admin/skato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 3 Releases Wiki Activity

Compare commits

base: admin:bd3029b914146af0a6110581ceda6457eec16315
Branches Tags
admin:main admin:streamlined_staging
...
compare: admin:e8b29bb8e806acee9a1e9d18d1bb00d14cff6726
Branches Tags
admin:streamlined_staging admin:main

11 Commits
bd3029b914 ... e8b29bb8e8

Author SHA1 Message Date
Alex Tavarez
e8b29bb8e8 added systemd unit for setting iptables rules using added script, added DSNet systemd unit 2026-06-19 19:22:21 -04:00
Alex Tavarez
aa8d61aa09 added attribute to reboot task to ignore errors; included variables file for configuring VPN, i.e. DSNet, service configuration 2026-06-19 19:21:09 -04:00
Alex Tavarez
2d6dcd3dab added attribute to reboot task to ignore errors; included variables file needed for VPN, i.e. DSNet, service configuration 2026-06-19 19:18:54 -04:00
Alex Tavarez
2c66c3bd43 removed tasks that were instead migrated to a role task included by a role handler 2026-06-19 19:17:24 -04:00
Alex Tavarez
20d1cd21a3 removed an empty line 2026-06-19 19:16:29 -04:00
Alex Tavarez
83fa171341 added task for grabbng software binary as software installation 2026-06-19 19:15:38 -04:00
Alex Tavarez
240efbb713 changed hardlink or actual destnation paths for software binaries, and used relative path for fetched secrets 2026-06-19 19:10:39 -04:00
Alex Tavarez
bcf9eaebc9 removed unnecessary copy task for a source file in managed node 2026-06-19 19:06:55 -04:00
Alex Tavarez
125ec09c8f migrated DSNet tasks to own task file in role, as opposed to having it in relevant playbook 2026-06-19 19:04:54 -04:00
Alex Tavarez
b784b781d3 added a DSNet handler including tasks for post-installation 2026-06-19 19:03:52 -04:00
Alex Tavarez
909682d74e moved burp and rsync installations, and added a new package group for direct software binaries, with dsnet listed in it 2026-06-19 19:02:29 -04:00
21 changed files with 281 additions and 206 deletions
Expand all files Collapse all files

1
administrate@homeserver.yml
View File

@@ -146,4 +146,3 @@
hour: "4-15" hour: "4-15"
weekday: "1-5" weekday: "1-5"
job: "{{ ansible_user_home.stdout }}/.local/bin/flexget --cron execute" job: "{{ ansible_user_home.stdout }}/.local/bin/flexget --cron execute"

