Initial

roles/base/tasks/ansible_setup.yml

@@ -0,0 +1,53 @@
+- name: ansible setup | ensure ansible is the latest version
+  tags: ansible,ansible-setup
+  package:
+    name: ansible
+    state: latest
+
+- name: ansible setup | install required packages
+  tags: ansible,ansible-setup,packages
+  package:
+    name:
+      - "{{ dconf_package }}"
+      - "{{ python_psutil_package }}"
+
+# Note: For Arch, the requirement is met by a dependency of systemd, only necessary on Debian-based
+- name: ansible setup | install acl package
+  tags: ansible,ansible-setup,packages
+  package:
+    name: acl
+  when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
+
+- name: ansible setup | create ansible log file
+  tags: ansible,ansible-setup
+  file:
+    path: /var/log/ansible.log
+    owner: bzoicas
+    group: root
+    mode: 0664
+    state: touch
+  changed_when: False
+
+- name: ansible setup | add logrotate config for ansible log file
+  tags: ansible-setup
+  copy:
+    src: files/ansible_setup/logrotate
+    dest: /etc/logrotate.d/ansible
+    owner: root
+    group: root
+    mode: 0644
+
+- name: ansible setup | remove default ansible directory (/etc/ansible) from host
+  tags: ansible,ansible-setup
+  file:
+    path: /etc/ansible
+    state: absent
+
+- name: ansible setup | generate provision script from template
+  tags: ansible,ansible-setup,scripts
+  template:
+    src: provision.sh.j2
+    dest: /usr/local/bin/provision
+    owner: root
+    group: root
+    mode: 0755

roles/base/tasks/main.yml

@@ -0,0 +1,30 @@
+# Load distro-specific variables
+- include_vars: "{{ ansible_distribution }}.yml"
+  tags: always
+
+- block:
+  # Make sure users exist on the system
+  - import_tasks: users/bzoicas.yml
+  - import_tasks: users/root.yml
+
+  # Set up the ansible environment
+  - import_tasks: ansible_setup.yml
+
+  # install software
+  - import_tasks: software/repositories.yml
+  - import_tasks: software/packages_development.yml
+  - import_tasks: software/packages_cleanup.yml
+  - import_tasks: software/packages_utilities.yml
+  - import_tasks: software/packages_pip.yml
+
+  # Perform remaining tasks:
+  - import_tasks: system_setup/clock.yml
+  - import_tasks: system_setup/locale.yml
+  - import_tasks: system_setup/logging.yml
+  - import_tasks: system_setup/memory.yml
+  - import_tasks: system_setup/microcode.yml
+  - import_tasks: system_setup/openssh.yml
+  - import_tasks: system_setup/scripts.yml
+
+  rescue:
+    - set_fact: task_failed=true

roles/base/tasks/software/packages_cleanup.yml

@@ -0,0 +1,10 @@
+- name: system setup | package cleanup | remove unneeded packages (debian, ubuntu, etc)
+  tags: cleanup,packages,system,settings
+  package:
+    state: absent
+    name:
+      - cowsay
+      - exim4
+      - exim4-base
+      - exim4-config
+  when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]

roles/base/tasks/software/packages_development.yml

@@ -0,0 +1,16 @@
+- name: system setup | development packages | install packages
+  tags: dev,development,packages,python,ruby
+  package:
+    name:
+      - git
+      - perl
+      - "{{ python_flake8_package }}"
+      - "{{ python_package }}"
+      - "{{ python_pip_package }}"
+      - "{{ python_pyflakes_package }}"
+      - python-setuptools
+      - "{{ python_virtualenv_package }}"
+      - ruby
+      - "{{ ruby_rake_package }}"
+      - tig
+    state: latest

roles/base/tasks/software/packages_pip.yml

@@ -0,0 +1,7 @@
+# - name: system setup | pip packages | install bpytop
+#   tags: bpytop,packages,pip,python
+#   become_user: bzoicas
+#   pip:
+#     executable: /usr/bin/pip3
+#     state: latest
+#     name: bpytop

