emdee/base_role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first

Browse source
This commit is contained in:
embed@git.macaw.me 2024-01-06 01:38:28 +00:00
commit b50fd16591
197 changed files with 41663 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tasks/Debian.yml Normal file
View file

@ -0,0 +1,17 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
# APT::Clean-Installed off
- name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc
create: yes
mode: 0770
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_ALSO_GROUP }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK base Debian"
insertafter: EOF
block: |
/etc/init.d/console-setup.sh start
when:
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS

25
tasks/Devuan.yml Normal file
View file

@ -0,0 +1,25 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
# APT::Clean-Installed off
- name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc
create: yes
mode: 0770
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_ALSO_GROUP }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK base Debian"
insertafter: EOF
block: |
/etc/init.d/console-setup.sh start
when:
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- name: /etc/apt/sources.list.d/devuan.list
shell: |
cd /etc/apt/sources.list.d/
grep -q https://deb.devuan.org/merged devuan.list || exit 0
sed -e 's@deb https://deb.devuan.org/merged@deb https://mirrors.dotsrc.org/devuan/merged@' \
/etc/apt/sources.list.d/devuan.list
exit 0

338
tasks/Gentoo.yml Executable file
View file

@ -0,0 +1,338 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base Gentoo.yml base_also_users"
debug:
verbosity: 1
msg: "DEBUG: Including base Gentoo.yml base_also_users={{base_also_users}}"
# mesa needs python on the PATH -- the right one early
- name: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python"
file:
# Its on the PATH in portage/.../.../temp/environment ahead of
# .../usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:...
src: "/usr/bin/python{{BASE_PORTAGE_PYTHON_MINOR}}"
dest: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python"
state: link
force: yes
- block: # unsafe
- name: "/etc/portage/make.conf base Gentoo GPSD_PROTOCOLS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [GPSD_PROTOCOLS]"
block: |
GPSD_PROTOCOLS="nmea0183 nmea2000 aivdm"
- name: "/etc/portage/make.conf base Gentoo PORTAGE_PYTHON"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PORTAGE_PYTHON]"
block: |
PORTAGE_PYTHON=/usr/bin/python{{BASE_PORTAGE_PYTHON_MINOR}}
PORTAGE_PYTHONPATH=/usr/{{BASE_LIB}}/python{{BASE_PORTAGE_PYTHON_MINOR}}
# FixMe: whats this
PORTAGE_PYM_PATH=/usr/{{BASE_LIB}}/python{{BASE_PORTAGE_PYTHON_MINOR}}
#EPYTHON=?
- name: "/etc/portage/make.conf Gentoo2 FEATURES-backup"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [FEATURES-backup]"
block: |
FEATURES="${FEATURES} unmerge-backup downgrade-backup binpkg-multi-instance"
- name: "/etc/portage/make.conf Gentoo2 FEATURES"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [FEATURES]"
block: |
# https://bugs.gentoo.org/show_bug.cgi?id=605348
# buildpkg
FEATURES="${FEATURES} -collision-detect protect-owned -userfetch"
# https://forums.gentoo.org/viewtopic-p-7863632.html
FEATURES="${FEATURES} -usersandbox -userpriv userfetch fixlafiles news parallel-fetch sfperms unmerge-orphans unknown-features-warn usersync multilib-strict preserve-libs compress-build-logs parallel-install -ebuild-locks"
# If configure failed with a 'cannot run C compiled programs' error, try this:
# FEATURES='-sandbox -usersandbox' emerge sandbox
FEATURES="-sandbox -usersandbox ${FEATURES}"
# https://forums.gentoo.org/viewtopic-p-7863632.html
FEATURES="${FEATURES} -userpriv userfetch fixlafiles news parallel-fetch"
FEATURES="${FEATURES} sfperms unmerge-orphans unknown-features-warn usersync"
FEATURES="${FEATURES} multilib-strict preserve-libs"
FEATURES="${FEATURES} compress-build-logs parallel-install -ebuild-locks"
- name: "/etc/portage/make.conf base Gentoo2.yml CHOST"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [CHOST]"
block: |
CHOST="x86_64-pc-linux-gnu"
- name: "/etc/portage/make.conf base Gentoo2.yml LLVM_TARGETS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [LLVM_TARGETS]"
block: |
LLVM_TARGETS="X86"
- name: "/etc/portage/make.conf base Gentoo2.yml USE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [USE]"
block: |
# 2020-02 - abi_x86_32 is in pentoo profile
# 2021-03 -abi_x86_32 may be causing havoc
# 2021-04 - gps jack lua subversion
USE="${USE} adns caps lm-sensors networkmanager oss pulseaudio vdpau vaapi xattr"
USE="${USE} -multilib -openmp"
USE="${USE} python" # ruby perl lzma
# https://wiki.gentoo.org/wiki/PulseAudio add "elogind -systemd -consolekit" globally
USE="${USE} X elogind -consolekit -systemd fbcon"
USE="${USE} xinerama x265"
USE="${USE} fbcon"
# 2019-12 python uses sqlite - but we will not do it globally
USE="${USE} curl"
USE="${USE} -nls"
# is this causing problems on the dbus with polkit?
USE="${USE} -gnome-keyring"
USE="${USE} -gnome-online-accounts"
# my changes dunno about -pentoo-full
USE="${USE} -pentoo-full -wireless" # -bluetooth
# -native-headset is from pulseaudio - requires bluetooth
# - - native-headset : Build with native HSP backend for bluez 5.
# - - ofono-headset : Build with oFono HFP backend for bluez 5,
USE="${USE} alsa -native-headset" #? bluetooth
USE="${USE} -vulkan -wayland"
USE="${USE} socks5"
USE="${USE} dbus -thunar -gnome -kde" # qt3support
USE="${USE} cups spell gpm userlocales"
USE="${USE} xvid mp3 flac vorbis ogg theora x264" # xinerama x265
USE="${USE} -ldap -icu"
# virtualbox
USE="${USE} svg jpeg png xpm scanner"
# 2020-02 from Pentoo
USE="${USE} lm-sensors"
# 2020-02 against Pentoo
USE="${USE} -gles2 -gles1"
- name: "/etc/portage/make.conf base Gentoo2.yml USE_EXPAND"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [USE_EXPAND]"
block: |
# Env vars to expand into USE vars
USE_EXPAND="${USE_EXPAND} COMPAT_DRIVERS_WIFI COMPAT_DRIVERS_ETHERNET COMPAT_DRIVERS_VARIOUS UNICORN_TARGETS"
- name: "/etc/portage/make.conf base Gentoo2.yml LDFLAGS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [LDFLAGS]"
block: |
# This will help developers track packages, that don't respect
# LDFLAGS, down more effectively
LDFLAGS="${LDFLAGS} -Wl,--defsym=__gentoo_check_ldflags__=0"
- name: "/etc/portage/make.conf base Gentoo2.yml COMPRESS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [COMPRESS]"
block: |
#PORTAGE_BZIP2_COMMAND="bzip2"
#PORTAGE_BUNZIP2_COMMAND="bunzip2"
# with bzip2 quickpkg --umask=0022 --include-config=y =sci-libs/metis-5.1.0-r4
# * Building package for sci-libs/metis-5.1.0-r4 ...lbzip2: unknown option "-T",
# works without anything it works (default zstd)
#! BINPKG_COMPRESS="bzip2"
# BINPKG_COMPRESS_FLAGS="-3"
- name: "/etc/portage/make.conf base Gentoo2.yml USE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [USE]"
block: |
# was USE="${USE} X abi_x86_32 adns caps -consolekit curl elogind fbcon gps jack lm_sensors lua lzma networkmanager oss pentoo-full perl pulseaudio python ruby samba sqlite subversion vdpau vaapi xattr xinerama x265"
# 2020-02 - abi_x86_32 is in pentoo profile
# 2021-03 -abi_x86_32 may be causing havoc
# 2021-04 - gps jack lua subversion
USE="${USE} adns caps lm-sensors oss pulseaudio vdpau vaapi xattr" #? networkmanager
# https://wiki.gentoo.org/wiki/PulseAudio add "elogind -systemd -consolekit" globally
USE="${USE} X elogind -consolekit -systemd fbcon"
USE="${USE} xinerama x265"
USE="${USE} curl sqlite"
USE="${USE} -nls"
# is this causing problems on the dbus with polkit?
USE="${USE} -gnome-keyring"
# my changes dunno about -pentoo-full
USE="${USE} -pentoo-full -wireless" # -bluetooth
# my additions
USE="${USE} alsa -native-headset" #? bluetooth
USE="${USE} -vulkan -wayland"
#USE="${USE} socks5"
- name: "/etc/portage/make.conf base Gentoo2.yml PENTOO_BINPKG_RESTRICTED"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml [PENTOO_BINPKG_RESTRICTED]"
block: |
#for major use of binpkgs, we need to "fix" a few of gentoo's flaws:
#a package built against kernel A will attempt to be used even when remerging on kernel B (often to hilarious consequences)
#so we will define a long list of such packages and exclude them from being built and used (catch it on both ends to avoid issues)
PENTOO_BINPKG_RESTRICTED="sys-kernel/compat-drivers sys-kernel/ax88179_178a x11-drivers/ati-drivers x11-drivers/nvidia-drivers sys-fs/zfs-kmod sys-kernel/spl \
sys-power/bbswitch pentoo/pentoo-installer x11-drivers/xf86-video-virtualbox app-emulation/virtualbox-guest-additions \
app-emulation/virtualbox-modules app-emulation/vmware-modules app-emulation/open-vm-tools sys-kernel/genkernel dev-python/certifi \
sys-kernel/pentoo-sources dev-python/twisted-web net-analyzer/metasploit sci-libs/lapack-reference x11-base/xorg-drivers app-admin/genmenu \
net-wireless/rtl8812au_aircrack-ng pentoo/pentoo pentoo/pentoo-system media-libs/libepoxy net-wireless/gr-ieee802154 virtual/ssh virtual/service-manager \
x11-libs/libva"
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --ask-enter-invalid --keep-going=y --binpkg-respect-use=y --tree --verbose --with-bdeps=y --autounmask=n"
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --buildpkg-exclude \"${PENTOO_BINPKG_RESTRICTED}\" --usepkg-exclude \"${PENTOO_BINPKG_RESTRICTED}\""
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --binpkg-changed-deps=y --ignore-soname-deps=n"
XFCE_PLUGINS="${XFCE_PLUGINS} brightness menu logout trash"
# Log eqawarn messages
PORTAGE_ELOG_CLASSES="${PORTAGE_ELOG_CLASSES} qa"
PORTAGE_NICENESS="9"
PORTAGE_IO_NICENESS="ionice -c 3 -p \${PID}"
# Env vars to expand into USE vars
USE_EXPAND="${USE_EXPAND} COMPAT_DRIVERS_WIFI COMPAT_DRIVERS_ETHERNET COMPAT_DRIVERS_VARIOUS UNICORN_TARGETS"
#mgorny suggested this speeds up sync, in my testing it makes a rather large difference
PORTAGE_RSYNC_EXTRA_OPTS="--omit-dir-times -4"
INSTALL_MASK="/usr/lib/debug"
# this breaks things .git .
#PORTDIR="/var/db/repos"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
ACCEPT_LICENSE="* -@EULA intel-ucode-20180807 FraunhoferFDK"
when: false
- name: "/etc/portage/make.conf base Gentoo2.yml CURL_SSL"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo2.yml CURL_SSL"
block: |
#? which is right nss or openssl - one only
# -openssl -axtls -gnutls -libressl -mbedtls -*
CURL_SSL="{{BASE_CURL_SSL}}"
- name: "/etc/portage/make.conf base Gentoo2.yml PKG_CONFIG_PATH"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PKG_CONFIG_PATH]"
block: |
PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig:/usr/local/lib/pkgconfig/"
- assert:
that:
- "'{{ BOX_OS_FLAVOR }}' != 'Funtoo'"
- name: "include base by-flavour tasks"
include_tasks: "roles/base/tasks/{{item}}.yml"
with_items:
- "{{ ansible_distribution }}/{{ BOX_OS_FLAVOR }}/main"
# now done as a symlink to portage.yml
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
- name: "/etc/portage/repos.conf/default.conf" # early
blockinfile:
dest: /etc/portage/repos.conf/default.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base"
block: |
[DEFAULT]
# /usr/share/portage/config/repos.conf
main-repo = gentoo
sync-allow-hardlinks = yes
# https://bugs.gentoo.org/552814
sync-depth = 1
- block:
- name: chown portage.portage /var/tmp/portage
shell: |
cd /root
[ -d bin ] || mkdir bin
[ -d /var/tmp/portage ] || mkdir /var/tmp/portage
chown portage.portage /var/tmp/portage
[ -d {{BASE_SCRIPT_DIR}} ] || mkdir {{BASE_SCRIPT_DIR}}
# FixMe: should be all of /usr/local/src
#
- name: "/etc/portage/profile/package.provided"
blockinfile:
dest: /etc/portage/profile/package.provided
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo"
block: |
# /etc/portage/profile/package.provided
# file can contain a list of packages (one per line) that Portage should assume have been provided.
{% for elt in base_pkgs_provided %}
{{ elt }}
{% endfor %}
# {{ base_pkgs_provided|join('\n') }}
# put this in make.conf?
- set_fact:
portage_proxy_env: "{{ proxy_env }}"
- name: "/etc/portage/make.conf base Gentoo.yml"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} Ansible Managed Block base Gentoo.yml GRUB_PLATFORMS"
block: |
# added 2019-07
# -coreboot -qemu require fonts
# -ieee1275 -loongson -qemu-mips -uboot -xen -xen-32 -xen-pvh -themesf- coreboot -qemu
GRUB_PLATFORMS="efi-32 efi-64 emu multiboot pc"
- name: "/etc/portage/make.conf base Gentoo ACCEPT_LICENSE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [ACCEPT_LICENSE]"
block: |
ACCEPT_LICENSE="* -@EULA"
- name: "/etc/portage/make.conf base Gentoo VERIFY_SIG_OPENPGP_KEY_REFRESH"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml VERIFY_SIG_OPENPGP_KEY_REFRESH"
block: |
# not yes
VERIFY_SIG_OPENPGP_KEY_REFRESH=no

22
tasks/Gentoo/Gentoo/main.yml Normal file
View file

@ -0,0 +1,22 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base Gentoo/Pentoo/main.yml"
debug:
verbosity: 1
msg: "base Gentoo/Pentoo/main.yml"
#- include_tasks: Gentoo/Pentoo/accept_keywords.yml
#- include_tasks: Gentoo/Pentoo/license.yml
- include_tasks: Gentoo/Pentoo/use.yml
- include_tasks: Gentoo/Pentoo/mask.yml
##- include_tasks: Gentoo/openrc.yml
- include_tasks: Gentoo/Pentoo/portage.yml
#- include_tasks: Gentoo/Pentoo/unmask.yml
- include_tasks: Gentoo/Pentoo/unmask.yml