130
administrate@vps.yml
View File

@@ -3,7 +3,7 @@
remote_user: "{{ chosen_user | default('senpai') }}" remote_user: "{{ chosen_user | default('senpai') }}"
vars_files: vars_files:
- vars/git_aliases.yml # REQUIRED - vars/git_aliases.yml # REQUIRED
- vars/vpn_server.yml # REQUIRED - vars/vim_settings.yml # REQUIRED
- vars/config@{{ inventory_hostname | default('vps') }}.yml - vars/config@{{ inventory_hostname | default('vps') }}.yml
tasks: tasks:
- name: Installing requisite packages - name: Installing requisite packages
@@ -11,16 +11,6 @@
name: init-server name: init-server
tasks_from: userspace@install-pkgs tasks_from: userspace@install-pkgs
handlers_from: userspace handlers_from: userspace
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Disabling root user shell login - name: Disabling root user shell login
become: true become: true
ansible.builtin.user: ansible.builtin.user:
@@ -53,121 +43,3 @@
scope: global scope: global
value: "{{ item[1] }}" value: "{{ item[1] }}"
loop: "{{ git_aliases }}" loop: "{{ git_aliases }}"
- name: Creating Wireguard VPS VPN service
block:
- name: Ensuring IP forwarding is allowed
become: true
ansible.posix.sysctl:
name: "net.{{ item }}.conf.all.forwarding"
value: "1"
sysctl_set: true
state: present
loop:
- ipv4
- ipv6
- name: Creating a directory to house VPN service client configurations
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "755"
state: directory
- name: Get the current hostname of the machine
ansible.builtin.shell:
cmd: "echo $(hostname)"
register: current_hostname
- name: Starting DSNet-based Wireguard VPN service configuration
when: vpn_server.driver.name == "dsnet"
block:
- name: Getting DSNet binary application
become: true
ansible.builtin.get_url:
url: "https://github.com/naggie/dsnet/releases/download/{{ vpn_server.driver.version }}/dsnet-linux-amd64"
dest: /usr/bin/dsnet
owner: root
group: root
mode: "744"
force: true
backup: true
- name: Initializing DSNet
become: true
ansible.builtin.command:
cmd: dsnet init
- name: Running DSNet VPN service interface
become: true
ansible.builtin.command:
cmd: dsnet up
- name: Adding peer device for DSNet VPN service interface
become: true
ansible.builtin.shell:
cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ current_hostname.stdout }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf"
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Changing ownership of consequent DSNet VPN service client configurations
become: true
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: file
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Pausing to inquire about how to proceed
ansible.builtin.pause:
prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead"
echo: true
register: data_method
- name: Presenting DSNet VPN service client configuration files to control node for copying
when: data_method.user_input == "show"
block:
- name: Acquiring contents of DSNet VPN service client configuration files
ansible.builtin.slurp:
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
register: vpn_client_configs
- name: Presenting contents of DSNet VPN service client configurations to control node
ansible.builtin.debug:
msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}"
loop: "{{ vpn_client_configs.results }}"
- name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files
ansible.builtin.pause:
- name: Providing DSNet VPN service client configuration files to control node machine
when: data_method.user_input == "fetch"
block:
- name: Dupliciating DSNet VPN service client configuration files to control node
ansible.builtin.fetch:
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
dest: "/var/tmp/{{ inventory_hostname }}/wg/"
flat: true
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Informing control node of acquired files
ansible.builtin.debug:
msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node."
- name: Giving control node user time to read the aforementiioned message
ansible.builtin.pause:
seconds: 30
# @TODO create tasks for registering and presenting contents of just created files
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
become: true
ansible.builtin.iptables:
chain: FORWARD
protocol: "{{ item[0][0] }}"
source_port: "{{ item[0][1] }}"
in_interface: "{{ item[1] }}"
jump: ACCEPT
loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}"
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
become: true
ansible.builtin.iptables:
table: nat
chain: POSTROUTING
out_interface: "{{ vpn_server.interface }}"
jump: MASQUERADE

40
group_vars/armitage_test.yml
View File

@@ -99,14 +99,6 @@ pkgs:
suites: ~ suites: ~
comps: ~ comps: ~
handler: ~ handler: ~
# - name: flatpak
# uri: ~
# sources: ~
# sigkey: ~
# types: ~
# suites: ~
# comps: ~
# handler: ~
- name: snapd - name: snapd
uri: ~ uri: ~
sources: ~ sources: ~
@@ -347,22 +339,6 @@ pkgs:
suites: ~ suites: ~
comps: ~ comps: ~
handler: ~ handler: ~
- name: burp
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: rsync
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: gnupg - name: gnupg
uri: ~ uri: ~
sigkey: ~ sigkey: ~
@@ -588,6 +564,22 @@ pkgs:
suites: ~ suites: ~
comps: ~ comps: ~
handler: ~ handler: ~
- name: burp
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: rsync
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: rclone - name: rclone
uri: ~ uri: ~
sigkey: ~ sigkey: ~

