BenHays42/homelab-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BenHays42:main
Branches Tags
BenHays42:main
BenHays42:ansible-deploy-action
..
compare: BenHays42:ansible-deploy-action
Branches Tags
BenHays42:main
BenHays42:ansible-deploy-action

No commits in common. "main" and "ansible-deploy-action" have entirely different histories.
main ... ansible-de

44 changed files with 208 additions and 574 deletions
Show Stats Expand all files Collapse all files

23
.gitea/workflows/ansible-deploy.yml
View File

@ -9,8 +9,10 @@ jobs:
strategy: strategy:
matrix: matrix:
playbook: playbook:
- ansible/playbooks/debian.yml - Ansible/openssh.yml
- ansible/playbooks/proxmox.yml - Ansible/cloudflare-dns.yml
- Ansible/heartbeat.yml
- Ansible/debian.yml
steps: steps:
- name: Copy SSH Key - name: Copy SSH Key
run: | run: |
@ -24,11 +26,6 @@ jobs:
with: with:
submodules: recursive submodules: recursive
- name: Install Pip
run: |
apt update -y
apt install python3-pip -y
- name: "Cache python packages" - name: "Cache python packages"
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
@ -37,11 +34,13 @@ jobs:
- name: Install Ansible - name: Install Ansible
run: | run: |
apt update -y
apt install python3-pip -y
python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }}
- name: Install Ansible Galaxy requirements #- name: Install Ansible Galaxy requirements
run: | # run: |
ansible-galaxy install -r ./ansible/requirements.yaml # ansible-galaxy install -r requirements.yaml
- name: Run playbook - name: Run playbook
uses: dawidd6/action-ansible-playbook@v2 uses: dawidd6/action-ansible-playbook@v2
@ -54,5 +53,5 @@ jobs:
# requirements: requirements.yaml # requirements: requirements.yaml
options: | options: |
--inventory ansible/inventory/homelab.ini --inventory Ansible/inventory.ini
--extra-vars "@ansible/homelab-vault/secrets.yml" --extra-vars "@Ansible/homelab-vault/secrets.yml"

10
.gitea/workflows/ansible-lint.yml
View File

@ -4,19 +4,15 @@ on: [push]
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
RUNNER_TOOL_CACHE: /toolcache
steps: steps:
- name: Install Ansible-Lint - name: Install Ansible-Lint
run: | run: |
apt update -y apt update -y
apt install python3-pip ansible -y apt install python3-pip -y
python3 -m pip install ansible
python3 -m pip install ansible-lint python3 -m pip install ansible-lint
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install Ansible Galaxy requirements
run: |
ansible-galaxy install -r ./ansible/requirements.yaml
- name: Ansible-Lint - name: Ansible-Lint
run: | run: |
ansible-lint ./ansible ansible-lint ./Ansible

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
.vscode/ .vscode/
*.log *.log
nmap.xml nmap.xml
.DS_Store

5
.gitmodules vendored
View File

@ -2,8 +2,5 @@
path = Configs/elk-stack/docker-elk path = Configs/elk-stack/docker-elk
url = https://github.com/deviantony/docker-elk.git url = https://github.com/deviantony/docker-elk.git
[submodule "Ansible/homelab-vault"] [submodule "Ansible/homelab-vault"]
path = ansible/homelab-vault path = Ansible/homelab-vault
url = gitea@10.0.0.8:BenHays42/homelab-vault.git url = gitea@10.0.0.8:BenHays42/homelab-vault.git
[submodule "ansible/thirdparty/mac-dev-playbook"]
path = ansible/thirdparty/mac-dev-playbook
url = https://github.com/geerlingguy/mac-dev-playbook.git

0
ansible/.ansible-lint → Ansible/.ansible-lint
View File

3
ansible/ansible.cfg → Ansible/ansible.cfg
View File

@ -1,8 +1,7 @@
[defaults] [defaults]
nocows = 1 nocows = 1
host_key_checking = False host_key_checking = False
inventory = ./inventory/homelab.ini inventory = ./inventory.ini
interpreter_python=auto_silent
[privilege_escalation] [privilege_escalation]
#become_ask_pass = True #become_ask_pass = True

