22 changed files with 0 additions and 688 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +0,0 @@
 ansible-galaxy install  -f -r roles/requirements.yml
 cd install-rapsberry
 cd ;rm -rf install-rapsberry/;git clone https://gitweb.dyndns.org/raspberry/install-rapsberry.git;cd install-rapsberry;git checkout dev;./inst-rasp.sh
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,4 +0,0 @@
 [defaults]
 system_warnings = False
 deprecation_warnings = False
 command_warnings = False
--- a/assert-vars.yml
+++ b/assert-vars.yml
@ -1,4 +0,0 @@
 - name: verify if vars are defined and not empty
  assert:
    that:
    - mail_domain
--- a/create-gilles-user.yml
+++ b/create-gilles-user.yml
@ -1,21 +0,0 @@
 - name: install mandatory python for encrypt password
  dnf:
    name: [python3, python3-bcrypt]
    state: present
 - name: create password for user kadmin
  shell: python -c 'import crypt;hashed = crypt.crypt("{{ gilles_passwd }}"); print(hashed);'
  register: passwd
 - name: create user kadmin
  user: 
    name: gilles
    comment: Gilles Mouchet
    password: "{{ passwd.stdout }}"
 - name: copy sudo file
  lineinfile:
    path: /etc/sudoers.d/gilles
    create: true
    insertbefore: EOF
    line: 'gilles    ALL=(ALL)   NOPASSWD: ALL'    
--- a/disable-ipv6.yml
+++ b/disable-ipv6.yml
@ -1,31 +0,0 @@
 ---
 - name: disable IPv6 with sysctl
  sysctl: name={{ item }} value=1 state=present reload=yes
  with_items:
    - net.ipv6.conf.all.disable_ipv6
    - net.ipv6.conf.default.disable_ipv6
    - net.ipv6.conf.lo.disable_ipv6
 #- name: placeholder true for ipv6 in modprobe
 #  lineinfile:
 #    dest: /etc/modprobe.conf
 #    line: 'install ipv6 /bin/true'
 #    mode: '0644'
 - name: disable ipv6 in sysconfig/network
  lineinfile:
    dest: /etc/sysconfig/network
    regexp: "^{{ item.regexp }}"
    line: "{{ item.line }}"
    mode: '0644'
    backup: yes
    create: yes
  with_items:
    - { regexp: 'NETWORKING_IPV6=.*', line: 'NETWORKING_IPV6=NO' }
    - { regexp: 'IPV6INIT=.*', line: 'IPV6INIT=no' }
 - name: unactive ipv6 sshd
  lineinfile:
    dest: /etc/ssh/sshd_config
    insertafter: '^#ListenAddress 0.0.0.0'
    line: 'ListenAddress 0.0.0.0'
--- a/files/chrony/chrony.conf
+++ b/files/chrony/chrony.conf
@ -1,42 +0,0 @@
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 #pool 2.pool.ntp.org iburst
 # https://www.metas.ch/metas/fr/home/fabe/zeit-und-frequenz/time-dissemination.html
 server ntp11.metas.ch iburst
 server ntp12.metas.ch iburst
 server ntp13.metas.ch iburst
 # Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 # Allow the system clock to be stepped in the first three updates