39
tasks/Gentoo/Gentoo/mask.yml Normal file
View file

@ -0,0 +1,39 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.mask/2020-01_rfid.txt"
blockinfile:
dest: /etc/portage/package.mask/2020-01_rfid.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
sys-devel/gcc-arm-none-eabi
- name: "/etc/portage/package.mask/2023-00_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023-00_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.3.1_p20230530
- name: "/etc/portage/package.mask/2023_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.9.0
- name: "/etc/portage/package.mask/2020-00_clipos.txt"
blockinfile:
dest: /etc/portage/package.mask/2020-00_clipos.txt
create: true
marker: "# {mark} Ansible Managed Block base clipos-kernel-sources"
block: |
>=sys-kernel/clipos-kernel-sources-5.3

1
tasks/Gentoo/Gentoo/portage.yml Symbolic link
View file

@ -0,0 +1 @@
../openrc.yml

23
tasks/Gentoo/Gentoo/unmask.yml Normal file
View file

@ -0,0 +1,23 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.unmask/2022_05_pybitmessage.txt"
blockinfile:
dest: /etc/portage/package.unmask/2022_05_pybitmessage.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
=dev-libs/openssl-1.0.2u-r1
- name: "/etc/portage/package.unmask/2022_05_pybitmessage.txt"
blockinfile:
dest: /etc/portage/package.unmask/2022_05_pybitmessage.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
=dev-libs/openssl-1.0.2u-r1

575
tasks/Gentoo/Gentoo/use.yml Normal file
View file

@ -0,0 +1,575 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base bzip2"
block: |
app-arch/bzip2 static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base bzip2"
block: |
app-arch/bzip2 static
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base gzip"
block: |
app-arch/gzip static
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base tar"
block: |
app-arch/tar static
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base xz-utils"
block: |
app-arch/xz-utils static-libs
- name: "/etc/portage/package.use/2014-06_pgp-static.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_pgp-static.txt
create: true
marker: "# {mark} Ansible Managed Block base bash"
block: |
app-shells/bash -net mem-scramble readline net
- name: "/etc/portage/package.use/2021-09_-caps.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_-caps.txt
create: true
marker: "# {mark} Ansible Managed Block base coreutils"
block: |
sys-apps/coreutils -caps -acl -split-usr -xattr
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base grep"
block: |
sys-apps/grep static
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base procps"
block: |
sys-process/procps -systemd
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base sed"
block: |
sys-apps/sed static -acl
- name: "/etc/portage/package.use/2023-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2023-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base binutils"
block: |
sys-devel/binutils -gold
- name: "/etc/portage/package.use/2013-12_numpy.txt"
blockinfile:
dest: /etc/portage/package.use/2013-12_numpy.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
sys-devel/gcc fortran openmp objc
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base patch"
block: |
sys-devel/patch static
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs"
block: |
sys-fs/e2fsprogs static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libc"
block: |
virtual/libcrypt static-libs
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 -systemd eudev
- name: "/etc/portage/package.use/2020-01_lvm2.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_lvm2.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 static static-libs thin -systemd -udev
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 static-libs
- name: "/etc/portage/package.use/2023-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2023-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 lvm
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base libgpg-error"
block: |
dev-libs/libgpg-error static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libgpg-error"
block: |
dev-libs/libgpg-error static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs-libs"
block: |
sys-libs/e2fsprogs-libs static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs-libs"
block: |
sys-libs/e2fsprogs-libs static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base libgcrypt"
block: |
dev-libs/libgcrypt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libgcrypt"
block: |
dev-libs/libgcrypt static-libs
- name: "/etc/portage/package.use/2013-07-cryptsetup.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07-cryptsetup.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static -openssl -gcrypt -python -nls urandom nettle reencrypt -udev
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static -nls luks1_default
- name: "/etc/portage/package.use/2018-12_ego1.3.txt"
blockinfile:
dest: /etc/portage/package.use/2018-12_ego1.3.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses tinfo
- name: "/etc/portage/package.use/2019-11_ncurses.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_ncurses.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses minimal -gpm
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
>=sys-libs/ncurses-6.1-r3 static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
>=sys-libs/ncurses-6.1-r3 static-libs
- name: "/etc/portage/package.use/2021-07_android-sdk-update-manager.txt"
blockinfile:
dest: /etc/portage/package.use/2021-07_android-sdk-update-manager.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses-compat -gpm ABI_X86="64"
- name: "/etc/portage/package.use/2020-02_glibc.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_glibc.txt
create: true
marker: "# {mark} Ansible Managed Block base glibc"
block: |
sys-libs/glibc -multiarch -multilib crypt
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libxcrypt"
block: |
sys-libs/libxcrypt system static-libs
- name: "/etc/portage/package.use/2020-02_glibc.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_glibc.txt
create: true
marker: "# {mark} Ansible Managed Block base libxcrypt"
block: |
sys-libs/libxcrypt system
- name: "/etc/portage/package.use/2020-10_audit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-10_audit.txt
create: true
marker: "# {mark} Ansible Managed Block base shadow"
block: |
sys-apps/shadow -nls audit
- name: "/etc/portage/package.use/2021-08_gnutls.txt"
blockinfile:
dest: /etc/portage/package.use/2021-08_gnutls.txt
create: true
marker: "# {mark} Ansible Managed Block base gnutls"
block: |
net-libs/gnutls pkcs11
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block base portage"
block: |
sys-apps/portage python_targets_python3_10 python_targets_python3_11
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base nano"
block: |
app-editors/nano -static
- name: "/etc/portage/package.use/2019-08_ca-certificates.txt"
blockinfile:
dest: /etc/portage/package.use/2019-08_ca-certificates.txt
create: true
marker: "# {mark} Ansible Managed Block base ca-certificates"
block: |
app-misc/ca-certificates cacert
- name: "/etc/portage/package.use/2019-01_pentoo.txt"
blockinfile:
dest: /etc/portage/package.use/2019-01_pentoo.txt
create: true
marker: "# {mark} Ansible Managed Block base perl"
block: |
dev-lang/perl berkdb gdbm
- name: "/etc/portage/package.use/2022-03_perl.txt"
blockinfile:
dest: /etc/portage/package.use/2022-03_perl.txt
create: true
marker: "# {mark} Ansible Managed Block base perl"
block: |
dev-lang/perl ithreads
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre2"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2020-01_readline.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_readline.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2 -readline
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2:2 verify-sig
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2 python icu ipv6 lzma
- name: "/etc/portage/package.use/2017-01_openssl.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_openssl.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
dev-libs/openssl -bindist -sslv3 ec_nistp_64_gcc_128 static-libs tls-heartbeat
- name: "/etc/portage/package.use/2021-00_python-2.7.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_python-2.7.txt
create: true
marker: "# {mark} Ansible Managed Block base setuptools"
block: |
dev-python/setuptools-python2 python_targets_python2_7
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
blockinfile:
dest: /etc/portage/package.use/2020-00_ipv6.txt
create: true
marker: "# {mark} Ansible Managed Block base dhcp"
block: |
net-misc/dhcpcd -ipv6
- name: "/etc/portage/package.use/2020-01_ssl.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_ssl.txt
create: true
marker: "# {mark} Ansible Managed Block base openssh"
block: |
net-misc/openssh pie pam ssl -sctp
- name: "/etc/portage/package.use/2020-02_consolekit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_consolekit.txt
create: true
marker: "# {mark} Ansible Managed Block base pambase"
block: |
sys-auth/pambase -consolekit
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib static-libs
- name: "/etc/portage/package.use/2021-07_android-sdk-update-manager.txt"
blockinfile:
dest: /etc/portage/package.use/2021-07_android-sdk-update-manager.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib ABI_X86="64"
- name: "/etc/portage/package.use/2021-09_minizip.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_minizip.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib -minizip
- name: "/etc/portage/package.use/2021-10_xiphos.txt"
blockinfile:
dest: /etc/portage/package.use/2021-10_xiphos.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib minizip
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2018-01_qt.txt"
blockinfile:
dest: /etc/portage/package.use/2018-01_qt.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre pcre16
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base acl"
block: |
sys-apps/acl static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base attr"
block: |
sys-apps/attr static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base lz4"
block: |
app-arch/lz4 static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base bc"
block: |
sys-devel/bc -static
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux static-libs crypt tty-helpers python -readline -cramfs -ncurses static
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux -systemd
- name: "/etc/portage/package.use/2021-09_-caps.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_-caps.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux -caps ncurses
- name: "/etc/portage/package.use/2013-07_40busybox.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07_40busybox.txt
create: true
marker: "# {mark} Ansible Managed Block base kmod"
block: |
sys-apps/kmod lzma
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block base elogind"
block: |
sys-auth/elogind policykit

22
tasks/Gentoo/Pentoo/main.yml Normal file
View file

@ -0,0 +1,22 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base Gentoo/Pentoo/main.yml"
debug:
verbosity: 1
msg: "base Gentoo/Pentoo/main.yml"
#- include_tasks: Gentoo/Pentoo/accept_keywords.yml
#- include_tasks: Gentoo/Pentoo/license.yml
- include_tasks: Gentoo/Pentoo/use.yml
- include_tasks: Gentoo/Pentoo/mask.yml
##- include_tasks: Gentoo/openrc.yml
- include_tasks: Gentoo/Pentoo/portage.yml
#- include_tasks: Gentoo/Pentoo/unmask.yml
- include_tasks: Gentoo/Pentoo/unmask.yml

87
tasks/Gentoo/Pentoo/mask.yml Normal file
View file

@ -0,0 +1,87 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.mask/2020-01_rfid.txt"
blockinfile:
dest: /etc/portage/package.mask/2020-01_rfid.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
sys-devel/gcc-arm-none-eabi
- name: "/etc/portage/package.mask/2023-00_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023-00_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.3.1_p20230530
- name: "/etc/portage/package.mask/2023-00_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023-00_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.3.1_p20230530
- name: "/etc/portage/package.mask/2023_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.9.0
- name: "/etc/portage/package.mask/2023_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
>sys-devel/gcc-12.9.0
- name: "/etc/portage/package.mask/2021_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2021_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
=sys-fs/cryptsetup-2.3.5-r1
- name: "/etc/portage/package.mask/2020_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2020_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
>=sys-libs/ncurses-7.0
- name: "/etc/portage/package.mask/2021_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2021_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
=dev-libs/openssl-1.1.1k-r1
- name: "/etc/portage/package.mask/2020-00_clipos.txt"
blockinfile:
dest: /etc/portage/package.mask/2020-00_clipos.txt
create: true
marker: "# {mark} Ansible Managed Block base clipos-kernel-sources"
block: |
>=sys-kernel/clipos-kernel-sources-5.3
- name: "/etc/portage/package.mask/2021_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2021_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block base elogind"
block: |
=sys-auth/elogind-246.10

1
tasks/Gentoo/Pentoo/portage.yml Symbolic link
View file

@ -0,0 +1 @@
../openrc.yml

23
tasks/Gentoo/Pentoo/unmask.yml Normal file
View file

@ -0,0 +1,23 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.unmask/2022_05_pybitmessage.txt"
blockinfile:
dest: /etc/portage/package.unmask/2022_05_pybitmessage.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
=dev-libs/openssl-1.0.2u-r1
- name: "/etc/portage/package.unmask/2022_05_pybitmessage.txt"
blockinfile:
dest: /etc/portage/package.unmask/2022_05_pybitmessage.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
=dev-libs/openssl-1.0.2u-r1