36
Ansible/cloudflare-dns.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Cloudflare Dynamic DNS Script
hosts: linux
remote_user: bhays
become: true
become_user: root
vars_files:
- homelab-vault/secrets.yml
tasks:
- name: Copy Cloudflare IPAM Script
ansible.builtin.copy:
owner: bhays
mode: "0700"
src: ../Bash/cloudflare-dns.sh
dest: /opt/cloudflare-dns.sh
- name: Insert API Token
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^cloudflare_zone_api_token=''"
replace: "cloudflare_zone_api_token='{{ CF_API_TOKEN }}'"
- name: Insert Zone ID
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^zoneid=''"
replace: "zoneid='{{ CF_ZONE_ID }}'"
- name: Insert Zone ID
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^dns_record=''"
replace: "dns_record='{{ inventory_hostname }}'"
- name: Add Cronjob for IPAM Script
ansible.builtin.cron:
name: "Cloudflare IPAM Script"
job: "/opt/cloudflare-dns.sh"
special_time: hourly
user: bhays

20
Ansible/debian.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Debian Hardening
hosts: linux
remote_user: bhays
become: true
become_user: root
vars_files:
- homelab-vault/secrets.yml
tasks:
- name: Update/install Debian Utilities
ansible.builtin.apt:
name:
- "apt-listchanges"
- "needrestart"
- "libpam-tmpdir"
- "debsums"
- "apt-show-versions"
state: latest
update_cache: true
# TODO: Harden /etc/protocols, PAM configuration, /etc/login.defs, pam_cracklib, auto upgrades, banner to /etc/issue, auditd/sysstat, chkrootkit

26
Ansible/fail2ban.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Fail2ban Configuration
hosts: linux
remote_user: bhays
become: true
become_user: root
tasks:
- name: Update/install Fail2Ban
ansible.builtin.apt:
name: fail2ban
state: latest
update_cache: true
- name: Copy Secure Configuration File
ansible.builtin.copy:
mode: "0664"
src: ../Configs/jail.local
dest: /etc/fail2ban/jail.local
- name: Restart Fail2Ban
ansible.builtin.systemd:
name: fail2ban
state: restarted
- name: Disable Postfix
ansible.builtin.systemd:
name: postfix
state: stopped
enabled: false

15
Ansible/heartbeat.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Betterstack Heartbeat Cronjob
hosts: linux
remote_user: bhays
become: true
become_user: root
vars_files:
- homelab-vault/secrets.yml
tasks:
- name: Add Cronjob
ansible.builtin.cron:
name: "Betterstack Heartbeat"
job: "curl {{ heartbeat_url }}"
special_time: hourly
user: bhays

1
Ansible/homelab-vault Submodule

@ -0,0 +1 @@
Subproject commit e95c8ff2aef2e919e5bf0fc8133aaec69ea8dc08

10
Ansible/inventory.ini Normal file
View File

@ -0,0 +1,10 @@
[proxmox]
proxmox.benhays.cloud
[linux]
devops.benhays.cloud heartbeat_url="https://uptime.betterstack.com/api/v1/heartbeat/xVM4MLbQARNndNDcSA5bsnpR"
web.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/cyWGjSGDk1VFJNtabDB8tchU'
tailscale.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/Sp7CXapJDwtjQmCMVdjeQsMy'
bitwarden.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/YUBUtgJjBDJKEqM1qUXroj1v'
nextcloud.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/oijvrZGFtc9Dev2AefP8iTfB'

51
Ansible/openssh.yml Normal file
View File

@ -0,0 +1,51 @@
- name: OpenSSH Configuration Playbook
hosts: linux
remote_user: bhays
become: true
become_user: root
tasks:
- name: Update/install OpenSSH
ansible.builtin.apt:
name: openssh-server
state: latest
update_cache: true
- name: Add 'bhays' user
ansible.builtin.user:
name: bhays
groups: sudo,adm
append: true
shell: /bin/bash
comment: Benjamin Hays
- name: Update/install Sudo
ansible.builtin.apt:
name: sudo
state: latest
- name: Ensure .ssh user folder exists
ansible.builtin.file:
path: "/home/bhays/.ssh/"
owner: bhays
group: bhays
mode: "0770"
state: directory
- name: Copy public key
ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../Configs/authorized_keys
dest: /home/bhays/.ssh/authorized_keys
- name: Copy secure login banner
ansible.builtin.copy:
owner: root
mode: "0644"
src: ../Configs/login_banner
dest: /etc/login_banner
- name: Copy Secure Configuration File
ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../Configs/sshd_config
dest: /etc/ssh/sshd_config
- name: Restart OpenSSH
ansible.builtin.systemd:
name: sshd
state: restarted