39
group_vars/sukaato_test.yml
View File

@@ -246,22 +246,6 @@ pkgs:
suites: ~ suites: ~
comps: ~ comps: ~
handler: ~ handler: ~
- name: burp
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: rsync
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: gnupg - name: gnupg
uri: ~ uri: ~
sigkey: ~ sigkey: ~
@@ -487,6 +471,22 @@ pkgs:
suites: ~ suites: ~
comps: ~ comps: ~
handler: ~ handler: ~
- name: burp
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
- name: rsync
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
handler: ~
# <dict[<str>:<dict>]> representing package groups installed by shell scripts # <dict[<str>:<dict>]> representing package groups installed by shell scripts
script: script:
# <list[<dict>]> representing user-level or supplemental shell script installations # <list[<dict>]> representing user-level or supplemental shell script installations
@@ -542,4 +542,9 @@ pkgs:
# deploy: ~ # deploy: ~
# pre: ~ # pre: ~
# post: ~ # post: ~
# handler: ~ # handler: ~
binaries:
core:
- name: dsnet
src: "https://github.com/naggie/dsnet/releases/download/v0.8.1/dsnet-linux-amd64"
handler: dsnet

4
init@homeserver.yml
View File

@@ -7,6 +7,7 @@
vars_files: vars_files:
- vars/local_facts.yml # REQUIRED - vars/local_facts.yml # REQUIRED
- vars/vim_settings.yml # REQUIRED - vars/vim_settings.yml # REQUIRED
- vars/vpn_server.yml # REQUIRED
- vars/tail_net.yml - vars/tail_net.yml
- vars/crowdsec.yml - vars/crowdsec.yml
- vars/users@{{ inventory_hostname | default('homeserver') }}.yml - vars/users@{{ inventory_hostname | default('homeserver') }}.yml
@@ -41,4 +42,5 @@
- name: Rebooting machine for hostname change - name: Rebooting machine for hostname change
become: true become: true
ansible.builtin.reboot: ansible.builtin.reboot:
msg: "Rebooting machine" msg: "Rebooting machine"
ignore_errors: true

5
init@vps.yml
View File

@@ -7,7 +7,7 @@
harden: true harden: true
vars_files: vars_files:
- vars/local_facts.yml # REQUIRED - vars/local_facts.yml # REQUIRED
- vars/vim_settings.yml # REQUIRED - vars/vpn_server.yml # REQUIRED
- vars/tail_net.yml - vars/tail_net.yml
- vars/crowdsec.yml - vars/crowdsec.yml
- vars/users@{{ inventory_hostname | default('vps') }}.yml - vars/users@{{ inventory_hostname | default('vps') }}.yml
@@ -51,4 +51,5 @@
ansible.builtin.reboot: ansible.builtin.reboot:
msg: "Rebooting machine.." msg: "Rebooting machine.."
connect_timeout: 0 connect_timeout: 0
test_command: ~ test_command: ~
ignore_errors: true

14
roles/init-server/files/systemd/system/dsnet.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=dsnet
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/dsnet up
ExecStop=/usr/bin/dsnet down
RemainAfterExit=yes
ExecReload=/usr/bin/dsnet sync
[Install]
WantedBy=default.target

14
roles/init-server/files/systemd/system/thrunet.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=thrunet
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/dsnet-forward.sh start
ExecStop=/usr/local/bin/dsnet-forward.sh stop
RemainAfterExit=yes
# ExecReload=/usr/bin/dsnet sync
[Install]
WantedBy=default.target

10
roles/init-server/files/usr/local/bin/dsnet-forward.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
set -euo pipefail
if [[ "$1" == "start" ]]; then
/usr/sbin/iptables -A FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -o dsnet -j MASQUERADE
elif [[ "$1" == "stop" ]]; then
/usr/sbin/iptables -D FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
/usr/sbin/iptables -t nat -D POSTROUTING -o dsnet -j MASQUERADE
fi

4
roles/init-server/handlers/core.yml
View File

@@ -21,3 +21,7 @@
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: tasks/contingent/pkg/tor.yml file: tasks/contingent/pkg/tor.yml
listen: tor listen: tor
- name: Setting up DSNet
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/dsnet.yml
listen: dsnet

2
roles/init-server/tasks/contingent/pkg/difftastic.yml
View File

@@ -15,7 +15,7 @@
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/downloads/archives/released/difftastic/{{ item }}" src: "{{ ansible_user_home.stdout }}/downloads/archives/released/difftastic/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
state: link state: link
loop: loop:
- difft - difft