599
tasks/Gentoo/Pentoo/use.yml Normal file
View file

@ -0,0 +1,599 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base bzip2"
block: |
app-arch/bzip2 static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base bzip2"
block: |
app-arch/bzip2 static
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base gzip"
block: |
app-arch/gzip static
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base tar"
block: |
app-arch/tar static
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base xz-utils"
block: |
app-arch/xz-utils static-libs
- name: "/etc/portage/package.use/2014-06_pgp-static.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_pgp-static.txt
create: true
marker: "# {mark} Ansible Managed Block base bash"
block: |
app-shells/bash -net mem-scramble readline net
- name: "/etc/portage/package.use/2021-09_-caps.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_-caps.txt
create: true
marker: "# {mark} Ansible Managed Block base coreutils"
block: |
sys-apps/coreutils -caps -acl -split-usr -xattr
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base grep"
block: |
sys-apps/grep static
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base procps"
block: |
sys-process/procps -systemd
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base sed"
block: |
sys-apps/sed static -acl
- name: "/etc/portage/package.use/2023-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2023-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base binutils"
block: |
sys-devel/binutils -gold
- name: "/etc/portage/package.use/2013-12_numpy.txt"
blockinfile:
dest: /etc/portage/package.use/2013-12_numpy.txt
create: true
marker: "# {mark} Ansible Managed Block base gcc"
block: |
sys-devel/gcc fortran openmp objc
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base patch"
block: |
sys-devel/patch static
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs"
block: |
sys-fs/e2fsprogs static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libc"
block: |
virtual/libcrypt static-libs
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 -systemd eudev
- name: "/etc/portage/package.use/2020-01_lvm2.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_lvm2.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 static static-libs thin -systemd -udev
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 static-libs
- name: "/etc/portage/package.use/2023-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2023-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 lvm
- name: "/etc/portage/package.use/2023-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2023-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base lvm2"
block: |
sys-fs/lvm2 lvm
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base libgpg-error"
block: |
dev-libs/libgpg-error static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libgpg-error"
block: |
dev-libs/libgpg-error static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs-libs"
block: |
sys-libs/e2fsprogs-libs static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base e2fsprogs-libs"
block: |
sys-libs/e2fsprogs-libs static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base popt"
block: |
dev-libs/popt static-libs
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base libgcrypt"
block: |
dev-libs/libgcrypt static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libgcrypt"
block: |
dev-libs/libgcrypt static-libs
- name: "/etc/portage/package.use/2013-07-cryptsetup.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07-cryptsetup.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static -openssl -gcrypt -python -nls urandom nettle reencrypt -udev
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base cryptsetup"
block: |
sys-fs/cryptsetup static -nls luks1_default
- name: "/etc/portage/package.use/2018-12_ego1.3.txt"
blockinfile:
dest: /etc/portage/package.use/2018-12_ego1.3.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses tinfo
- name: "/etc/portage/package.use/2019-11_ncurses.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_ncurses.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses minimal -gpm
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
>=sys-libs/ncurses-6.1-r3 static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
>=sys-libs/ncurses-6.1-r3 static-libs
- name: "/etc/portage/package.use/2021-07_android-sdk-update-manager.txt"
blockinfile:
dest: /etc/portage/package.use/2021-07_android-sdk-update-manager.txt
create: true
marker: "# {mark} Ansible Managed Block base ncurses"
block: |
sys-libs/ncurses-compat -gpm ABI_X86="64"
- name: "/etc/portage/package.use/2020-02_glibc.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_glibc.txt
create: true
marker: "# {mark} Ansible Managed Block base glibc"
block: |
sys-libs/glibc -multiarch -multilib crypt
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libxcrypt"
block: |
sys-libs/libxcrypt system static-libs
- name: "/etc/portage/package.use/2020-02_glibc.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_glibc.txt
create: true
marker: "# {mark} Ansible Managed Block base libxcrypt"
block: |
sys-libs/libxcrypt system
- name: "/etc/portage/package.use/2020-10_audit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-10_audit.txt
create: true
marker: "# {mark} Ansible Managed Block base shadow"
block: |
sys-apps/shadow -nls audit
- name: "/etc/portage/package.use/2021-08_gnutls.txt"
blockinfile:
dest: /etc/portage/package.use/2021-08_gnutls.txt
create: true
marker: "# {mark} Ansible Managed Block base gnutls"
block: |
net-libs/gnutls pkcs11
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block base portage"
block: |
sys-apps/portage python_targets_python3_10 python_targets_python3_11
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base nano"
block: |
app-editors/nano -static
- name: "/etc/portage/package.use/2019-08_ca-certificates.txt"
blockinfile:
dest: /etc/portage/package.use/2019-08_ca-certificates.txt
create: true
marker: "# {mark} Ansible Managed Block base ca-certificates"
block: |
app-misc/ca-certificates cacert
- name: "/etc/portage/package.use/2019-01_pentoo.txt"
blockinfile:
dest: /etc/portage/package.use/2019-01_pentoo.txt
create: true
marker: "# {mark} Ansible Managed Block base perl"
block: |
dev-lang/perl berkdb gdbm
- name: "/etc/portage/package.use/2022-03_perl.txt"
blockinfile:
dest: /etc/portage/package.use/2022-03_perl.txt
create: true
marker: "# {mark} Ansible Managed Block base perl"
block: |
dev-lang/perl ithreads
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre2"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre2"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2020-01_readline.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_readline.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2 -readline
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2:2 verify-sig
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libxml2"
block: |
dev-libs/libxml2 python icu ipv6 lzma
- name: "/etc/portage/package.use/2017-01_openssl.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_openssl.txt
create: true
marker: "# {mark} Ansible Managed Block base openssl"
block: |
dev-libs/openssl -bindist -sslv3 ec_nistp_64_gcc_128 static-libs tls-heartbeat
- name: "/etc/portage/package.use/2021-00_python-2.7.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_python-2.7.txt
create: true
marker: "# {mark} Ansible Managed Block base setuptools"
block: |
dev-python/setuptools-python2 python_targets_python2_7
- name: "/etc/portage/package.use/2020-00_ipv6.txt"
blockinfile:
dest: /etc/portage/package.use/2020-00_ipv6.txt
create: true
marker: "# {mark} Ansible Managed Block base dhcp"
block: |
net-misc/dhcpcd -ipv6
- name: "/etc/portage/package.use/2020-01_ssl.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_ssl.txt
create: true
marker: "# {mark} Ansible Managed Block base openssh"
block: |
net-misc/openssh pie pam ssl -sctp
- name: "/etc/portage/package.use/2020-02_consolekit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-02_consolekit.txt
create: true
marker: "# {mark} Ansible Managed Block base pambase"
block: |
sys-auth/pambase -consolekit
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib static-libs
- name: "/etc/portage/package.use/2021-07_android-sdk-update-manager.txt"
blockinfile:
dest: /etc/portage/package.use/2021-07_android-sdk-update-manager.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib ABI_X86="64"
- name: "/etc/portage/package.use/2021-09_minizip.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_minizip.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib -minizip
- name: "/etc/portage/package.use/2021-10_xiphos.txt"
blockinfile:
dest: /etc/portage/package.use/2021-10_xiphos.txt
create: true
marker: "# {mark} Ansible Managed Block base zlib"
block: |
sys-libs/zlib minizip
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2018-01_qt.txt"
blockinfile:
dest: /etc/portage/package.use/2018-01_qt.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre pcre16
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base acl"
block: |
sys-apps/acl static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block base attr"
block: |
sys-apps/attr static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base lz4"
block: |
app-arch/lz4 static-libs
- name: "/etc/portage/package.use/2020-01_static.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static.txt
create: true
marker: "# {mark} Ansible Managed Block base bc"
block: |
sys-devel/bc -static
- name: "/etc/portage/package.use/2014-06_udev.txt"
blockinfile:
dest: /etc/portage/package.use/2014-06_udev.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux static-libs crypt tty-helpers python -readline -cramfs -ncurses static
- name: "/etc/portage/package.use/2020-01_-systemd.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_-systemd.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux -systemd
- name: "/etc/portage/package.use/2021-09_-caps.txt"
blockinfile:
dest: /etc/portage/package.use/2021-09_-caps.txt
create: true
marker: "# {mark} Ansible Managed Block base util-linux"
block: |
sys-apps/util-linux -caps ncurses
- name: "/etc/portage/package.use/2013-07_40busybox.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07_40busybox.txt
create: true
marker: "# {mark} Ansible Managed Block base kmod"
block: |
sys-apps/kmod lzma
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block base elogind"
block: |
sys-auth/elogind policykit

70
tasks/Gentoo/openrc.yml Normal file
View file

@ -0,0 +1,70 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base Gentoo openrc.yml"
debug:
verbosity: 1
msg: "base Gentoo openrc.yml"
- name: "/etc/elogind/logind.conf"
lineinfile:
dest: /etc/elogind/logind.conf
regexp: '^#* *{{LOOP_ELT.name}}.*'
line: "{{ LOOP_ELT.name}}={{LOOP_ELT.val }}"
state: present
with_items:
- { name: "RuntimeDirectorySize", val: "5%" }
ignore_errors: true
loop_control:
loop_var: LOOP_ELT
- name: "/etc/portage/make.conf base Gentoo DISTDIR"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo [DISTDIR]"
block: |
DISTDIR='/usr/portage/distfiles'
- name: "/etc/portage/make.conf base Gentoo systemd USE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo systemd [USE]"
block: |
# USE="elogind -consolekit -systemd" https://forums.gentoo.org/viewtopic-t-1086878-start-0.html
# FixMe: eudev or udev
# elogind is right
USE="${USE} udev elogind libnotify -consolekit -systemd " # -ipv6
- name: "/etc/portage/package.use/2001-02_systemd.txt base Systemd libudev"
blockinfile:
dest: //etc/portage/package.use/2020-01_systemd.txt
create: yes
marker: "# {mark} Ansible Managed Block base Gentoo systemd libudev"
block: |
# The first one doesnt do it - for lvm2
virtual/libudev static-libs
>=virtual/libudev-215-r1 static-libs
>=virtual/libudev-232 static-libs
- name: "/etc/portage/package.use/2001-02_systemd.txt base Systemd eudev"
blockinfile:
dest: //etc/portage/package.use/2020-01_systemd.txt
create: yes
marker: "# {mark} Ansible Managed Block base Gentoo systemd eudev"
block: |
# required
>=sys-fs/eudev-3.1.5 static-libs
- name: "/etc/portage/package.mask/2019-07_systemd.txt"
blockinfile:
dest: /etc/portage/package.mask/2019-07_systemd.txt
create: yes
marker: "# {mark} Ansible Managed Block base systemd"
block: |
sys-apps/systemd
#https://wiki.gentoo.org/wiki/Gentoo_Without_systemd

116
tasks/Gentoo/systemd.yml Normal file
View file

@ -0,0 +1,116 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base Gentoo systemd.yml"
debug:
verbosity: 1
msg: "base Gentoo systemd.yml"
# FixMe: Ubuntu too
# https://wiki.gentoo.org/wiki/Systemd
- name: getty@tty{2,3,4,5,6}.service
shell: |
systemctl enable getty@tty{2,3,4,5,6}.service
args:
creates: "/etc/systemd/system/getty.target.wants/getty@tty6.service"
- name: "/etc/systemd/system.conf"
lineinfile:
dest: "/etc/systemd/system.conf"
mode: 0755
owner: "{{BOX_ROOT_USER}}"
group: root
create: yes
regexp: "{{ item.re }}"
line: "{{ item.to }}"
with_items:
- re: "^#*DefaultTimeoutStartSec=.*"
to: "DefaultTimeoutStartSec=180s"
- re: "^#*DefaultIOAccounting=.*"
to: "DefaultIOAccounting=yes"
- name: "/etc/systemd/logind.conf"
lineinfile:
dest: "/etc/systemd/logind.conf"
mode: 0755
owner: "{{BOX_ROOT_USER}}"
group: root
create: yes
regexp: "{{ item.re }}"
line: "{{ item.to }}"
with_items:
- re: "^#*ReserveVT.*"
to: "ReserveVT=1"
- re: "^#*KillUserProcesses.*"
to: "KillUserProcesses=no"
- re: "^#*HandlePowerKey=.*"
to: "HandlePowerKey=ignore"
- re: "^#*HandleSuspendKey=.*"
to: "HandleSuspendKey=ignore"
- re: "^#*HandleHibernateKey=.*"
to: "HandleHibernateKey=ignore"
- re: "^#*HandleLidSwitch=.*"
to: "HandleLidSwitch=ignore"
- re: "^#*HandleLidSwitchExternalPower=.*"
to: "HandleLidSwitchExternalPower=ignore"
- re: "^#*HandleLidSwitchDocked=.*"
to: "HandleLidSwitchDocked=ignore"
- re: "^#*RuntimeDirectorySize=.*"
to: "RuntimeDirectorySize=5%"
- re: "^#*HoldoffTimeoutSec=.*"
to: "HoldoffTimeoutSec=10s"
- re: "^#*IdleAction=.*"
to: "IdleAction=ignore"
- re: "^#*IdleActionSec=.*"
to: "IdleActionSec=360min"
# CONFIG_POWER_SUPPLY_DEBUG option is enabled in the kernel. The current workaround is to disable this option in the kernel, then recompile, install, and boot the new kernel.
- name: "/etc/portage/make.conf base Gentoo/systemd.yml USE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo/systemd.yml [USE]"
block: |
# USE="elogind -consolekit -systemd" https://forums.gentoo.org/viewtopic-t-1086878-start-0.html
# FixMe: or not udev
USE="${USE} udev -elogind libnotify -consolekit systemd " # -ipv6
- name: "package.use/2020-01_systemd.txt Systemd"
blockinfile:
dest: package.use/2020-01_systemd.txt
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo Systemd"
block: |
# The first one doesnt do it - for lvm2
virtual/libudev static-libs
>=virtual/libudev-232 static-libs
sys-fs/udev static-libs
virtual/udev systemd
virtual/libudev systemd
# required by virtual/libudev-232-r3::gentoo[systemd]
# required by sys-fs/lvm2-2.02.186-r2::gentoo
# required by sys-fs/cryptsetup-2.2.2::gentoo
# required by clipos-meta/clipos-sdk-5.0.0_alpha1::clipos
# required by @selected
# required by @world (argument)
sys-apps/systemd static-libs sysv-utils cryptsetup
#https://wiki.gentoo.org/wiki/Systemd
sys-fs/lvm2 -systemd udev
- name: "/etc/portage/package.mask/2019-07_systemd.txt"
blockinfile:
dest: /etc/portage/package.mask/2019-07_systemd.txt
marker: "# {mark} ANSIBLE MANAGED BLOCK base base Gentoo Systemd"
create: yes
block: |
# failsafe - should not be needed
sys-auth/elogind
sys-fs/eudev
#https://wiki.gentoo.org/wiki/Gentoo_Without_systemd
# sys-apps/openrc

1
tasks/Gentoo/sysvinit.yml Symbolic link
View file

@ -0,0 +1 @@
openrc.yml

44
tasks/Lati.yml Executable file
View file

@ -0,0 +1,44 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base Lati.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base Lati.yml env ansible_connection={{ ansible_connection|default('') }}"
- name: USB
shell: |
df /|sed -e 's/ .*//'|xargs blkid|sed -e 's/.*: LABEL="//' -e 's/".*//' -e 's/_.*//'
register: base_usb
- name: set_fact USB
set_fact:
BASE_USB: "{{base_usb.stdout}}"
- name: /etc/conf.d/dmcrypt
shell: |
sdb2=`df / | grep ^/ | sed -e 's/[0-9].*/2/'`
[ -f /etc/{{ETC_CONF_D}}/dmcrypt ] && \
[ -b $sdb2 ] && \
sed -e "s/source='LABEL=.*/source='LABEL={{BASE_USB}}_02SWAP'/" -i /etc/{{ETC_CONF_D}}/dmcrypt
[ -b $sdb2 ] && \
lb2=`swaplabel $sdb2|grep LABEL:|sed -e 's/.*: //'`
[ -n "$lb2" ] && \
[ "$lb2" = "{{BASE_USB}}_02SWAP" ] || \
swaplabel $sdb2 "{{BASE_USB}}_02SWAP"
exit 0
# FixMe: coaleasce with bootstrap cleanup
- name: pkg_resources
shell: |
# either way - make sure there is only one.
for elt in {{BASE_PYTHON2_MINOR}} {{BASE_PYTHON3_MINOR}} ; do
[ -d /usr/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue
[ -d /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue
rm -rf /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad
mv /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources/ \
/usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad
done
exit 0

2
tasks/Msys.yml Executable file
View file

@ -0,0 +1,2 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-

14
tasks/Ubuntu.yml Normal file
View file

@ -0,0 +1,14 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
# update-ca-certificates fails in Ubuntu16 with java7 but not 8
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
- name: "/etc/ca-certificates/update.d/jks-keystore.diff"
shell: |
# this is not on Gentoo or some Ubuntu16 but the directory is there - 0 or 2 ?
[ -f /etc/ca-certificates/update.d/jks-keystore ] || exit 0
[ -f /etc/ca-certificates/update.d/jks-keystore.dst ] && exit 0
[ -f /etc/ca-certificates/update.d/jks-keystore.diff ] || exit 1
patch -z .dst -b /etc/ca-certificates/update.d/jks-keystore < \
/etc/ca-certificates/update.d/jks-keystore.diff
# APT::Clean-Installed off