6
ansible/playbooks/proxmox.yml → Ansible/proxmox.yml
View File

@ -6,7 +6,7 @@
- name: Adding ansible SSH Pubkey as authorized - name: Adding ansible SSH Pubkey as authorized
ansible.builtin.copy: ansible.builtin.copy:
mode: "0600" mode: "0600"
src: ../../configs/authorized_keys src: ~/.ssh/authorized_keys
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
- name: Adding PVE-no-subscription repo - name: Adding PVE-no-subscription repo
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
@ -15,10 +15,10 @@
block: | block: |
# PVE pve-no-subscription repository provided by proxmox.com, # PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use # NOT recommended for production use
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
- name: Upgrading system - name: Upgrading system
ansible.builtin.apt: ansible.builtin.apt:
upgrade: safe upgrade: full
update_cache: true update_cache: true
cache_valid_time: 7200 cache_valid_time: 7200
- name: Installing sudo - name: Installing sudo

0
scripts/cloudflare-dns.sh → Bash/cloudflare-dns.sh
View File

3
scripts/compliance-list.txt → Bash/compliance-list.txt
View File

@ -1,5 +1,4 @@
devops.benhays.cloud devops.benhays.cloud
wiki.benhays.cloud
tailscale.benhays.cloud tailscale.benhays.cloud
web.benhays.cloud web.benhays.cloud
nextcloud.benhays.cloud
bitwarden.benhays.cloud

0
scripts/scan-lan.sh → Bash/scan-lan.sh
View File

0
scripts/ssh-compliance.sh → Bash/ssh-compliance.sh
View File

0
scripts/ssl-compliance.sh → Bash/ssl-compliance.sh
View File

0
config/ssh/authorized_keys → Configs/authorized_keys
View File

0
config/ssh/jail.conf → Configs/jail.conf
View File

0
config/ssh/jail.local → Configs/jail.local
View File

0
config/ssh/login_banner → Configs/login_banner
View File

2
config/ssh/sshd_config → Configs/sshd_config
View File

@ -16,7 +16,7 @@ LogLevel VERBOSE
AuthenticationMethods publickey AuthenticationMethods publickey
MaxAuthTries 3 MaxAuthTries 3
MaxSessions 6 MaxSessions 2
Compression no Compression no
TCPKeepAlive no TCPKeepAlive no

11
PowerShell/Find-RDP.ps1 Normal file
View File

@ -0,0 +1,11 @@
# Find-RDP.ps1
# (c) Ben Hays, 2023
# Description: Find all the computers joined to an AD domain that are running RDP
$computers = Get-ADComputer -Filter *
foreach ($Name in $computers.DNSHostName) {
$rdpSuccess = Test-Connection -TargetName $Name -TimeoutSeconds 2 -TcpPort 3389 -Quiet
if ($rdpSuccess) {
Write-Output $Name
}
}

15
PowerShell/Get-Programs.ps1 Normal file
View File

@ -0,0 +1,15 @@
# Get-Programs.ps1
# (c) Ben Hays, 2023
# Description: Get a list of installed programs for backup purposes
$FinalList = @()
# Grab list from common directories
$ProgramDirs = "C:\Program Files", "C:\Program Files (x86)"
$FinalList += Get-ChildItem $ProgramDirs | Where-Object { $_.PSIsContainer } | Select-Object -ExpandProperty Name -Unique | Sort-Object
# Grab list from Windows Registry
$FinalList += Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object { $_.DisplayName } | Select-Object -ExpandProperty DisplayName -Unique
$FinalList += Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object { $_.DisplayName } | Select-Object -ExpandProperty DisplayName -Unique
Write-Output $FinalList

