diff options
Diffstat (limited to 'roles')
43 files changed, 450 insertions, 219 deletions
diff --git a/roles/bash/tasks/main.yml b/roles/bash/tasks/main.yml index 6d61ed3..7a09047 100644 --- a/roles/bash/tasks/main.yml +++ b/roles/bash/tasks/main.yml @@ -5,21 +5,7 @@ state: present - name: Configure bash for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/bashrc.j2 - dest: /home/d/.bashrc - owner: d - group: d - mode: u+rw,g+r,o+r - tags: - - dotfiles - -- name: Add bash_profile for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/bash_profile - dest: /home/d/.bash_profile - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: bashrc tags: - dotfiles diff --git a/roles/bashrc/defaults/main.yml b/roles/bashrc/defaults/main.yml new file mode 100644 index 0000000..50ff004 --- /dev/null +++ b/roles/bashrc/defaults/main.yml @@ -0,0 +1,3 @@ +bashrc_user: d +bashrc_group: d +bashrc_homedir: /home/{{ bashrc_user }} diff --git a/roles/bashrc/tasks/main.yml b/roles/bashrc/tasks/main.yml new file mode 100644 index 0000000..17615bd --- /dev/null +++ b/roles/bashrc/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Copy bash_profile to home directory + ansible.builtin.copy: + src: misc/dotfiles/bash_profile + dest: '{{ bashrc_homedir }}/.bash_profile' + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles + +- name: Template bashrc to home directory + ansible.builtin.template: + src: misc/dotfiles/bashrc.j2 + dest: '{{ bashrc_homedir }}/.bashrc' + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles + +- name: Disable session save/restore mechanism + ansible.builtin.file: + path: '{{ bashrc_homedir }}/.bash_sessions_disable' + state: touch + owner: '{{ bashrc_user }}' + group: '{{ bashrc_group }}' + mode: u+rw,g+r,o+r + when: ansible_os_family == "Darwin" + tags: + - dotfiles diff --git a/roles/cgit/files/cgitrc b/roles/cgit/files/cgitrc index bb6c2db..859fc58 100644 --- a/roles/cgit/files/cgitrc +++ b/roles/cgit/files/cgitrc @@ -4,7 +4,7 @@ cache-size=1000 # Specify some default clone urls using macro expansion. -clone-url=git://git.ilvokhin.com/$CGIT_REPO_URL git@git.ilvokhin.com:$CGIT_REPO_URL +clone-url=https://git.ilvokhin.com/$CGIT_REPO_URL git://git.ilvokhin.com/$CGIT_REPO_URL git@git.ilvokhin.com:$CGIT_REPO_URL # Show owner on index page. enable-index-owner=0 @@ -59,3 +59,13 @@ repo.desc=Ansible playbooks for personal infrastructure. repo.url=flatbot.git repo.path=/srv/git/flatbot.git repo.desc=Telegram notification tool for rightmove.co.uk URLs. + +# Histogram. +repo.url=histogram.git +repo.path=/srv/git/histogram.git +repo.desc=CLI tool to generate text histograms. + +# Misc. +repo.url=misc.git +repo.path=/srv/git/misc.git +repo.desc=Miscellaneous code that is useful to have around. diff --git a/roles/dev/meta/main.yml b/roles/dev/meta/main.yml index ea00667..e212daa 100644 --- a/roles/dev/meta/main.yml +++ b/roles/dev/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: gdb - role: git - role: vim + - role: go diff --git a/roles/dev/tasks/main.yml b/roles/dev/tasks/main.yml index 4808447..4f4231e 100644 --- a/roles/dev/tasks/main.yml +++ b/roles/dev/tasks/main.yml @@ -4,7 +4,6 @@ - gcc - clang - python - - go - perf - autoconf - make diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index d791c8b..cec3b6e 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -1,3 +1,4 @@ -user: d -homedir: /home/{{ user }} -jumphost: false +dotfiles_user: d +dotfiles_group: d +dotfiles_homedir: /home/{{ dotfiles_user }} +dotfiles_jumphost: false diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 17228a5..73c9a90 