 # if its offset is larger than 1 second.
 #makestep 1.0 3
 # Enable kernel synchronization of the real-time clock (RTC).
 rtcsync
 # Enable hardware timestamping on all interfaces that support it.
 #hwtimestamp *
 # Increase the minimum number of selectable sources required to adjust
 # the system clock.
 #minsources 2
 # Allow NTP client access from local network.
 #allow 192.168.0.0/16
 # Serve time even if not synchronized to a time source.
 #local stratum 10
 # Specify file containing keys for NTP authentication.
 keyfile /etc/chrony.keys
 # Get TAI-UTC offset and leap seconds from the system tz database.
 leapsectz right/UTC
 # Specify directory for log files.
 logdir /var/log/chrony
 # Select which information is logged.
 log measurements statistics tracking rtc
--- a/files/chrony/chronyd
+++ b/files/chrony/chronyd
@ -1,2 +0,0 @@
 # Command-line options for chronyd
 OPTIONS="-4 -F 2"
--- a/files/os/gmo-cfg.sh
+++ b/files/os/gmo-cfg.sh
@ -1,61 +0,0 @@
 # source IA
 # check if is a scp connexion
 is_scp() {
    # If SSH_ORIGINAL_COMMAND is defined and contains "scp"
    if [[ -n "$SSH_ORIGINAL_COMMAND" && "$SSH_ORIGINAL_COMMAND" == scp* ]]; then
        return 0
    fi
    # if script name ($0) contains "scp"
    if [[ "$0" == *scp* ]]; then
        return 0
    fi
    return 1
 }
 # source prompt color: https://robotmoon.com/bash-prompt-generator/^
 if [ $(whoami) == "gilles" ]; then
    #export PS1="\[\033[0;32m\][\[\033[1;94m\]\u\[\033[0;33m\]@\h \[\033[0;32m\]\W]# \[\033[0;37m\]"
    export PS1="\[\e[38;5;216m\]\u\[\e[38;5;160m\]@\[\e[38;5;202m\]\h \[\e[38;5;131m\]\w \[\033[0m\]$ "
 elif [ $(whoami) == "blutch" ]; then
    export PS1="\[\033[0;32m\][\[\033[1;94m\]\u\[\033[0;33m\]@\h \[\033[0;32m\]\W]# \[\033[0;37m\]"
 elif [ $(whoami) == "root" ]; then
    export PS1="\[\033[0;32m\][\[\033[0;31m\]\u\[\033[0;31m\]@\h \[\033[0;32m\]\W]# \[\033[0;37m\]"
 else
    export PS1="[\u@\h \W]\$ "
 fi	
 # Aliases
 alias rm='rm -i'
 alias cp='cp -i'
 alias mv='mv -i'
 alias ls='ls --color=auto'
 alias sudo='sudo --preserve-env=PATH env' # https://www.petefreitag.com/blog/environment-variables-sudo/
 if ! is_scp; then
    if [[ "$USER" == "gilles" || "$USER" == "root" ]]; then
        host_domain=$(cat /etc/hostname| rev | cut -d. -f1-2 | rev)
        host_fqdn=$(hostname)
        host_short=$(hostname -s)
        ip=$(hostname -I)
        dist=$(cat /etc/redhat-release)
        kern=$(uname -r)
        cat << EOF
 ---------------------------------------------------------
      Date - Hour: $(date +"%d.%m.%Y - %H:%M:%S")
 ---------------------------------------------------------      
      Host domain: $host_domain
 Host name (fqdn): $host_fqdn
 Host name (short): $host_short 
     Distribution: $dist
           Kernel: $kern
 ---------------------------------------------------------      
 EOF
    fi
 fi
 # execute only if user is gilles or root
 #if [[ "$USER" == "gilles" || "$USER" == "root" ]]; then
 #    # display proxy status
 #    if [ -f "/usr/local/bin/proxyOnOff.sh" ]; then
 #        sudo  /usr/local/bin/proxyOnOff.sh status
 #    fi
 #fi
--- a/files/os/profile
+++ b/files/os/profile
--- a/files/os/vimrc
+++ b/files/os/vimrc
@ -1,4 +0,0 @@
 syntax on
 set tabstop=4
 set bg=dark
 set paste
--- a/files/updhosts/update-hosts.cron
+++ b/files/updhosts/update-hosts.cron
@ -1 +0,0 @@
 */5 * * * * root /usr/local/bin/gmotools/update-hosts.sh > /dev/null 2>&1
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -1,14 +0,0 @@
 ---
 #postfix
 mail_domain: gmotech.dyndns.org
 #mail_relay_host: smtpauths.bluewin.ch
 #mail_relay_host: smtp.gmail.com
 # DNS
 #dns_domain_search: gmotech.net
 gilles_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          30333961653331613064333063326538393232633833663932386632653765613933396239316230
          3061626535666636333866633538623365333139666163340a336531643364626630653331306264
          35326238636466643938366535666462666534613137633631316638363763313164343563353734
          6366393333326564340a623738653735363932313635616530613863313639306130363562656332
          3738
--- a/hosts.yml
+++ b/hosts.yml
@ -1,9 +0,0 @@
 ---
 - name: build hosts file
  lineinfile:
    dest: /etc/hosts
    insertafter: EOF
    line: '{{ item }}'
    state: present
  with_items:
      - '{{ ansible_default_ipv4.address }} {{ ansible_hostname }} {{ ansible_hostname }}.gmotech.net'
--- a/inst-apache.yml
+++ b/inst-apache.yml
@ -1,47 +0,0 @@
 ---
 - name: install apache
  yum:
    state: installed
    name:
      - httpd
      - mod_ssl
 - name: start and enable the httpd service
  service:
    state: started
    name: httpd
    enabled: true
 - name: open http port
  firewalld:
    service: http
    permanent: true
    immediate: true
    state: enabled
 - name: open https port
  firewalld:
    service: https
    permanent: true
    immediate: true
    state: enabled
 - name: create cert path
  file:
    path: /etc/httpd/certs
    state: directory
 - name: delete welcome.conf
  file:
    path: "{{ item }}"
    state: absent
  with_items:
    - /etc/httpd/conf.d/welcome.conf
    - /etc/httpd/conf.d/userdir.conf
 - name: modify config to not navigate on os from browser (You don't have permission to access / on this server.)