3
ansible.cfg
View File

@ -1,8 +1,7 @@
[defaults] [defaults]
nocows = 1 nocows = 1
host_key_checking = False host_key_checking = False
inventory = ./ansible/inventory/homelab.ini inventory = ./Ansible/inventory.ini
interpreter_python=auto_silent
[privilege_escalation] [privilege_escalation]
#become_ask_pass = True #become_ask_pass = True

1
ansible/homelab-vault

@ -1 +0,0 @@
Subproject commit db990959c89083a71a90bb7f9ee99890d3e6ce0e

0
ansible/inventory/desktops.ini
View File

12
ansible/inventory/homelab.ini
View File

@ -1,12 +0,0 @@
[proxmox]
proxmox.benhays.cloud
[debian_servers]
web.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/cyWGjSGDk1VFJNtabDB8tchU' # <--- Debian 12
devops.benhays.cloud heartbeat_url="https://uptime.betterstack.com/api/v1/heartbeat/xVM4MLbQARNndNDcSA5bsnpR" # <---
tailscale.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/Sp7CXapJDwtjQmCMVdjeQsMy' # <--- All the rest are Ubuntu 22.04
bitwarden.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/YUBUtgJjBDJKEqM1qUXroj1v' # <---
#nextcloud.benhays.cloud heartbeat_url='https://uptime.betterstack.com/api/v1/heartbeat/oijvrZGFtc9Dev2AefP8iTfB' # <---
#irc.benhays.cloud
dns01.benhays.cloud
dns02.benhays.cloud

23
ansible/playbooks/debian.yml
View File

@ -1,23 +0,0 @@
---
- name: Debian Server Hardening
hosts: debian_servers
remote_user: bhays
become: true
become_user: root
vars_files:
- ../homelab-vault/secrets.yml
pre_tasks:
- name: Update apt cache if needed.
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
tasks:
# - name: Cloudflare DDNS Cronjob
# ansible.builtin.import_tasks: ../roles/cloudflare-dns.yml
- name: Heartbeat Cronjob for Betterstack
ansible.builtin.import_tasks: ../roles/heartbeat.yml
when: heartbeat_url is defined
- name: OpenSSH Hardening
ansible.builtin.import_tasks: ../roles/openssh.yml
- name: Generic Debian Hardening
ansible.builtin.import_tasks: ../roles/debian.yml

45
ansible/playbooks/desktop.yml
View File

@ -1,45 +0,0 @@
- name: Desktop Configuration
hosts: localhost
gather_facts: true
become: true
become_method: ansible.builtin.sudo
become_user: root
vars_files:
- ../homelab-vault/secrets.yml
tasks:
- name: OpenSSH Hardening
ansible.builtin.import_tasks: ../roles/openssh.yml
- name: Install Homebrew
when: ansible_os_family == "Darwin"
changed_when: false
ansible.builtin.shell:
cmd: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
args:
executable: /bin/bash
- name: Install Homebrew Packages
when: ansible_os_family == "Darwin"
community.general.homebrew:
name: "{{ item }}"
state: latest
loop:
- git
- wget
- python3
- ansible
- neovim
- bash-completion
- ssh-copy-id
- gpg
- name: Install Homebrew Cask Apps
when: ansible_os_family == "Darwin"
community.general.homebrew_cask:
name: "{{ item }}"
state: present
loop:
- iterm2
- google-chrome
- google-drive
- visual-studio-code
- obsidian
- nextcloud
- gnucash

