Merge branch 'develop'

commands

@@ -4,3 +4,5 @@ ansible-playbook -b test.yml --vault-password-file password --tags "setup,terraf
 ansible-galaxy install -r requirements.yml
 
 ansible-vault encrypt_string 'email-smtp.eu-west-1.amazonaws.com' --name 'vault_smtp_hostname' --vault-pass-file ./password
+
+ansible-playbook playbook.yml --connection=local

group_vars/all/mac.yml

@@ -0,0 +1,3 @@
+homebrew_installed_packages:
+  - readline
+  - xz

group_vars/all/python.yml

@@ -1,3 +1,4 @@
-pyenv_python_version: 3.9.0
+install_pyenv_python: true
+pyenv_python_version: 3.9.1
 pipx_packages:
   - awscli

group_vars/all/user.yml

@@ -1,2 +1,3 @@
 default_user: plex
+default_user_group: "{{ default_user }}"
 default_user_password: "{{ vault_default_user_password }}"

group_vars/all/vault.yml

@@ -5,6 +5,7 @@ vault_default_user_password: !vault |
           37656230373838373038386234326563656637306236383162383866343163623366356631373862
           6631616666363137620a363835316632313730623534353336303730363964653231336139383961
           6361
+
 vault_smtp_hostname: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           38373930343363666238326563663338386232386265663663663732313165613437303663333232
@@ -13,6 +14,7 @@ vault_smtp_hostname: !vault |
           3764613532646232630a373032356364636566376638646162623034623663313263326630306564
           38323835356437326431323637323432363630653738383936343737333634636662396535383164
           6334343166613762373130653961663334393335363066643539
+
 vault_smtp_auth_user: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           66313165326136343630393030366662303639626237376563633035326636343866363933613436
@@ -20,6 +22,7 @@ vault_smtp_auth_user: !vault |
           38656463393930376437356634633531656636666266623639663638613563613263356639313939
           3838356561306466650a623066303265353361633238643161306562336163623436643736653535
           64646164346366663766366136323661663731393136643238633435643739316531
+
 vault_smtp_auth_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           36336437393838663665383465313432373866656461356635646331396165323132623163343762
@@ -28,3 +31,11 @@ vault_smtp_auth_pass: !vault |
           3661316235633830640a333939393762303035653632303664623465373431313061643438616363
           30343535323764636437656431313430663536316132366361666436643732636363666266353162
           3362343930306564656331643135363264346263663739616637
+
+# ansible_become_pass: !vault |
+#           $ANSIBLE_VAULT;1.1;AES256
+#           66346462356439303239356536363866646632343461616466343864653131333764633031333034
+#           6335666330663232633236363737393835633039323239660a363564663664353562356564346466
+#           36623139376461373938366136323336633939353064633061653463323638643236313162306661
+#           6134613531633131300a313037303233623832346465316238316238643035356462303430323362
+#           6531

provision.yml

@@ -0,0 +1,34 @@
+---
+# local or remote connection
+- hosts: all
+# - hosts: 127.0.0.1
+#   connection: local
+
+  # variable flags
+  vars:
+    install_cargo_packages: true
+    install_pyenv_python: true
+    target_system: linux
+    # mac overrides
+    # default_user: dtomlinson
+    # default_user_group: staff
+    # ansible_become_pass: 4Oa;Db5c!
+
+  roles:
+    - role: nickjj.fail2ban
+      tags: [fail2ban]
+      when: target_system == "linux"
+    - role: setup
+      when: target_system == "linux"
+    - role: ssh
+      when: target_system == "linux"
+    - role: docker
+      when: target_system == "linux"
+    - role: mac
+      when: target_system == "mac"
+    - role: shell
+    - role: python
+    - role: rust
+    - role: terraform
+    - role: go
+    - role: cleanup

requirements.yml

@@ -1,7 +1,14 @@
 ---
-- src: fubarhouse.golang
+# linux
-- src: nickjj.docker
-- src: nickjj.fail2ban
 - src: jnv.debian-backports
 - src: jnv.unattended-upgrades
+- src: nickjj.docker
+- src: nickjj.fail2ban
+
+# mac
+- src: elliotweiser.osx-command-line-tools
+- src: geerlingguy.homebrew
+
+# misc
+- src: fubarhouse.golang
 ...

roles/cleanup/tasks/main.yml

@@ -1,5 +1,4 @@
 - name: Remove temporary directory
-  tags: always
   file:
     path: "{{ temp_install_dir.path }}"
     state: absent

roles/docker/tasks/main.yml

@@ -1,5 +1,5 @@
 - name: Install and configure Docker
-  tags: [docker, server]
+  tags: [docker]
   become: true
   block:
     - name: Install Docker

roles/go/tasks/main.yml

@@ -15,4 +15,4 @@
         state: directory
         recurse: true
         owner: "{{ default_user }}"
-        group: "{{ default_user }}"
+        group: "{{ default_user_group }}"

roles/mac/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Tasks for configuring MacOS
+  tags: [mac]
+  block:
+    - name: Get default user home
+      user:
+        name: "{{ default_user }}"
+        state: present
+      register: default_user_details
+    - name: Set default user home
+      set_fact:
+        default_user_home: "{{ default_user_details.home }}"
+    - name: print home dir on mac
+      debug:
+        var: default_user_home
+    - name: Install command line tools
+      include_role:
+        name: elliotweiser.osx-command-line-tools
+    - name: Install and configure Homebrew
+      include_role:
+        name: geerlingguy.homebrew
+...

