From eb686d10bbdf938a166c754d4c7357f24f55b44f Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:04:51 +0000
Subject: [PATCH 01/12] updating commands

---
 commands | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/commands b/commands
index 3648ba3..6e39aa8 100644
--- a/commands
+++ b/commands
@@ -4,3 +4,5 @@ ansible-playbook -b test.yml --vault-password-file password --tags "setup,terraf
 ansible-galaxy install -r requirements.yml
 
 ansible-vault encrypt_string 'email-smtp.eu-west-1.amazonaws.com' --name 'vault_smtp_hostname' --vault-pass-file ./password
+
+ansible-playbook playbook.yml --connection=local

From 2e300caadaaf29f376aa70230d733e1ad4f1d4dc Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:05:05 +0000
Subject: [PATCH 02/12] updating variables files

---
 group_vars/all/mac.yml    |  1 +
 group_vars/all/python.yml |  3 ++-
 group_vars/all/vault.yml  | 11 +++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/all/mac.yml

diff --git a/group_vars/all/mac.yml b/group_vars/all/mac.yml
new file mode 100644
index 0000000..b8fef51
--- /dev/null
+++ b/group_vars/all/mac.yml
@@ -0,0 +1 @@
+ansible_become_pass: "{{ vault_ansible_become_pass }}"
diff --git a/group_vars/all/python.yml b/group_vars/all/python.yml
index 31c62f8..d2b0509 100644
--- a/group_vars/all/python.yml
+++ b/group_vars/all/python.yml
@@ -1,3 +1,4 @@
-pyenv_python_version: 3.9.0
+install_pyenv_python: true
+pyenv_python_version: 3.9.1
 pipx_packages:
   - awscli
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 8610eed..a618321 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -5,6 +5,7 @@ vault_default_user_password: !vault |
           37656230373838373038386234326563656637306236383162383866343163623366356631373862
           6631616666363137620a363835316632313730623534353336303730363964653231336139383961
           6361
+
 vault_smtp_hostname: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           38373930343363666238326563663338386232386265663663663732313165613437303663333232
@@ -13,6 +14,7 @@ vault_smtp_hostname: !vault |
           3764613532646232630a373032356364636566376638646162623034623663313263326630306564
           38323835356437326431323637323432363630653738383936343737333634636662396535383164
           6334343166613762373130653961663334393335363066643539
+
 vault_smtp_auth_user: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           66313165326136343630393030366662303639626237376563633035326636343866363933613436
@@ -20,6 +22,7 @@ vault_smtp_auth_user: !vault |
           38656463393930376437356634633531656636666266623639663638613563613263356639313939
           3838356561306466650a623066303265353361633238643161306562336163623436643736653535
           64646164346366663766366136323661663731393136643238633435643739316531
+
 vault_smtp_auth_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           36336437393838663665383465313432373866656461356635646331396165323132623163343762
@@ -28,3 +31,11 @@ vault_smtp_auth_pass: !vault |
           3661316235633830640a333939393762303035653632303664623465373431313061643438616363
           30343535323764636437656431313430663536316132366361666436643732636363666266353162
           3362343930306564656331643135363264346263663739616637
+
+ansible_become_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66346462356439303239356536363866646632343461616466343864653131333764633031333034
+          6335666330663232633236363737393835633039323239660a363564663664353562356564346466
+          36623139376461373938366136323336633939353064633061653463323638643236313162306661
+          6134613531633131300a313037303233623832346465316238316238643035356462303430323362
+          6531

From c600e869a01d572193edee3302ea942fc96e6790 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:05:24 +0000
Subject: [PATCH 03/12] ammending tags in roles

---
 roles/docker/tasks/main.yml | 2 +-
 roles/python/tasks/main.yml | 1 +
 roles/ssh/tasks/main.yml    | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 4ea30bb..2bf7f88 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: Install and configure Docker
-  tags: [docker, server]
+  tags: [docker]
   become: true
   block:
     - name: Install Docker
diff --git a/roles/python/tasks/main.yml b/roles/python/tasks/main.yml
index 2e683e7..9d3985a 100644
--- a/roles/python/tasks/main.yml
+++ b/roles/python/tasks/main.yml
@@ -14,6 +14,7 @@
       shell: "{{ default_user_home }}/.pyenv/bin/pyenv install {{ pyenv_python_version }}"
       args:
         creates: "{{ default_user_home }}/.pyenv/versions/{{ pyenv_python_version }}/bin/python"
+      when: install_pyenv_python
 
     - name: Install pipx
       command: python3 -m pip install pipx --user
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
index b957770..3e2bf40 100644
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Configure SSH access
-  tags: [ssh, server]
+  tags: [ssh]
   become: true
   block:
     - name: Remove any PermitRootLogin instruction

From 70d4b45b7249314379b9a2a83238137cfa98f844 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:05:30 +0000
Subject: [PATCH 04/12] updating todo