roles/base/tasks/software/packages_utilities.yml

@@ -0,0 +1,53 @@
+- name: system setup | utilities | install utility packages
+  tags: packages,system,settings
+  package:
+    state: latest
+    name:
+      - at
+      - colordiff
+      - curl
+      #- "{{ dns_utils_package}}"
+      - htop
+      - iotop
+      - "{{ lm_sensors_package }}"
+      - lsof
+      - mc
+      - ncdu
+      - neofetch
+      - net-tools
+      - "{{ nfs_client_package }}"
+      - nmap
+      - "{{ rename_package }}"
+      - rsync
+      - screen
+      - sshfs
+      - tmux
+      - terminator
+      - traceroute
+      - "{{ vim_package }}"
+      - wget
+      - whois
+      - zsh
+      - clusterssh
+      - conky
+      #- conky-manager
+      - redshift
+      - ansible
+      - lutris
+      - gftp
+      #- vlc
+      - fedora-workstation-repositories
+      - epel-release
+      - nextcloud-client
+      - dia
+      - docker-ce
+      
+
+- name: system setup | utilities | install man-pages (arch)
+  tags: packages,system,settings
+  pacman:
+    state: latest
+    name:
+      - man-db
+      - man-pages
+  when: ansible_distribution == "Archlinux"

roles/base/tasks/software/repositories.yml

@@ -0,0 +1,33 @@
+- name: system setup | repositories | add ignored packages for archlinux hosts
+  tags: packages,repositories
+  lineinfile:
+      dest: /etc/pacman.conf
+      regexp: "^#?IgnorePkg"
+      line: "IgnorePkg   = ansible linux linux-headers linux-lts linux-lts-headers"
+  when: ansible_distribution == "Archlinux"
+
+- name: system setup | repositories | add sources.list for debian hosts
+  tags: non-free,repositories
+  copy:
+    src: distribution_packages/debian_sources.list
+    dest: /etc/apt/sources.list
+    backup: yes
+  notify: apt_update
+  when: ansible_distribution == "Debian"
+
+- name: system setup | repositories | add debian-backports
+  tags: backports,repositories
+  apt_repository:
+    repo: deb http://deb.debian.org/debian buster-backports main
+    filename: debian-backports
+  notify: apt_update
+  when: ansible_distribution == "Debian"
+
+- name: system setup | repositories | install package management tools (debian-based)
+  tags: packages,system,settings
+  package:
+    name:
+      - aptitude
+      - software-properties-common
+    state: latest
+  when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]

roles/base/tasks/system_setup/clock.yml

@@ -0,0 +1,27 @@
+- name: system setup | clock | install systemd-timesyncd (ubuntu)
+  tags: ntp,system setup
+  package:
+    name: systemd-timesyncd
+    state: latest
+  when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
+
+# Currently systemd-timesyncd for debian is available only in buster-backports
+- name: system setup | clock | install systemd-timesyncd (debian)
+  tags: ntp,system setup
+  apt:
+    name: systemd-timesyncd
+    default_release: buster-backports
+    state: latest
+  when: ansible_distribution == "Debian"
+
+- name: system setup | clock | start and enable systemd-timesyncd
+  tags: ntp,system settiings
+  service:
+    name: systemd-timesyncd
+    state: started
+    enabled: true
+
+- name: system setup | clock | set time zone
+  tags: ntp,timezone,system setup
+  timezone:
+    name: "America/Detroit"

roles/base/tasks/system_setup/locale.yml

@@ -0,0 +1,24 @@
+# - name: system setup | locale | add en_US
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_US.UTF-8
+#     state: present
+
+# - name: system setup | locale | set locale to en_US
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_US.UTF-8
+#     state: present
+#   register: locale
+
+# - name: system setup | locale | set en_US as default locale
+#   tags: locale,system,setup
+#   command: localectl set-locale LANG=en_US.UTF-8
+#   when: locale.changed
+
+# - name: system setup | locale | remove en_GB
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_GB.UTF-8
+#     state: absent
+#   when: locale.changed

roles/base/tasks/system_setup/logging.yml

@@ -0,0 +1,13 @@
+- name: system setup | logging | adjust retention period
+  tags: systemd,journal,journald,sysctl,system setup
+  lineinfile:
+    dest: "/etc/systemd/journald.conf"
+    regexp: "^#MaxFileSec="
+    line: "MaxFileSec=5day"
+  register: journald_config
+
+- name: system setup | logging | restart journald (config changed)
+  service:
+    name: systemd-journald
+    state: restarted
+  when: journald_config.changed

