From dce2196c328f1749aef7d03b73fd2bb43d0a9a3b Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Thu, 5 Dec 2024 23:28:18 +0100 Subject: [PATCH] update --- inventory.yml | 5 - playbooks/image.yml | 2 - .../roles/base_system/tasks/firewall.yml | 20 ++ playbooks/roles/base_system/tasks/main.yml | 9 + playbooks/roles/base_system/tasks/sudo.yml | 13 + playbooks/roles/env_terminal/meta/main.yml | 1 + playbooks/roles/server_ssh/tasks/main.yml | 18 ++ .../software_scripts/files/on-check-change.sh | 1 + .../roles/software_scripts/files/pushover.sh | 258 ++++++++++++++++++ .../roles/software_scripts/tasks/main.yml | 14 + 10 files changed, 334 insertions(+), 7 deletions(-) create mode 100644 playbooks/roles/base_system/tasks/firewall.yml create mode 100644 playbooks/roles/base_system/tasks/sudo.yml create mode 100644 playbooks/roles/software_scripts/files/on-check-change.sh create mode 100644 playbooks/roles/software_scripts/files/pushover.sh create mode 100644 playbooks/roles/software_scripts/tasks/main.yml diff --git a/inventory.yml b/inventory.yml index 0e17fdc..d7b271d 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,8 +1,3 @@ -images: - hosts: - docker-dev: - contexts: - - privat android: hosts: pixel9: diff --git a/playbooks/image.yml b/playbooks/image.yml index 36fa537..dea4e3d 100644 --- a/playbooks/image.yml +++ b/playbooks/image.yml @@ -1,8 +1,6 @@ --- - name: Setup host hosts: localhost - vars: - contexts: {} roles: - role: env_terminal - role: env_develop diff --git a/playbooks/roles/base_system/tasks/firewall.yml b/playbooks/roles/base_system/tasks/firewall.yml new file mode 100644 index 0000000..9ba4317 --- /dev/null +++ b/playbooks/roles/base_system/tasks/firewall.yml @@ -0,0 +1,20 @@ +- name: Install firewall + tags: + - install + ansible.builtin.package: + name: + - ufw + +- name: UFW - Allow SSH connections + tags: + - config + community.general.ufw: + rule: allow + name: OpenSSH + +- name: UFW - Enable and deny by default + tags: + - config + community.general.ufw: + state: enabled + default: deny diff --git a/playbooks/roles/base_system/tasks/main.yml b/playbooks/roles/base_system/tasks/main.yml index 186354a..f483a7f 100644 --- a/playbooks/roles/base_system/tasks/main.yml +++ b/playbooks/roles/base_system/tasks/main.yml @@ -13,6 +13,7 @@ ansible.builtin.user: name: "{{ username }}" update_password: "on_create" + password: "{{ 'iamroot' | password_hash('sha512') }}" create_home: yes group: "{{ username }}" @@ -35,3 +36,11 @@ - install when: archlinux include_tasks: flatpak.yml + +- name: Setup sudo + when: not mac_os + include_tasks: sudo.yml + +- name: Setup firewall + when: not mac_os + include_tasks: firewall.yml diff --git a/playbooks/roles/base_system/tasks/sudo.yml b/playbooks/roles/base_system/tasks/sudo.yml new file mode 100644 index 0000000..235914f --- /dev/null +++ b/playbooks/roles/base_system/tasks/sudo.yml @@ -0,0 +1,13 @@ +- name: Install sudo + become: true + ansible.builtin.package: + name: sudo + +- name: Allow sudo access + become: true + community.general.sudoers: + name: "sudo-for-{{ username }}" + state: present + user: "{{ username }}" + commands: ALL + nopassword: false diff --git a/playbooks/roles/env_terminal/meta/main.yml b/playbooks/roles/env_terminal/meta/main.yml index a29b6ce..58ce51f 100644 --- a/playbooks/roles/env_terminal/meta/main.yml +++ b/playbooks/roles/env_terminal/meta/main.yml @@ -9,3 +9,4 @@ dependencies: - role: software_nvm - role: software_nvim - role: software_atuin + - role: software_scripts diff --git a/playbooks/roles/server_ssh/tasks/main.yml b/playbooks/roles/server_ssh/tasks/main.yml index b66694b..8db71a9 100644 --- a/playbooks/roles/server_ssh/tasks/main.yml +++ b/playbooks/roles/server_ssh/tasks/main.yml @@ -40,3 +40,21 @@ loop_control: label: "{{ item.path }}" when: item.state == 'file' + +- name: Install ssh server + when: not mac_os + tags: + - install + ansible.builtin.package: + name: + - openssh-server + +- name: Disable password authentication for root + tags: + - config + when: not mac_os + lineinfile: + path: /etc/ssh/sshd_config + state: present + regexp: "^#?PermitRootLogin" + line: "PermitRootLogin prohibit-password" diff --git a/playbooks/roles/software_scripts/files/on-check-change.sh b/playbooks/roles/software_scripts/files/on-check-change.sh new file mode 100644 index 0000000..0c917f6 --- /dev/null +++ b/playbooks/roles/software_scripts/files/on-check-change.sh @@ -0,0 +1 @@ +gh pr checks --fail-fast --watch && pushover.sh "`gh pr checks | awk -F '\t' '{print $2 ": " $1}'`" diff --git a/playbooks/roles/software_scripts/files/pushover.sh b/playbooks/roles/software_scripts/files/pushover.sh new file mode 100644 index 0000000..228c7a8 --- /dev/null +++ b/playbooks/roles/software_scripts/files/pushover.sh @@ -0,0 +1,258 @@ +#!