stuff

.gitignore

@@ -0,0 +1 @@
+vars.yaml

README

@@ -3,3 +3,7 @@
 Ставит пакеты ['mc', 'htop', 'vim', 'screen', 'tmux', 'curl', 'wget', 'bash-completion', 'tree']
 
 Fork of "lulzette/devops-shit"
+
+TODO:
+
+- [ ] unattended upgrades

ansible.cfg

@@ -1,8 +1,8 @@
 [defaults]
-INVENTORY = ~/inventory
+INVENTORY = ../inventory
 pipelining = True
 
-strategy = free
+#strategy = free
 
 [ssh_connection]
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s

playbook.yml

@@ -1,8 +1,8 @@
 ---
 - hosts: all
-#  strategy: free
+  vars_files: ./vars.yaml
   roles:
-    - { role: packages, become: true}
+    - { role: packages, become: true, retries: 3, delay: 60}
     - { role: ssh, become: true}
     - configs
 

roles/coding_vim/files/omb-bashrc

@@ -1,102 +0,0 @@
-# Path to your oh-my-bash installation.
-export OSH=/root/.oh-my-bash
-
-# Set name of the theme to load. Optionally, if you set this to "random"
-# it'll load a random theme each time that oh-my-bash is loaded.
-OSH_THEME="90210"
-
-# Uncomment the following line to use case-sensitive completion.
-# CASE_SENSITIVE="true"
-
-# Uncomment the following line to use hyphen-insensitive completion. Case
-# sensitive completion must be off. _ and - will be interchangeable.
-# HYPHEN_INSENSITIVE="true"
-
-# Uncomment the following line to disable bi-weekly auto-update checks.
-# DISABLE_AUTO_UPDATE="true"
-
-# Uncomment the following line to change how often to auto-update (in days).
-# export UPDATE_OSH_DAYS=13
-
-# Uncomment the following line to disable colors in ls.
-# DISABLE_LS_COLORS="true"
-
-# Uncomment the following line to disable auto-setting terminal title.
-# DISABLE_AUTO_TITLE="true"
-
-# Uncomment the following line to enable command auto-correction.
-# ENABLE_CORRECTION="true"
-
-# Uncomment the following line to display red dots whilst waiting for completion.
-# COMPLETION_WAITING_DOTS="true"
-
-# Uncomment the following line if you want to disable marking untracked files
-# under VCS as dirty. This makes repository status check for large repositories
-# much, much faster.
-# DISABLE_UNTRACKED_FILES_DIRTY="true"
-
-# Uncomment the following line if you want to change the command execution time
-# stamp shown in the history command output.
-# The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
-# HIST_STAMPS="mm/dd/yyyy"
-
-# Would you like to use another custom folder than $OSH/custom?
-# OSH_CUSTOM=/path/to/new-custom-folder
-
-# Which completions would you like to load? (completions can be found in ~/.oh-my-bash/completions/*)
-# Custom completions may be added to ~/.oh-my-bash/custom/completions/
-# Example format: completions=(ssh git bundler gem pip pip3)
-# Add wisely, as too many completions slow down shell startup.
-completions=(
-  git
-  composer
-  ssh
-)
-
-# Which aliases would you like to load? (aliases can be found in ~/.oh-my-bash/aliases/*)
-# Custom aliases may be added to ~/.oh-my-bash/custom/aliases/
-# Example format: aliases=(vagrant composer git-avh)
-# Add wisely, as too many aliases slow down shell startup.
-aliases=(
-  general
-)
-
-# Which plugins would you like to load? (plugins can be found in ~/.oh-my-bash/plugins/*)
-# Custom plugins may be added to ~/.oh-my-bash/custom/plugins/
-# Example format: plugins=(rails git textmate ruby lighthouse)
-# Add wisely, as too many plugins slow down shell startup.
-plugins=(
-  git
-  bashmarks
-)
-
-source $OSH/oh-my-bash.sh
-
-# User configuration
-# export MANPATH="/usr/local/man:$MANPATH"
-
-# You may need to manually set your language environment
-# export LANG=en_US.UTF-8
-
-# Preferred editor for local and remote sessions
-# if [[ -n $SSH_CONNECTION ]]; then
-#   export EDITOR='vim'
-# else
-#   export EDITOR='mvim'
-# fi
-
-# Compilation flags
-# export ARCHFLAGS="-arch x86_64"
-
-# ssh
-# export SSH_KEY_PATH="~/.ssh/rsa_id"
-
-# Set personal aliases, overriding those provided by oh-my-bash libs,
-# plugins, and themes. Aliases can be placed here, though oh-my-bash
-# users are encouraged to define aliases within the OSH_CUSTOM folder.
-# For a full list of active aliases, run `alias`.
-#
-# Example aliases
-# alias bashconfig="mate ~/.bashrc"
-# alias ohmybash="mate ~/.oh-my-bash"
-