roles/base/tasks/system_setup/memory.yml

@@ -0,0 +1,26 @@
+- name: system setup | memory | adjust current swappiness
+  tags: swappiness,sysctl,system,setup
+  lineinfile:
+    dest: "/etc/sysctl.conf"
+    create: yes
+    regexp: "swappiness ="
+    line: "vm.swappiness = 5"
+  register: swappiness
+
+- name: system setup | memory | apply swappiness
+  tags: swappiness,sysctl,system,setup
+  command: sysctl vm.swappiness={{ swappiness_value }}
+  when: swappiness.changed
+
+- name: system setup | memory | install earlyoom package
+  tags: earlyoom,packages,system,setup
+  package:
+    name: earlyoom
+    state: latest
+
+- name: system setup | memory | enable and start earlyoom
+  tags: earlyoom,packages,system,setup
+  service:
+    name: earlyoom
+    enabled: yes
+    state: started

roles/base/tasks/system_setup/microcode.yml

@@ -0,0 +1,17 @@
+- name: system setup | microcode | install package for amd
+  tags: amd,cpu,microcode,system setup
+  package:
+    name: "{{ amd_microcode_package }}"
+    state: latest
+  when:
+    - microcode_amd_install is defined
+    - microcode_amd_install == true
+
+- name: system setup | microcode | install package for intel
+  tags: cpu,intel,microcode,system setup
+  package:
+    name: "{{ intel_microcode_package }}"
+    state: latest
+  when:
+    - microcode_intel_install is defined
+    - microcode_intel_install == true

roles/base/tasks/system_setup/openssh.yml

@@ -0,0 +1,32 @@
+- name: system setup | openssh | install or update daemon package
+  tags: openssh,ssh,system,settings
+  package:
+    name: "{{ openssh_package }}"
+    state: latest
+  notify: restart_sshd
+
+- name: system setup | openssh | enable daemon
+  tags: openssh,ssh,system,settings
+  service:
+    name: "{{ openssh_service }}"
+    enabled: yes
+    state: started
+
+- name: system setup | openssh | generate sshd_config file from template
+  tags: openssh,ssh,system,settings
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart_sshd
+
+- name: system setup | openssh | copy issue.net
+  tags: openssh,ssh,system,settings
+  copy:
+    src: system_setup/openssh_issue.net
+    dest: /etc/issue.net
+    owner: root
+    group: root
+    mode: 0644

roles/base/tasks/system_setup/scripts.yml

@@ -0,0 +1,18 @@
+- name: system setup | scripts | copy image_prep.sh script
+  tags: scripts
+  copy:
+    src: system_setup/image_prep.sh
+    dest: /usr/local/bin/image_prep.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: system setup | scripts | copy pi_cpu_temp.py script
+  tags: scripts
+  copy:
+    src: system_setup/pi_cpu_temp.py
+    dest: /usr/local/bin/cpu_temp
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_architecture == "aarch64"