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -13,16 +13,12 @@ failed_when: false register: has_bash - - name: Copy bash_profile to home directory - ansible.builtin.copy: - src: misc/dotfiles/bash_profile - dest: '{{ homedir }}/.bash_profile' - when: has_bash.rc == 0 - - - name: Template bashrc to home directory - ansible.builtin.template: - src: misc/dotfiles/bashrc.j2 - dest: '{{ homedir }}/.bashrc' + - ansible.builtin.include_role: + name: bashrc + vars: + bashrc_user: '{{ dotfiles_user }}' + bashrc_group: '{{ dotfiles_group }}' + bashrc_homedir: '{{ dotfiles_homedir }}' when: has_bash.rc == 0 - name: Configure vim if installed @@ -34,10 +30,12 @@ failed_when: false register: has_vim - - name: Copy vimrc to home directory - ansible.builtin.copy: - src: misc/dotfiles/vimrc - dest: '{{ homedir }}/.vimrc' + - ansible.builtin.include_role: + name: vimrc + vars: + vimrc_user: '{{ dotfiles_user }}' + vimrc_group: '{{ dotfiles_group }}' + vimrc_homedir: '{{ dotfiles_homedir }}' when: has_vim.rc == 0 - name: Configure screen if installed @@ -49,10 +47,13 @@ failed_when: false register: has_screen - - name: Template screenrc to home directory - ansible.builtin.template: - src: misc/dotfiles/screenrc.j2 - dest: '{{ homedir }}/.screenrc' + - ansible.builtin.include_role: + name: screenrc + vars: + screenrc_user: '{{ dotfiles_user }}' + screenrc_group: '{{ dotfiles_group }}' + screenrc_homedir: '{{ dotfiles_homedir }}' + screenrc_jumphost: '{{ dotfiles_jumphost }}' when: has_screen.rc == 0 - name: Configure ssh if installed @@ -64,31 +65,37 @@ failed_when: false register: has_ssh - - name: Setup ssh directory - ansible.builtin.file: - path: '{{ user }}/.ssh' - state: directory - owner: '{{ user }}' - mode: u+rw,g-rw,o-rw + - ansible.builtin.include_role: + name: sshconfig + vars: + sshconfig_user: '{{ dotfiles_user }}' + sshconfig_group: '{{ dotfiles_group }}' + sshconfig_homedir: '{{ dotfiles_homedir }}' + sshconfig_jumphost: '{{ dotfiles_jumphost }}' when: has_ssh.rc == 0 - - name: Template ssh config to home directory - ansible.builtin.template: - src: misc/dotfiles/ssh/config.j2 - dest: '{{ homedir }}/.ssh/config' - owner: '{{ user }}' - mode: u+rw,g-rw,o-rw - when: has_ssh.rc == 0 +- name: Configure wireguard if installed + tags: wireguard + block: + - name: Check if wireguard is installed + ansible.builtin.command: wg --version + changed_when: false + failed_when: false + register: has_wireguard - - name: Copy ssh rc to home directory - ansible.builtin.copy: - src: misc/dotfiles/ssh/rc - dest: '{{ homedir }}/.ssh/rc' - owner: '{{ user }}' - mode: u+rwx,g-rw,o-rw - when: - - has_ssh.rc == 0 - - jumphost + - name: Get actual hostname + ansible.builtin.command: hostname + changed_when: false + failed_when: false + register: hostname + + - ansible.builtin.include_role: + name: wgconfig + vars: + wgconfig_user: '{{ dotfiles_user }}' + wgconfig_group: '{{ dotfiles_group }}' + wgconfig_homedir: '{{ dotfiles_homedir }}' + when: has_wireguard.rc == 0 and hostname.stdout == "silver" - name: Configure git if installed tags: git @@ -99,13 +106,12 @@ failed_when: false register: has_git - - name: Copy git config files to home directory - ansible.builtin.copy: - src: misc/dotfiles/{{ item }} - dest: '{{ homedir }}/.