36
tasks/ansible.yml Normal file
View file

@ -0,0 +1,36 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base ansible.yml ansible_distribution ansible_virtualization_role"
debug:
verbosity: 1
msg: "DEBUG: Including base ansible.yml {{ansible_distribution }} {{ ansible_virtualization_role|replace('NA', 'host') }}"
- set_fact:
BASE_SRC_ANSIBLE: "{{playbook_dir}}"
- block:
- name: Assemble from fragments from a directory
assemble:
src: /usr/local/etc/ansible/ansible.cfg
regexp: "cfg$"
dest: "{{BASE_SRC_ANSIBLE}}/ansible.cfg"
ignore_errors: true
when: false
delegate_to: localhost
- name: clean boostrap wheels.sh and pip.sh
shell: |
LELTS=3
[ -n "{{BOX_PYTHON2_MINOR}}" ] && LELTS="2 $LELTS"
for PYVER in $LELTS ; do
if [ -f {{ BASE_USR_LOCAL }}/bin/pip$PYVER.sh ] ; then
[ -e {{ BASE_USR_LOCAL }}/bin/python$PYVER.bash ] && \
rm -f {{ BASE_USR_LOCAL }}/bin/python$PYVER.bash
fi
done
exit 0

680
tasks/base.yml Executable file
View file

@ -0,0 +1,680 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base base.yml ansible_distribution ansible_virtualization_role"
debug:
verbosity: 1
msg: "DEBUG: Including base base.yml {{ansible_distribution }} {{ ansible_virtualization_role|replace('NA', 'host') }}"
- block:
# now unused?
- name: "set PATH env_env"
set_fact:
# all of these should now get replaced by env_env
env_env:
# PATH: "{{ PATH }}"
PYTHONPATH: ""
TERM: linux
shell_env:
# FixMe: CLARIFY - is this ONLY controller path when -c local?
#was PATH: "{{ ansible_env.PATH +':' +VAR_LOCAL +'/bin'|replace('.:', '')}}"
# PATH: "{{ PATH }}"
PYTHONPATH: ""
TERM: linux
- name: "set PATH shell_env local"
set_fact:
shell_env:
# FixMe: CLARIFY - is this ONLY controller path when -c local?
PATH: "{{ ansible_env.PATH +':' +VAR_LOCAL +'/bin'|replace('.:', '')}}"
PYTHONPATH: ""
TERM: linux
when:
- ansible_connection in ['local']
- name: "set PATH shell_env not local"
set_fact:
shell_env:
# PATH: "{{ PATH }}"
PYTHONPATH: ""
TERM: linux
when:
- ansible_connection not in ['local']
# FixMe: CLARIFY - is this ONLY controller path when -c local?
- name: lynis objects to . on the PATH and I cant find whos adding it
shell: |
# clean path checks for /var/local/bin
export PYTHONPATH=
[ -f {{USR_LOCAL}}/bin/base_clean_path.bash ] && \
bash {{USR_LOCAL}}/bin/base_clean_path.bash || echo $PATH
register: env_PATH
- name: base /usr/local/src/usr_local_src.bash
copy:
src: /usr/local/src/usr_local_src.bash
dest: /usr/local/src/usr_local_src.bash
mode: '0755'
- block:
- name: /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}}
shell: |
[ -e /usr/local/bin/base_check_site_py.bash ] || exit 0
export PYTHONPATH=''
/usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} || exit 3$?
when:
- "BASE_PYTHON3_MINOR != ''"
- name: base /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}}
shell: |
[ -e /usr/local/bin/base_check_site_py.bash ] || exit 0
export PYTHONPATH=''
/usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} || exit 2$?
when:
- "BASE_PYTHON2_MINOR != ''"
# wierd error - fails under ansible but not at the command line
rescue:
- debug:
msg: "ERROR: WTF /usr/local/bin/base_check_site_py.bash"
check_mode: false
tags:
- always
- block:
- name: get ipv6.disable=1 cmdline
shell: |
grep ipv6.disable=1 /proc/cmdline
register : base_ipv6_disable_line
failed_when: false
check_mode: false
- set_fact:
BASE_IPV6_DISABLE: 0
when: base_ipv6_disable_line is failed
- set_fact:
BASE_IPV6_DISABLE: 1
when: base_ipv6_disable_line is success
when: "BOX_IPV6_DISABLE != ''"
- name: /etc/nsswitch.conf
lineinfile:
dest: /etc/nsswitch.conf
regexp: "^{{item.name}}:.*"
line: "{{item.name}}: {{item.val}}"
state: present
with_items:
- { name: passwd, val: "compat files" }
- { name: group, val: "compat files" }
# oddball from Emacs doing a DNS lookup of hostname - force it to localhost
- name: "/etc/hosts"
shell: |
umask 022
[ ! -f /etc/hosts ] && echo "127.0.0.1 localhost {{BOX_HOST_NAME}}" >> /etc/hosts && exit 0
grep -q "^127.0.0.1.* {{BOX_HOST_NAME}}" /etc/hosts && exit 0
sed -e 's/\(127.0.0.1.* localhost\)/\1 {{BOX_HOST_NAME}}/' -i /etc/hosts
exit 0
when: BOX_HOST_NAME|default('') != ''
- name: dunno where
shell: |
[ -d /tmp/.ansible/tmp ] || mkdir -p /tmp/.ansible/tmp
chmod 1777 /tmp/.ansible/tmp
- block:
- debug:
msg: "WARN: user BOX_USER_NAME={{ BOX_USER_NAME }} cannot be root - must be unprived"
when:
- BOX_USER_NAME|default('') == 'root'
- name: setting BOX_USER_NAME to vagrant
set_fact:
# this should be seat on the command line - vagrant
BOX_USER_NAME: "vagrant"
# this should be set on the command line - /home/vagrant
BOX_USER_HOME: "/home/vagrant"
BOX_USER_GROUP: "vagrant"
# adm group 4 is the same on on Gentoo and Ubuntu -
# group 4 on Gentoo and Ubuntu is a conveience to be my group and the NTFS group
BOX_ALSO_GROUP: "adm"
when: BOX_USER_NAME|default('') == '' or BOX_USER_NAME|default('') == 'root'
- assert:
that:
- BOX_USER_NAME|default('') != 'root'
fail_msg: "ERROR: user BOX_USER_NAME={{ BOX_USER_NAME }} cannot be root - must be unprived"
- name: msg BOX_USER_HOME
debug:
msg: "BOX_USER_HOME {{ BOX_USER_HOME|default('') }}"
- name: assert BOX_USER_HOME is not null
assert:
that:
- "{{ BOX_USER_HOME|default('') != '' }}"
- block:
- name: "create adm group - optional"
group:
name: "{{ BOX_ALSO_GROUP }}"
system: yes
when: "BOX_ALSO_GROUP != ''"
- name: "create vagrant group"
group:
name: "{{ BOX_USER_GROUP }}"
# "ensure an non-priv account like vagrant exists"
# FixMe: useradd: Can't get unique subordinate UID range
# useradd: can't create subordinate user IDs
- name: "add vagrant user"
user:
name: "{{ BOX_USER_NAME }}"
group: "{{ BOX_USER_GROUP }}"
append: true
groups: ["{{ BOX_ALSO_GROUP }}"]
home: "{{ BOX_USER_HOME }}"
create_home: yes
shell: /bin/bash
#? usermod: user vagrant is currently used by process 2190
ignore_errors: true
- name: "make vagrant HOME directory"
file:
path: "{{BOX_USER_HOME}}"
state: directory
mode: 0700
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_USER_GROUP }}"
when: BOX_USER_NAME|default('') != ''
check_mode: false
- block:
- name: get passwd line
shell: |
[ -f /etc/passwd ] || exit 0
grep ^{{BOX_USER_NAME}} /etc/passwd
register : base_boxuser_passwd_line
failed_when: false
check_mode: false
- block:
- assert:
that:
- base_boxuser_passwd_line is success
fail_msg: "ERROR: user BOX_USER_NAME={{ BOX_USER_NAME }} not found in /etc/passwd"
# ansible will null this if you run user: without a home:
- assert:
that:
- "{{ base_boxuser_passwd_line.stdout.split(':')[5] != '' }}"
fail_msg: "BOX_USER_HOME is not null in /etc/passwd"
- name: BOX_USER_HOME
set_fact:
BOX_USER_HOME: "{{ base_boxuser_passwd_line['stdout'].split(':')[5] }}"
when: BOX_USER_HOME|default('') == ''
- name: msg BOX_USER_HOME
debug:
msg: "BOX_USER_HOME {{ BOX_USER_HOME|default('') }}"
- name: BOX_USER_GROUP
set_fact:
BOX_USER_GROUP: "{{ base_boxuser_passwd_line['stdout'].split(':')[3]|int }}"
when: BOX_USER_GROUP|default('') == ''
check_mode: false
when:
- BOX_USER_NAME|default('') != ''
- ansible_distribution != 'Msys'
- block:
- name: "are we connected? - old ip route default"
# FixMe: maybe change this to nmap - sometimes ICMP is blocked and its blocked by firewall.conf
# nmap -Pn -sU -p U:53 208.67.220.220 ' 0 hosts up'
# ping -n -c 1 -I "$wlan" 8.8.8.8 >/dev/null - wont work in a vbox or behind a firewall
shell: |
a=`route | grep -q ^default` || exit 1
[ - z "$a" ] && exit 2
wlan=`echo $a | sed -e 's@.* @@'` && \
ifconfig "$wlan" | grep -q UP && echo $wlan
register: wlan_up
failed_when: false
when: false
- name: "are we connected? - base_get_if.bash"
shell: |
ip route | grep -q ^default || exit 1$?
wlan=`/usr/local/bin/base_get_if.bash` || exit 3
if [ -n "$wlan" ] ; then
ifconfig "$wlan" | grep -q UP && echo $wlan || true
else
a=`route | grep ^default` && \
[ -n "$a" ] && \
wlan=`echo $a | sed -e 's@.* @@'` && \
[ -n "$wlan" ] && \
ifconfig "$wlan" | grep -q UP && \
echo $wlan
fi
register: wlan_up
failed_when: false
when: true
- name: "are we connected? - new wifi"
shell: |
ip route | grep -q ^default || exit 1$?
/usr/local/bin/proxy_ping_test.bash wifi || exit 2$?
wlan=`/usr/local/bin/base_get_if.bash`
echo $wlan
register: wlan_up_no
failed_when: false
when: false
- name: debug wlan_up
debug:
var: wlan_up
- name: "we are connected device wlan_up.stdout"
set_fact:
BASE_ARE_CONNECTED="{{ wlan_up.stdout }}"
when:
- wlan_up is success
#? - wlan_up.stdout|default("") != ""
- name: "we are connected device - unconnected n"
set_fact:
BASE_ARE_CONNECTED=""
when:
- wlan_up.rc|default(1) != 0 or wlan_up.stdout|default('') == ''
check_mode: false
when:
- BOX_OS_FAMILY != 'Windows'
- block:
- name: "we are connected device - WGate106"
set_fact:
BASE_ARE_CONNECTED=""
when:
- BOX_OS_FLAVOR|default('') == 'WGate106' or BOX_OS_FAMILY == 'Windows'
- debug:
verbosity: 1
msg: "DEBUG: BASE_ARE_CONNECTED={{BASE_ARE_CONNECTED}}"
- name: set the default route device if we are connected
set_fact:
BASE_OUTPUT_IF: "{{BASE_ARE_CONNECTED}}"
when:
- "BASE_ARE_CONNECTED != ''"
- ansible_distribution != 'Msys'
- name: set the default route device if we are not connected
set_fact:
BASE_OUTPUT_IF: "{{BASE_DEFAULT_OUTPUT_IF}}"
when:
- "BASE_ARE_CONNECTED == ''"
- ansible_distribution != 'Msys'
- block:
- name: "make /usr/local"
file:
path: "{{BASE_USR_LOCAL}}/{{item}}"
state: directory
mode: 0775
group: "{{ BOX_ALSO_GROUP }}"
with_items:
- bin
- data
- etc/testforge
- etc/ssl
- "{{LIB}}"
- lib/ruby
- lib/sysctl.d
- net/Http
- net/Git
- sbin
- share/info
- share/man/man1
- src
- var
check_mode: false
- block:
# sitecustomize is not getting made on 3.8
- name: /usr/local/bin/pyver.sh 2
shell: |
export BASE_PYTHON2_MINOR={{BASE_PYTHON2_MINOR}}
export PYVER=2
/usr/local/bin/pyver.sh
# sitecustomize is not getting made on 3.8
- name: /usr/local/bin/pyver.sh 3
shell: |
export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}}
export PYVER=3
/usr/local/bin/pyver.sh
# only site - not dist on Ubuntu?
- name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py"
shell: |
umask 0002
[ -e "{{BASE_USR_LOCAL}}/{{item}}" ] && exit 0
touch "{{BASE_USR_LOCAL}}/{{item}}"
[ "{{ansible_distribution}}" != 'Msys' ] || \
chown "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" "{{BASE_USR_LOCAL}}/{{item}}"
with_items:
- "{{LIB}}/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py"
- name: "set_fact BASE_PYVENV2_ARGS"
set_fact:
BASE_PYVENV2_ARGS: "{{ BASE_PYVENV_ARGS }} -p {{BASE_USR_LOCAL}}/bin/python2.sh --extra-search-dir={{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON2_MINOR}}/site-packages"
when:
- "BASE_PYTHON2_MINOR != ''"
- block:
- name: "set_fact BASE_PYVENV3_ARGS"
set_fact:
BASE_PYVENV3_ARGS: "{{ BASE_PYVENV_ARGS }} -p {{BASE_USR_LOCAL}}/bin/python3.sh --extra-search-dir={{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON3_MINOR}}/site-packages"
# sitecustomize is not getting made on 3.8
- name: /usr/local/bin/pyver.sh
shell: |
export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}}
export PYVER=3
/usr/local/bin/pyver.sh
# only site - not dist on Ubuntu?
- name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py"
shell: |
umask 0002
[ -e "{{BASE_USR_LOCAL}}/{{item}}" ] && exit 0
touch "{{BASE_USR_LOCAL}}/{{item}}"
[ "{{ansible_distribution}}" != 'Msys' ] || \
chown "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" "{{BASE_USR_LOCAL}}/{{item}}"
with_items:
- "{{LIB}}/python{{BASE_PYTHON3_MINOR}}/site-packages/__init__.py"
when:
- "BASE_PYTHON3_MINOR != ''"
- block:
- name: "make root log directory"
file:
path: "{{BASE_ROOT_LOG_DIR}}"
state: directory
mode: 0775
owner: "root"
group: "{{ BOX_ALSO_GROUP }}"
- name: "/etc/locale.gen"
lineinfile:
dest: "/etc/locale.gen"
mode: 0755
owner: root
group: root
create: yes
regexp: "^#* *{{item}}"
line: "{{item}}"
insertafter: EOF
with_items: "{{env_locales}}"
notify: update locales
- name: "Let vagrant su without a password /etc/sudoers"
blockinfile:
dest: /etc/sudoers
create: yes
mode: 0440
marker: "# {mark} ANSIBLE MANAGED BLOCK base"
insertafter: "## Same thing without a password"
block: |
%{{ base_sudo_group }} ALL=(ALL) NOPASSWD: ALL
when:
- "base_sudo_group != ''"
- "'insecure_sudo' in BASE_FEATURES"
# validate: /usr/sbin/visudo -cf /etc/sudoers
- name: "Let vagrant su without a password /etc/group"
user:
name: "{{ BOX_USER_NAME }}"
group: "{{ BOX_USER_GROUP }}"
shell: /bin/bash
groups:
- "{{ base_sudo_group}}"
append: true
when:
- "base_sudo_group != ''"
- "'insecure_sudo' in BASE_FEATURES"
#? msg: module (user) is missing interpreter line
ignore_errors: true
- name: "/usr/local/etc/local.d/Whonix-Lati.rc"
lineinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc
create: yes
mode: 0770
insertafter: BOF
regexp: "^#.*mode:"
line: "# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-"
- name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc
create: yes
mode: 0770
marker: "# {mark} ANSIBLE MANAGED BLOCK base initctl"
insertafter: EOF
block: |
[ ! -e /dev/initctl -a -e /run/initctl ] && ln -s /run/initctl /dev/initctl && exit 0
[ ! -e /dev/initctl ] || mknod -m=0600 /dev/initctl p
when:
- BOX_SERVICE_MGR != "systemd"
- name: "make /usr/local/lib linkx"
shell: |
dest="{{BASE_USR_LOCAL}}/{{BASE_LIB}}"
[ {{BASE_LIB}} = 'lib' ] && src="{{BASE_USR_LOCAL}}/lib64" || src="{{BASE_USR_LOCAL}}/lib"
[ -d $src ] || mkdir $src
[ -d $dest ] || mkdir $dest
cd $src || exit 1
[ -e "python{{ BASE_PYTHON2_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON2_MINOR }}" .
[ -e "python{{ BASE_PYTHON3_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON3_MINOR }}" .
# our model is that user and group adm can pip install into /usr/local
# failsafe but often required and not covered elsewhere
chown -R "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" $src/python* $dest/python*
chmod -R g+rw $src/python* $dest/python*
ignore_errors: true
when: false
- name: "make /dev/loop"
shell: |
# CONFIG_BLK_DEV_LOOP
i=-1
while [ $i -lt 16 ] ; do
i=$( expr $i + 1 )
[ -e /dev/loop$i ] && continue
mknod /dev/loop$i b 7 $i
chown root.disk /dev/loop$i
chmod 660 /dev/loop$i
done
exit 0
- name: "make /usr/local/var 1777 dirs"
file:
path: "{{BASE_USR_LOCAL}}/{{item}}"
state: directory
mode: 01777
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_ALSO_GROUP }}"
with_items:
- var/cache
- var/log
- var/tmp
- tmp
check_mode: false
- name: base /usr/local/src/usr_local_base.bash
copy:
src: /usr/local/src/usr_local_base.bash
dest: /usr/local/src/usr_local_base.bash
mode: '755'
# FixMe: change this to a user.yml; this should be run as vagrant and per sytem_user
- name: "/usr/local/src/usr_local_base.sh"
shell: |
umask 0002
{{BASE_USR_LOCAL}}/src/usr_local_base.bash
args:
chdir: "{{BASE_USR_LOCAL}}/src"
become: yes
become_user: "{{ BOX_USER_NAME }}"
# FixME:
ignore_errors: true
when:
- not ansible_check_mode
- name: "base base {{ansible_distribution}}"
# roles/base/tasks/
include_tasks: base_{{ansible_distribution}}.yml
- name: "make mountpoint dirs"
shell: |
umask 0022
for elt in {{BOX_HOST_CONTAINER_MOUNTS|join(' ')}} ; do
df | grep -q " $elt$" && continue
[ -d $elt/tmp ] && continue
[ -d $elt ] && continue
mkdir $elt
done
exit 0
when: "BOX_HOST_CONTAINER_MOUNTS|default([])|length > 0"
# this should be run as root? no?
- name: "/usr/local/src/usr_local_python.bash"
shell: |
umask 0002
{{BASE_USR_LOCAL}}/src/usr_local_python.bash
args:
chdir: "{{BASE_USR_LOCAL}}/src"
creates:
- "{{BASE_USR_LOCAL}}/bin/python2.sh"
- "{{BASE_USR_LOCAL}}/bin/python3.sh"
become: yes
become_user: "{{ BOX_USER_NAME }}"
# FixMe: pip doesnt buy this
- name: "make /usr/local/net/Cache/Pip"
file:
path: "{{BASE_USR_LOCAL}}/{{item}}"
state: directory
# pip doesnt buy this - 01777
mode: 0775
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_ALSO_GROUP }}"
with_items:
- net/Cache/Pip
# could be a symlink
ignore_errors: true
- name: "make home dirs"
file:
path: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
state: directory
mode: "{{ item.mode }}"
with_items:
- {dest: "{{BOX_USER_HOME}}/etc/ssl/keys", owner: "{{ BOX_USER_NAME }}", group: "{{ BOX_ALSO_GROUP }}", mode: "0700" }
- {dest: "/root/etc/ssl/keys", owner: "root", group: "root", mode: "0700" }
- {dest: "{{BOX_USER_HOME}}/bin", owner: "{{ BOX_USER_NAME }}", group: "{{ BOX_ALSO_GROUP }}", mode: "0755" }
- {dest: "{{BASE_SCRIPT_DIR}}", owner: "root", group: "root", mode: "0755" }
- name: "/etc/wgetrc - needs coordinating with BASE_WGET_ARGS"
blockinfile:
dest: /etc/wgetrc
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base"
block: |
timestamping = on
tries = 2
# man wget Using --ca-directory is more efficient than --ca-certificate with many certificates
#? Should we --ca-certificate={{PLAY_CA_CERT}} instead of default --ca-directory=/etc/ssl/certs/
# link it as a backup but it may get removed
# figure out how to extend apt and ansible's cert paths
# 'Failed to validate the SSL certificate for sourceforge.net443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible.
- name: "make SSL_CERT_FILE link"
file:
src: "{{ SSL_CERT_FILE }}"
dest: "/etc/ssl/certs/cacert-testserver.pem"
state: link
force: no
when: false
# https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/GnuPG
# keys.indymedia.org HKP (11371), HTTPS (443), HKPS (443), HTTP (80) qtt2yl5jocgrk7nu.onion 2eghzlv2wwcq7u7y.onion HTTPS (443), HTTP (80), HKP (11371) HKP (11371), HTTP (80)
# {{ groups['x']|map('extract', hostvars, 'ec2_ip_address')|list }}
# A frequently used idiom is walking a group to find all IP addresses in that group:
# {% for host in groups['app_servers'] %}
# {{ hostvars[host]['ansible_eth0']['ipv4']['address'] }}
# {% endfor %}
# old base
- name: "/etc/localtime"
shell: |
BASE_timezone="{{ BASE_TIMEZONE|default('Etc/UTC') }}"
[ -f "/usr/share/zoneinfo/$BASE_timezone" ] || exit 0
[ -e /etc/localtime ] && exit 0
ln -s /usr/share/zoneinfo/$BASE_timezone /etc/localtime
ignore_errors: true
- name: "/etc/BASE_timezone"
copy:
content: "{{ BASE_TIMEZONE|default('Etc/UTC') }}\n"
dest: "/etc/timezone"
- name: "setup hwclock"
template:
src: "hwclock.j2"
dest: "/etc/{{ETC_CONF_D}}/hwclock"
owner: "{{BASE_ROOT_USER}}"
mode: 0644
force: no
# unfinished
when: false
when:
- ansible_distribution != 'Msys'