/usr/bin/env bash + +# https://github.com/akusei/pushover-bash/tree/main + +set -o errexit +set -o nounset + +readonly VERSION=1.21 +readonly API_URL="https://api.pushover.net/1/messages.json" +readonly CONFIG_FILE="pushover-config" +readonly DEFAULT_CONFIG="/etc/pushover/${CONFIG_FILE}" +readonly USER_OVERRIDE=~/.config/pushover/${CONFIG_FILE} +readonly EXPIRE_DEFAULT=180 +readonly RETRY_DEFAULT=30 +HIDE_REPLY=true + +showHelp() +{ + local script=`basename "$0"` + echo "Send Pushover v${VERSION} scripted by Nathan Martini" + echo "Push notifications to your Android, iOS, or desktop devices" + echo + echo "NOTE: This script requires an account at http://www.pushover.net" + echo + echo "usage: ${script} <-t|--token apikey> <-u|--user userkey> [options] " + echo + echo " MESSAGE The message to send; supports HTML formatting. Quotes are not" + echo " required but recommended" + echo " -t, --token APIKEY The pushover.net API Key for your application. Not required if" + echo " using a configuration file" + echo " -u, --user USERKEY Your pushover.net user key. Not required if using a" + echo " configuration file" + echo + echo " Options:" + echo " -a, --attachment filename The Picture you want to send" + echo " -T, --title TITLE Title of the message" + echo " -d, --device NAME Comma seperated list of devices to receive message" + echo " -U, --url URL URL to send with message" + echo " --url-title URLTITLE Title of the URL" + echo " -H, --html Enable HTML formatting, cannot be used with the --monospace flag" + echo " -M, --monospace Enable monospace messages, cannot be used with the --html flag" + echo " -p, --priority PRIORITY Priority of the message" + echo " -2 - no notification/alert" + echo " -1 - quiet notification" + echo " 0 - normal priority" + echo " 1 - bypass the user's quiet hours" + echo " 2 - require confirmation from the user" + echo " -e, --expire SECONDS Set expiration time for notifications with priority 2 (default ${EXPIRE_DEFAULT})" + echo " -r, --retry COUNT Set retry period for notifications with priority 2 (default ${RETRY_DEFAULT})" + echo " -s, --sound SOUND Notification sound to play with message" + echo " pushover - Pushover (default)" + echo " bike - Bike" + echo " bugle - Bugle" + echo " cashregister - Cash Register" + echo " classical - Classical" + echo " cosmic - Cosmic" + echo " falling - Falling" + echo " gamelan - Gamelan" + echo " incoming - Incoming" + echo " intermission - Intermission" + echo " magic - Magic" + echo " mechanical - Mechanical" + echo " pianobar - Piano Bar" + echo " siren - Siren" + echo " spacealarm - Space Alarm" + echo " tugboat - Tug Boat" + echo " alien - Alien Alarm (long)" + echo " climb - Climb (long)" + echo " persistent - Persistent (long)" + echo " echo - Pushover Echo (long)" + echo " updown - Up Down (long)" + echo " none - None (silent)" + echo " -v, --verbose Return API execution reply to stdout" + echo + echo "EXAMPLES:" + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy \"This is a test\"" + echo " Sends a simple \"This is a test\" message to all devices." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -T \"Test Title\" \"This is a test\"" + echo " Sends a simple \"This is a test\" message with the title \"Test Title\" to all devices." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -d \"Phone,Home Desktop\" \"This is a test\"" + echo " Sends a simple \"This is a test\" message to the devices named \"Phone\" and \"Home Desktop\"." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -U \"http://www.google.com\" --url-title Google \"This is a test\"" + echo " Sends a simple \"This is a test\" message to all devices that contains a link to www.google.com titled \"Google\"." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -p 1 \"This is a test\"" + echo " Sends a simple \"This is a test\" high priority message to all devices." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -s bike \"This is a test\"" + echo " Sends a simple \"This is a test\" message to all devices that uses the sound of a bike bell as the notification sound." + echo + echo " ${script} -t xxxxxxxxxx -u yyyyyyyyyy -a /path/to/pic.jpg \"This is a test Pic\"" + echo " Sends a simple \"This is a test Pic\" message to all devices and send the Picture with the message." + echo +} + +curl --version > /dev/null 2>&1 || { echo "This script requires curl; aborting."; echo; exit 1; } + +if [ -f ${DEFAULT_CONFIG} ]; then + source ${DEFAULT_CONFIG} +fi +if [ -f ${USER_OVERRIDE} ]; then + source ${USER_OVERRIDE} +fi + +while [ $# -gt 0 ] +do + case "${1:-}" in + -t|--token) + api_token="${2:-}" + shift + ;; + + -u|--user) + user_key="${2:-}" + shift + ;; + + -a|--attachment) + attachment="${2:-}" + shift + ;; + + -T|--title) + title="${2:-}" + shift + ;; + + -d|--device) + device="${2:-}" + shift + ;; + + -U|--url) + url="${2:-}" + shift + ;; + + --url-title) + url_title="${2:-}" + shift + ;; + + -H|--html) + html=1 + ;; + + -M|--monospace) + monospace=1 + ;; + + -p|--priority) + priority="${2:-}" + shift + ;; + + -s|--sound) + sound="${2:-}" + shift + ;; + + -e|--expire) + expire="${2:-}" + shift + ;; + + -r|--retry) + retry="${2:-}" + shift + ;; + + -v|--verbose) + unset HIDE_REPLY + ;; + + -h|--help) + showHelp + exit + ;; + + *) + message="${*:1}" + break + ;; + esac + + shift +done + +if [ ${priority:-0} -eq 2 ]; then + if [ -z "${expire:-}" ]; then + expire=${EXPIRE_DEFAULT} + fi + if [ -z "${retry:-}" ]; then + retry=${RETRY_DEFAULT} + fi +fi + +if [ -z "${api_token:-}" ]; then + echo "-t|--token must be set" + exit 1 +fi + +if [ -z "${user_key:-}" ]; then + echo "-u|--user must be set" + exit 1 +fi + +if [ -z "${message:-}" ]; then + echo "positional argument MESSAGE must be set" + exit 1 +fi + +if [ ! -z "${html:-}" ] && [ ! -z "${monospace:-}" ]; then + echo "--html and --monospace are mutually exclusive" + exit 1 +fi + +if [ ! -z "${attachment:-}" ] && [ ! -f "${attachment}" ]; then + echo "${attachment} not found" + exit 1 +fi + +if [ -z "${attachment:-}" ]; then + json="{\"token\":\"${api_token}\",\"user\":\"${user_key}\",\"message\":\"${message}\"" + if [ "${device:-}" ]; then json="${json},\"device\":\"${device}\""; fi + if [ "${title:-}" ]; then json="${json},\"title\":\"${title}\""; fi + if [ "${url:-}" ]; then json="${json},\"url\":\"${url}\""; fi + if [ "${url_title:-}" ]; then json="${json},\"url_title\":\"${url_title}\""; fi + if [ "${html:-}" ]; then json="${json},\"html\":1"; fi + if [ "${monospace:-}" ]; then json="${json},\"monospace\":1"; fi + if [ "${priority:-}" ]; then json="${json},\"priority\":${priority}"; fi + if [ "${expire:-}" ]; then json="${json},\"expire\":${expire}"; fi + if [ "${retry:-}" ]; then json="${json},\"retry\":${retry}"; fi + if [ "${sound:-}" ]; then json="${json},\"sound\":\"${sound}\""; fi + json="${json}}" + + curl --fail -s ${HIDE_REPLY:+ -o /dev/null} \ + -H "Content-Type: application/json" \ + -d "${json}" \ + "${API_URL}" 2>&1 +else + curl --fail -s ${HIDE_REPLY:+ -o /dev/null} \ + --form-string "token=${api_token}" \ + --form-string "user=${user_key}" \ + --form-string "message=${message}" \ + --form "attachment=@${attachment}" \ + ${html:+ --form-string "html=1"} \ + ${monospace:+ --form-string "monospace=1"} \ + ${priority:+ --form-string "priority=${priority}"} \ + ${sound:+ --form-string "sound=${sound}"} \ + ${device:+ --form-string "device=${device}"} \ + ${title:+ --form-string "title=${title}"} \ + "${API_URL}" 2>&1 +fi diff --git a/playbooks/roles/software_scripts/tasks/main.yml b/playbooks/roles/software_scripts/tasks/main.yml new file mode 100644 index 0000000..ac0f33d --- /dev/null +++ b/playbooks/roles/software_scripts/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: "Copy scripts" + tags: + - config + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ home }}/.local/bin/{{ item.path }}" + mode: "0755" + owner: "{{ username }}" + with_community.general.filetree: + - ../files + loop_control: + label: "{{ item.path }}" + when: item.state == 'file'