{{ item }}' - loop: - - gitconfig - - gitignore + - ansible.builtin.include_role: + name: gitconfig + vars: + gitconfig_user: '{{ dotfiles_user }}' + gitconfig_group: '{{ dotfiles_group }}' + gitconfig_homedir: '{{ dotfiles_homedir }}' when: has_git.rc == 0 - name: Configure gdb if installed @@ -117,10 +123,12 @@ failed_when: false register: has_gdb - - name: Copy gdbinit to home directory - ansible.builtin.copy: - src: misc/dotfiles/gdbinit - dest: '{{ homedir }}/.gdbinit' + - ansible.builtin.include_role: + name: gdbinit + vars: + gdbinit_user: '{{ dotfiles_user }}' + gdbinit_group: '{{ dotfiles_group }}' + gdbinit_homedir: '{{ dotfiles_homedir }}' when: has_gdb.rc == 0 - name: Configure mutt if installed @@ -132,12 +140,31 @@ failed_when: false register: has_mutt - - name: Copy muttrc to home directory - ansible.builtin.copy: - src: misc/dotfiles/muttrc - dest: '{{ homedir }}/.muttrc' + - ansible.builtin.include_role: + name: muttrc + vars: + muttrc_user: '{{ dotfiles_user }}' + muttrc_group: '{{ dotfiles_group }}' + muttrc_homedir: '{{ dotfiles_homedir }}' when: has_mutt.rc == 0 +- name: Configure go if installed + tags: go + block: + - name: Check if go is installed + ansible.builtin.command: go version + changed_when: false + failed_when: false + register: has_go + + - ansible.builtin.include_role: + name: goenv + vars: + goenv_user: '{{ dotfiles_user }}' + goenv_group: '{{ dotfiles_group }}' + goenv_homedir: '{{ dotfiles_homedir }}' + when: has_go.rc == 0 + - name: Copy templates files if necessary tags: templates block: @@ -155,19 +182,36 @@ - name: Setup templates directory ansible.builtin.file: - path: '{{ homedir }}/.templates' + path: '{{ dotfiles_homedir }}/.templates' state: directory - owner: '{{ user }}' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_cpp.rc == 0 or has_python.rc == 0 - name: Copy template.cpp to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.cpp - dest: '{{ homedir }}/.templates/template.cpp' + dest: '{{ dotfiles_homedir }}/.templates/template.cpp' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r + when: has_cpp.rc == 0 + + - name: Copy benchmark.cpp to home directory + ansible.builtin.copy: + src: misc/dotfiles/templates/benchmark.cpp + dest: '{{ dotfiles_homedir }}/.templates/benchmark.cpp' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_cpp.rc == 0 - name: Copy template.py to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.py - dest: '{{ homedir }}/.templates/template.py' + dest: '{{ dotfiles_homedir }}/.templates/template.py' + owner: '{{ dotfiles_user }}' + group: '{{ dotfiles_group }}' + mode: u+rw,g+r,o+r when: has_python.rc == 0 diff --git a/roles/dovecot/files/dovecot.conf b/roles/dovecot/files/dovecot.conf index 3271cbd..4c59141 100644 --- a/roles/dovecot/files/dovecot.conf +++ b/roles/dovecot/files/dovecot.conf @@ -1,15 +1,23 @@ +# Freeze configuration syntax. +dovecot_config_version = 2.4.0 + +# Freeze storage file format version. +dovecot_storage_version = 2.4.0 + # Protocols we want to be serving. protocols = imap pop3 lmtp # Path to the mail directory. -mail_location = maildir:/var/mail/%d/%n/Maildir +mail_home = /var/mail/%{user | domain}/%{user | username} +mail_path = ~/Maildir +mail_driver = maildir # Path to SSL certificate files. -ssl_cert = </etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem -ssl_key = </etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem +ssl_server_cert_file = /etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem +ssl_server_key_file = /etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem # Disable plaintext authentication, only SSL is allowed. -disable_plaintext_auth = yes +auth_allow_cleartext = no service auth { # Postfix smtp-auth. @@ -42,7 +50,7 @@ service pop3-login { } } -namespace { +namespace inbox { inbox = yes separator = / @@ -69,14 +77,18 @@ namespace { } # Use separate passwd file for storing passwords. -passdb { - driver = passwd-file - args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd +passdb passwd-file { + default_password_scheme = SHA512-CRYPT + auth_username_format = %{user} + passwd_file_path = /etc/dovecot/passwd } # Use the same separate passwd file for user lookup. -userdb { - driver = passwd-file - args = username_format=%u /etc/dovecot/passwd - override_fields = uid=vmail gid=vmail +userdb static { + auth_username_format = %{user} + passwd_file_path = /etc/dovecot/passwd + fields { + uid = vmail + gid = vmail + } } diff --git a/roles/gdb/tasks/main.yml b/roles/gdb/tasks/main.yml index 2cb5d08..51161b3 100644 --- a/roles/gdb/tasks/main.yml +++ b/roles/gdb/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure gdb for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/gdbinit - dest: /home/d/.gdbinit - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: gdbinit tags: - dotfiles diff --git a/roles/gdbinit/defaults/main.yml b/roles/gdbinit/defaults/main.yml new file mode 100644 index 0000000..10ee8a3 --- /dev/null +++ b/roles/gdbinit/defaults/main.yml @@ -0,0 +1,3 @@ +gdbinit_user: d +gdbinit_group: d +gdbinit_homedir: /home/{{ gdbinit_user }} diff --git a/roles/gdbinit/tasks/main.yml b/roles/gdbinit/tasks/main.yml new file mode 100644 index 0000000..32e22f5 --- /dev/null +++ b/roles/gdbinit/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy gdbinit to home directory + ansible.builtin.copy: + src: misc/dotfiles/gdbinit + dest: '{{ gdbinit_homedir }}/.gdbinit' + owner: '{{ gdbinit_user }}' + group: '{{ gdbinit_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index 1a465a7..cf9ed16 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -5,14 +5,7 @@ state: present - name: Configure git for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/{{ item }} - dest: /home/d/.{{ item }} - owner: d - group: d - mode: u+rw,g+r,o+r - loop: - - gitignore - - gitconfig + ansible.builtin.include_role: + name: gitconfig tags: - dotfiles diff --git a/roles/gitconfig/defaults/main.yml b/roles/gitconfig/defaults/main.yml new file mode 100644 index 0000000..b828ce7 --- /dev/null +++ b/roles/gitconfig/defaults/main.yml @@ -0,0 +1,3 @@ +gitconfig_user: d +gitconfig_group: d +gitconfig_homedir: /home/{{ gitconfig_user }} diff --git a/roles/gitconfig/tasks/main.yml b/roles/gitconfig/tasks/main.yml new file mode 100644 index 0000000..82f1095 --- /dev/null +++ b/roles/gitconfig/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Copy git config files to home directory + ansible.builtin.copy: + src: misc/dotfiles/{{ item }} + dest: '{{ gitconfig_homedir }}/.{{ item }}' + owner: '{{ gitconfig_user }}' + group: '{{ gitconfig_group }}' + mode: u+rw,g+r,o+r + loop: + - gitconfig + - gitignore + tags: + - dotfiles diff --git a/roles/gitserver/files/git.conf b/roles/gitserver/files/git.conf index 3d6d6a3..575d977 100644 --- a/roles/gitserver/files/git.conf +++ b/roles/gitserver/files/git.conf @@ -1,19 +1,13 @@ # Source: https://gist.github.com/kierdwyn/3745400e6a184f621b92 location ~ /.+/(info/refs|git-upload-pack|git-receive-pack) { - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/auth/git/.htpasswd; - # Set chunks to unlimited, as the body's can be huge. client_max_body_size 0; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT /srv/git; fastcgi_param PATH_INFO $uri; - # Forward REMOTE_USER as we want to know when we are authenticated. - fastcgi_param REMOTE_USER $remote_user; fastcgi_pass unix:/run/fcgiwrap.sock; } diff --git a/roles/gitserver/files/gitconfig b/roles/gitserver/files/gitconfig new file mode 100644 index 0000000..3209b9f --- /dev/null +++ b/roles/gitserver/files/gitconfig @@ -0,0 +1,2 @@ +[safe] + directory = /srv/git/* diff --git a/roles/gitserver/files/htpasswd b/roles/gitserver/files/htpasswd deleted file mode 100644 index 1402a2f..0000000 --- a/roles/gitserver/files/htpasswd +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61343632623939306230623762623761363339376231646232313165353432643830383064663066 -6163383831306632333339653130323764393166333464380a613264613935633336643734376161 -37643564663361646564376437663431343937663937656233323164393837626163386430643063 -6234633164303239310a663961373664666465353234373261633662653864633830336132316139 -33616333643963353630623866613765363131656137653561393733633361303138383662626364 -3930656564303830646333306666643262383263313939373266 diff --git a/roles/gitserver/tasks/main.yml b/roles/gitserver/tasks/main.yml index c007c6e..cdb7765 100644 --- a/roles/gitserver/tasks/main.yml +++ b/roles/gitserver/tasks/main.yml @@ -65,6 +65,14 @@ group: git mode: u+rwx,g+r,o+r +- name: Configure git system-wide + ansible.builtin.copy: + src: files/gitconfig + dest: /etc/gitconfig + owner: git + group: git + mode: u+rwx,g+r,o+r + - name: Configure git-daemon systemd service ansible.builtin.copy: src: files/git-daemon.service @@ -80,29 +88,6 @@ state: started daemon_reload: true -- name: Setup auth directory for git - ansible.builtin.file: - path: /etc/nginx/auth/git - state: directory - owner: root - group: root - mode: u+rw,g+r,o+r - -# Alternative approach is to use community.general.htpasswd module to manage -# .htpasswd file. Unfortunetly, there are couple of drawbacks: -# * Target systems should have passlib Python library installed. -# * Passwords might leak in the Ansible debug output, or even non-debug -# without no_log. -# Seems like managing good old file is more convenient at the moment. - -- name: Copy git .htpasswd file to manage HTTP passwords - ansible.builtin.copy: - src: files/htpasswd - dest: /etc/nginx/auth/git/.htpasswd - owner: root - group: root - mode: u+rw,g+rw,o+r - - name: Copy git.conf to handle git HTTP requests ansible.builtin.copy: src: files/git.conf @@ -141,5 +126,3 @@ owner: git group: git mode: u+rwx,g-rwx,o-rwx - -# TODO: figure out proper permissions to fix HTTP protocol push. diff --git a/roles/go/tasks/main.yml b/roles/go/tasks/main.yml new file mode 100644 index 0000000..0df6723 --- /dev/null +++ b/roles/go/tasks/main.yml @@ -0,0 +1,11 @@ +- name: Install go + ansible.builtin.package: + name: + - go + state: present + +- name: Configure go for Dmitry Ilvokhin + ansible.builtin.include_role: + name: goenv + tags: + - dotfiles diff --git a/roles/goenv/defaults/main.yml b/roles/goenv/defaults/main.yml new file mode 100644 index 0000000..a25f252 --- /dev/null +++ b/roles/goenv/defaults/main.yml @@ -0,0 +1,3 @@ +goenv_user: d +goenv_group: d +goenv_homedir: /home/{{ goenv_user }} diff --git a/roles/goenv/tasks/main.yml b/roles/goenv/tasks/main.yml new file mode 100644 index 0000000..312a72c --- /dev/null +++ b/roles/goenv/tasks/main.yml @@ -0,0 +1,33 @@ +- name: Set go config directory for macOS + ansible.builtin.set_fact: + goenv_conf_dir: '{{ goenv_homedir }}/Library/Application Support/go' + when: ansible_os_family == "Darwin" + tags: + - dotfiles + +- name: Set go config directory for Linux + ansible.builtin.set_fact: + goenv_conf_dir: '{{ goenv_homedir }}/.config/go' + when: ansible_os_family != "Darwin" + tags: + - dotfiles + +- name: Create go config directory + ansible.builtin.file: + path: '{{ goenv_conf_dir }}' + state: directory + owner: '{{ goenv_user }}' + group: '{{ goenv_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Configure go enviroment + ansible.builtin.template: + src: misc/dotfiles/goenv.j2 + dest: '{{ goenv_conf_dir }}/env' + owner: '{{ goenv_user }}' + group: '{{ goenv_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/irssi/tasks/main.yml b/roles/irssi/tasks/main.yml index aa19917..a86b376 100644 --- a/roles/irssi/tasks/main.yml +++ b/roles/irssi/tasks/main.yml @@ -4,40 +4,8 @@ - irssi state: present -- name: Setup irssi directory for Dmitry Ilvokhin - ansible.builtin.file: - path: /home/d/.irssi - state: directory - owner: d - group: d - mode: u+rw,g-wx,o-rwx - tags: - - dotfiles - -- name: Configure irssi for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/irssi/config - dest: /home/d/.irssi/config - owner: d - mode: u+rw,g-rw,o-rw - tags: - - dotfiles - -- name: Setup irssi certs directory for Dmitry Ilvokhin - ansible.builtin.file: - path: /home/d/.irssi/certs - state: directory - owner: d - group: d - mode: u+rw,g-wx,o-rwx - tags: - - dotfiles - - name: Configure irssi for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/irssi/certs/ilvokhin.pem - dest: /home/d/.irssi/certs/ilvokhin.pem - owner: d - mode: u+rw,g-rw,o-rw + ansible.builtin.include_role: + name: irssiconf tags: - dotfiles diff --git a/roles/irssiconf/defaults/main.yml b/roles/irssiconf/defaults/main.yml new file mode 100644 index 0000000..3923cef --- /dev/null +++ b/roles/irssiconf/defaults/main.yml @@ -0,0 +1,3 @@ +irssiconf_user: d +irssiconf_group: d +irssiconf_homedir: /home/{{ irssiconf_user }} diff --git a/roles/irssiconf/tasks/main.yml b/roles/irssiconf/tasks/main.yml new file mode 100644 index 0000000..6a07ac5 --- /dev/null +++ b/roles/irssiconf/tasks/main.yml @@ -0,0 +1,39 @@ +- name: Setup irssi configuration directory + ansible.builtin.file: + path: '{{ irssiconf_homedir }}/.irssi' + state: directory + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Copy irssi configuration + ansible.builtin.copy: + src: misc/dotfiles/irssi/config + dest: '{{ irssiconf_homedir }}/.irssi/config' + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Setup irssi certs directory + ansible.builtin.file: + path: '{{ irssiconf_homedir }}/.irssi/certs' + state: directory + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles + +- name: Copy irssi auth certificates + ansible.builtin.copy: + src: misc/dotfiles/irssi/certs/ilvokhin.pem + dest: '{{ irssiconf_homedir }}/.irssi/certs/ilvokhin.pem' + owner: '{{ irssiconf_user }}' + group: '{{ irssiconf_group }}' + mode: u+rw,g-wx,o-rwx + tags: + - dotfiles diff --git a/roles/mutt/tasks/main.yml b/roles/mutt/tasks/main.yml index 6cabca1..91dbe90 100644 --- a/roles/mutt/tasks/main.yml +++ b/roles/mutt/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure mutt for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/muttrc - dest: /home/d/.muttrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: muttrc tags: - dotfiles diff --git a/roles/muttrc/defaults/main.yml b/roles/muttrc/defaults/main.yml new file mode 100644 index 0000000..fd50f86 --- /dev/null +++ b/roles/muttrc/defaults/main.yml @@ -0,0 +1,3 @@ +muttrc_user: d +muttrc_group: d +muttrc_homedir: /home/{{ muttrc_user }} diff --git a/roles/muttrc/tasks/main.yml b/roles/muttrc/tasks/main.yml new file mode 100644 index 0000000..55ac10a --- /dev/null +++ b/roles/muttrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy muttrc to home directory + ansible.builtin.copy: + src: misc/dotfiles/muttrc + dest: '{{ muttrc_homedir }}/.muttrc' + owner: '{{ muttrc_user }}' + group: '{{ muttrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/screen/defaults/main.yml