---
 tasks.todo | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/tasks.todo b/tasks.todo
index a126853..bc2b148 100644
--- a/tasks.todo
+++ b/tasks.todo
@@ -1,8 +1,11 @@
 Tasks:
+    ☐ Configure nebula
+
+    Done:
     ✔ Create initial folder layout @started(21-02-28 23:29) @done(21-03-03 14:30) @lasted(2d15h1m16s)
     ✔ Create test playbook with a task @done(21-03-01 00:16)
     ✔ Document creating a hosts file, and an `ansible.cfg` to create an inventory @done(21-03-01 00:07)
-        <https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html>
+        https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
         Alternative to using an `ansible.cfg` is using the flag `-i hosts`
         Hosts file can contain `ansible_user` and `ansible_ssh_pass` under a `vars` header
     ✔ Test a connection with `ansible all -m ping` @done(21-03-01 00:08)
@@ -10,10 +13,19 @@ Tasks:
         Run a playbook with `ansible-playbook -b test.yml`
         If using vault do `--ask-vault-pass`
         Point to an inventory with `-i hosts`
-    ☐ Configure nebula
-    ☐ Still to configure:
-        ☐ Monit
+    ✔ Still to configure: @done(21-03-04 13:08)
+        ✔ Monit @done(21-03-04 13:08)
         ✔ UFW @done(21-03-04 12:57)
         ✔ Networking @done(21-03-04 12:59)
     ✔ Configure /etc/email-addresses with from addresses for root and default_user @done(21-03-04 12:57)
-        <https://serverfault.com/questions/377821/exim-send-every-emails-with-a-predefined-sender>
+        https://serverfault.com/questions/377821/exim-send-every-emails-with-a-predefined-sender
+
+Mac:
+    Mac functionality needs adding
+    ☐ Install Homebrew packages for Python
+        `brew install readline xz`
+        https://docs.ansible.com/ansible/latest/collections/community/general/homebrew_module.html
+
+    Done:
+        ✔ https://github.com/elliotweiser/ansible-osx-command-line-tools @done(21-03-05 22:02)
+        ✔ Add tag/variable to toggle between server/mac setup @started(21-03-05 22:01) @done(21-03-05 22:02) @lasted(1m33s)

From 02c05be6a850f7b716fd3c8d5ac39a4aa49dae39 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:05:51 +0000
Subject: [PATCH 05/12] updating and renaming playbook

---
 provision.yml | 33 +++++++++++++++++++++++++++++++++
 test.yml      | 16 ----------------
 2 files changed, 33 insertions(+), 16 deletions(-)
 create mode 100644 provision.yml
 delete mode 100644 test.yml

diff --git a/provision.yml b/provision.yml
new file mode 100644
index 0000000..eccdc87
--- /dev/null
+++ b/provision.yml
@@ -0,0 +1,33 @@
+---
+# local or remote connection
+# - hosts: all
+- hosts: 127.0.0.1
+  connection: local
+
+  # variable flags
+  vars:
+    install_cargo_packages: true
+    install_pyenv_python: true
+    target_system: mac
+    # mac overrides
+    default_user: dtomlinson
+    ansible_become_pass: "{{ vault_ansible_become_pass }}"
+
+  roles:
+    - role: nickjj.fail2ban
+      tags: [server, fail2ban]
+      when: target_system == "linux"
+    - role: setup
+      when: target_system == "linux"
+    - role: ssh
+      when: target_system == "linux"
+    - role: docker
+      when: target_system == "linux"
+    - role: mac
+      when: target_system == "mac"
+    - role: shell
+    - role: python
+    - role: rust
+    - role: terraform
+    - role: go
+    - role: cleanup
diff --git a/test.yml b/test.yml
deleted file mode 100644
index 9cb8c49..0000000
--- a/test.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- hosts: all
-  vars:
-    install_cargo_packages: true
-  roles:
-    - role: nickjj.fail2ban
-      tags: [server, fail2ban]
-    - role: setup
-    - role: ssh
-    - role: shell
-    - role: python
-    - role: rust
-    - role: terraform
-    - role: go
-    - role: docker
-    - role: cleanup

From a4cf052639abec217257714c6be9461245b6b003 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:05:56 +0000
Subject: [PATCH 06/12] adding mac role

---
 roles/mac/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 roles/mac/tasks/main.yml

diff --git a/roles/mac/tasks/main.yml b/roles/mac/tasks/main.yml
new file mode 100644
index 0000000..d69543f
--- /dev/null
+++ b/roles/mac/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Tasks for configuring MacOS
+  tags: [mac]
+  block:
+    - name: Install command line tools
+      include_role:
+        name: elliotweiser.osx-command-line-tools
+...

