From 945aa9e6f634a078937fdf21d09f32e77f4c1a7b Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 13 Jan 2023 16:44:02 -0800 Subject: reorganize folders --- .../atlas/roles/debian_init/defaults/main.yaml | 0 .../config/atlas/roles/debian_init/tasks/main.yaml | 66 ---------------------- .../config/atlas/roles/init/tasks/main.yaml | 56 ------------------ .../config/atlas/roles/samba/defaults/main.yaml | 3 - .../config/atlas/roles/samba/tasks/main.yaml | 53 ----------------- .../config/atlas/roles/samba/templates/smb.conf.j2 | 33 ----------- 6 files changed, 211 deletions(-) delete mode 100644 clarkzjw.ca/config/atlas/roles/debian_init/defaults/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/roles/debian_init/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/roles/init/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/roles/samba/defaults/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf.j2 (limited to 'clarkzjw.ca/config/atlas/roles') diff --git a/clarkzjw.ca/config/atlas/roles/debian_init/defaults/main.yaml b/clarkzjw.ca/config/atlas/roles/debian_init/defaults/main.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/clarkzjw.ca/config/atlas/roles/debian_init/tasks/main.yaml b/clarkzjw.ca/config/atlas/roles/debian_init/tasks/main.yaml deleted file mode 100644 index e53d3eb..0000000 --- a/clarkzjw.ca/config/atlas/roles/debian_init/tasks/main.yaml +++ /dev/null @@ -1,66 +0,0 @@ -- name: Disable unattended-upgrades - systemd: - name: unattended-upgrades - state: stopped - enabled: false - -- name: Install packages - apt: - name: - - apt-transport-https - - build-essential - - ca-certificates - - cifs-utils - - vnstat - - postfix - - lsb-release - - python3 - - python3-dev - - python3-pip - - unzip - - gnupg - - rsync - - sudo - - htop - - curl - - tree - - zip - - vim - - zsh - - git - update_cache: true - -- name: Enable bullseye-backport - apt_repository: - repo: deb https://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main contrib non-free - state: present - -# Check https://wiki.debian.org/ZFS for additional information -- name: Install ZFS - apt: - name: - - linux-headers-amd64 - - linux-headers-{{ ansible_kernel }} - - zfsutils-linux - - zfs-dkms - update_cache: true - fail_on_autoremove: yes - default_release: "{{ ansible_distribution_release | lower }}-backports" - -- name: Load zfs kernel module - modprobe: - name: zfs - state: present - -- name: Clean unneeded packages - apt: - autoremove: true - purge: true - -- name: Remove useless packages from the cache - apt: - autoclean: yes - -- name: Run the equivalent of "apt-get clean" as a separate step - apt: - clean: yes diff --git a/clarkzjw.ca/config/atlas/roles/init/tasks/main.yaml b/clarkzjw.ca/config/atlas/roles/init/tasks/main.yaml deleted file mode 100644 index 29cf529..0000000 --- a/clarkzjw.ca/config/atlas/roles/init/tasks/main.yaml +++ /dev/null @@ -1,56 +0,0 @@ -- name: Make sure we have a 'wheel' group - group: - name: wheel - state: present - -- name: Allow 'wheel' group to have passwordless sudo - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^%wheel' - line: '%wheel ALL=(ALL) NOPASSWD: ALL' - validate: visudo -cf %s - -- name: Add sudoers users to wheel group - user: - name: clarkzjw - groups: wheel - append: yes - -- name: Set authorized keys taken from url - authorized_key: - user: clarkzjw - state: present - key: https://github.com/clarkzjw.keys - -- name: Add Tailscale GPG apt Key - apt_key: - url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg - keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg - state: present - -- name: Add Tailscale Repository - get_url: - url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list - dest: /etc/apt/sources.list.d/tailscale.list - -- name: Install Tailscale - apt: - name: - - tailscale - update_cache: true - -- name: Disable Root Login - lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^PermitRootLogin yes' - line: "PermitRootLogin no" - state: present - backup: yes - -- name: Restart SSHD - systemd: - name: ssh - enabled: true - state: restarted - daemon_reload: true diff --git a/clarkzjw.ca/config/atlas/roles/samba/defaults/main.yaml b/clarkzjw.ca/config/atlas/roles/samba/defaults/main.yaml deleted file mode 100644 index 88c23b1..0000000 --- a/clarkzjw.ca/config/atlas/roles/samba/defaults/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -samba_users: -- username: clarkzjw - password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file diff --git a/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml b/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml deleted file mode 100644 index 80950dc..0000000 --- a/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml +++ /dev/null @@ -1,53 +0,0 @@ -- name: Install Samba - apt: - name: - - samba - - smbclient - - cifs-utils - update_cache: true - -- name: Disable Samba NetBIOS server nmbd - systemd: - name: nmbd - state: stopped - enabled: false - -- name: render samba config file - template: - src: smb.conf.j2 - dest: "/etc/samba/smb.conf" - mode: 0644 - -# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible -- name: shell - create samba users - shell: > - set -e -o pipefail - && (pdbedit --user={{ item.username }} 2>&1 > /dev/null) - || (echo '{{ item.password }}'; echo '{{ item.password }}') - | smbpasswd -s -a {{ item.username }} - args: - executable: /bin/bash - register: samba_create_users - changed_when: "'Added user' in samba_create_users.stdout" - loop: "{{ samba_users }}" - no_log: true - -- name: shell - set samba passwords correctly - shell: > - set -e -o pipefail - && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null) - || (echo '{{ item.password }}'; echo '{{ item.password }}') - | smbpasswd {{ item.username }} - args: - executable: /bin/bash - register: samba_verify_users - changed_when: "'New SMB password' in samba_verify_users.stdout" - loop: "{{ samba_users }}" - no_log: true - -- name: Restart SMB service - systemd: - name: smbd - state: restarted - enabled: true - daemon_reload: true diff --git a/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf.j2 b/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf.j2 deleted file mode 100644 index 06e2567..0000000 --- a/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf.j2 +++ /dev/null @@ -1,33 +0,0 @@ -[global] - workgroup = WORKGROUP - interfaces = 192.168.1.0/24 tailscale0 - bind interfaces only = yes - log file = /var/log/samba/log.%m - max log size = 1000 - logging = file - panic action = /usr/share/samba/panic-action %d - server role = standalone server - obey pam restrictions = yes - unix password sync = yes - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - pam password change = yes - map to guest = bad user - -[homes] - comment = Home Directories - browseable = no - read only = yes - create mask = 0700 - directory mask = 0700 - valid users = %S - -[pool1] - comment = NAS Share - path = /pool1/clarkzjw - writable = yes - guest ok = no - valid users = @clarkzjw - force create mode = 770 - force directory mode = 770 - inherit permissions = yes -- cgit v1.2.3