ansible/tweaks
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Di. 21 Mai 2019 19:07:14 CEST in /home/jens/Development/ansible/roles/tweaks on deathbolt.927589452.space

Browse source
This commit is contained in:
Jens Heinrich 2019-05-21 19:07:14 +02:00
parent 3b5dabc3aa
commit e650f91311
19 changed files with 304 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

37
handlers/main.yml Normal file
View file

@ -0,0 +1,37 @@
---
- name: restart local_unbound
service:
name: local_unbound
state: stopped
become: true
notify: start local_unbound
- name: start local_unbound
service:
name: local_unbound
state: started
become: true
- name: restart dhclient
service:
name: dhclient
state: stopped
become: true
notify: start dhclient
- name: start dhclient
service:
name: dhclient
state: started
become: true
- name: load the bt modules
service:
name: "{{ module }}"
state: started
become: true
loop_control:
loop_var: module
loop:
- sdpd
- hpsecd

26
tasks/Archlinux-power.yml Normal file
View file

@ -0,0 +1,26 @@
---
- name: install power managment utilities
package:
name:
- acpid
- tlp
- tp-smapi
- acpi-call
- powertop
- smartmontools
- x86_energy_perf_policy
- lsb-release
state: present
become: true
tags:
- installation
- name: enable tlp
service:
name: tlp
state: started
become: true
tags:
- services

28
tasks/FreeBSD-bluetooth.yml
View file

@ -1,4 +1,8 @@
---
- include_vars: bluetooth-devices.yml
tags:
- vars
- name: install pkg for bluetooth audio
package:
name: virtual_oss
@ -7,17 +11,39 @@
tags:
- install
- name: load the bt security module
- name: generate BT configs
template:
src: "{{ BT_TEMPLATE.src }}"
dest: "{{ BT_TEMPLATE.dest }}"
loop_control:
loop_var: BT_TEMPLATE
tags:
- configuration
become: true
loop:
- src: bluetooth_hcsecd.conf.j2
dest: "/etc/bluetooth/hcsecd.conf"
# https://gist.github.com/david-moran/1a9e4f910749d66d93e3fa71f3f68c98
# https://www.freebsd.org/doc/handbook/network-bluetooth.html
- name: load the bt modules
lineinfile:
path: "/etc/rc.conf"
regexp: "^{{ item.name }}"
line: "{{ item.name }}={{ item.val }}"
become: true
tags:
- configuration
loop: "{{ sysctl_setting }}"
vars:
sysctl_setting:
- name: "hcsecd_enable"
val: "YES"
- name: "sdpd_enable"
val: "YES"
- name: "bthidd_enable"
val: "YES"
- name: load the bt module
lineinfile:

36
tasks/FreeBSD-localunbound.yml
View file

@ -1,4 +1,6 @@
---
- include_vars: local_unbound.yml
- name: "save dhclients dns and dhcp in a file"
lineinfile:
path: "/etc/resolvconf.conf"
@ -27,6 +29,22 @@
- name: "local_unbound_enable"
val: "YES"
- name: "get opennic hints"
shell: "{{ hints_opennic_cmd }}"
become: true
tags:
- installation
- configuration
- name: "get named hints"
get_url:
url: "{{ hints_named_url }}"
dest: "{{ hints_named }}"
become: true
tags:
- installation
- configuration
- name: manage resolv.conf
template:
dest: /etc/resolv.conf
@ -35,20 +53,14 @@
tags:
- configuration
- name: "generate access control"
- name: "generate configs"
template:
dest: "/etc/unbound/conf.d/access_control.conf"
src: "templates/access_control.j2"
become: true
tags:
- configuration
notify: "restart local_unbound"
- name: "generate overlay for local dns"
template:
dest: "/etc/unbound/conf.d/local_resolver.conf"
src: "templates/local_resolver.j2"
src: "{{ config.src }}"
dest: "{{ config.dest }}"
become: true
loop: "{{ local_unbound_files }}"
loop_control:
loop_var: config
tags:
- configuration
notify: "restart local_unbound"