From 4b6e1392b3208d1354202b7f93c5dee53f7f9a6a Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 22:06:03 +0000
Subject: [PATCH 07/12] updating requirements for mac

---
 requirements.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.yml b/requirements.yml
index 929bd9a..f4d719f 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,4 +4,5 @@
 - src: nickjj.fail2ban
 - src: jnv.debian-backports
 - src: jnv.unattended-upgrades
+- src: elliotweiser.osx-command-line-tools
 ...

From 8a638b4fae00fad68fa5a999c3d461efb76bc634 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 23:06:22 +0000
Subject: [PATCH 08/12] updating variables files

---
 group_vars/all/mac.yml   |  4 +++-
 group_vars/all/user.yml  |  1 +
 group_vars/all/vault.yml | 14 +++++++-------
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/group_vars/all/mac.yml b/group_vars/all/mac.yml
index b8fef51..9b893cf 100644
--- a/group_vars/all/mac.yml
+++ b/group_vars/all/mac.yml
@@ -1 +1,3 @@
-ansible_become_pass: "{{ vault_ansible_become_pass }}"
+homebrew_installed_packages:
+  - readline
+  - xz
diff --git a/group_vars/all/user.yml b/group_vars/all/user.yml
index 39ebdb6..bd4bb4d 100644
--- a/group_vars/all/user.yml
+++ b/group_vars/all/user.yml
@@ -1,2 +1,3 @@
 default_user: plex
+default_user_group: "{{ default_user }}"
 default_user_password: "{{ vault_default_user_password }}"
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index a618321..79c0683 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -32,10 +32,10 @@ vault_smtp_auth_pass: !vault |
           30343535323764636437656431313430663536316132366361666436643732636363666266353162
           3362343930306564656331643135363264346263663739616637
 
-ansible_become_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          66346462356439303239356536363866646632343461616466343864653131333764633031333034
-          6335666330663232633236363737393835633039323239660a363564663664353562356564346466
-          36623139376461373938366136323336633939353064633061653463323638643236313162306661
-          6134613531633131300a313037303233623832346465316238316238643035356462303430323362
-          6531
+# ansible_become_pass: !vault |
+#           $ANSIBLE_VAULT;1.1;AES256
+#           66346462356439303239356536363866646632343461616466343864653131333764633031333034
+#           6335666330663232633236363737393835633039323239660a363564663664353562356564346466
+#           36623139376461373938366136323336633939353064633061653463323638643236313162306661
+#           6134613531633131300a313037303233623832346465316238316238643035356462303430323362
+#           6531

From 645886a40e9e4ef96c98d92c02033db511f18ba8 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 23:06:29 +0000
Subject: [PATCH 09/12] updating roles

---
 roles/cleanup/tasks/main.yml |  1 -
 roles/go/tasks/main.yml      |  2 +-
 roles/mac/tasks/main.yml     | 14 ++++++++++++++
 roles/python/tasks/main.yml  |  2 +-
 roles/shell/tasks/main.yml   | 12 ++++++------
 5 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/roles/cleanup/tasks/main.yml b/roles/cleanup/tasks/main.yml
index 9d904ac..a4a0d68 100644
--- a/roles/cleanup/tasks/main.yml
+++ b/roles/cleanup/tasks/main.yml
@@ -1,5 +1,4 @@
 - name: Remove temporary directory
-  tags: always
   file:
     path: "{{ temp_install_dir.path }}"
     state: absent
diff --git a/roles/go/tasks/main.yml b/roles/go/tasks/main.yml
index 6363388..5ad107f 100644
--- a/roles/go/tasks/main.yml
+++ b/roles/go/tasks/main.yml
@@ -15,4 +15,4 @@
         state: directory
         recurse: true
         owner: "{{ default_user }}"
-        group: "{{ default_user }}"
+        group: "{{ default_user_group }}"
diff --git a/roles/mac/tasks/main.yml b/roles/mac/tasks/main.yml
index d69543f..8673f04 100644
--- a/roles/mac/tasks/main.yml
+++ b/roles/mac/tasks/main.yml
@@ -2,7 +2,21 @@
 - name: Tasks for configuring MacOS
   tags: [mac]
   block:
+    - name: Get default user home
+      user:
+        name: "{{ default_user }}"
+        state: present
+      register: default_user_details
+    - name: Set default user home
+      set_fact:
+        default_user_home: "{{ default_user_details.home }}"
+    - name: print home dir on mac
+      debug:
+        var: default_user_home
     - name: Install command line tools
       include_role:
         name: elliotweiser.osx-command-line-tools
+    - name: Install and configure Homebrew
+      include_role:
+        name: geerlingguy.homebrew
 ...
diff --git a/roles/python/tasks/main.yml b/roles/python/tasks/main.yml
index 9d3985a..c0c78d4 100644
--- a/roles/python/tasks/main.yml
+++ b/roles/python/tasks/main.yml
@@ -22,7 +22,7 @@
         creates: "{{ default_user_home }}/.local/bin/pipx"
 
