From 183ab154ba4b923423131ba20ee449c1a7a987bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uro=C5=A1=20Golja?= Date: Fri, 9 Jan 2026 16:21:24 +0100 Subject: [PATCH] Initial import of work --- playbooks/common-machine-config/inventory.yml | 25 ++++++++++ playbooks/common-machine-config/playbook.yml | 24 ++++++++++ roles/TODO/README.md | 1 + roles/TODO/low-priority/fail2ban/main.yml | 8 ++++ roles/TODO/low-priority/games/main.yml | 8 ++++ .../low-priority/generic-desktop/main.yml | 19 ++++++++ .../TODO/low-priority/radeon-driver/main.yml | 6 +++ roles/TODO/medium-priority/i3wm/main.yml | 25 ++++++++++ .../medium-priority/system-users/main.yml | 37 +++++++++++++++ .../medium-priority/system-utilities/main.yml | 46 +++++++++++++++++++ ssh-keys/ansible@shkitch.net.priv | 8 ++++ ssh-keys/ansible@shkitch.net.pub | 1 + 12 files changed, 208 insertions(+) create mode 100644 playbooks/common-machine-config/inventory.yml create mode 100644 playbooks/common-machine-config/playbook.yml create mode 100644 roles/TODO/README.md create mode 100644 roles/TODO/low-priority/fail2ban/main.yml create mode 100644 roles/TODO/low-priority/games/main.yml create mode 100644 roles/TODO/low-priority/generic-desktop/main.yml create mode 100644 roles/TODO/low-priority/radeon-driver/main.yml create mode 100644 roles/TODO/medium-priority/i3wm/main.yml create mode 100644 roles/TODO/medium-priority/system-users/main.yml create mode 100644 roles/TODO/medium-priority/system-utilities/main.yml create mode 100644 ssh-keys/ansible@shkitch.net.priv create mode 100644 ssh-keys/ansible@shkitch.net.pub diff --git a/playbooks/common-machine-config/inventory.yml b/playbooks/common-machine-config/inventory.yml new file mode 100644 index 0000000..340a537 --- /dev/null +++ b/playbooks/common-machine-config/inventory.yml @@ -0,0 +1,25 @@ +# This applies to all hosts +all: + children: + fik: + kiwi: + vars: + # Make ansible connect to the system it manages with the "ansible" system + # user + ansible_user: ansible + + # This dict holds all the user accounts that are present on all of the + # linux virtual machines, and their associated SSH keys. + shell_users: + - username: urosg + comment: "Uroš Golja" + public_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfcMY//DluCevXoNqiYnHmfk7Uj+rcENiCJV1s1h+VD urosg@fik" + - username: matejag + comment: "Mateja Golja" + - username: lukag + comment: "Luka Golja" + + # This dict holds all the user accounts that have been revoked. + revoked_shell_users: [] + +# vim: set cc=80 nowrap: diff --git a/playbooks/common-machine-config/playbook.yml b/playbooks/common-machine-config/playbook.yml new file mode 100644 index 0000000..794cefc --- /dev/null +++ b/playbooks/common-machine-config/playbook.yml @@ -0,0 +1,24 @@ +# The ordering of plays in this file is important. First we do all the plays +# that do not depend on any other plays. Then, we do plays that have +# dependencies. +- name: Configure all hosts to have a common basic configuration + hosts: all + roles: + - system-users + - system-utilities + - vim + +- name: Configure the fik workstation + hosts: fik + roles: + - cinnamon-desktop + - generic-desktop + - i3wm + - fail2ban + +- name: Configure the kiwi workstation + hosts: kiwi + roles: + - generic-desktop + - mate-desktop + - nvidia-driver diff --git a/roles/TODO/README.md b/roles/TODO/README.md new file mode 100644 index 0000000..bb2c2f1 --- /dev/null +++ b/roles/TODO/README.md @@ -0,0 +1 @@ +Here be all the roles that I still need to develop, sorted by priorities. diff --git a/roles/TODO/low-priority/fail2ban/main.yml b/roles/TODO/low-priority/fail2ban/main.yml new file mode 100644 index 0000000..1691068 --- /dev/null +++ b/roles/TODO/low-priority/fail2ban/main.yml @@ -0,0 +1,8 @@ +- name: Install fail2ban + ansible.builtin.apt: + name: + - fail2ban + update_cache: true + become: true + +# TODO: figure out if you need to configure anything here diff --git a/roles/TODO/low-priority/games/main.yml b/roles/TODO/low-priority/games/main.yml new file mode 100644 index 0000000..8823718 --- /dev/null +++ b/roles/TODO/low-priority/games/main.yml @@ -0,0 +1,8 @@ +- name: Install some games + ansible.builtin.apt: + name: + - dosbox + - jumpnbump + - opentyrian + update_cache: true + become: true diff --git a/roles/TODO/low-priority/generic-desktop/main.yml b/roles/TODO/low-priority/generic-desktop/main.yml new file mode 100644 index 0000000..a61ce7c --- /dev/null +++ b/roles/TODO/low-priority/generic-desktop/main.yml @@ -0,0 +1,19 @@ +- name: Install the usual desktop utilities + ansible.builtin.apt: + name: + - audacity + - firefox + - gimp + - libreoffice + - keepassxc + - task-slovenian + - task-slovenian-desktop + - thunderbird + - transmission + - yt-dlp + update_cache: true + become: true + +# TODO: figure out if you need to configure anything here +# +# TODO: install the printing system via cups diff --git a/roles/TODO/low-priority/radeon-driver/main.yml b/roles/TODO/low-priority/radeon-driver/main.yml new file mode 100644 index 0000000..16b1245 --- /dev/null +++ b/roles/TODO/low-priority/radeon-driver/main.yml @@ -0,0 +1,6 @@ +- name: Install utilities for the Radeon graphics chips + ansible.builtin.apt: + name: + - radeontop + update_cache: true + become: true diff --git a/roles/TODO/medium-priority/i3wm/main.yml b/roles/TODO/medium-priority/i3wm/main.yml new file mode 100644 index 0000000..33a9db1 --- /dev/null +++ b/roles/TODO/medium-priority/i3wm/main.yml @@ -0,0 +1,25 @@ +- name: Install various packages related to i3wm + ansible.builtin.apt: + name: + - adapta-gtk-theme + - albatros-gtk-theme + - blackbird-gtk-theme + - clearlooks-phenix-theme + - darkblood-gtk-theme + - darkcold-gtk-theme + - darkfire-gtk-theme + - darkmint-gtk-theme + - flameshot + - materia-gtk-theme + - mupdf + - mupdf-tools + - parcellite + - pasystray + - rofi + - sakura + update_cache: true + become: true + +# TODO: figure out if you need to configure anything here +# +# TODO: install awesome fonts diff --git a/roles/TODO/medium-priority/system-users/main.yml b/roles/TODO/medium-priority/system-users/main.yml new file mode 100644 index 0000000..c13c725 --- /dev/null +++ b/roles/TODO/medium-priority/system-users/main.yml @@ -0,0 +1,37 @@ +- name: Create a group of users that will be able to use sudo without typing in their passwords. + ansible.builtin.group: + name: sudo-nopassword + become: true + +- name: Grant the group to run commands with root privileges. + community.general.sudoers: + name: sudo-nopassword + group: sudo-nopassword + commands: ALL + nopassword: true + become: true + +- name: Create accounts for system users + ansible.builtin.user: + name: "{{ item.username }}" + comment: "{{ item.comment }}" + state: present + append: false + loop: "{{ shell_users }}" + become: true + +- name: Add a public SSH key to all of the user accounts for the devops people. + ansible.posix.authorized_key: + user: "{{ item.username }}" + key: "{{ item.public_ssh_key }}" + loop: "{{ shell_users }}" + become: true + ignore_errors: "{{ ansible_check_mode }}" + +- name: Remove all user accounts that have been revoked. + ansible.builtin.user: + name: "{{ item }}" + state: absent + loop: "{{ revoked_shell_users }}" + become: true + diff --git a/roles/TODO/medium-priority/system-utilities/main.yml b/roles/TODO/medium-priority/system-utilities/main.yml new file mode 100644 index 0000000..0239afb --- /dev/null +++ b/roles/TODO/medium-priority/system-utilities/main.yml @@ -0,0 +1,46 @@ +- name: Install the etckeeer package separately from the rest of others + ansible.builtin.apt: + name: + - etckeeper + update_cache: true + become: true + +- name: Run the cron job for etckeeper (to store configuration changes) + ansible.builtin.shell: + cmd: bash -x /etc/cron.daily/etckeeper + become: true + +- name: Install various handy packages + ansible.builtin.apt: + name: + - gpm + - 7zip + - apt-show-versions + - apt-file + - apt-listbugs + - bash-completion + - debconf-utils + - jnettop + - jq + - lnav + - mailutils + - moreutils + - net-tools + - plocate + - powerline + - powerline-gitstatus + - pv + - socat + - sysstat + - dstat + - tig + - tree + - tshark + - unzip + - uuid + - iputils-ping + - iputils-tracepath + - nmap + - nmon + update_cache: true + become: true diff --git a/ssh-keys/ansible@shkitch.net.priv b/ssh-keys/ansible@shkitch.net.priv new file mode 100644 index 0000000..8efa172 --- /dev/null +++ b/ssh-keys/ansible@shkitch.net.priv @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDh+Tjgsh +t7JbFTBYYCT1TrAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIP4sRes21puTVbUA +84ClbbelXu8mw0nH0/BuuwJdX+2UAAAAkDZEvZB+5NcOh3kcQb2AYY9NVnxV7Oi9nitwXN +1TW1lhjm2Bq+K6oSLr/F9Ql558tjLFnAos3YUEcxlC7pjpF+mLOhBIxqzbSs9lTke3iJny +bi2YO91J/TDNak+3arkIPLk+gmzEaL8uzpgth3CL48mNLo7V2sSVlCMCh5YfOA5l8+tW4I +De2n1mxzHhjtGdeQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh-keys/ansible@shkitch.net.pub b/ssh-keys/ansible@shkitch.net.pub new file mode 100644 index 0000000..1ee17f5 --- /dev/null +++ b/ssh-keys/ansible@shkitch.net.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4sRes21puTVbUA84ClbbelXu8mw0nH0/BuuwJdX+2U ansible@shkitch.net