47
ansible/playbooks/pki.yml
View File

@ -1,47 +0,0 @@
---
- name: Public Key Infrastructure
hosts: debian_servers
remote_user: bhays
become: true
become_user: root
vars_files:
- ../homelab-vault/secrets.yml
vars:
certbot_auto_renew: true
certbot_auto_renew_user: root
certbot_email: "ben@benhays.org"
certbot_cloudflare_api_token: "{{ CF_API_TOKEN }}"
roles:
- geerlingguy.certbot
pre_tasks:
- name: Update apt cache if needed.
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Update/install Certbot
ansible.builtin.apt:
name:
- python3-certbot-dns-cloudflare
state: latest
- name: Create Certbot folder - /etc/letsencrypt
ansible.builtin.file:
path: /etc/letsencrypt
state: directory
owner: root
group: root
mode: "0700"
- name: Certbot Template
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "0600"
with_items:
- { src: '../templates/dnscloudflare.ini.j2', dest: '/etc/letsencrypt/dnscloudflare.ini' }
- name: Generate Certificate
# yamllint disable rule:line-length
ansible.builtin.command: certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --dns-cloudflare-propagation-seconds 60 -m {{ certbot_email }} -d {{ ansible_host }}
args:
creates: /etc/letsencrypt/renewal/{{ ansible_host }}.conf

9
ansible/requirements.yaml
View File

@ -1,9 +0,0 @@
---
roles:
- name: geerlingguy.certbot
- name: elliotweiser.osx-command-line-tools
- name: geerlingguy.dotfiles
collections:
- name: geerlingguy.mac
- name: community.general

32
ansible/roles/cloudflare-dns.yml
View File

@ -1,32 +0,0 @@
---
- name: Copy Cloudflare IPAM Script
ansible.builtin.copy:
owner: bhays
mode: "0700"
src: ../../scripts/cloudflare-dns.sh
dest: /opt/cloudflare-dns.sh
changed_when: false
- name: Insert API Token
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^cloudflare_zone_api_token=''"
replace: "cloudflare_zone_api_token='{{ CF_API_TOKEN }}'"
changed_when: false
- name: Insert Zone ID
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^zoneid=''"
replace: "zoneid='{{ CF_ZONE_ID }}'"
changed_when: false
- name: Insert DNS Record
ansible.builtin.replace:
path: "/opt/cloudflare-dns.sh"
regexp: "^dns_record=''"
replace: "dns_record='{{ inventory_hostname }}'"
changed_when: false
- name: Add Cronjob for IPAM Script
ansible.builtin.cron:
name: "Cloudflare IPAM Script"
job: "/opt/cloudflare-dns.sh"
special_time: hourly
user: bhays

11
ansible/roles/debian.yml
View File

@ -1,11 +0,0 @@
---
- name: Update/install Debian Utilities
ansible.builtin.apt:
name:
- "apt-listchanges"
- "needrestart"
- "libpam-tmpdir"
- "debsums"
- "apt-show-versions"
state: latest
# TODO: Harden /etc/protocols, PAM configuration, /etc/login.defs, pam_cracklib, auto upgrades, banner to /etc/issue, auditd/sysstat, chkrootkit

19
ansible/roles/fail2ban.yml
View File

@ -1,19 +0,0 @@
---
- name: Update/install Fail2Ban
ansible.builtin.apt:
name: fail2ban
state: latest
- name: Copy Secure Configuration File
ansible.builtin.copy:
mode: "0664"
src: ../../configs/jail.local
dest: /etc/fail2ban/jail.local
- name: Restart Fail2Ban
ansible.builtin.systemd:
name: fail2ban
state: restarted
- name: Disable Postfix
ansible.builtin.systemd:
name: postfix
state: stopped
enabled: false

7
ansible/roles/heartbeat.yml
View File

@ -1,7 +0,0 @@
---
- name: Add Cronjob
ansible.builtin.cron:
name: "Betterstack Heartbeat"
job: "curl {{ heartbeat_url }}"
special_time: hourly
user: bhays