roles/python/tasks/main.yml

@@ -14,6 +14,7 @@
       shell: "{{ default_user_home }}/.pyenv/bin/pyenv install {{ pyenv_python_version }}"
       args:
         creates: "{{ default_user_home }}/.pyenv/versions/{{ pyenv_python_version }}/bin/python"
+      when: install_pyenv_python
 
     - name: Install pipx
       command: python3 -m pip install pipx --user
@@ -21,7 +22,7 @@
         creates: "{{ default_user_home }}/.local/bin/pipx"
 
     - name: Install pipx packages
-      shell: "{{ default_user_home }}/.local/bin/pipx install {{ item }}"
+      shell: "{{ default_user_home }}/.local/bin/pipx install {{ item }} --force"
       loop: "{{ pipx_packages }}"
 
     - name: Install Poetry

roles/shell/tasks/main.yml

@@ -9,12 +9,12 @@
         database: passwd
         key: "{{ default_user }}"
         split: ":"
-      tags: always
+      when: target_system == "linux"
 
     - name: Set default user home
       set_fact:
         default_user_home: "{{ getent_passwd[default_user][4] }}"
-      tags: always
+      when: target_system == "linux"
 
     - name: Install and configure default user environment
       become: true
@@ -25,13 +25,13 @@
             src: .tmux.conf
             dest: "{{ default_user_home }}/.tmux.conf"
             owner: "{{ default_user }}"
-            group: "{{default_user}}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644
 
         - name: Create temporary install directory
           tempfile:
-            path: "/home/{{ default_user }}"
+            path: "{{ default_user_home }}"
             state: directory
             suffix: .tmp
           register: temp_install_dir
@@ -77,7 +77,7 @@
             src: .zshrc.j2
             dest: "{{ default_user_home }}/.zshrc"
             owner: "{{ default_user }}"
-            group: "{{ default_user }}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644
 
@@ -86,6 +86,6 @@
             src: .p10k.zsh
             dest: "{{ default_user_home }}/.p10k.zsh"
             owner: "{{ default_user }}"
-            group: "{{default_user}}"
+            group: "{{ default_user_group }}"
             force: yes
             mode: 0644

roles/ssh/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Configure SSH access
-  tags: [ssh, server]
+  tags: [ssh]
   become: true
   block:
     - name: Remove any PermitRootLogin instruction

tasks.todo

@@ -1,8 +1,11 @@
 Tasks:
+    ☐ Configure nebula
+
+    Done:
     ✔ Create initial folder layout @started(21-02-28 23:29) @done(21-03-03 14:30) @lasted(2d15h1m16s)
     ✔ Create test playbook with a task @done(21-03-01 00:16)
     ✔ Document creating a hosts file, and an `ansible.cfg` to create an inventory @done(21-03-01 00:07)
-        <https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html>
+        https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
         Alternative to using an `ansible.cfg` is using the flag `-i hosts`
         Hosts file can contain `ansible_user` and `ansible_ssh_pass` under a `vars` header
     ✔ Test a connection with `ansible all -m ping` @done(21-03-01 00:08)
@@ -10,10 +13,18 @@ Tasks:
         Run a playbook with `ansible-playbook -b test.yml`
         If using vault do `--ask-vault-pass`
         Point to an inventory with `-i hosts`
-    ☐ Configure nebula
+    ✔ Still to configure: @done(21-03-04 13:08)
-    ☐ Still to configure:
+        ✔ Monit @done(21-03-04 13:08)
-        ☐ Monit
         ✔ UFW @done(21-03-04 12:57)
         ✔ Networking @done(21-03-04 12:59)
     ✔ Configure /etc/email-addresses with from addresses for root and default_user @done(21-03-04 12:57)
-        <https://serverfault.com/questions/377821/exim-send-every-emails-with-a-predefined-sender>
+        https://serverfault.com/questions/377821/exim-send-every-emails-with-a-predefined-sender
+
+Mac:
+    Mac functionality needs adding
+    Done:
+        ✔ https://github.com/elliotweiser/ansible-osx-command-line-tools @done(21-03-05 22:02)
+        ✔ Add tag/variable to toggle between server/mac setup @started(21-03-05 22:01) @done(21-03-05 22:02) @lasted(1m33s)
+        ✔ Install Homebrew packages for Python @done(21-03-05 22:35)
+            `brew install readline xz`
+            https://docs.ansible.com/ansible/latest/collections/community/general/homebrew_module.html

test.yml

@@ -1,16 +0,0 @@
----
-- hosts: all
-  vars:
-    install_cargo_packages: true
-  roles:
-    - role: nickjj.fail2ban
-      tags: [server, fail2ban]
-    - role: setup
-    - role: ssh
-    - role: shell
-    - role: python
-    - role: rust
-    - role: terraform
-    - role: go
-    - role: docker
-    - role: cleanup