roles/coding_vim/files/vimrc

@@ -1,40 +0,0 @@
-set nocompatible              " be iMproved, required
-filetype off                  " required
-
-"=====================================================
-" Vundle settings
-"=====================================================
-" set the runtime path to include Vundle and initialize
-set rtp+=~/.vim/bundle/Vundle.vim
-call vundle#begin()
-
-Plugin 'gmarik/Vundle.vim'              " let Vundle manage Vundle, required
-
-"---------=== Code/project navigation ===-------------
-Plugin 'scrooloose/nerdtree'            " Project and file navigation
-Plugin 'majutsushi/tagbar'              " Class/module browser
-
-"------------------=== Other ===----------------------
-Plugin 'bling/vim-airline'              " Lean & mean status/tabline for vim
-Plugin 'fisadev/FixedTaskList.vim'      " Pending tasks list
-Plugin 'rosenfeld/conque-term'          " Consoles as buffers
-Plugin 'tpope/vim-surround'             " Parentheses, brackets, quotes, XML tags, and more
-
-"--------------=== Snippets support ===---------------
-"Plugin 'garbas/vim-snipmate'           " Snippets manager
-Plugin 'MarcWeber/vim-addon-mw-utils'   " dependencies #1
-Plugin 'tomtom/tlib_vim'                " dependencies #2
-Plugin 'honza/vim-snippets'             " snippets repo
-
-"---------------=== Languages support ===-------------
-" --- Python ---
-Plugin 'klen/python-mode'               " Python mode (docs, refactor, lints, highlighting, run and ipdb and more)
-Plugin 'davidhalter/jedi-vim'           " Jedi-vim autocomplete plugin
-Plugin 'mitsuhiko/vim-jinja'            " Jinja support for vim
-Plugin 'mitsuhiko/vim-python-combined'  " Combined Python 2/3 for Vim
-
-call vundle#end()                       " required
-filetype on
-filetype plugin on
-filetype plugin indent on
-

roles/coding_vim/tasks/main.yml

@@ -1,6 +0,0 @@
----
-
- - name: Put vim config
-   template:
-     src: files/vimrc
-     dest: /etc/vimrc

roles/configs/files/50unattended-upgrades

@@ -0,0 +1,35 @@
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id}:${distro_codename}";
+	"${distro_id}:${distro_codename}-security";
+	"${distro_id}ESMApps:${distro_codename}-apps-security";
+	"${distro_id}ESM:${distro_codename}-infra-security";
+	"${distro_id}:${distro_codename}-updates";
+//	"${distro_id}:${distro_codename}-proposed";
+//	"${distro_id}:${distro_codename}-backports";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+    // The following matches all packages starting with linux-
+
+    // Use $ to explicitely define the end of a package name. Without
+    // the $, "libc6" would match all of them.
+
+    // Special characters need escaping
+
+    // The following matches packages like xen-system-amd64, xen-utils-4.1,
+    // xenstore-utils and libxenstore3.0
+
+    // For more information about Python regular expressions, see
+    // https://docs.python.org/3/howto/regex.html
+};
+
+Unattended-Upgrade::DevRelease "auto";
+
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+

roles/configs/files/bashrc

@@ -16,8 +16,8 @@ HISTCONTROL=ignoreboth
 shopt -s histappend
 
 # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=1000
-HISTFILESIZE=2000
+HISTSIZE=100000
+HISTFILESIZE=200000
 
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
@@ -283,8 +283,14 @@ alias gupv='git pull --rebase -v'
 alias gwch='git whatchanged -p --abbrev-commit --pretty=medium'
 alias gwip='git add -A; git rm $(git ls-files --deleted) 2> /dev/null; git commit --no-verify --no-gpg-sign -m "--wip-- [skip ci]"'
 
-alias apt="sudo apt"
+#alias apt="sudo apt"
+alias vim="vim -p"
 
 export PS1='\e[0;35m\t \e[0;32m\u@\h:\w\e[m\n\$ '
 figlet `hostname`
 
+# Scroll как с oh my zsh
+bind '"\e[A": history-search-backward'
+bind '"\e[B": history-search-forward'
+
+export EDITOR=vim

roles/configs/tasks/main.yml

@@ -3,30 +3,8 @@
   import_tasks: root.yml
   become: true
 
-- name: Check for OMB
-  stat:
-    path: "{{ ansible_user_dir }}/.oh-my-bash"
-  register: omb_flag
-
-- debug:
-    msg: 'OMB is not installed, run: bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"'
-  when: not omb_flag.stat.exists 
-
-- name: Put simple bashrc config
+- name: bashrc
   template:
     src: files/bashrc
     dest: "{{ ansible_user_dir }}/.bashrc"
-  when: not omb_flag.stat.exists
-
-   # - name: Put omb config
-   #template:
-   #  src: files/omb-bashrc
-   #  dest: "{{ ansible_user_dir }}/.bashrc"
-   #when: omb_flag.stat.exists
-
-# FIXME: logout from shell
-# - name: Install OMB
-#   shell: bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"
-#   when: not omb_flag.stat.exists
-
 