  lineinfile:
    path: /etc/httpd/conf/httpd.conf
    regexp: 'Options Indexes FollowSymLinks'
    line: '#Options Indexes FollowSymLinks'
  notify: restart httpd
--- a/inst-packages.yml
+++ b/inst-packages.yml
@ -1,35 +0,0 @@
 - name: install epel-release
  yum:
    state: installed
    name:
      - epel-release
 #- name: active repo PowerTools
 #  replace:
 #    path: /etc/yum.repos.d/CentOS-Stream-PowerTools.repo
 #    regexp: 'enabled=0'
 #    replace: 'enabled=1'
 - name: install package
  yum:
    state: installed
    name:
 #     - epel-release
      - vim
      - rsync
      - lsof
      - man
      - mlocate
      - mutt
      - s-nail
      - wget
      - bind-utils
      - yum-utils
      - dnf-utils
      - bash-completion
 #      - postfix-perl-scripts
      - cifs-utils
      - htop
      - git
      - tar
      - unzip
--- a/inst-rasp.sh
+++ b/inst-rasp.sh
@ -1,232 +0,0 @@
 #!/bin/bash
 ############################################################
 # Description: install an config raspberry
 # Usage: ./inst_raspberry.sh
 # Author: Gilles Mouchet (gilles.mouchet@gmail.com)
 # Creation Date: 26-Mar-2021
 # Version: 1.0
 #
 # History:
 #    1.0 - 26-Mar-2021: Creation of script from scratch
 #
 ############################################################
 # server vars
 #hostName=actarus01p
 #hostIp=192.168.1.12
 # check if is not on mac
 os=$(uname)
 os_mac="Darwin"
 t=1
 #if [ "$t" -eq "1" ]; then
 if [ "$(uname)" = "Darwin" ]; then
    echo "do not execute on mac"
    exit 1
 fi
 # scripts vars (do not edit)
 scriptName=`echo $0 | sed -e 's|.*/||g' | cut -f1 -d.`
 dayOfWeek=`/bin/date +%a`
 daySuffix="_$dayOfWeek"
 logPath=`pwd`                        # log path is from execute script path
 logFile=$logPath/$scriptName$daySuffix.log
 tempOutputFile=$logPath/$progName.$$ # temp output console file
 backupFolder=/root/backup            # destination folder backup
 hostName=actarus01p
 # constants
 RED="\e[31m"
 GREEN="\e[32m"
 YELLOW="\e[33m"
 BLUE="\e[36m"
 ENDCOLOR="\e[0m"
 #-----------------------------------------------------------------------------
 # Function
 #-----------------------------------------------------------------------------
 function saveFile(){
    if [ -f $1 ]; then
        cp $1 $backupFolder >/dev/null 2>&1
        if [ $? -ne 0 ]; then printError "Problem to save $1 to $backupFolder";exit; fi
    fi
 }
 function printSuccess() {
    echo -e "[${GREEN}SUCCESS${ENDCOLOR}] - $1"
 }
 function printWarning() {
    echo -e "[${YELLOW}WARNING${ENDCOLOR}] - $1"
 }
 function printError() {
    echo -e "[${RED}ERROR${ENDCOLOR}] - $1"
 }
 function printInfo() {
    echo -e "\n[${BLUE}INFO${ENDCOLOR}] - $1"
 }
 function printSubInfo() {
    echo -e "       - $1"
 }
 function delete_folder() {
    local folder_path=$1
    if [ -z "$folder_path" ]; then
        printError "Error: Folder path not provided."