147
roles/init-server/tasks/contingent/pkg/dsnet.yml Normal file
View File

@@ -0,0 +1,147 @@
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Initializing DSNet
become: true
ansible.builtin.command:
cmd: dsnet init
- name: Running DSNet VPN service interface
become: true
ansible.builtin.command:
cmd: dsnet up
- name: Creating a directory to house VPN service client configurations
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "755"
state: directory
- name: Adding peer device for DSNet VPN service interface
become: true
ansible.builtin.shell:
cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ item.name }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf"
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Changing ownership of consequent DSNet VPN service client configurations
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: file
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Pausing to inquire about how to proceed
ansible.builtin.pause:
prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead"
echo: true
register: data_method
- name: Presenting DSNet VPN service client configuration files to control node for copying
when: data_method.user_input == "show"
block:
- name: Acquiring contents of DSNet VPN service client configuration files
ansible.builtin.slurp:
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
register: vpn_client_configs
- name: Presenting contents of DSNet VPN service client configurations to control node
ansible.builtin.debug:
msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}"
loop: "{{ vpn_client_configs.results }}"
- name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files
ansible.builtin.pause:
- name: Providing DSNet VPN service client configuration files to control node machine
when: data_method.user_input == "fetch"
block:
- name: Dupliciating DSNet VPN service client configuration files to control node
ansible.builtin.fetch:
src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
dest: "./.tmp/{{ inventory_hostname }}-dsnet/wg/"
flat: true
loop: "{{ vpn_server.clients }}"
loop_control:
index_var: idx
- name: Informing control node of acquired files
ansible.builtin.debug:
msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node."
- name: Giving control node user time to read the aforementiioned message
ansible.builtin.pause:
seconds: 30
- name: Ensuring IP forwarding is allowed
become: true
ansible.posix.sysctl:
name: "net.{{ item }}.ip_forward"
value: "1"
sysctl_set: true
state: present
loop:
- ipv4
# - ipv6
- name: Creating SystemD unit for placing up DSNet interface
become: true
ansible.builtin.copy:
src: systemd/system/dsnet.service
dest: /etc/systemd/system/dsnet.service
owner: root
group: root
force: true
backup: true
- name: Reloading SystemD and enabling DSNet interface
become: true
ansible.builtin.systemd_service:
name: dsnet
enabled: true
daemon_reload: true
- name: Copying script for DSNet iptables rules
become: true
ansible.builtin.copy:
src: usr/local/bin/dsnet-forward.sh
dest: /usr/local/bin/
owner: root
group: root
mode: "744"
force: true
backup: true
- name: Creating SystemD unit for DSNet iptables rules
become: true
ansible.builtin.copy:
src: systemd/system/thrunet.service
dest: /etc/systemd/system/thrunet.service
owner: root
group: root
force: true
backup: true
- name: Reloading SystemD and enabling iptables rules SystemD unit
become: true
ansible.builtin.systemd_service:
name: thrunet
enabled: true
daemon_reload: true
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
become: true
ansible.builtin.iptables:
chain: FORWARD
protocol: "{{ item[0][0] }}"
source_port: "{{ item[0][1] }}"
in_interface: "{{ item[1] }}"
jump: ACCEPT
loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}"
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
become: true
ansible.builtin.iptables:
table: nat
chain: POSTROUTING
out_interface: "{{ vpn_server.interface }}"
jump: MASQUERADE

2
roles/init-server/tasks/contingent/pkg/julia.yml
View File

@@ -19,7 +19,7 @@
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.juliaup/bin/{{ item }}" src: "{{ ansible_user_home.stdout }}/.juliaup/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
owner: root owner: root
group: root group: root
state: link state: link