28
tasks/base_Debian.yml Executable file
View file

@ -0,0 +1,28 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base Debian.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base Debian.yml"
- name: "set_fact OS flavour"
set_fact:
# ansible_facts
BOX_OS_FLAVOR: "{{ansible_distribution_release}}"
- name: "dont make apt install start servives, to be like Gentoo"
set_fact:
apt_env:
RUNLEVEL: 1
- name: "apt-get update"
apt:
force_apt_get: true
update_cache: true
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- false
- "BASE_ARE_CONNECTED != ''"

28
tasks/base_Devuan.yml Executable file
View file

@ -0,0 +1,28 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base Debian.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base Debian.yml"
- name: "set_fact OS flavour"
set_fact:
# ansible_facts
BOX_OS_FLAVOR: "{{ansible_distribution_release}}"
- name: "dont make apt install start servives, to be like Gentoo"
set_fact:
apt_env:
RUNLEVEL: 1
- name: "apt-get update"
apt:
force_apt_get: true
update_cache: true
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- false
- "BASE_ARE_CONNECTED != ''"

159
tasks/base_Gentoo.yml Executable file
View file

@ -0,0 +1,159 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base gentoo.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base gentoo.yml"
# linuxBack52/etc/os-release:NAME="Ubuntu"
# linuxBack52/etc/os-release:PRETTY_NAME="Ubuntu 16.04.6 LTS"
# linuxBack52/etc/os-release:VERSION_CODENAME=xenial
# linuxBack52/etc/os-release:UBUNTU_CODENAME=xenial
# linuxClipos50/etc/os-release:NAME=Gentoo
# linuxClipos50/etc/os-release:PRETTY_NAME="Gentoo/Linux"
# linuxFun64/etc/os-release:NAME="Gentoo"
# linuxFun64/etc/os-release:PRETTY_NAME="Funtoo Linux"
# linuxPen19/etc/os-release:NAME=Gentoo
# linuxPen19/etc/os-release:PRETTY_NAME="Gentoo/Linux"
- name: "OS flavour"
shell: |
if [ -f /etc/os-release ] ; then
grep -qi ubuntu /etc/os-release && echo Ubuntu && exit 0
grep -qi gentoo /etc/os-release && echo Gentoo && exit 0
fi
for elt in /etc/pentoo-release \
/etc/gentoo-release ; do
for foo in Pentoo Gentoo ; do
grep -q ^$foo $elt && echo $foo && exit 0
done
done
exit 1
register: base_os_flavour
when:
- not ansible_check_mode
- BOX_OS_FLAVOR|default('') == ''
- name: "set_fact OS flavour"
set_fact:
BOX_OS_FLAVOR: "{{base_os_flavour.stdout}}"
when:
- not ansible_check_mode
- BOX_OS_FLAVOR|default('') == ''
- name: "set_fact OS flavour default Gentoo"
set_fact:
BOX_OS_FLAVOR: "Gentoo"
when:
- ansible_check_mode or BOX_OS_FLAVOR|default('') == ''
# have to install sudo
- block:
- name: "make /etc/portage dirs"
file:
path: "/etc/portage/{{item}}"
state: directory
mode: 0755
with_items:
#? make.profile
- package.accept_keywords
- package.license
- package.mask
- package.unmask
- package.use
- postsync.d
- profile
- repo.postsync.d
- repos.conf
- savedconfig
- name: "make /usr/portage dirs"
file:
path: "/usr/portage/{{item}}"
state: directory
mode: 0755
with_items:
- distfiles
- packages
- metadata
when:
- "ansible_distribution == 'Gentoo'"
- name: clean /etc/profile
shell: |
umask 0022
[ -f /etc/profile.dst ] && exit 0
mv /etc/profile /etc/profile.dst
grep -v ^alias /etc/profile.dst > /etc/profile
args:
creates: "/etc/profile.dst"
- name: /etc/python-exec/python-exec.conf
blockinfile:
dest: /etc/python-exec/python-exec.conf
create: no
marker: "# {mark} ANSIBLE MANAGED BLOCK base base_Gentoo.yml"
insertafter: '.*Note:.*'
block: |
python{{BASE_PYTHON3_MINOR}}
# python{{BASE_PYTHON2_MINOR}}
- name: /etc/python-exec/python3.conf
shell: |
umask 0022
[ -f /etc/python-exec/python-exec.conf ] || exit 1
cd /etc/python-exec || exit 2
[ -f python2.conf ]|| grep -v ^python3 python-exec.conf > python2.conf
[ -f python3.conf ]|| grep -v ^python2 python-exec.conf > python3.conf
for PYVER in 2 3 ; do
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
grep -q $PYTHON_MINOR python$PYVER.conf || \
echo $PYTHON_MINOR >> python$PYVER.conf
cat /usr/local/etc/python-exec/python$PYVER-*.lis | while read file ; do
[ -e $file.conf ] && continue
ln -s python$PYVER.conf $file.conf
done
done
exit 0
args:
chdir: /etc/python-exec
- name: "stat /etc/conf.d/hostname"
stat:
path: "/etc/{{ETC_CONF_D}}/hostname"
register: base_hostname_ini_exists
- block:
- name: /etc/conf.d/hostname
blockinfile:
dest: /etc/{{ETC_CONF_D}}/hostname
create: no
marker: "# {mark} ANSIBLE MANAGED BLOCK base base_Gentoo.yml"
block: |
hostname="{{BOX_HOST_NAME}}"
when: not base_hostname_ini_exists.stat.exists and BOX_HOST_NAME|default('') != ''
# was in base but it uses portage
- name: "patch /usr/local/"
shell: |
for ver in python{{BASE_PYTHON3_MINOR}} python{{BASE_PYTHON2_MINOR}} ; do
[ -d /usr/lib/portage/python${ver}/ ] || continue
find /usr/lib/portage/python${ver}/ -type f -perm 775 -o -perm 755 | \
grep -v '\.pyo\|\.pyc\|\.dst' | while read file ; do
grep -q "PORTAGE_PYTHON:-/usr/bin/python${ver}" $file && continue
[ -e $file.dst ] || cp -pi $file $file.dst
sed -e "s@PORTAGE_PYTHON:-/usr/bin/python}@PORTAGE_PYTHON:-/usr/bin/python${ver}}@" -i $file
done
done
exit 0
when:
- ansible_distribution == 'Gentoo'

32
tasks/base_Ubuntu.yml Executable file
View file

@ -0,0 +1,32 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base Ubuntu.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base Ubuntu.yml"
- name: "set_fact OS flavour"
set_fact:
# ansible_facts
BOX_OS_FLAVOR: "{{ansible_distribution_release}}"
- name: "oddball Ubuntu14 VM is coming up with ifconfig lo up but no route"
shell: |
ip route | grep -v grep | grep -q 'lo$' || ip route add 127.0.0.0/8 dev lo scope host
# FixMe: Breaks in a Docker container
ignore_errors: true
- name: "dont make apt install start servives, to be like Gentoo"
set_fact:
apt_env:
RUNLEVEL: 1
- name: "apt-get update"
apt:
force_apt_get: true
update_cache: true
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when: false

