfig b/roles/gitserver/files/gitconfig new file mode 100644 index 0000000..3209b9f --- /dev/null +++ b/roles/gitserver/files/gitconfig @@ -0,0 +1,2 @@ +[safe] + directory = /srv/git/* diff --git a/roles/gitserver/files/htpasswd b/roles/gitserver/files/htpasswd deleted file mode 100644 index 1402a2f..0000000 --- a/roles/gitserver/files/htpasswd +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61343632623939306230623762623761363339376231646232313165353432643830383064663066 -6163383831306632333339653130323764393166333464380a613264613935633336643734376161 -37643564663361646564376437663431343937663937656233323164393837626163386430643063 -6234633164303239310a663961373664666465353234373261633662653864633830336132316139 -33616333643963353630623866613765363131656137653561393733633361303138383662626364 -3930656564303830646333306666643262383263313939373266 diff --git a/roles/gitserver/tasks/main.yml b/roles/gitserver/tasks/main.yml index c007c6e..cdb7765 100644 --- a/roles/gitserver/tasks/main.yml +++ b/roles/gitserver/tasks/main.yml @@ -65,6 +65,14 @@ group: git mode: u+rwx,g+r,o+r +- name: Configure git system-wide + ansible.builtin.copy: + src: files/gitconfig + dest: /etc/gitconfig + owner: git + group: git + mode: u+rwx,g+r,o+r + - name: Configure git-daemon systemd service ansible.builtin.copy: src: files/git-daemon.service @@ -80,29 +88,6 @@ state: started daemon_reload: true -- name: Setup auth directory for git - ansible.builtin.file: - path: /etc/nginx/auth/git - state: directory - owner: root - group: root - mode: u+rw,g+r,o+r - -# Alternative approach is to use community.general.htpasswd module to manage -# .htpasswd file. Unfortunetly, there are couple of drawbacks: -# * Target systems should have passlib Python library installed. -# * Passwords might leak in the Ansible debug output, or even non-debug -# without no_log. -# Seems like managing good old file is more convenient at the moment. - -- name: Copy git .htpasswd file to manage HTTP passwords - ansible.builtin.copy: - src: files/htpasswd - dest: /etc/nginx/auth/git/.htpasswd - owner: root - group: root - mode: u+rw,g+rw,o+r - - name: Copy git.conf to handle git HTTP requests ansible.builtin.copy: src: files/git.conf @@ -141,5 +126,3 @@ owner: git group: git mode: u+rwx,g-rwx,o-rwx - -# TODO: figure out proper permissions to fix HTTP protocol push. diff --git a/roles/go/tasks/main.yml b/roles/go/tasks/main.yml new file mode 100644 index 0000000..0df6723 --- /dev/null +++ b/roles/go/tasks/main.yml @@ -0,0 +1,11 @@ +- name: Install go + ansible.builtin.package: + name: + - go + state: present + +- name: Configure go for Dmitry Ilvokhin + ansible.builtin.include_role: + name: goenv + tags: + - dotfiles diff --git a/roles/goenv/defaults/main.yml b/roles/goenv/defaults/main.yml new file mode 100644 index 0000000..a25f252 --- /dev/null +++ b/roles/goenv/defaults/main.yml @@ -0,0 +1,3 @@ +goenv_user: d +goenv_group: d +goenv_homedir: /home/{{ goenv_user }} diff --git a/roles/goenv/tasks/main.yml b/roles/goenv/tasks/main.yml new file mode 100644 index 0000000..312a72c --- /dev/null +++ b/roles/goenv/tasks/main.yml @@ -0,0 +1,33 @@ +- name: Set go config directory for macOS + ansible.builtin.set_fact: + goenv_conf_dir: '{{ goenv_homedir }}/Library/Application Support/go' + when: ansible_os_family == "Darwin" + tags: + - dotfiles + +- name: Set go config directory for Linux + ansible.builtin.set_fact: + goenv_conf_dir: '{{ goenv_homedir }}/.config/go' + when: ansible_os_family != "Darwin" + tags: + - dotfiles + +- name: Create go config directory + ansible.builtin.file: + path: '{{ goenv_conf_dir }}' + state: directory + owner: '{{ goenv_user }}' + group: '{{ goenv_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Configure go enviroment + ansible.builtin.template: + src: misc/dotfiles/goenv.j2 + dest: '{{ goenv_conf_dir }}/env' + owner: '{{ goenv_user }}' + group: '{{ goenv_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/irssi/tasks/main.yml b/roles/irssi/tasks/main.yml index aa19917..a86b376 100644 --- a/roles/irssi/tasks/main.yml +++ b/roles/irssi/tasks/main.yml @@ -4,40 +4,8 @@ - irssi state: present -- name: Setup irssi directory for Dmitry Ilvokhin - ansible.builtin.file: - path: /home/d/.irssi - state: directory - owner: d - group: d - mode: u+rw,g-wx,o-rwx - tags: - - dotfiles - -- name: Configure irssi for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/irssi/config - dest: /home/d/.irssi/config - owner: d - mode: u+rw,g-rw,o-rw - tags: - - dotfiles - -- name: Setup irssi certs directory for Dmitry Ilvokhin - ansible.builtin.file: - path: /home/d/.irssi/certs - state: directory - owner: d - group: d - mode: u+rw,g-wx,o-rwx - tags: - - dotfiles - - name: Configure irssi for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/irssi/certs/ilvokhin.pem - dest: /home/d/.irssi/certs/ilvokhin.pem - owner: d - mode: u+rw,g-rw,o-rw + ansible.builtin.include_role: + name: irssiconf tags: - dotfiles diff --git a/roles/irssiconf/defaults/main.yml b/roles/irssiconf/defaults/main.yml new file mode 100644 index 0000000..3923cef --- /dev/null +++ b/roles/irssiconf/defaults/main.yml @@ -0,0 +1,3 @@ +irssiconf_user: d +irssiconf_group: d +irssiconf_homedir: /home/{{ irssiconf_user }} diff --git a/roles/irssiconf/tasks/main.yml b/roles/irssiconf/tasks/main.yml new file mode 100644 index 0000000..6a07ac5 --- /dev/null +++ b/roles/irssiconf/tasks/main.yml @@ -0,0 +1,39 @@ +- name: Setup irssi configuration directory + ansible.builtin.file: + path: '{{ irssiconf_homedir }}/.irssi' + state: directory + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Copy irssi configuration + ansible.builtin.copy: + src: misc/dotfiles/irssi/config + dest: '{{ irssiconf_homedir }}/.irssi/config' + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Setup irssi certs directory + ansible.builtin.file: + path: '{{ irssiconf_homedir }}/.irssi/certs' + state: directory + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Copy irssi auth certificates + ansible.builtin.copy: + src: misc/dotfiles/irssi/certs/ilvokhin.pem + dest: '{{ irssiconf_homedir }}/.irssi/certs/ilvokhin.pem' + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles diff --git a/roles/mutt/tasks/main.yml b/roles/mutt/tasks/main.yml index 6cabca1..91dbe90 100644 --- a/roles/mutt/tasks/main.yml +++ b/roles/mutt/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure mutt for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/muttrc - dest: /home/d/.muttrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: muttrc tags: - dotfiles diff --git a/roles/muttrc/defaults/main.yml b/roles/muttrc/defaults/main.yml new file mode 100644 index 0000000..fd50f86 --- /dev/null +++ b/roles/muttrc/defaults/main.yml @@ -0,0 +1,3 @@ +muttrc_user: d +muttrc_group: d +muttrc_homedir: /home/{{ muttrc_user }} diff --git a/roles/muttrc/tasks/main.yml b/roles/muttrc/tasks/main.yml new file mode 100644 index 0000000..55ac10a --- /dev/null +++ b/roles/muttrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy muttrc to home directory + ansible.builtin.copy: + src: misc/dotfiles/muttrc + dest: '{{ muttrc_homedir }}/.muttrc' + owner: '{{ muttrc_user }}' + group: '{{ muttrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/screen/defaults/main.yml b/roles/screen/defaults/main.yml deleted file mode 100644 index 7ea2a66..0000000 --- a/roles/screen/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -jumphost: false diff --git a/roles/screen/tasks/main.yml b/roles/screen/tasks/main.yml index 9affbea..c4f0cc7 100644 --- a/roles/screen/tasks/main.yml +++ b/roles/screen/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure screen for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/screenrc.j2 - dest: /home/d/.screenrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: screenrc tags: - dotfiles diff --git a/roles/screenrc/defaults/main.yml b/roles/screenrc/defaults/main.yml new file mode 100644 index 0000000..fe62928 --- /dev/null +++ b/roles/screenrc/defaults/main.yml @@ -0,0 +1,4 @@ +screenrc_user: d +screenrc_group: d +screenrc_homedir: /home/{{ screenrc_user }} +screenrc_jumphost: '{{ jumphost }}' diff --git a/roles/screenrc/tasks/main.yml b/roles/screenrc/tasks/main.yml new file mode 100644 index 0000000..fc67feb --- /dev/null +++ b/roles/screenrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Template screenrc to home directory + ansible.builtin.template: + src: misc/dotfiles/screenrc.j2 + dest: '{{ screenrc_homedir }}/.screenrc' + owner: '{{ screenrc_user }}' + group: '{{ screenrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml deleted file mode 100644 index 7ea2a66..0000000 --- a/roles/ssh/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -jumphost: false diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 1ac5c99..fb1e8ca 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -19,23 +19,7 @@ - dotfiles - name: Configure ssh for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/ssh/config.j2 - dest: /home/d/.ssh/config - owner: d - mode: u+rw,g-rw,o-rw - when: - - jumphost - tags: - - dotfiles - -- name: Add ssh rc for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/ssh/rc - dest: /home/d/.ssh/rc - owner: d - mode: u+rwx,g-rw,o-rw - when: - - jumphost + ansible.builtin.include_role: + name: sshconfig tags: - dotfiles diff --git a/roles/sshconfig/defaults/main.yml b/roles/sshconfig/defaults/main.yml new file mode 100644 index 0000000..823f290 --- /dev/null +++ b/roles/sshconfig/defaults/main.yml @@ -0,0 +1,4 @@ +sshconfig_user: d +sshconfig_group: d +sshconfig_homedir: /home/{{ sshconfig_user }} +sshconfig_jumphost: '{{ jumphost }}' diff --git a/roles/sshconfig/tasks/main.yml b/roles/sshconfig/tasks/main.yml new file mode 100644 index 0000000..a4ced5e --- /dev/null +++ b/roles/sshconfig/tasks/main.yml @@ -0,0 +1,31 @@ +- name: Setup ssh directory + ansible.builtin.file: + path: '{{ sshconfig_homedir }}/.ssh' + state: directory + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Template ssh config to home directory + ansible.builtin.template: + src: misc/dotfiles/ssh/config.j2 + dest: '{{ sshconfig_homedir }}/.ssh/config' + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Copy ssh rc to home directory + ansible.builtin.copy: + src: misc/dotfiles/ssh/rc + dest: '{{ sshconfig_homedir }}/.ssh/rc' + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rwx,g-rw,o-rw + when: + - sshconfig_jumphost + tags: + - dotfiles diff --git a/roles/vim/tasks/main.yml b/roles/vim/tasks/main.yml index cd0fcc6..e174c58 100644 --- a/roles/vim/tasks/main.yml +++ b/roles/vim/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure vim for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/vimrc - dest: /home/d/.vimrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: vimrc tags: - dotfiles diff --git a/roles/vimrc/defaults/main.yml b/roles/vimrc/defaults/main.yml new file mode 100644 index 0000000..720d9a5 --- /dev/null +++ b/roles/vimrc/defaults/main.yml @@ -0,0 +1,3 @@ +vimrc_user: d +vimrc_group: d +vimrc_homedir: /home/{{ vimrc_user }} diff --git a/roles/vimrc/tasks/main.yml b/roles/vimrc/tasks/main.yml new file mode 100644 index 0000000..d5559e4 --- /dev/null +++ b/roles/vimrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy vimrc to home directory + ansible.builtin.copy: + src: misc/dotfiles/vimrc + dest: '{{ vimrc_homedir }}/.vimrc' + owner: '{{ vimrc_user }}' + group: '{{ vimrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/wgconfig/defaults/main.yml b/roles/wgconfig/defaults/main.yml new file mode 100644 index 0000000..0d5634b --- /dev/null +++ b/roles/wgconfig/defaults/main.yml @@ -0,0 +1,3 @@ +wgconfig_user: d +wgconfig_group: d +wgconfig_homedir: /home/{{ wgconfig_user }} diff --git a/roles/wgconfig/tasks/main.yml b/roles/wgconfig/tasks/main.yml new file mode 100644 index 0000000..9ece687 --- /dev/null +++ b/roles/wgconfig/tasks/main.yml @@ -0,0 +1,35 @@ +- name: Setup wireguard config directory + ansible.builtin.file: + path: '{{ wgconfig_homedir }}/.wireguard' + state: directory + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Copy wireguard config files to home directory + ansible.builtin.copy: + src: misc/dotfiles/wireguard/{{ item }} + dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}' + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rw,g-rw,o-rw + loop: + - wgvpn0.conf + - wgtor0.conf + tags: + - dotfiles + +- name: Copy wireguard scripts to home directory + ansible.builtin.copy: + src: misc/dotfiles/wireguard/{{ item }} + dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}' + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rwx,g-rw,o-rw + loop: + - onion-dns-up.sh + - onion-dns-down.sh + tags: + - dotfiles diff --git a/roles/wgtor/templates/wgtor0.conf.j2 b/roles/wgtor/templates/wgtor0.conf.j2 index 5d72891..6acb081 100644 --- a/roles/wgtor/templates/wgtor0.conf.j2 +++ b/roles/wgtor/templates/wgtor0.conf.j2 @@ -16,7 +16,7 @@ PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 5353 -j REDIRECT - PostDown = iptables -t nat -D PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 PostDown = iptables -t nat -D OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 -# earth +# silver [Peer] PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU= AllowedIPs = 10.0.2.2/32 diff --git a/roles/wgvpn/templates/wgvpn0.conf.j2 b/roles/wgvpn/templates/wgvpn0.conf.j2 index c56e1c2..d70832c 100644 --- a/roles/wgvpn/templates/wgvpn0.conf.j2 +++ b/roles/wgvpn/templates/wgvpn0.conf.j2 @@ -11,7 +11,7 @@ PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -D FORWARD -o %i -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -# earth +# silver [Peer] PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU= AllowedIPs = 10.0.1.2/32 @@ -25,3 +25,23 @@ AllowedIPs = 10.0.1.3/32 [Peer] PublicKey = d/sd0Z3ynpZxDbihzaXEpepLNSNfWFuKNSurAC1Y9V0= AllowedIPs = 10.0.1.4/32 + +# night +[Peer] +PublicKey = kEvIEmUvjv12uWdwKpU89Y8yiWsVKLmoZOeKVVqDEhk= +AllowedIPs = 10.0.1.5/32 + +# natalia +[Peer] +PublicKey = YpVI+MRoivY3HvqtJU1tZth61jjKl1Vg+7WSs7+vmRc= +AllowedIPs = 10.0.1.6/32 + +# vitaly +[Peer] +PublicKey = 6DMNcDWXZw6VxEjbxWnSeDPz1FEju1lmPrMYweSDygE= +AllowedIPs = 10.0.1.7/32 + +# nastya +[Peer] +PublicKey = jZYCWdpKTrQ8LvM0IhGGH35dERGXZEzcq9Sa3EJ9txk= +AllowedIPs = 10.0.1.8/32 |