roles/base/tasks/users/bzoicas.yml

@@ -0,0 +1,223 @@
+- name: users | bzoicas | install git
+  tags: dev,development,packages,python,ruby
+  package:
+    name:
+      - git
+    state: latest
+
+- name: users | bzoicas | create group
+  tags: groups,bzoicas,users
+  group:
+    name: bzoicas
+    state: present
+
+- name: users | bzoicas | create user
+  tags: bzoicas,sudo,users
+  user:
+    name: bzoicas
+    group: bzoicas
+    groups: vboxsf,adm,{{ sudo_group }}
+    state: present
+    comment: "BZo"
+    password: "{{ bzoicas_passwd }}"
+    shell: /bin/bash
+
+- name: users | bzoicas | bzoicas | add sudoers file
+  tags: bzoicas,settings,sudo,system,users
+  copy:
+    src: users/sudoers_bzoicas
+    dest: /etc/sudoers.d/bzoicas
+    owner: root
+    group: root
+    mode: 0440
+
+- name: users | bzoicas | create .ssh directory
+  tags: dotfiles,bzoicas,ssh,users
+  file:
+    path: "{{ item.dir }}"
+    state: directory
+    owner: bzoicas
+    group: bzoicas
+    mode: 0700
+  with_items:
+    - { dir: '/home/bzoicas/.ssh' }
+
+- name: users | bzoicas | add public key
+  tags: dotfiles,bzoicas,ssh,ssh-keys,users
+  authorized_key:
+    user: bzoicas
+    key: "{{ item }}"
+  with_file:
+    - users/bzoicas/ssh/bzoicas_id_rsa.pub
+
+- name: users | bzoicas | create config directories
+  tags: dotfiles,bzoicas,tmux,users,vim,zsh
+  file:
+    path: /home/bzoicas/{{ item.dir }}
+    state: directory
+    owner: bzoicas
+    group: bzoicas
+    mode: 0700
+  with_items:
+    - { dir: '.bash' }
+    - { dir: '.config' }
+    - { dir: '.config/htop' }
+    - { dir: '.config/mc' }
+    - { dir: '.tmux' }
+    - { dir: '.tmux/config' }
+    - { dir: '.tmux/plugins' }
+    - { dir: '.vim' }
+    - { dir: '.vim/autoload' }
+    - { dir: '.vim/bundle' }
+    - { dir: '.vim/colors' }
+    - { dir: '.vim/ftplugin' }
+    - { dir: '.zsh' }
+
+- name: users | bzoicas | copy tmux config (server version)
+  tags: dotfiles,users,bzoicas,tmux,users,vim,zsh
+  copy:
+    src: users/bzoicas/tmux/tmux.conf.server
+    dest: /home/bzoicas/.tmux.conf
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  when: "'server' not in group_names"
+
+- name: users | bzoicas | copy tmux config (workstation version)
+  tags: dotfiles,users,bzoicas,tmux,users,vim,zsh
+  copy:
+    src: users/bzoicas/tmux/tmux.conf.workstation
+    dest: /home/bzoicas/.tmux.conf
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  when: "'server' in group_names"
+
+- name: users | bzoicas | copy dotfiles
+  tags: dotfiles,users,bzoicas,tmux,users,vim,zsh
+  copy:
+    src: users/bzoicas/{{ item.src }}
+    dest: /home/bzoicas/{{ item.dest }}
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  with_items:
+    - { src: 'bash/bash_aliases', dest: '.bash/bash_aliases' }
+    - { src: 'bash/bash_profile', dest: '.bash_profile' }
+    - { src: 'bash/bash_prompt', dest: '.bash/bash_prompt' }
+    - { src: 'bash/bash_functions', dest: '.bash/bash_functions' }
+    - { src: 'bash/bashrc', dest: '.bashrc' }
+    - { src: 'bash/profile', dest: '.profile' }
+    - { src: 'git/gitconfig', dest: '.gitconfig' }
+    - { src: 'htop/htoprc', dest: '.config/htop/htoprc' }
+    - { src: 'inputrc', dest: '.inputrc' }
+    - { src: 'mc/mc.ini', dest: '.config/mc/ini' }
+    - { src: 'vim/vimrc', dest: '.vimrc' }
+    - { src: 'zsh/zshrc', dest: '.zshrc' }
+
+# - name: users | bzoicas | clone tmux-completion plugin repository
+#   tags: dotfiles,bzoicas,users,tmux
+#   git:
+#     repo: https://github.com/srsudar/tmux-completion.git
+#     dest: /home/bzoicas/.tmux/plugins/completion
+#     force: yes
+#   notify: update_tmux_plugin_perms
+
+# - name: users | bzoicas | clone tmux-continuum plugin repository
+#   tags: dotfiles,bzoicas,users,tmux
+#   git:
+#     repo: https://github.com/tmux-plugins/tmux-continuum
+#     dest: /home/bzoicas/.tmux/plugins/continuum
+#     force: yes
+#   notify: update_tmux_plugin_perms
+
+# - name: users | bzoicas | clone tmux-resurrect plugin repository
+#   tags: dotfiles,bzoicas,users,tmux
+#   git:
+#     repo: https://github.com/tmux-plugins/tmux-resurrect
+#     dest: /home/bzoicas/.tmux/plugins/resurrect
+#     force: yes
+#   notify: update_tmux_plugin_perms
+
+- name: users | bzoicas | copy individual zsh config files
+  tags: dotfiles,bzoicas,users,zsh
+  copy:
+    src: users/bzoicas/zsh/{{ item.src }}
+    dest: /home/bzoicas/.zsh/{{ item.src }}
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  with_items:
+    - { src: 'aliases.zsh' }
+    - { src: 'bindkey.zsh' }
+    - { src: 'completion.zsh' }
+    - { src: 'exports.zsh' }
+    - { src: 'functions.zsh' }
+    - { src: 'history.zsh' }
+    - { src: 'path.zsh' }
+    - { src: 'plugins.zsh' }
+    - { src: 'prompt.zsh' }
+    - { src: 'setopt.zsh' }
+    - { src: 'theming.zsh' }
+
+- name: users | bzoicas | copy vim ftype files
+  tags: dotfiles,bzoicas,users,vim
+  copy:
+    src: users/bzoicas/vim/{{ item.src }}
+    dest: /home/bzoicas/.vim/ftplugin/{{ item.src }}
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  with_items:
+    - { src: 'cmake.vim' }
+    - { src: 'cpp.vim' }
+    - { src: 'html.vim' }
+    - { src: 'perl.vim' }
+    - { src: 'python.vim' }
+    - { src: 'ruby.vim' }
+    - { src: 'sql.vim' }
+    - { src: 'xml.vim' }
+
+- name: users | bzoicas | copy vim color files
+  tags: dotfiles,bzoicas,users,vim
+  copy:
+    src: users/bzoicas/vim/{{ item.src }}
+    dest: /home/bzoicas/.vim/colors/{{ item.src }}
+    owner: bzoicas
+    group: bzoicas
+    mode: 0600
+  with_items:
+    - { src: 'bubblegum-256-dark.vim' }
+    - { src: 'darktango.vim' }
+    - { src: 'jellybeans.vim' }
+    - { src: 'xoria256.vim' }
+    - { src: 'zenburn.vim' }
+
+- name: users | bzoicas | install pathogen
+  tags: dotfiles,bzoicas,users,vim
+  copy:
+    src: users/bzoicas/vim/{{ item.src }}
+    dest: "{{ item.dest }}"
+    owner: bzoicas
+    group: bzoicas
+    mode: 0700
+  with_items:
+    - { src: 'pathogen.vim', dest: '/home/bzoicas/.vim/autoload/pathogen.vim' }
+
+- name: users | bzoicas | checkout git repositories
+  tags: git,users,bzoicas
+  become: yes
+  git:
+    repo: "{{ item.repo }}"
+    dest: "{{ item.dest }}"
+    force: yes
+  with_items:
+    - { repo: 'https://github.com/ctrlpvim/ctrlp.vim.git', dest: '/home/bzoicas/.vim/bundle/ctrlp.vim' }
+    - { repo: 'https://github.com/davidhalter/jedi-vim.git', dest: '/home/bzoicas/.vim/bundle/jedi-vim' }
+    - { repo: 'https://github.com/pearofducks/ansible-vim', dest: '/home/bzoicas/.vim/bundle/ansible-vim' }
+    - { repo: 'https://github.com/rhysd/vim-grammarous.git', dest: '/home/bzoicas/.vim/bundle/vim-grammarous' }
+    - { repo: 'https://github.com/ron89/thesaurus_query.vim', dest: '/home/bzoicas/.vim/bundle/thesaurus_query' }
+    - { repo: 'https://github.com/scrooloose/nerdtree.git', dest: '/home/bzoicas/.vim/bundle/nerdtree' }
+    - { repo: 'https://github.com/tpope/vim-obsession.git', dest: '/home/bzoicas/.vim/bundle/vim-obsession' }
+    - { repo: 'https://github.com/vim-syntastic/syntastic.git', dest: '/home/bzoicas/.vim/bundle/syntastic' }
+  notify: update_vim_bundle_perms

roles/base/tasks/users/root.yml

@@ -0,0 +1,33 @@
+- name: users | root | ensure account is locked
+  user:
+    name: root
+    password_lock: yes
+
+- name: users | root | create config directories
+  file:
+    path: /root/{{ item.dir }}
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+  with_items:
+      - { dir: '.vim' }
+      - { dir: '.vim/colors' }
+  tags: dotfiles
+
+- name: users | root | copy dotfiles
+  copy:
+    src: users/root/{{ item.src }}
+    dest: /root/{{ item.dest}}
+    owner: root
+    group: root
+    mode: 0600
+  with_items:
+      - { src: 'bash/bashrc', dest: '.bashrc' }
+      - { src: 'bash/bash_profile', dest: '.bash_profile' }
+      - { src: 'bash/profile', dest: '.profile' }
+      - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }
+      - { src: 'vim/vimrc', dest: '.vimrc' }
+      - { src: 'vim/xoria256.vim', dest: '.vim/colors/xoria256.vim' }
+      - { src: 'zsh/zshrc', dest: '.zshrc' }
+  tags: dotfiles