     - name: Install pipx packages
-      shell: "{{ default_user_home }}/.local/bin/pipx install {{ item }}"
+      shell: "{{ default_user_home }}/.local/bin/pipx install {{ item }} --force"
       loop: "{{ pipx_packages }}"
 
     - name: Install Poetry
diff --git a/roles/shell/tasks/main.yml b/roles/shell/tasks/main.yml
index c93b64f..bd5e7e4 100644
--- a/roles/shell/tasks/main.yml
+++ b/roles/shell/tasks/main.yml
@@ -9,12 +9,12 @@
         database: passwd
         key: "{{ default_user }}"
         split: ":"
-      tags: always
+      when: target_system == "linux"
 
     - name: Set default user home
       set_fact:
         default_user_home: "{{ getent_passwd[default_user][4] }}"
-      tags: always
+      when: target_system == "linux"
 
     - name: Install and configure default user environment
       become: true
@@ -25,13 +25,13 @@
             src: .tmux.conf
             dest: "{{ default_user_home }}/.tmux.conf"
             owner: "{{ default_user }}"
-            group: "{{default_user}}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644
 
         - name: Create temporary install directory
           tempfile:
-            path: "/home/{{ default_user }}"
+            path: "{{ default_user_home }}"
             state: directory
             suffix: .tmp
           register: temp_install_dir
@@ -77,7 +77,7 @@
             src: .zshrc.j2
             dest: "{{ default_user_home }}/.zshrc"
             owner: "{{ default_user }}"
-            group: "{{ default_user }}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644
 
@@ -86,6 +86,6 @@
             src: .p10k.zsh
             dest: "{{ default_user_home }}/.p10k.zsh"
             owner: "{{ default_user }}"
-            group: "{{default_user}}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644

From a73d593b73d7f0200a124871973d5d33e67e98de Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 23:06:43 +0000
Subject: [PATCH 10/12] adding homebrew to requirements

---
 requirements.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/requirements.yml b/requirements.yml
index f4d719f..7911227 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,8 +1,14 @@
 ---
-- src: fubarhouse.golang
-- src: nickjj.docker
-- src: nickjj.fail2ban
+# linux
 - src: jnv.debian-backports
 - src: jnv.unattended-upgrades
+- src: nickjj.docker
+- src: nickjj.fail2ban
+
+# mac
 - src: elliotweiser.osx-command-line-tools
+- src: geerlingguy.homebrew
+
+# misc
+- src: fubarhouse.golang
 ...

From d1eaf0c09d03b0771928a7752cd0712da87299b0 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 23:06:48 +0000
Subject: [PATCH 11/12] updating todos

---
 tasks.todo | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tasks.todo b/tasks.todo
index bc2b148..c22b3df 100644
--- a/tasks.todo
+++ b/tasks.todo
@@ -22,10 +22,9 @@ Tasks:
 
 Mac:
     Mac functionality needs adding
-    ☐ Install Homebrew packages for Python
-        `brew install readline xz`
-        https://docs.ansible.com/ansible/latest/collections/community/general/homebrew_module.html
-
     Done:
         ✔ https://github.com/elliotweiser/ansible-osx-command-line-tools @done(21-03-05 22:02)
         ✔ Add tag/variable to toggle between server/mac setup @started(21-03-05 22:01) @done(21-03-05 22:02) @lasted(1m33s)
+        ✔ Install Homebrew packages for Python @done(21-03-05 22:35)
+            `brew install readline xz`
+            https://docs.ansible.com/ansible/latest/collections/community/general/homebrew_module.html

From 34da26ab49cf7586d440c5265784b42d06c2b9e6 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Fri, 5 Mar 2021 23:06:56 +0000
Subject: [PATCH 12/12] updating playbook

---
 provision.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/provision.yml b/provision.yml
index eccdc87..77345d5 100644
--- a/provision.yml
+++ b/provision.yml
@@ -1,21 +1,22 @@
 ---
 # local or remote connection
-# - hosts: all
-- hosts: 127.0.0.1
-  connection: local
+- hosts: all
+# - hosts: 127.0.0.1
+#   connection: local
 
   # variable flags
   vars:
     install_cargo_packages: true
     install_pyenv_python: true
-    target_system: mac
+    target_system: linux
     # mac overrides
-    default_user: dtomlinson
-    ansible_become_pass: "{{ vault_ansible_become_pass }}"
+    # default_user: dtomlinson
+    # default_user_group: staff
+    # ansible_become_pass: 4Oa;Db5c!
 
   roles:
     - role: nickjj.fail2ban
-      tags: [server, fail2ban]
+      tags: [fail2ban]
       when: target_system == "linux"
     - role: setup
       when: target_system == "linux"