64
ansible/roles/openssh.yml
View File

@ -1,64 +0,0 @@
- name: Update/install OpenSSH via apt
when: ansible_os_family == "Debian"
ansible.builtin.apt:
name: openssh-server
state: latest
- name: Add 'bhays' user
when: ansible_os_family == "Debian"
ansible.builtin.user:
name: bhays
groups: sudo,adm
append: true
shell: /bin/bash
comment: Benjamin Hays
- name: Update/install Sudo
when: ansible_os_family == "Debian"
ansible.builtin.apt:
name: sudo
state: latest
- name: Ensure .ssh user folder exists
when: ansible_os_family == "Debian"
ansible.builtin.file:
path: "/home/bhays/.ssh/"
owner: bhays
mode: "0770"
state: directory
- name: Ensure .ssh user folder exists (macOS)
when: ansible_os_family == "Darwin"
ansible.builtin.file:
path: "/Users/bhays/.ssh/"
owner: bhays
mode: "0770"
state: directory
- name: Copy public key
when: ansible_os_family == "Debian"
ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../../config/ssh/authorized_keys
dest: /home/bhays/.ssh/authorized_keys
- name: Copy public key (macOS)
when: ansible_os_family == "Darwin"
ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../../config/ssh/authorized_keys
dest: /Users/bhays/.ssh/authorized_keys
- name: Copy secure login banner
ansible.builtin.copy:
owner: root
mode: "0644"
src: ../../config/ssh/login_banner
dest: /etc/login_banner
- name: Copy Secure Configuration File
ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../../config/ssh/sshd_config
dest: /etc/ssh/sshd_config
- name: Restart OpenSSH
when: ansible_os_family == "Debian"
ansible.builtin.systemd:
name: ssh
state: restarted
changed_when: false

52
ansible/roles/rss2email.yml
View File

@ -1,52 +0,0 @@
---
- name: RSS2Email
hosts: devops.benhays.cloud
remote_user: bhays
become: true
become_user: root
vars_files:
- ../homelab-vault/secrets.yml
vars:
smtp_server: "smtp.mailbox.org"
smtp_port: 465 # for SSL/TLS
# smtp_port: 587 # for STARTTLS
smtp_username: "ben@benhays.org"
smtp_password: "{{ SMTP_PASSWORD }}"
to_email: "ben@benhays.org"
from_email: "ben@benhays.org"
pre_tasks:
- name: Update apt cache if needed.
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Update/install RSS2Email
ansible.builtin.apt:
name:
- rss2email
state: latest
- name: Create XDG_CONFIG folder
ansible.builtin.file:
path: /home/bhays/.config/
state: directory
owner: bhays
group: bhays
mode: "0770"
- name: Upload Config Template
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: bhays
group: bhays
mode: "0600"
with_items:
- { src: '../templates/rss2email.cfg.j2', dest: '/home/bhays/.config/rss2email.cfg' }
- name: Run r2e for the first time to cache articles
ansible.builtin.command: r2e run --no-send
changed_when: true
- name: Add Cronjob
ansible.builtin.cron:
name: "RSS2Email"
job: "r2e run"
special_time: hourly
user: bhays

1
ansible/templates/dnscloudflare.ini.j2
View File

@ -1 +0,0 @@
dns_cloudflare_api_token = {{certbot_cloudflare_api_token}}

100
ansible/templates/rss2email.cfg.j2
View File

@ -1,100 +0,0 @@
[DEFAULT]
from = {{ from_email }}
user-agent = rss2email/__VERSION__ (__URL__)
use-8bit = False
force-from = False
use-publisher-email = False
name-format = {feed-title}: {author}
to = {{ to_email }}
proxy =
feed-timeout = 60
same-server-fetch-interval = 0
active = True
digest = False
date-header = False
date-header-order = modified, issued, created, expired
bonus-header =
trust-guid = True
trust-link = False
reply-changes = False
encodings = US-ASCII, ISO-8859-1, UTF-8, BIG5, ISO-2022-JP
post-process =
digest-post-process =
html-mail = False
multipart-html = False
use-css = False
css = h1 {
font: 18pt Georgia, "Times New Roman";
}
body {
font: 12pt Arial;
}
a:link {
font: 12pt Arial;
font-weight: bold;
color: #0000cc;
}
blockquote {
font-family: monospace;
}
.header {
background: #e0ecff;
border-bottom: solid 4px #c3d9ff;
padding: 5px;
margin-top: 0px;
color: red;
}
.header a {
font-size: 20px;
text-decoration: none;
}
.footer {
background: #c3d9ff;
border-top: solid 4px #c3d9ff;
padding: 5px;
margin-bottom: 0px;
}
#entry {
border: solid 4px #c3d9ff;
}
#body {
margin-left: 5px;
margin-right: 5px;
}
unicode-snob = False
links-after-each-paragraph = False
inline-links = True
wrap-links = True
body-width = 0
email-protocol = smtp
sendmail = /usr/sbin/sendmail
sendmail_config =
smtp-auth = True
smtp-username = {{ smtp_username }}
smtp-password = {{ smtp_password }}
smtp-server = {{ smtp_server }}
smtp-port = {{ smtp_port }}
smtp-ssl = True
imap-auth = False
imap-username = username
imap-password = password
imap-server = imap.example.net
imap-port = 143
imap-ssl = False
imap-mailbox = INBOX
maildir-path = ~/Maildir
maildir-mailbox = INBOX
verbose = info
[feed.eff]
url = https://www.eff.org/rss/updates.xml
[feed.lwn-features]
url = https://benhays.org/lwn-features.xml
[feed.lwn-all]
url = https://benhays.org/lwn-all.xml
[feed.phoronix]
url = https://www.phoronix.com/rss.php