4
tasks/FreeBSD-printing.yml
View file

@ -45,10 +45,10 @@
- "[system=10]"
- "add path 'unlpt*' mode 0660 group cups"
- "add path 'ulpt*' mode 0660 group cups"
- "add path 'lpt*' mode 0660 group cupsd_enable"
- "add path 'lpt*' mode 0660 group cups"
# add path 'usb/X.Y.Z' mode 0660 group cups
# https://www.freebsd.org/doc/en/articles/cups/printing-cups-configuring-server.html
- add path 'usb/0.7.*' mode 0660 group cups
- "add path 'usb/0.7.*' mode 0660 group cups"
tags:
- configuration

14
tasks/main.yml
View file

@ -1,9 +1,10 @@
---
- include: "{{ role_path }}/tasks/vars.yml"
- include: "{{ role_path }}/../common/tasks/vars.yml"
tags:
- vars
- include_tasks: "{{ tweak }}"
when: "ansible_system == 'FreeBSD'"
tags:
- installation
- configuration
@ -21,6 +22,17 @@
- FreeBSD-reader.yml
- FreeBSD-shortcuts.yml
- keyboard.yml
- include_tasks: "{{ tweaks }}"
when: "ansible_system == 'FreeBSD'"
tags:
- installation
- configuration
- vars
loop_control:
loop_var: tweak
loop:
- "{{ role_path }}/../common/tasks/chip-development.yml"
- "{{ role_path }}/../common/tasks/nmap.yml"

63
templates/bluetooth_hcsecd.conf.j2 Normal file
View file

@ -0,0 +1,63 @@
{{ ansible_managed | comment }}
# $Id: hcsecd.conf,v 1.1 2003/05/26 22:50:47 max Exp $
# $FreeBSD: releng/12.0/usr.sbin/bluetooth/hcsecd/hcsecd.conf 338155 2018-08-21 19:28:53Z brd $
#
# HCI security daemon configuration file
#
# Format:
#
# device {
# option value ;
# }
#
# Possible options and values
#
# Options Values
# ----------------------------------
# bdaddr xx:xx:xx:xx:xx:xx ; - remote device BD_ADDR
# name "any char" ; - to set user friendly device name
# key 0x11223344 | nokey ; - to set link key for the device
# pin "secret" | nopin ; - to PIN code for the device
#
# Notes:
#
# Currently there is no way to select keys/PIN code based on which
# local device received the request. Everything is based on remote
# device BD_ADDR.
#
# "nokey" means that no link key has been defined and we should
# send Link_Key_Negative_Reply command to the device.
#
# "nopin" means that no PIN code has been defined and we should
# send PIN_Code_Negative_Reply command to the device
#
# Default entry is applied if no better match found
# It MUST have 00:00:00:00:00:00 as bdaddr
device {
bdaddr 00:00:00:00:00:00;
name "Default entry";
key nokey;
pin nopin;
}
device {
bdaddr 00:01:02:03:04:05;
name "Dummy";
key nokey;
pin "0000";
}
device {
bdaddr 00:11:22:33:44:55;
name "Dummy";
key 0x00112233445566778899aabbccddeeff; # 16 bytes key (hex string)
pin nopin;
}
device {
bdaddr 8e:09:ab:dd:6e:ff;
name "Black TMouse";
key nokey;
pin "0000";
}

7
templates/keyboard-conf.j2 Normal file
View file

@ -0,0 +1,7 @@
Section "InputClass"
Identifier "KeyboardDefaults"
Driver "keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "{{ kblayout }}"
Option "XkbVariant" "{{ kbvariant }}"
EndSection

8
templates/local_unbound_access_control.conf.j2 Normal file
View file

@ -0,0 +1,8 @@
{{ ansible_managed | comment }}
server:
## private addresses only
## https://tools.ietf.org/html/rfc1918
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow

6
templates/local_unbound_lan-zones.conf.j2 Normal file
View file

@ -0,0 +1,6 @@
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
# Unblock reverse lookups for LAN addresses
unblock-lan-zones: yes
insecure-lan-zones: yes

12
templates/local_unbound_local_resolver.conf.j2 Normal file
View file

@ -0,0 +1,12 @@
{{ ansible_managed | comment }}
server:
{% for domain in local_domains %}
# {{ domain }}
local-zone: {{ domain.name }} transparent
local-data: "{{ domain.name }} IN NS {{ domain.ns }}"
local-data: "{{ domain.ns }} IN A {{ domain.ip }}"
local-data-ptr: "{{domain.ip}} {{domain.ns}}"
{% endfor %}

4
templates/local_unbound_opennic.conf.j2 Normal file
View file

@ -0,0 +1,4 @@
{{ ansible_managed | comment }}
# https://wiki.opennic.org/tier_2_unbound
server:
root-hints: "{{ local_unbound_run_d }}/{{ hints_opennic }}"

14
templates/local_unbound_unbound.conf.j2 Normal file
View file

@ -0,0 +1,14 @@
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
username: unbound
directory: {{ local_unbound_run_d }}
chroot: {{ local_unbound_run_d }}
pidfile: /var/run/local_unbound.pid
auto-trust-anchor-file: {{ local_unbound_run_d }}/root.key
root-hints: {{ local_unbound_run_d }}/root.hints
include: {{ local_unbound_run_d }}/forward.conf
include: {{ local_unbound_run_d }}/lan-zones.conf
include: {{ local_unbound_run_d }}/control.conf
include: {{ local_unbound_run_d }}/conf.d/*.conf

7
templates/resolv.conf.j2 Normal file
View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
search dietzenbach.927589452.space 927589452.space
# nameserver 10.47.11.72
# nameserver 185.181.104.74
nameserver 127.0.0.1
#nameserver 8.8.8.8
options edns0

13
vars/FreeBSD.yml Normal file
View file

@ -0,0 +1,13 @@
---
xorgconfigpath: "/usr/local/etc/X11/xorg.conf.d/"
kblayout: "de"
kbvariant: "nodeadkeys"
defaultsnddevice: "0"
audiochannel: 4
default_net_device: "wlan0"
vm_nat_net: "10.70.14.0/22"
vm_pool: zroot/vm

8
vars/bluetooth-devices.yml Normal file
View file

@ -0,0 +1,8 @@
---
bluetooth_devices:
- name:
mac:
- name:
mac:
key:
pin:

13
vars/default.yml Normal file
View file

@ -0,0 +1,13 @@
---
xorgconfigpath: "/usr/local/etc/X11/xorg.conf.d/"
kblayout: "de"
kbvariant: "nodeadkeys"
defaultsnddevice: "0"
audiochannel: 4
default_net_device: "wlan0"
vm_nat_net: "10.70.14.0/22"
vm_pool: zroot/vm

17
vars/local_unbound.yml Normal file
View file

@ -0,0 +1,17 @@
---
local_unbound_conf_d: "{{ local_unbound_d}}conf.d/"
local_unbound_d: "/etc/unbound"
local_unbound_run_d: "/var/unbound"
hints_opennic: "opennic.cache"
hints_opennic_cmd: "drill . NS @75.127.96.89 > {{ local_unbound_d }}/{{ hints_opennic }}"
hints_named: "{{ local_unbound_d }}/named.cache"
hints_named_url: "https://www.internic.net/domain/named.cache"
local_unbound_files:
- src: "local_unbound_opennic.conf.j2"
dest: "{{ local_unbound_conf_d }}/opennic.conf"
- src: "local_unbound_access_control.conf.j2"
dest: "{{ local_unbound_conf_d }}/access_control.conf"
- src: "local_unbound_local_resolver.conf.j2"
dest: "{{ local_unbound_conf_d }}/local_resolver.conf"

3
vars/ssh.yaml Normal file
View file

@ -0,0 +1,3 @@
---
ctf_host:
- domain: overthewire.org