169
tasks/base_proxy.yml Executable file
View file

@ -0,0 +1,169 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base base_proxy.yml BOX_OS_FLAVOR={{BOX_OS_FLAVOR}}"
debug:
# verbosity: 1
msg: "base base_proxy.yml http_proxy={{http_proxy}} https_proxy={{https_proxy}} socks_proxy={{socks_proxy}}"
- name: make sure that we can override pip and keep it from installing things
set_fact:
null_proxy_env:
http_proxy: "http://127.0.0.1:9999"
https_proxy: "http://127.0.0.1:9999"
socks_proxy: "socks5://127.0.0.1:9999"
ftp_proxy: "socks5://127.0.0.1:9999"
no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost') }}"
SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}"
RSYNC_PROXY: "127.0.0.1:9999"
TERM: linux
- block:
- debug:
msg: "INFO: Overriding proxy values with the environment variables - ansible_connection={{ansible_connection}}"
- name: These are filled in from the environment in ['local', 'chroot']
set_fact:
http_proxy: "{{ lookup('env', 'http_proxy')|default('') }}"
https_proxy: "{{ lookup('env', 'https_proxy')|default('') }}"
socks_proxy: "{{ lookup('env', 'socks_proxy')|default('') }}"
ftp_proxy: "{{ lookup('env', 'ftp_proxy')|default('') }}"
no_proxy: "{{ lookup('env', 'no_proxy')|default('127.0.0.1,localhost') }}"
# CORP_NTLM_PROXY usually comes from QeRcUser.yaml because of the need for a username/password and domain
- name: make sure that we can override and reset proxy_env from the playbook
set_fact:
proxy_env:
# hostvars[inventory_hostname]['http_proxy']
http_proxy: "{{ http_proxy }}"
https_proxy: "{{ https_proxy }}"
socks_proxy: '{{ socks_proxy }}'
ftp_proxy: '{{ ftp_proxy }}'
no_proxy: '{{ no_proxy }}'
RSYNC_PROXY: "{{ http_proxy|replace('http://', '') }}"
TERM: linux
# Starting rsync with rsync://89.238.71.6/gentoo-portage
when:
# FixMe: this may be bogus - our guest may be very different?
- ansible_connection|default('') in ['local', 'chroot']
- block:
- debug:
msg: "INFO: Overriding proxy values with the external - ansible_connection={{ansible_connection}}"
- name: These are filled in from the /etc/hosts in ['libvirt_qemu']
delegate_to: localhost
shell: |
IP=`ifconfig |grep -A1 wlan|grep inet|sed -e 's/.*inet //' -e 's/ .*//'`
# we may not be connected
if [ $? -ne 0 ] || [ -z "$IP" ] ; then
IP=`grep -q " external" /etc/hosts | sed -e 's/ .*//'`
fi
echo $IP
register: external_out
- name: set the proxies from the external
set_fact:
# these ports should come from the host env
http_proxy: "http://{{external_out.stdout}}:3128"
https_proxy: "http://{{external_out.stdout}}:9128"
socks_proxy: "socks5://{{external_out.stdout}}:9050"
ftp_proxy: "socks5://{{external_out.stdout}}:3128"
# this network should come from inventory
no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost,10.0.2.0/24') }}"
SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}"
RSYNC_PROXY: "{{external_out.stdout}}:3128"
when:
- external_out.rc|default(1) == 0
- external_out.stdout|default('') != ''
# box mode is tor or
check_mode: false
when:
- ansible_connection|default('') in ['libvirt_qemu']
- name: "base base_proxy.yml proxy_env"
debug: var=proxy_env
- name: "set HTTP_PROXY '{{http_proxy}}'"
set_fact: HTTP_PROXY='{{http_proxy}}'
- name: "set HTTP_PROXYPORT HTTP_PROXYHOST HTTP_PROXYTYPE defaults"
set_fact: HTTP_PROXYPORT="" HTTP_PROXYHOST="" HTTP_PROXYTYPE="http"
- name: "set HTTPS_PROXY '{{https_proxy}}'"
set_fact: HTTPS_PROXY='{{https_proxy}}'
- name: "set HTTPS_PROXYPORT HTTPS_PROXYHOST HTTPS_PROXYTYPE defaults"
set_fact: HTTPS_PROXYPORT="" HTTPS_PROXYHOST="" HTTPS_PROXYTYPE="http"
- name: "set SOCKS_PROXY '{{socks_proxy}}'"
set_fact: SOCKS_PROXY="{{socks_proxy}}"
- name: "set SOCKS_PROXYPORT SOCKS_PROXYHOST SOCKS_PROXYTYPE defaults"
set_fact: SOCKS_PROXYPORT="" SOCKS_PROXYHOST="" SOCKS_PROXYTYPE="socks5"
# no_proxy in the environment of the call of ansible-playbook is used
# we set a big default even for people not using a proxy, which is harmless
- name: "set NO_PROXY '{{no_proxy}}'"
set_fact:
NO_PROXY: '{{no_proxy}}'
- name: "set NTLM_PROXYPORT NTLM_PROXYHOST NTLM_PROXYTYPE defaults"
set_fact:
NTLM_PROXYPORT: ""
NTLM_PROXYTYPE: ""
NTLM_PROXYHOST: ""
- block:
- name: set NTLM_PROXYPORT NTLM_PROXYHOST NTLM_PROXYTYPE from CORP_NTLM_PROXY="{{ CORP_NTLM_PROXY }}"
set_fact: >
NTLM_PROXYPORT="{{ CORP_NTLM_PROXY.
split(':') | last }}"
NTLM_PROXYTYPE="{{ CORP_NTLM_PROXY.split(':') | first }}"
NTLM_PROXYHOST="{{ CORP_NTLM_PROXY.replace('http://', '').split(':') | first }}"
when: CORP_NTLM_PROXY|default('') != ''
# we will override HTTP_PROXY with cntlm later when we know its running
- block:
- name: "set HTTP_PROXYPORT HTTP_PROXYHOST HTTP_PROXYTYPE"
set_fact: >
HTTP_PROXYPORT="{{ HTTP_PROXY.split(':') | last }}"
HTTP_PROXYTYPE="{{ HTTP_PROXY.split(':') | first }}"
HTTP_PROXYHOST="{{ HTTP_PROXY.replace('http://', '').split(':') | first }}"
when: "HTTP_PROXY != ''"
- name: "set HTTPS_PROXYPORT HTTPS_PROXYHOST HTTPS_PROXYTYPE"
set_fact: >
HTTPS_PROXYPORT="{{ HTTPS_PROXY.split(':') | last }}"
# one of http https
HTTPS_PROXYTYPE="{{ HTTPS_PROXY.split(':') | first }}"
HTTPS_PROXYHOST="{{ HTTPS_PROXY.replace('http://', '').replace('https://', '').split(':') | first }}"
when: "HTTPS_PROXY != ''"
- name: "set SOCKS_PROXYPORT SOCKS_PROXYHOST SOCKS_PROXYTYPE"
set_fact: >
SOCKS_PROXYPORT="{{ SOCKS_PROXY.split(':') | last }}"
# one of http socks
SOCKS_PROXYTYPE="{{ SOCKS_PROXY.split(':') | first }}"
# FixMe: parse user pass
SOCKS_PROXYHOST="{{ SOCKS_PROXY.replace('socks4://', '').replace('socks5://', '').replace('socks5h://', '').split(':') | first }}"
when: "SOCKS_PROXY != ''"
when: CORP_NTLM_PROXY|default('') == ''
- set_fact:
shell_proxy_env: "{{ proxy_env | ansible.builtin.combine(shell_env) }}"
shell_no_proxy_env: "{{ shell_env }}"
- set_fact:
portage_proxy_env: "{{ shell_proxy_env }}"
pip_proxy_env: "{{ shell_proxy_env }}"

264
tasks/bootstrap.yml Executable file
View file

@ -0,0 +1,264 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base bootstrap.yml inventory_hostname"
debug:
verbosity: 1
msg: "DEBUG: Including bootstrap bootstrap.yml"
# have to install sudo
# N.B. raw or delegate_to: localhost only until bootstrap is complete!!!
- name: boostrap bootstrap_chroot_kicksecure.bash
shell: |
/usr/local/sbin/bootstrap_chroot_kicksecure.bash
args:
creates: /usr/local/etc/ssl/cacert-testforge.pem
delegate_to: localhost
when:
- ansible_connection|default('') == 'chroot'
- inventory_hostname == 'linuxKick150154'
- ansible_remote_addr != ''
check_mode: false
# cache='none' io='native'
- name: bootstrap env
set_fact:
proxy_env:
TERM: "linux"
shell_env:
TERM: "linux"
- block:
- name: bin/update_chroot.bash
shell: |
root="{{ ansible_remote_addr }}"
[ -n "$root" ] || \
{ echo "ERROR: ansible_remote_addr is undefined" ; exit 1 ; }
[ -d "$root/" ] || \
{ echo "ERROR: directory not found: $root" ; exit 2 ; }
if [ -x {{VAR_LOCAL}}/sbin/update_chroot.bash ]; then
{{VAR_LOCAL}}/sbin/update_chroot.bash "$root/" pwd || \
{ echo ERROR: {{VAR_LOCAL}}/sbin/update_chroot.bash $root/ pwd $? ; exit 3 ; }
elif [ -x /usr/local/sbin/base_chroot.bash ]; then
/usr/local/sbin/base_chroot.bash "$root/" pwd || \
{ echo ERROR: /usr/local/sbin/base_chroot.bash "$root/" pwd $? ; exit 4 ; }
fi
i=$( df -a | sed -e 's/.* //'| sort -u | grep -c "$root" )
if [ $i -lt 3 ] ; then
echo "WARN: first run to establish bind mounts - bin/update_chroot.bash $root"
fi
exit 0
# FixMe: 3 stderr: '/usr/bin/env: a: No such file or directory'
ignore_errors: true
- name: "mount mountpoint dirs"
shell: |
df -a | grep -q {{item}} || \
mount -o bind {{item}} {{ansible_remote_addr}}/{{item}}
exit 0
args:
creates: "{{ansible_remote_addr}}/{{item}}"
with_items: "{{BASE_HOST_CONTAINER_MOUNTS|default([])}}"
when: "BASE_HOST_CONTAINER_MOUNTS|default([])|length > 0"
delegate_to: localhost
when:
- ansible_connection|default('') == 'chroot'
- ansible_remote_addr != ''
check_mode: false
- name: boostrap bootstrap_proxy.bash
raw: |
export TERM=linux
export http_proxy="{{ http_proxy }}"
export https_proxy="{{ https_proxy }}"
export socks_proxy="{{ socks_proxy }}"
export no_proxy="{{no_proxy}}"
{{lookup('file', BASE_SCRIPT_DIR+'/bootstrap_proxy.bash')}}
# >> {{ BASE_USR_LOCAL }}/tmp/bootstrap_proxy.log 2>&1 || exit 3
exit 0
args:
executable: /bin/bash
chdir: "{{ BASE_USR_LOCAL }}/"
when:
# FixMe: figure something better than wgetrc - /etc/apt/conf.d - not needed on kicksecure
- http_proxy != "" and https_proxy != ""
check_mode: false
ignore_errors: true
- name: boostrap bootstrap_wheels.bash
copy:
src: /usr/local/sbin/bootstrap_wheels.bash
dest: /usr/local/sbin/bootstrap_wheels.bash
mode: '0755'
- name: boostrap bootstrap_wheels.bash raw
script: "{{BASE_SCRIPT_DIR+'/bootstrap_wheels.bash'}}"
# "{{lookup('file', BASE_SCRIPT_DIR+'/bootstrap_wheels.bash')}}"
# >> {{ BASE_USR_LOCAL }}/tmp/bootstrap_wheels.log 2>&1 || exit 3
args:
executable: /bin/bash
chdir: "{{ BASE_USR_LOCAL }}/"
creates: "{{ BASE_USR_LOCAL }}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz"
when:
- not ansible_check_mode
check_mode: false
ignore_errors: true
- name: /etc/hostname
raw: grep -q localhost /etc/hostname && echo {{inventory_hostname}} > /etc/hostname || true
when:
- ansible_distribution in ['Ubuntu', 'Debian', 'Devuan']
ignore_errors: true
check_mode: false
- name: "stat {{ BASE_USR_LOCAL }}/bin/python3.sh"
stat:
path: "{{ BASE_USR_LOCAL }}/lib/python{{BASE_PYTHON3_MINOR}}/site-packages/pip/__init__.py"
register: base_python3_sh_exists
when:
- not ansible_check_mode
check_mode: false
- name: boostrap bootstrap_pip_ansible.sh
# $https_proxy = http://localhost:9999 to prevent downloads - not
shell: |
cd "{{ BASE_USR_LOCAL }}"
export PYTHONPATH=''
export BOX_UBUNTU16_VAR_APT_ARCHIVES="{{BOX_UBUNTU16_VAR_APT_ARCHIVES|default('') }}"
export BOX_UBUNTU16_VAR_APT_ARCHIVES="{{ BOX_UBUNTU16_VAR_APT_ARCHIVES|default('') }}"
export BOX_DEBIAN10_VAR_APT_ARCHIVES="{{ BOX_UBUNTU16_VAR_APT_ARCHIVES|default('') }}"
export BOX_GENTOO_DISTFILES_ARCHIVES="{{ BOX_GENTOO_DISTFILES_ARCHIVES|default('') }}"
export BOX_BOXUSER_PIP_CACHE="{{ BOX_BOXUSER_PIP_CACHE }}"
export BOX_ROOT_PIP_CACHE="{{ BOX_ROOT_PIP_CACHE }}"
export PLAY_PIP_CERT="{{ PLAY_CA_CERT }}"
export LOG_DIR="{{ BASE_USR_LOCAL }}/tmp"
export BASE_USER_NAME="{{ BASE_USER_NAME }}"
export BASE_USER_HOME="{{ BASE_USER_HOME }}"
export BASE_ALSO_GROUP="{{ BASE_ALSO_GROUP }}"
export http_proxy="{{ http_proxy }}"
export https_proxy="{{ https_proxy }}"
export socks_proxy="{{ socks_proxy }}"
export no_proxy="{{no_proxy}}"
ls {{BASE_SCRIPT_DIR}}
{{BASE_SCRIPT_DIR+'/bootstrap_pip_ansible.bash'}}
# "{{lookup('file', BASE_SCRIPT_DIR+'/bootstrap_pip_ansible.bash')}}"
# >> {{ BASE_USR_LOCAL }}/tmp/bootstrap_pip_ansible.log 2>&1 || exit 3
exit 0
when:
- not ansible_check_mode
- not base_python3_sh_exists.stat.exists
- false
#hangs
register: bootstrap_pip
#? check_mode: false
- name: rc boostrap wheels.sh and ansible.sh
debug:
msg: "WARN: boostrap wheels.sh and ansible.sh FAILED - {{bootstrap_pip.stdout}} - {{ bootstrap_pip.stderr}}"
when:
- not ansible_check_mode
- bootstrap_pip is failed
ignore_errors: true
# N.B. raw or delegate_to: localhost only until bootstrap is complete!!!
- name: test boostrap wheels.sh
shell: |
LELTS=""
PYVER=3
if [ -f {{ BASE_USR_LOCAL }}/bin/python$PYVER.sh ] ; then
{{ BASE_USR_LOCAL }}/bin/python$PYVER.sh --version || exit 2$PYVER$?
fi
exit 0
- block:
- name: "make /etc/portage dirs"
file:
path: "/etc/portage/{{item}}"
state: directory
mode: 0755
with_items:
#? make.profile
- package.accept_keywords
- package.license
- package.mask
- package.unmask
- package.use
- postsync.d
- profile
- repo.postsync.d
- repos.conf
- savedconfig
- sets
# really bootstrap
# - include_tasks: Gentoo/Funtoo/portage.yml
when:
- "ansible_distribution == 'Gentoo'"
- block:
- name: "make /mnt mountpoints"
# maybe prologue
shell: |
[ -d /mnt ] || mkdir /mnt || exit 1
for elt in {{ BASE_HOST_CONTAINER_MOUNTS|join(' ') }} ; do
[ -d $elt ] || mkdir $elt
done
exit 0
# with_items: "{{ BASE_HOST_CONTAINER_MOUNTS }}"
when: BASE_HOST_CONTAINER_MOUNTS|default([])|length > 0
- name: HOST_MOUNT_SYMLINKS
shell: |
{% for elt in HOST_MOUNT_SYMLINKS %}
[ -h {{ elt.to }} ] && continue
[ -d {{ elt.to }} ] && echo "WARN: {{ elt.to }} exists as a directory" && continue
parent=`dirname {{ elt.to }}`
[ -d $parent ] || mkdir -p $parent
#? -h-e
[ -h {{ elt.to }} ] || \
ln -s {{ elt.from }} {{ elt.to }}
{% endfor %}
# FixMe:
ignore_errors: true
when:
- HOST_MOUNT_SYMLINKS|default([])|length > 0
# actually the condition is weaker: anything with mounts - sshfs vagrant/virtualbox kvm? lxd?
- BASE_HOST_CONTAINER_MOUNTS|default([])|length > 0
# FixMe: make this a box_command for use with packer
- name: HOST_MOUNT_SYMLINK_CONTENTS
shell: |
{% for elt in HOST_MOUNT_SYMLINK_CONTENTS %}
[ -n "{{ elt.to }}" ] || continue
[ -d "{{ elt.to }}" ] || mkdir -p "{{ elt.to }}"
find -L "{{ elt.to }}" -type f -delete
for file in "{{ elt.from }}/"* ; do
[ -e "$file" ] || continue
[ -d "$file" ] && continue
base=`basename "$file"`
[ -e "{{ elt.to }}/$base" ] && continue
ln -s "$file" "{{ elt.to }}"
done
{% endfor %}
exit 0
when:
- HOST_MOUNT_SYMLINK_CONTENTS|default({})|length > 0
# FixMe:
ignore_errors: true
when:
# actually the condition is weaker: anything with mounts - sshfs vagrant/virtualbox kvm? lxd?
- BASE_HOST_CONTAINER_MOUNTS|default([])|length > 0