        exit 1
    fi
    if [ -d "$folder_path" ]; then
        rm -rf "$folder_path"
        if [ $? -eq 0 ]; then
            printSuccess "Folder '$folder_path' deleted successfully."
        else
            printError "Error: Failed to delete folder '$folder_path'."
            exit 1
        fi
    fi
 }
 #-----------------------------------------------------------------------------
 # cleanup /tmp folder (if during the last execution the script ended with
 # an error)
 #-----------------------------------------------------------------------------
 printInfo "Cleanup"
 delete_folder "/tmp/yumupd"
 delete_folder "/tmp/hostsupd"
 printSuccess "Cleanup completed"
 #-----------------------------------------------------------------------------
 # install rootfs-expand
 #-----------------------------------------------------------------------------
 printInfo "Install rootfs-expand package"
 dnf -q install rocky-release-rpi-9.0-5.el9.noarch -y > /dev/null
 if [ "$?" -ne "0" ]; then printError "Problem to install rootfs-extand package";exit; fi
 printSuccess "rootfs-expand package installed successfully"
 #-----------------------------------------------------------------------------
 # extend root part
 #-----------------------------------------------------------------------------
 printInfo "Extend root partition"
 #rootfs-expand
 partSize=`df  --output=size -B 1 "$PWD" |tail -n 1`
 # For prod
 if [ $partSize -gt 61780000000 ]; then
 # For dev
 #if [ $partSize -gt 21407727600 ]; then
    printSuccess "Root partion already extended"
 else
     rootfs-expand
     retVal=$?
     if [ $retVal -ne 0 ]; then printError "Problem to extend root partition";exit; fi
     printSuccess "Root partition extended"
 #    parted /dev/mmcblk0 resizepart 3 100% >/dev/null 2>&1
 #    rror=$?
 #    resize2fs /dev/mmcblk0p3 >/dev/null 2>&1
 #    let retVal=retVal+$error
 #    if [ $retVal -ne 0 ]; then printError "Problem to extend root partition";exit; fi
 #    printSuccess "Root partition extended"
 fi
 #-----------------------------------------------------------------------------
 # install package python
 #-----------------------------------------------------------------------------
 printInfo "Install package"
 printSubInfo "install python"
 yum install -y python3 python3-pip >/dev/null 2>&1
 if [ $? -ne 0 ]; then printError "Problem to install packages";exit; fi
 printSuccess "Packages installed successfully"
 #-----------------------------------------------------------------------------
 # update pip
 #-----------------------------------------------------------------------------
 printInfo "Upgrade pip3"
 pip3 install --upgrade pip >/dev/null 2>&1
 if [ $? -ne 0 ]; then printError "Problem to upgrade pip3";exit; fi
 printSuccess "Pip3 upgraded successfully"
 #-----------------------------------------------------------------------------
 # install ansible
 #-----------------------------------------------------------------------------
 printInfo "Install ansible. Please wait ..."