11
roles/init-server/tasks/contingent/pkg/neovim.yml
View File

@@ -9,17 +9,6 @@
ansible.builtin.shell: ansible.builtin.shell:
cmd: "echo {{ ansible_user }}" cmd: "echo {{ ansible_user }}"
register: current_user register: current_user
- name: Copy system ViM configuration to home directory
become: true
ansible.builtin.copy:
src: /root/.vimrc
remote_src: true
dest: "{{ ansible_user_home.stdout }}/.vimrc"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "644"
force: true
backup: true
- name: Creating directory tree for NeoViM configuration files - name: Creating directory tree for NeoViM configuration files
ansible.builtin.file: ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.config/nvim" path: "{{ ansible_user_home.stdout }}/.config/nvim"

18
roles/init-server/tasks/contingent/pkg/nvm.yml
View File

@@ -20,7 +20,7 @@
- name: Linking binaries to directories already in PATH environment variable - name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/bin/{{ item[1] }}" src: "{{ item[0] }}/bin/{{ item[1] }}"
dest: "/usr/local/bin/{{ item[1] }}" dest: "/usr/bin/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link
@@ -28,7 +28,7 @@
- name: Linking binaries to directories already in PATH environment variable - name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/lib/node_modules/corepack/dist/{{ item[1] }}.js" src: "{{ item[0] }}/lib/node_modules/corepack/dist/{{ item[1] }}.js"
dest: "/usr/local/bin/{{ item[1] }}" dest: "/usr/bin/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link
@@ -36,7 +36,7 @@
- name: Linking binaries to directories already in PATH environment variable - name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/lib/node_modules/npm/bin/{{ item[1] }}-cli.js" src: "{{ item[0] }}/lib/node_modules/npm/bin/{{ item[1] }}-cli.js"
dest: "/usr/local/bin/{{ item[1] }}" dest: "/usr/bin/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link
@@ -44,7 +44,7 @@
- name: Link includes to directories already recognized by system - name: Link includes to directories already recognized by system
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/include/{{ item[1] }}" src: "{{ item[0] }}/include/{{ item[1] }}"
dest: "/usr/local/include/{{ item[1] }}" dest: "/usr/include/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link
@@ -52,14 +52,14 @@
- name: Link requisite libraries to directories already recognized by system - name: Link requisite libraries to directories already recognized by system
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/lib/{{ item[1] }}" src: "{{ item[0] }}/lib/{{ item[1] }}"
dest: "/usr/local/lib/{{ item[1] }}" dest: "/usr/lib/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link
loop: "{{ prebuilt_nodepaths | product(['node_modules']) }}" loop: "{{ prebuilt_nodepaths | product(['node_modules']) }}"
- name: Create man1 subdirectory for man pages - name: Create man1 subdirectory for man pages
ansible.builtin.file: ansible.builtin.file:
path: /usr/local/share/man/man1 path: /usr/share/man/man1
recurse: true recurse: true
owner: root owner: root
group: root group: root
@@ -68,14 +68,14 @@
- name: Link shared resources to directories already recognized by system - name: Link shared resources to directories already recognized by system
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/share/man/man1/{{ item[1] }}.1" src: "{{ item[0] }}/share/man/man1/{{ item[1] }}.1"
dest: "/usr/local/share/man/man1/{{ item[1] }}.1" dest: "/usr/share/man/man1/{{ item[1] }}.1"
owner: root owner: root
group: root group: root
state: link state: link
loop: "{{ prebuilt_nodepaths | product(['node']) }}" loop: "{{ prebuilt_nodepaths | product(['node']) }}"
- name: Create man1 subdirectory for man pages - name: Create man1 subdirectory for man pages
ansible.builtin.file: ansible.builtin.file:
path: /usr/local/share/doc path: /usr/share/doc
recurse: true recurse: true
owner: root owner: root
group: root group: root
@@ -84,7 +84,7 @@
- name: Link shared resources to directories already recognized by system - name: Link shared resources to directories already recognized by system
ansible.builtin.file: ansible.builtin.file:
src: "{{ item[0] }}/share/doc/{{ item[1] }}" src: "{{ item[0] }}/share/doc/{{ item[1] }}"
dest: "/usr/local/share/doc/{{ item[1] }}" dest: "/usr/share/doc/{{ item[1] }}"
owner: root owner: root
group: root group: root
state: link state: link