186
tasks/clipos.yml Normal file
View file

@ -0,0 +1,186 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base clipos.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base clipos.yml ansible_remote_addr={{ ansible_remote_addr|default('') }}"
- block:
# FixMe: hardcode and dups HOST_MOUNT_SYMLINKS
- name: "/mnt/src/"
shell: |
[ -e /mnt/o/net/Lfs/github.com/clipos/src/portage ] || exit 0
[ -e /mnt/src ] || mkdir /mnt/src
for elt in gentoo clipos ; do
[ -h /mnt/src/portage $elt ] && continue
[ -d /mnt/o/net/Lfs/github.com/clipos/src/portage/$elt ] || continue
ln -s /mnt/o/net/Lfs/github.com/clipos/src/portage/$elt /mnt/src/portage/$elt
done
exit 0
when:
- ansible_remote_addr|default('') == '/mnt/linuxClipos50'
- block:
- name: download CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR
shell: |
[ -z "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" ] || { echo "ERROR: CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR if undefined" ; exit 1 ; }
[ -d "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" ] || mkdir -p "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}"
cd "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" || exit 3
for file in {{CHROOT_CLIPOS_DAILY_DOWNLOAD_FILES}} SHA256SUMS ; do
[ -f $file ] && continue
"{{ BASE_ARE_CONNECTED }}" == '' && continue
echo "INFO: downloading {{ CHROOT_CLIPOS_DAILY_DOWNLOAD_URL }}/$file"
wget -c {{ BASE_WGET_ARGS }} {{ CHROOT_CLIPOS_DAILY_DOWNLOAD_URL }}/$file || exit 3
done
exit 0
args:
creates: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR|default('') }}/qemu.tar.zst"
- name: sha265 CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR
shell: |
cd "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" || exit 3
for file in {{CHROOT_CLIPOS_DAILY_DOWNLOAD_FILES}} ; do
[ -f $file.sha256 ] && continue
sha256sum $file > $file.sha256
grep `cat $file.sha256|sed -e 's/ .*//'` SHA256SUMS || \
{ echo "ERROR: checksum failed for {{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}/$file.sha256" ; exit 4 ; }
echo "DEBUG: checksum passed for {{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}/$file.sha256"
done
for file in *.tar.zst ; do
base=`basename $file .zst`
[ -f $base ] && continue
zstdcat $file > $base >/dev/null
done
for file in *.tar ; do
[ -f $file.lis ] && continue
tar tvf $file > $file.lis >/dev/null
done
exit 0
args:
creates: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR|default('') }}/qemu.tar.zst.sha256"
- name: core_bundle.tar
shell: |
cd "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" || exit 3
[ ! -f out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar ] || \
[ -f out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar.lis ] || \
tar xfv out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar \
> out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar.lis
# out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar.lis
# core_pkgs.tar
# cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/core/binpkgs/
# efiboot_bundle.tar
# out/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/efiboot/bundle/efipartition.tar
# qemu.tar.lis
# clipos_{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}_qemu/main.qcow2
exit 0
args:
chdir: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}"
creates: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR|default('') }}/qemu.tar.zst.sha256"
- name: core_pkgs.tar
shell: |
chroot_dir="{{ ansible_remote_addr }}"
[ -d $chroot_dir/usr/portage/packages ] || mkdir -p $chroot_dir/usr/portage/packages
tar xvkf core_pkgs.tar --strip-components=5 -C $chroot_dir/usr/portage/packages
args:
chdir: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}"
creates: "{{ ansible_remote_addr }}/usr/portage/packages/Packages"
# Is this the live layout?
- name: sdk.tar.lis
shell: |
cd "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}" || exit 1
[ -e cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs ] || \
tar xvf sdk.tar
[ -e cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs.lis ] || \
unsquashfs -l -n cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs \
> cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs.lis
args:
creates: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR|default('') }}/cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs.lis"
- name: unsquash stage3
shell: |
chroot_dir="{{ ansible_remote_addr }}"
[ -d ] || { echo "ERROR: directory not found: {{ ansible_remote_addr }}" ; exit 2 ; }
file="cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs"
[ -f "$file" ] || { echo "ERROR: file not found: $file" ; exit 3 ; }
unsquashfs -i -d $chroot_dir -n cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/sdk/rootfs.squashfs || exit 4
args:
chdir: "{{ CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR }}"
creates: "{{ ansible_remote_addr }}/etc/gentoo-release"
when: false
- name: /usr/src/linux
shell: |
chroot_dir="{{ ansible_remote_addr }}"
[ -d $chroot_dir/usr/src/linux ] || exit 0
[ -d $chroot_dir/usr/src ] || mkdir $chroot_dir/usr/src || exit 1
cp -rip {{ CHROOT_CLIPOS_LFS_DOWNLOAD_DIR }}src/external/linux/ $chroot_dir/usr/src/linux
args:
creates: "{{ ansible_remote_addr }}/usr/src/linux"
when: CHROOT_CLIPOS_LFS_DOWNLOAD_DIR|default('') != ''
- name: CHROOT_CLIPOS_PACKAGES_TBZ2
shell: |
chroot_dir="{{ ansible_remote_addr }}"
[ -d $chroot_dir/usr/src/linux ] || exit 0
[ -d /root/var/tmp/{{date_dash}} ] || mkdir -p /root/var/tmp/{{date_dash}} || exit 1
cd /root/var/tmp/{{date_dash}} || exit 2
for elt in {{ CHROOT_CLIPOS_PACKAGES_TBZ2|join(' ') }} ; do
base=`basename $elt`
if [ $base = $elt ] ; then
python{{ BASE_PYTHON3_MINOR }} `which emerge` -vb $elt >> $base.log 2>&1
else
python{{ BASE_PYTHON3_MINOR }} `which emerge` -vb $elt >> $base.log 2>&1
fi
done
exit 0
args:
creates: "{{ ansible_remote_addr }}/usr/src/linux/.config"
# "{{ ansible_remote_addr }}/boot/vmlinux"
when: "CHROOT_CLIPOS_PACKAGES_TBZ2|default([])|length > 0"
# FixMe:
# products/clipos/sdk/scripts/setup-portage.sh
delegate_to: localhost
when:
- ansible_connection|default('') == 'chroot'
- BOX_OS_FLAVOR == "Clipos50"
- "CHROOT_CLIPOS_DAILY_DOWNLOAD_DIR|default('') != ''"
# for elt in *-*; do ls /mnt/o/Cache/linuxFun64/var/cache/portage/$elt/*.* || continue; [ -d $elt ] || mkdir $elt; ln -s /mnt/o/Cache/linuxFun64/var/cache/portage/$elt/*.* $elt; echo $file; echo $elt; done
# for elt in *-*; do ls /mnt/cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/core/binpkgs/$elt/*.* || continue; [ -d $elt ] || mkdir $elt; ln -s /mnt/cache/clipos/{{CHROOT_CLIPOS_DAILY_DOWNLOAD_VER}}/core/binpkgs/$elt/*.* $elt; echo $file; echo $elt; done
- block:
# {{ CHROOT_CLIPOS_MAKE_CONFIG|join(' ') }}
- name: "was CHROOT_CLIPOS_MAKE_CONFIG - now in make-config.bash"
shell: |
# later - we have the tbz2
chroot_dir="{{ ansible_remote_addr }}"
[ -d $chroot_dir/usr/src/linux ] || exit 0
cd $chroot_dir/usr/src/linux
[ -f .config ] && mv .config .config.dst
# bogus - using /var/local/in base
{{ VAR_LOCAL }}/bin/make-config.bash -p x86_64
args:
creates: "{{ ansible_remote_addr }}/usr/src/linux/.config"
when:
- false

89
tasks/guest_virtualbox.yml Normal file
View file

@ -0,0 +1,89 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base guest.yml"
debug:
verbosity: 1
msg: "base guest.yml"
- block:
# "SSH_CLIENT": "10.0.2.2 58858 22",
# "SSH_CONNECTION": "10.0.2.2 58858 10.0.2.15 22",
- name: "set_fact base_vagrant_ipv4_priv"
set_fact:
# ansible_interfaces | last
base_vagrant_ipv4_priv_dev: "{{ ansible_interfaces|last }}" # "enp0s8"
# Ubuntu16 private guest
# ansible_all_ipv4_addresses | last
base_vagrant_ipv4_priv_ip: "{{ ansible_all_ipv4_addresses[1] }}" # "192.168.33.10"
# ubuntu16 private host - get this on the controller:
# ifconfig | grep -a 1 vboxnet1 | sed -e 's/.*inet //' -e 's/ .*//'
# ansible_enp0s8.network is .0
base_vagrant_ipv4_priv_gw_ip: "192.168.33.1"
# base_vagrant_ipv4_priv_gw_dev: "vboxnet1"
when:
# FixMe: do we need to be connected for these networks to be up - I doubtit
- true
# FixMe:
ignore_errors: true
# modprobe would load them - we just want to look if they have been compiled
- name: "ensure kernel modules needed base_kmods_in_vbox_guest"
shell: |
grep -q "{{item}}.ko" /lib/modules/{{ansible_kernel}}/modules.dep
when:
- "item != ''"
with_items:
- "{{ base_kmods_in_vbox_guest }}"
- name: "modprobe VM modules base_kmods_in_vbox_guest"
modprobe:
name: "{{ item }}"
# "{{ 'absent' if ansible_virtualization_role|replace('NA', 'host') == 'host' else 'present'}}"
state: present
when:
- item != '' and item != []
with_items:
# ansible_virtualization_type == 'lxc'
- "{{virtualbox_kmods_in_vbox_guest if (ansible_bios_version == 'VirtualBox' or ansible_virtualization_type == 'virtualbox' ) else [] }}"
# FixMe: lookup the source
- "{{ libvirt_kmods_in_vbox_guest if ansible_virtualization_type == 'kvm' else [] }}"
# FixMe: lookup the source
- "{{ qemu_kmods_in_vbox_guest if ansible_virtualization_type == 'kvm' else [] }}"
# FixMe:
ignore_errors: true
# not usr/bin or usr/sbin - /usr/lib/openssh/sftp-server should be ok
# github.com/dustymabe/vagrant-sshfs/lib/vagrant-sshfs/synced_folder.rb
- name: "/usr/libexec/sftp-server"
file:
src: "{{ item }}"
dest: "/usr/bin/sftp-server"
state: link
force: yes
with_first_found:
- "/usr/lib/openssh/sftp-server" # Ubuntu
- "/usr/{{BASE_LIB}}/misc/sftp-server" # Gentoo
#? move to testforge not base - we are not installing apt until then
ignore_errors: true
when:
- not ansible_check_mode
- ansible_virtualization_role|replace('NA', 'host') == 'guest'
- ansible_bios_version == "VirtualBox"
- ansible_virtualization_type == 'virtualbox'
- ansible_connection != 'chroot' # redundent?
# FixMe: resolv.conf resolvconf
- name: "base /etc/resolv.conf"
blockinfile:
dest: /etc/resolv.conf.localhost
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base"
block: |
nameserver 127.0.0.1
nameserver 127.0.0.1