 pip3 install --user ansible >/dev/null 2>&1
 if [ $? -ne 0 ]; then printError "Problem to install ansible";exit; fi
 printSuccess "Ansible installed successfully"
 #-----------------------------------------------------------------------------
 # add path .local/bin
 #-----------------------------------------------------------------------------
 printInfo "Add ./.local/bin in path"
 echo "export PATH=~/.local/bin:\$PATH" >> ~/.bashrc
 if [ $? -ne 0 ]; then printError "Problem to install ansible";exit; fi
 printSuccess "./.local/bin added in path successfully "
 #-----------------------------------------------------------------------------
 # check /root/ansible/.vault_pass.txt exits
 #-----------------------------------------------------------------------------
 printInfo "Check /root/ansible/.vault_pass.txt"
 if [ ! -f "/root/ansible/.vault_pass.txt" ]; then
   printError "You must create /root/ansible/.vault_pass.txt"
   exit
 fi
 printSuccess "/root/ansible/.vault_pass.txt exist"
 #-----------------------------------------------------------------------------
 # update date and time
 #-----------------------------------------------------------------------------
 printInfo "Update date and time"
 ~/.local/bin/ansible-playbook playbook-chrony.yml
 if [ $? -ne 0 ]; then printError "Problem to update date and time";exit; fi
 printSuccess "Date and Time updated successfully"
 #-----------------------------------------------------------------------------
 # get yum-check-update script
 #-----------------------------------------------------------------------------
 printInfo "Get yum-check-update script"
 git clone https://gitweb.dyndns.org/scripts/yum-check.git /tmp/yumupd
 if [ $? -ne 0 ]; then printError "Problem to clone yum-check-update script";exit; fi
 printSuccess "yum-check-update script cloned successfully"
 #-----------------------------------------------------------------------------
 # get update-hosts script
 #-----------------------------------------------------------------------------
 printInfo "Get update-hosts script"
 git clone https://gitweb.dyndns.org/scripts/gest-hosts-file.git /tmp/hostsupd
 if [ $? -ne 0 ]; then printError "Problem to clone update-hosts script";exit; fi
 printSuccess "update-hosts script cloned successfully"
 #-----------------------------------------------------------------------------
 # update role
 #-----------------------------------------------------------------------------
 printInfo "Update roles"
 ~/.local/bin/ansible-galaxy install  -f -r roles/requirements.yml
 if [ $? -ne 0 ]; then printError "Problem to update roles";exit; fi
 printSuccess "Role updated successfully"
 #-----------------------------------------------------------------------------
 # execute playbook
 #-----------------------------------------------------------------------------
 printInfo "Execute playbook"
 ~/.local/bin/ansible-playbook main.yml --vault-password-file ~/ansible/.vault_pass.txt
 if [ $? -ne 0 ]; then printError "Problem to execute playbook"; fi
 printSuccess "Ansible playbook finished"
 #-----------------------------------------------------------------------------
 # Cleanup /tmp folder 
 #-----------------------------------------------------------------------------
 printInfo "Cleanup"
 delete_folder "/tmp/yumupd"
 delete_folder "/tmp/hostsupd"
 printSuccess "Cleanup completed"
 #-----------------------------------------------------------------------------
 # set timezone
 #-----------------------------------------------------------------------------
 #printInfo "Set timzone"
 #timedatectl set-timezone Europe/Zurich
 #if [ $? -ne 0 ]; then printError "Problem to set timezone";exit; fi
 #printSuccess "Timezone setted successfully"
 #-----------------------------------------------------------------------------
 # set locale
 #-----------------------------------------------------------------------------
 #printInfo "Set timzone"
 #timedatectl set-timezone Europe/Zurich
 #if [ $? -ne 0 ]; then printError "Problem to set timezone";exit; fi
 #printSuccess "Timezone setted successfully"
--- a/main.yml
+++ b/main.yml
@ -1,43 +0,0 @@
 ---
 - hosts: localhost
  handlers:
  - name: restart httpd