roles/configs/tasks/root.yml

@@ -46,13 +46,37 @@
 - name: Change hostname
   ansible.builtin.hostname:
     name: "{{ inventory_hostname }}"
+
 - name: Do not show news on login
+  ignore_errors: true
   file:
     path: /etc/update-motd.d/50-motd-news
     mode: 644
   when: ansible_facts['os_family'] == "Debian"
+
 - name: Do not show help on login
+  ignore_errors: true
   file:
     path: /etc/update-motd.d/10-help-text
     mode: 644
   when: ansible_facts['os_family'] == "Debian"
+
+- name: Check for OMB
+  stat:
+    path: "{{ ansible_user_dir }}/.oh-my-bash"
+  register: omb_flag_root
+
+- name: Put simple bashrc config
+  template:
+    src: files/bashrc
+    dest: "/root/.bashrc"
+  when: not omb_flag_root.stat.exists
+
+- name: Set timezone to Europe/Moscow
+  community.general.timezone:
+    name: Europe/Moscow
+
+- name: Put unattended-upgrades config
+  template:
+    src: files/50unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades

roles/packages/tasks/main.yml

@@ -1,9 +1,10 @@
 ---
 - name: Install Debian packages
   apt:
-    name: ['mc', 'htop', 'vim', 'neovim', 'screen', 'tmux', 'curl', 'wget', 'bash-completion', 'tree', 'figlet']
+    name: ['mc', 'htop', 'vim', 'neovim', 'screen', 'tmux', 'curl', 'wget', 'bash-completion', 'tree', 'figlet', 'ufw']
     state: present
     update_cache: yes
+    lock_timeout: 300
   when: ansible_facts['os_family'] == "Debian"
 
 
@@ -11,12 +12,14 @@
   apt:
     name: ['cloud-init', 'modemmanager', 'snapd', 'needrestart']
     state: absent
-  when: ansible_facts['os_family'] == "Debian"
+    lock_timeout: 300
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
 
 - name: Remove orphans
   apt:
     autoremove: yes
     purge: yes
+    lock_timeout: 300
   when: ansible_facts['os_family'] == "Debian"
 
 - name: Less modules in initramfs
@@ -26,7 +29,8 @@
     replace: 'MODULES=dep'
   notify: 
   - Make initramfs
-  when: ansible_facts['os_family'] == "Debian"
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
+  ignore_errors: true # TODO
 
 - name: Install CentOS epel
   yum:

roles/ssh/files/auth_keys

@@ -1,2 +1,3 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3b/t76DskXtbMwVpyjpXoOKG/ezcLVGPM1l3OAU2mBon9qdt2WgLCiwSiFdbrEbWKLFP7+bEHkmcj5XWCBGpLlKQUn3GsnLqJu16ue+2qI3jHv4TTyNwN3AzERz5BQdPgat1qYTZ6UTkLdT208RDhVn7/sSx+zmdHbuX3kR9TgF43RjS2ijV5/9iaPbgnXIEL74eeJ2Fl8z+FaCWpe7Ja12R+rZKtpBGZQy4L37KlSPw8CC5vVkrmfvriSmV2J/OaaleosDqENFRVUHzzFTIt+CARMMkSKqLmFausb1I00vcL9iuh3islJIZvidfZKL20eRxauK3Q2dyH+cFu90yx knflkr@arch-llz
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkRVTyHkfuF2m061Pz0HK2hWf8ZySByDaLK23L0AJTM9xZ1tGktUOm/qtJ0vV5fgv+OPrdb3s+e2QXpSMlUcqaxyV8Q1rGx4cWnEBtmITSp6cMeKNPtAUC6HBt4rVT5grDR+N3ZmmjoiaYqFzvN6cGiSsgoRfi9BKfyz5vN/pi4EYPaQNE7UXja0NCHBSGVp6Cc+bs6XFcpCaUZ81DDcrNMKURW0nLKdHCSswvd+ep0jP1znGnvFF1uZLcFLmsWX8kpd5aUFWHk4JT8yZNhnCYhVOOTc2/O3mVKeAF+SR+2BOV03Iu6M4QHsRC8PAHRVIcnrDDr2/0rmEm8c58d8AZ7j/4P5ckZ5uBmDE6LNJ3C4JA6/tTSWNCuDgV6igCc15LVuuW/ZpSxk+/247q2boVdnumD1bXtx/lcSwb4+KEIqlXc1pIvX6hcN/aT3nuDpcWZPAZFCPUrxCVvJCET6XklycqRqJrVaCqraTWuJv9TmY8i19eZzL1Q8e9jfXDgZs= root@playground-clo
+{% for key in ssh_keys %}
+{{key}}
+{% endfor %}

roles/ssh/files/sshd_config

@@ -3,19 +3,10 @@ Port {{ ssh_port }}
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
 # Logging
 #SyslogFacility AUTH
 #LogLevel INFO
 
-# Authentication:
-
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
@@ -27,39 +18,12 @@ AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/auth_keys
 PasswordAuthentication no
 PermitEmptyPasswords no
 
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
 ChallengeResponseAuthentication no
-
 UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
 X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
 PrintMotd no
 PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
 UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
-
-# override default of no subsystems
 Subsystem sftp	/usr/lib/openssh/sftp-server