6
roles/init-server/tasks/contingent/pkg/radicle.yml
View File

@@ -21,7 +21,7 @@
- name: Linking binaries to directories already in PATH environment variable - name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.radicle/bin/{{ item }}" src: "{{ ansible_user_home.stdout }}/.radicle/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
state: link state: link
loop: loop:
- rad - rad
@@ -29,7 +29,7 @@
- git-remote-rad - git-remote-rad
- name: Create man1 subdirectory for man pages - name: Create man1 subdirectory for man pages
ansible.builtin.file: ansible.builtin.file:
path: /usr/local/share/man/man1 path: /usr/share/man/man1
recurse: true recurse: true
owner: root owner: root
group: root group: root
@@ -38,7 +38,7 @@
- name: Link manpages to Linux manpage directories - name: Link manpages to Linux manpage directories
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.radicle/man/man1/{{ item }}.1" src: "{{ ansible_user_home.stdout }}/.radicle/man/man1/{{ item }}.1"
dest: "/usr/local/share/man/man1/{{ item }}.1" dest: "/usr/share/man/man1/{{ item }}.1"
state: link state: link
loop: loop:
- rad - rad

2
roles/init-server/tasks/contingent/pkg/rustup.yml
View File

@@ -19,7 +19,7 @@
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.cargo/bin/{{ item }}" src: "{{ ansible_user_home.stdout }}/.cargo/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
state: link state: link
loop: loop:
- rustup - rustup

5
roles/init-server/tasks/contingent/pkg/surge.yml
View File

@@ -8,7 +8,7 @@
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/downloads/archives/released/surge/{{ item }}" src: "{{ ansible_user_home.stdout }}/downloads/archives/released/surge/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
state: link state: link
loop: loop:
- surge - surge
@@ -43,12 +43,11 @@
owner: "{{ ansible_user }}" owner: "{{ ansible_user }}"
group: "{{ ansible_user }}" group: "{{ ansible_user }}"
mode: "644" mode: "644"
state: touch
register: surge_token register: surge_token
- name: Placing Surge API token into file on control node - name: Placing Surge API token into file on control node
ansible.builtin.fetch: ansible.builtin.fetch:
src: "{{ surge_token.dest }}" src: "{{ surge_token.dest }}"
dest: "/var/tmp/{{ inventory_hostname }}/surge.token" dest: "./.tmp/{{ inventory_hostname }}-surge/surge.secret"
flat: true flat: true
- name: Informing control node of acquired files - name: Informing control node of acquired files
ansible.builtin.debug: ansible.builtin.debug:

2
roles/init-server/tasks/contingent/pkg/uv.yml
View File

@@ -19,7 +19,7 @@
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.local/bin/{{ item }}" src: "{{ ansible_user_home.stdout }}/.local/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}" dest: "/usr/bin/{{ item }}"
state: link state: link
loop: loop:
- uv - uv

15
roles/init-server/tasks/core@install-pkgs.yml
View File

@@ -216,3 +216,18 @@
msg: Rebooting machine msg: Rebooting machine
tags: tags:
- get_git_pkgs - get_git_pkgs
- name: Installing software as pre-compiled binary
block:
- name: Grabbing software binary
become: true
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "/usr/bin/{{ item.name }}"
owner: root
group: root
mode: "744"
force: true
backup: true
notify: "{{ item.handler }}"
loop: "{{ (pkgs.binaries.core | default([])) }}"

16
roles/init-server/tasks/userspace@install-pkgs.yml
View File

@@ -216,5 +216,17 @@
msg: Rebooting machine msg: Rebooting machine
tags: tags:
- get_git_pkgs - get_git_pkgs
# @TODO add a reboot either here or in any of the handlers potentially notified from here in - name: Installing software as pre-compiled binary
# order to update environment (unless found better solution) block:
- name: Grabbing software binary
become: true
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "/usr/bin/{{ item.name }}"
owner: root
group: root
mode: "744"
force: true
backup: true
notify: "{{ item.handler }}"
loop: "{{ (pkgs.binaries.userspace | default([])) }}"