b/roles/screen/defaults/main.yml deleted file mode 100644 index 7ea2a66..0000000 --- a/roles/screen/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -jumphost: false diff --git a/roles/screen/tasks/main.yml b/roles/screen/tasks/main.yml index 9affbea..c4f0cc7 100644 --- a/roles/screen/tasks/main.yml +++ b/roles/screen/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure screen for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/screenrc.j2 - dest: /home/d/.screenrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: screenrc tags: - dotfiles diff --git a/roles/screenrc/defaults/main.yml b/roles/screenrc/defaults/main.yml new file mode 100644 index 0000000..fe62928 --- /dev/null +++ b/roles/screenrc/defaults/main.yml @@ -0,0 +1,4 @@ +screenrc_user: d +screenrc_group: d +screenrc_homedir: /home/{{ screenrc_user }} +screenrc_jumphost: '{{ jumphost }}' diff --git a/roles/screenrc/tasks/main.yml b/roles/screenrc/tasks/main.yml new file mode 100644 index 0000000..fc67feb --- /dev/null +++ b/roles/screenrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Template screenrc to home directory + ansible.builtin.template: + src: misc/dotfiles/screenrc.j2 + dest: '{{ screenrc_homedir }}/.screenrc' + owner: '{{ screenrc_user }}' + group: '{{ screenrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml deleted file mode 100644 index 7ea2a66..0000000 --- a/roles/ssh/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -jumphost: false diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 1ac5c99..fb1e8ca 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -19,23 +19,7 @@ - dotfiles - name: Configure ssh for Dmitry Ilvokhin - ansible.builtin.template: - src: misc/dotfiles/ssh/config.j2 - dest: /home/d/.ssh/config - owner: d - mode: u+rw,g-rw,o-rw - when: - - jumphost - tags: - - dotfiles - -- name: Add ssh rc for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/ssh/rc - dest: /home/d/.ssh/rc - owner: d - mode: u+rwx,g-rw,o-rw - when: - - jumphost + ansible.builtin.include_role: + name: sshconfig tags: - dotfiles diff --git a/roles/sshconfig/defaults/main.yml b/roles/sshconfig/defaults/main.yml new file mode 100644 index 0000000..823f290 --- /dev/null +++ b/roles/sshconfig/defaults/main.yml @@ -0,0 +1,4 @@ +sshconfig_user: d +sshconfig_group: d +sshconfig_homedir: /home/{{ sshconfig_user }} +sshconfig_jumphost: '{{ jumphost }}' diff --git a/roles/sshconfig/tasks/main.yml b/roles/sshconfig/tasks/main.yml new file mode 100644 index 0000000..a4ced5e --- /dev/null +++ b/roles/sshconfig/tasks/main.yml @@ -0,0 +1,31 @@ +- name: Setup ssh directory + ansible.builtin.file: + path: '{{ sshconfig_homedir }}/.ssh' + state: directory + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Template ssh config to home directory + ansible.builtin.template: + src: misc/dotfiles/ssh/config.j2 + dest: '{{ sshconfig_homedir }}/.ssh/config' + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Copy ssh rc to home directory + ansible.builtin.copy: + src: misc/dotfiles/ssh/rc + dest: '{{ sshconfig_homedir }}/.ssh/rc' + owner: '{{ sshconfig_user }}' + group: '{{ sshconfig_group }}' + mode: u+rwx,g-rw,o-rw + when: + - sshconfig_jumphost + tags: + - dotfiles diff --git a/roles/vim/tasks/main.yml b/roles/vim/tasks/main.yml index cd0fcc6..e174c58 100644 --- a/roles/vim/tasks/main.yml +++ b/roles/vim/tasks/main.yml @@ -5,11 +5,7 @@ state: present - name: Configure vim for Dmitry Ilvokhin - ansible.builtin.copy: - src: misc/dotfiles/vimrc - dest: /home/d/.vimrc - owner: d - group: d - mode: u+rw,g+r,o+r + ansible.builtin.include_role: + name: vimrc tags: - dotfiles diff --git a/roles/vimrc/defaults/main.yml b/roles/vimrc/defaults/main.yml new file mode 100644 index 0000000..720d9a5 --- /dev/null +++ b/roles/vimrc/defaults/main.yml @@ -0,0 +1,3 @@ +vimrc_user: d +vimrc_group: d +vimrc_homedir: /home/{{ vimrc_user }} diff --git a/roles/vimrc/tasks/main.yml b/roles/vimrc/tasks/main.yml new file mode 100644 index 0000000..d5559e4 --- /dev/null +++ b/roles/vimrc/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Copy vimrc to home directory + ansible.builtin.copy: + src: misc/dotfiles/vimrc + dest: '{{ vimrc_homedir }}/.vimrc' + owner: '{{ vimrc_user }}' + group: '{{ vimrc_group }}' + mode: u+rw,g+r,o+r + tags: + - dotfiles diff --git a/roles/wgconfig/defaults/main.yml b/roles/wgconfig/defaults/main.yml new file mode 100644 index 0000000..0d5634b --- /dev/null +++ b/roles/wgconfig/defaults/main.yml @@ -0,0 +1,3 @@ +wgconfig_user: d +wgconfig_group: d +wgconfig_homedir: /home/{{ wgconfig_user }} diff --git a/roles/wgconfig/tasks/main.yml b/roles/wgconfig/tasks/main.yml new file mode 100644 index 0000000..9ece687 --- /dev/null +++ b/roles/wgconfig/tasks/main.yml @@ -0,0 +1,35 @@ +- name: Setup wireguard config directory + ansible.builtin.file: + path: '{{ wgconfig_homedir }}/.wireguard' + state: directory + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rw,g-rw,o-rw + tags: + - dotfiles + +- name: Copy wireguard config files to home directory + ansible.builtin.copy: + src: misc/dotfiles/wireguard/{{ item }} + dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}' + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rw,g-rw,o-rw + loop: + - wgvpn0.conf + - wgtor0.conf + tags: + - dotfiles + +- name: Copy wireguard scripts to home directory + ansible.builtin.copy: + src: misc/dotfiles/wireguard/{{ item }} + dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}' + owner: '{{ wgconfig_user }}' + group: '{{ wgconfig_group }}' + mode: u+rwx,g-rw,o-rw + loop: + - onion-dns-up.sh + - onion-dns-down.sh + tags: + - dotfiles diff --git a/roles/wgtor/templates/wgtor0.conf.j2 b/roles/wgtor/templates/wgtor0.conf.j2 index 5d72891..6acb081 100644 --- a/roles/wgtor/templates/wgtor0.conf.j2 +++ b/roles/wgtor/templates/wgtor0.conf.j2 @@ -16,7 +16,7 @@ PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 5353 -j REDIRECT - PostDown = iptables -t nat -D PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 PostDown = iptables -t nat -D OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 -# earth +# silver [Peer] PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU= AllowedIPs = 10.0.2.2/32 diff --git a/roles/wgvpn/templates/wgvpn0.conf.j2 b/roles/wgvpn/templates/wgvpn0.conf.j2 index c56e1c2..d70832c 100644 --- a/roles/wgvpn/templates/wgvpn0.conf.j2 +++ b/roles/wgvpn/templates/wgvpn0.conf.j2 @@ -11,7 +11,7 @@ PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -D FORWARD -o %i -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -# earth +# silver [Peer] PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU= AllowedIPs = 10.0.1.2/32 @@ -25,3 +25,23 @@ AllowedIPs = 10.0.1.3/32 [Peer] PublicKey = d/sd0Z3ynpZxDbihzaXEpepLNSNfWFuKNSurAC1Y9V0= AllowedIPs = 10.0.1.4/32 + +# night +[Peer] +PublicKey = kEvIEmUvjv12uWdwKpU89Y8yiWsVKLmoZOeKVVqDEhk= +AllowedIPs = 10.0.1.5/32 + +# natalia +[Peer] +PublicKey = YpVI+MRoivY3HvqtJU1tZth61jjKl1Vg+7WSs7+vmRc= +AllowedIPs = 10.0.1.6/32 + +# vitaly +[Peer] +PublicKey = 6DMNcDWXZw6VxEjbxWnSeDPz1FEju1lmPrMYweSDygE= +AllowedIPs = 10.0.1.7/32 + +# nastya +[Peer] +PublicKey = jZYCWdpKTrQ8LvM0IhGGH35dERGXZEzcq9Sa3EJ9txk= +AllowedIPs = 10.0.1.8/32 |