    service:
      name: httpd
      state: restarted
  - name: restart php-fpm
    service:
      name: php-fpm
      state: restarted
  vars:
    mail_relay_host: smtp.gmail.com
    mail_domain: gmotech.dyndns.org
  tasks:
  - include_tasks: assert-vars.yml
  - include_tasks: disable-ipv6.yml
  - include_tasks: hosts.yml
  - include_tasks: inst-packages.yml
  - include_tasks: misc.yml  
  - include_tasks: create-gilles-user.yml
  - name: import postfix role
    import_role:
      name: role-postfix
  - include_tasks: yum-check-update.yml
  - include_tasks: update-hosts-file.yml
  - name: import netdata role
    import_role:
      name: role-netdata
  - include_tasks: inst-apache.yml
  - name: import php83 role
    import_role:
      name: role-php83
--- a/misc.yml
+++ b/misc.yml
@ -1,63 +0,0 @@
 ---
 - name: set correct time zone
  timezone:
    name: Europe/Zurich
 - name: correct AM/PM rocky 9 bug
  lineinfile:
    path: /etc/locale.conf
    insertafter: EOF
    line: LC_TIME=C
 - name: secure stack ip part 1
  sysctl:
    name: net.ipv4.tcp_timestamps
    value: "0"
    sysctl_set: yes
    state: present
    reload: yes
 - name: secure stack ip part 2
  firewalld:
    service: dhcpv6-client
    permanent: true
    state: disabled
 - name: forward X11
  lineinfile:
    dest: /etc/ssh/sshd_config
    insertafter: '^#X11UseLocalhost yes'
    line: 'X11UseLocalhost no'
 - name: unactivate CRTL-DEL
  file:
    src: /dev/null
    dest: /usr/lib/systemd/system/ctrl-alt-del.target
  changed_when: false
 - name: bash gmo-cfg.sh
  copy:
    src: os/gmo-cfg.sh
    dest: /etc/profile.d/gmo-cfg.sh
 - name: add ~/.local/bin in path
  lineinfile:
    path: /root/.bashrc
    line: export PATH=~/.local/bin:$PATH
 - name: vimrc
  copy:
    src: os/vimrc
    dest: /root/.vimrc
 - name: put SELinux in permissive mode
  selinux:
    policy: targeted
    state: permissive
 #- name: create message in motd
 #  copy:
 #   content: "\n**************************************************\n*    !! This
 #server is managed by ANSIBLE !!     *\n* The config files must be changed in repos
 #itory *\n**************************************************\n\n"
 #   dest: /etc/motd
--- a/playbook-chrony.yml
+++ b/playbook-chrony.yml
@ -1,24 +0,0 @@
 ---
 - hosts: localhost
  tasks:
  - name: install chrony
    yum:
      name: chrony
      state: present
  - name: config time server
    copy:
       src: chrony/chrony.conf
       dest: /etc/chrony.conf
  - name: disable chrony ipv6
    copy:
      src: chrony/chronyd
      dest: /etc/sysconfig/chronyd
  - name: start and active service chronyd
    systemd:
      name: chronyd
      enabled: true
      state: started
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@ -1,12 +0,0 @@
 ---
 - name: role-postfix
  src: git+https://gitweb.dyndns.org/awx/role-postfix.git
 - name: role-yum-check
  src: git+https://gitweb.dyndns.org/scripts/yum-check.git
 - name: role-netdata
  src: git+https://gitweb.dyndns.org/awx/role_netdata.git
 - name: role-php83
  src: git+https://gitweb.dyndns.org/awx/role-php83.git
--- a/update-hosts-file.yml
+++ b/update-hosts-file.yml
@ -1,17 +0,0 @@
 ---
 - name: create destination folder
  file:
    path: /usr/local/bin/gmotools
    state: directory
 - name: copy script to folder
  copy:
    src: /tmp/hostsupd/update-hosts.sh
    dest: /usr/local/bin/gmotools/update-hosts.sh
    mode: 0750
    remote_src: yes  
 - name: copy cron file  
  copy:
    src: updhosts/update-hosts.cron
    dest: /etc/cron.d/update-hosts.cron
--- a/yum-check-update.yml
+++ b/yum-check-update.yml
@ -1,17 +0,0 @@
 ---
 - name: create destination folder
  file:
    path: /usr/local/bin/gmotools
    state: directory
 - name: get check-yum-update
  copy:
    src: /tmp/yumupd/check-yum-updates.sh
    dest: /usr/local/bin/gmotools/check-yum-updates.sh
    mode: 0755
 - name: create link crontab daily
  file:
    src: /usr/local/bin/gmotools/check-yum-updates.sh
    dest: /etc/cron.daily/check-yum-updates
    state: link
		`@ -1,2 +0,0 @@`
			`# Command-line options for chronyd`
			`OPTIONS="-4 -F 2"`
		`@ -1 +0,0 @@`
			`/5 * * * root /usr/local/bin/gmotools/update-hosts.sh > /dev/null 2>&1`