114
config/desktops/geerling-config.yml
View File

@ -1,114 +0,0 @@
---
configure_dotfiles: false
configure_terminal: true
configure_osx: false
# Set to 'true' to configure the Dock via dockutil.
configure_dock: false
dockitems_remove: []
# - Launchpad
# - TV
# - Podcasts
# - 'App Store'
dockitems_persist: []
# - name: "Sublime Text"
# path: "/Applications/Sublime Text.app/"
# pos: 5
configure_sudoers: false
sudoers_custom_config: ""
# Example:
# sudoers_custom_config: |
# # Allow users in admin group to use sudo with no password.
# %admin ALL=(ALL) NOPASSWD: ALL
dotfiles_repo: https://github.com/geerlingguy/dotfiles.git
dotfiles_repo_accept_hostkey: true
dotfiles_repo_local_destination: ~/Development/GitHub/dotfiles
dotfiles_repo_version: master # Replace with your default branch
dotfiles_files:
- .zshrc
- .gitignore
- .inputrc
- .osx
- .vimrc
homebrew_installed_packages:
# - ansible # Installed via Pip.
- autoconf
- bash-completion
- doxygen
- gettext
- git
- gpg
- iperf
- libevent
- sqlite
- nmap
- node
- nvm
- ssh-copy-id
- readline
- openssl
- wget
- zsh-history-substring-search
homebrew_taps: []
homebrew_cask_appdir: /Applications
homebrew_cask_apps:
- iterm2
- google-chrome
- google-drive
- nextcloud
- gnucash
- visual-studio-code
- obsidian
# See `geerlingguy.mac.mas` role documentation for usage instructions.
mas_installed_apps: []
mas_email: ""
mas_password: ""
osx_script: "~/.osx --no-restart"
# Install packages from other package managers.
# Note: You are responsible for making sure the required package managers are
# installed, eg. through homebrew.
composer_packages: []
# - name: drush
# state: present # present/absent, default: present
# version: "^8.1" # default: N/A
gem_packages: []
# - name: bundler
# state: present # present/absent/latest, default: present
# version: "~> 1.15.1" # default: N/A
npm_packages: []
# - name: webpack
# state: present # present/absent/latest, default: present
# version: "^2.6" # default: N/A
pip_packages: []
# - name: mkdocs
# state: present # present/absent/latest, default: present
# version: "0.16.3" # default: N/A
# Set to 'true' to configure Sublime Text.
configure_sublime: false
sublime_base_path: "~/Library/Application Support/Sublime Text"
sublime_config_path: "Packages/User"
sublime_package_control:
- "DocBlockr"
- "Dockerfile Syntax Highlighting"
- "FileDiffs"
- "GitHub Flavored Markdown Preview"
- "Jinja2"
- "Package Control"
- "Pretty JSON"
- "SublimeLinter"
- "SublimeLinter-contrib-yamllint"
- "Theme - Cobalt2"
- "TrailingSpaces"
- "WordingStatus"
# Glob pattern to ansible task files to run after all other tasks are finished.
post_provision_tasks: []

2
config/ssh/ssh_config
View File

@ -1,2 +0,0 @@
Host *.benhays.cloud
StrictHostKeyChecking no