108
tasks/guest_whonix.yml Executable file
View file

@ -0,0 +1,108 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base _whonix.yml"
debug:
verbosity: 1
msg: "base guest_whonix.yml"
- block:
- name: /etc/whonix_firewall.d/30_whonix_gateway_default.conf
lineinfile:
dest: /etc/whonix_firewall.d/30_whonix_gateway_default.conf
regexp: "^.*{{item.val}}.*"
line: '{{ item.name }}{{ item.val }}'
state: present
with_items:
- { name: EXTERNAL_OPEN_PORTS, val: '+=" 22 "' }
- { name: EXTERNAL_OPEN_PORTS, val: '+=" 9050 "' }
- { name: EXTERNAL_OPEN_PORTS, val: '+=" 9053 "' }
- { name: EXTERNAL_OPEN_PORTS, val: '+=" 9040 "' }
## This will simply open incoming port 22 in the Whonix-Gateway firewall.
- { name: GATEWAY_ALLOW_INCOMING_SSH, val: "1" }
- name: /etc/sysctl.d/80_whonix_gateway.conf
blockinfile:
dest: /etc/sysctl.d/80_whonix_gateway.conf
create: true
marker: "# {mark} ANSIBLE MANAGED BLOCK base guest_whonix_gateway"
block: |
fs.file-max = 100000
- name: /etc/systemd/system/multi-user.target.wants/tor.service
blockinfile:
dest: /etc/systemd/system/multi-user.target.wants/tor.service
create: true
marker: "# {mark} ANSIBLE MANAGED BLOCK base guest_whonix_gateway"
insertafter: '^.Service.'
block: |
LimitNOFILE=100000
- name: /usr/local/etc/local.d/Whonix-Lati.rc
blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc
create: true
mode: 0770
marker: "# {mark} ANSIBLE MANAGED BLOCK base guest_whonix_gateway"
insertafter: '^.Service.'
block: |
#!/bin/sh
IP=`ifconfig eth0 | grep inet | sed -e 's/.*inet //' -e 's/ .*//'`
[ $? -eq 0 ] || return 1$?
[ -n "$IP" ] || return 2$?
[ -f /etc/torrc.d/99_gateway.conf ] || touch /etc/torrc.d/99_gateway.conf
grep -q "SocksPort $IP:9050" /etc/torrc.d/99_gateway.conf || \
echo "SocksPort $IP:9050" >> /etc/torrc.d/99_gateway.conf
grep -q "DNSPort $IP:9053" /etc/torrc.d/99_gateway.conf || \
echo "DNSPort $IP:9053" >> /etc/torrc.d/99_gateway.conf
grep -q "TransPort $IP:9040" /etc/torrc.d/99_gateway.conf || \
echo "TransPort $IP:9040 IsolateClientAddr IsolateClientProtocol IsolateDestA$
netstat -nlp -t inet | grep "$IP:9040" || \
systemctl --no-pager restart tor@default || exit 2$?
# systemctl --no-pager status tor@default
for elt in 22 9050 9053 9040 ; do
grep '^EXTERNAL_OPEN_PORTS.=" '$elt' "' \
/etc/whonix_firewall.d/30_whonix_gateway_default.conf || \
echo 'EXTERNAL_OPEN_PORTS+=" '$elt' "' >> \
/etc/whonix_firewall.d/30_whonix_gateway_default.conf
done
ip route | grep -q ^def && dig @$IP -p 9053 google.com
exit 0
# o /mnt/o 9p noauto,rw,trans=virtio,version=9p2000.L,cache=none 0 0
- name: guest_whonix_gateway sanity checks
shell: |
su -s /bin/sh -c '/usr/bin/tor --verify-config' debian-tor || exit 1$?
# always start this?
# /etc/systemd/system/multi-user.target.wants/vanguards.service
ip route | grep -q ^def && grep 100% /run/tor/log
when:
- BOX_OS_FLAVOR|default('') == 'WhonixGateway'
- block:
#ansible_virtualization_role|replace('NA', 'host') == 'guest'
# - BOX_OS_FLAVOR|default('') == 'WhonixWorkstation' or BOX_OS_FLAVOR|default('') == 'WhonixGateway'
- name: /etc/fstab
shell: |
for elt in {{BOX_HOST_CONTAINER_MOUNTS|join(' ')}} ; do
grep -q '\t'$elt'\t' /etc/fstab && continue
base=`basename $elt`
echo >> /etc/fstab \
"$base"' '$elt' 9p noauto,rw,trans=virtio,version=9p2000.L,cache=none 0 0'
done
exit 0
when:
- BOX_OS_FLAVOR|default('') == 'WhonixWorkstation'

171
tasks/lati.yml Normal file
View file

@ -0,0 +1,171 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "DEBUG: base lati.yml {{ansible_distribution}}"
debug:
verbosity: 1
msg: "DEBUG: Including base lati.yml {{ansible_distribution}}"
- block:
- name: "/etc/portage/make.conf base lati CPU_FLAGS_X86"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati.yml CPU_FLAGS_X86"
block: |
# The following REQUIRED_USE flag constraints are unsatisfied: ffmpeg
# cpu_flags_x86_sse? ( cpu_flags_x86_mmxext )
#CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3"
# 2021-01 The following REQUIRED_USE flag constraints are unsatisfied: opengl
# cpu_flags_x86_avx2? ( cpu_flags_x86_f16c )
#hwinfo - fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,ht,tm,pbe,syscall,nx,rdtscp,lm,constant_tsc,arch_perfmon,pebs,bts,rep_good,nopl,xtopology,tsc_reliable,nonstop_tsc,cpuid,aperfmperf,tsc_known_freq,pni,pclmulqdq,dtes64,monitor,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,sse4_1,sse4_2,movbe,popcnt,tsc_deadline_timer,aes,rdrand,lahf_lm,3dnowprefetch,epb,pti,ibrs,ibpb,stibp,tpr_shadow,vnmi,flexpriority,ept,vpid,tsc_adjust,smep,erms,dtherm,ida,arat,md_clear
CPU_FLAGS_X86="fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat md_clear"
# the above squawks with cpu_flags_x86_avx2? ( cpu_flags_x86_f16c )
#CPU_FLAGS_X86="avx fma3 popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" # -avx512f -f16c
- name: "/etc/portage/make.conf base lati INPUT_DEVICES"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati INPUT_DEVICES"
block: |
# NO -libinput replaces evdev, synaptics AND tslib; gentoo defaults keyboad and mouse have been deprecated for years, so drop them
# NO - INPUT_DEVICES="libinput"
# crucial - not udev
# INPUT_DEVICES="evdev input keyboard synaptics"
# 2020-04 If however neither libinput or evdev is in use, one should append
# 'libinput' to the INPUT_DEVICES variable inside /etc/portage/make.conf
# while removing 'keyboard' and 'mouse' if present, then update @world
INPUT_DEVICES="evdev libinput synaptics"
# (II) Using input driver 'libinput' anyway
- name: "/etc/portage/make.conf base lati VIDEO_CARDS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati VIDEO_CARDS"
block: |
# 2018-12 added i915 - but is that wrong?
# https://forums.gentoo.org/viewtopic-t-914530-start-0.html
# put i965 even on a 1915 machine - for portability and some qt apps load it or complain - e.g. aqemu.
# lxd Funtoo i965
# not sure if kernel modules from the iso is a prereq/dup of X drivers?
# lati is a real 8gen - no intel or i915 and use modesetting
# no nouveau for now
VIDEO_CARDS="vesa vga fbdev qxl intel i965 nvidia virtualbox"
# 2020-02 - this is showing up: amdgpu dummy fbdev glint i965 intel mga nouveau nv nvidia radeon radeonsi siliconmotion vesa via vmware
#you can check available options with "emerge -vp xorg-drivers"
- name: "/etc/portage/make.conf base lati ABI_X86"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati ABI_X86"
block: |
# 2015-06 - this is causing havoc
# ABI_X86="64 32"
# 2020-02 - not in pentoo profile - was back in and glibc ended up with
# Feb 18 23:30 /lib/ld-linux.so.2 -> ../lib32/ld-linux.so.2
- name: "/etc/portage/make.conf base lati MAKEOPTS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati MAKEOPTS"
block: |
# With MAKEOPTS you define how many parallel compilations should occur
MAKEOPTS="-j2"
- name: "/etc/portage/package.use/2013-07_32video-intel.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07_32video-intel.txt
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati"
create: true
block: |
# required by x11-drivers/xf86-video-intel-2.21.11
# required by xf86-video-intel (argument) video_cards_intel?
# 2020-02 removed video_cards_intel
x11-libs/libdrm libkms
- name: "/etc//make.conf base lati ACCEPT_LICENSE"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati ACCEPT_LICENSE"
block: |
ACCEPT_LICENSE="* -@EULA intel-ucode-20180807 FraunhoferFDK"
- name: /etc/modprobe.d/synaptics_exps.conf
blockinfile:
dest: /etc/modprobe.d/synaptics_exps.conf
marker: "# {mark} ANSIBLE MANAGED BLOCK lati"
mode: 0644
owner: "{{BASE_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
create: true
block: |
options psmouse proto=exps
when:
- ansible_distribution == 'Gentoo'
- HOSTNAME_HARDWARE|default('') == 'lati'
- block:
- name: "/etc/portage/make.conf base lati MAKEOPTS"
blockinfile:
dest: /etc/portage/make.conf
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base lati MAKEOPTS"
block: |
# With MAKEOPTS you define how many parallel compilations should occur
MAKEOPTS="-j4"
when:
- ansible_distribution == 'Gentoo'
- HOSTNAME_HARDWARE|default('') == 'rog'
#sh spectre-meltdown-checker.sh --kernel /boot/kernel-genkernel-x86_64-5.2.20 --config /usr/src/linux/.config --map /boot/System.map-genkernel-x86_64-5.2.20
#?c /etc/udev/rules.d/70-persistent-net.rules
# FixMe: modules.conf?
- name: /etc/modprobe.d/kvm.conf
blockinfile:
dest: /etc/modprobe.d/kvm.conf
marker: "# {mark} ANSIBLE MANAGED BLOCK lati"
mode: 0644
owner: "{{BASE_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
create: true
block: |
options kvm-intel nested=1
options kvm-amd nested=1
- name: "/etc/modules-load.d/psmouse.conf"
blockinfile:
dest: /etc/modules-load.d/psmouse.conf
create: true
marker: "# {mark} ANSIBLE MANAGED BLOCK lati"
block: |
# psmouse is necessary for X and sufficient for gpm
psmouse
- name: /etc/modprobe.d/loop.conf
blockinfile:
dest: /etc/modprobe.d/loop.conf
marker: "# {mark} ANSIBLE MANAGED BLOCK lati"
mode: 0644
owner: "{{BASE_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
create: true
block: |
# https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
options loop max_part=15

226
tasks/main.yml Executable file
View file

@ -0,0 +1,226 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base main.yml"
debug:
verbosity: 1
msg: "DEBUG: Including base main.yml ansible_connection={{ ansible_connection|default('') }}"
- name: "Fix Gentoo"
set_fact:
ansible_distribution_major_version: 2
when: ansible_distribution == 'Gentoo'
- name: "Fix Windows"
set_fact:
# ansible_distribution_major_version: 9
ansible_distribution: Msys
ansible_bios_version: "mbr" # i.e. not Virtualbox
when: ansible_distribution == 'MSYS_NT-6.3-9600'
- name: "Fix Linux"
set_fact:
null_env:
TERM: linux
- name: check entropy state
shell: |
[ -e /proc/sys/kernel/random/entropy_avail ] || exit 0
cat /proc/sys/kernel/random/entropy_avail
changed_when: false
register: entropy2
# FixMe why dows this sometimes fail
ignore_errors: true
- name: entropy state
debug: var=entropy2
ignore_errors: true
- name: "include base by-platform vars"
include_vars: "{{item}}.yml"
with_items:
- "Linux"
- "{{ ansible_distribution }}{{ ansible_distribution_major_version }}"
tags: always
- name: "include_tasks base bootstrap"
include_tasks:
file: "{{ LOOP_FILE }}.yml"
apply:
environment: "{{ null_env }}"
when:
- LOOP_FILE != '' and LOOP_FILE != []
with_items:
- "{{ 'bootstrap' if ansible_distribution != 'Msys' and '{{nbd_disk}}' == '' else '' }}"
# - "{{ 'bootstrap_nbd' if ansible_distribution != 'Msys' and '{{nbd_disk}}' != '' else '' }}"
loop_control:
loop_var: LOOP_FILE
- name: "make /var/tmp/.ansible"
file:
path: "{{ item }}"
state: directory
mode: 01777
with_items:
- /var/tmp/.ansible
- "{{BASE_LOG_DIR}}/pip"
- "{{BASE_LOG_DIR}}/pip/pip2"
- "{{BASE_LOG_DIR}}/pip/pip3"
- name: "rsync base root_overlay"
synchronize:
src: "roles/base/overlay/{{item}}/"
dest: /
compress: no
copy_links: yes
archive: false
recursive: yes
links: true
owner: no
perms: true
times: true
rsync_opts: "{{ base_rsync_opts }} + ['--log-file=/tmp/rsync-base_{{BOX_HOST_NAME}}.log']"
with_items:
- Linux
- "{{ ansible_distribution }}"
notify:
- "chmod /usr/local"
- update-ca-certificates
when:
- not ansible_check_mode
# FixAns: This remote host is being accessed via chroot instead so it cannot work
# synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
- ansible_connection|default('') not in PLAY_NORSYNC_CONNECTIONS
tags:
- always
ignore_errors: "{{ansible_distribution == 'Msys'}}"
- name: "rsync root_overlay - the tar gets made by a make before running"
unarchive:
dest: /
src: "{{item}}.tar"
keep_newer: true
owner: "{{BASE_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
# extra_opts: "{{ BASE_UNTAR_ARGS }}"
with_items:
- Linux
- "{{ ansible_distribution }}"
notify:
- update-ca-certificates
ignore_errors: true
when:
- not ansible_check_mode
# msg: synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
- ansible_connection|default('') in PLAY_NORSYNC_CONNECTIONS
- name: "include_tasks base before"
include_tasks:
file: "{{ LOOP_FILE }}.yml"
apply:
environment: "{{ null_env }}"
when:
- LOOP_FILE != '' and LOOP_FILE != []
with_items:
- base
- "{{ 'ansible' if ansible_distribution != 'Msys' else '' }}"
loop_control:
loop_var: LOOP_FILE
- name: "ansible-{{BOX_ANSIBLE_VERSION}}"
environment: "{{ shell_env }}"
shell: |
cd /usr/local/src
[ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \
[ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \
[ -f /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \
tar xvfz /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \
chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}}
exit 0
- name: "patch /usr/local/"
environment: "{{ shell_env }}"
shell: |
cd /usr/local/patches/base || exit 1
# this vacuumns all diff files below the root
{{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}}
when:
- item != ''
- not ansible_check_mode
with_items:
- usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}}
- name: chown vagrant ~vagrant
environment: "{{ shell_env }}"
shell: |
[ -d ~{{LOOP_USER}} ] || mkdir ~{{LOOP_USER}}
chown -R {{LOOP_USER}} ~{{LOOP_USER}}
#? [ -n "{{BOX_ALSO_GROUP}}" ] && chmod -R g+rw,o-w ~{{LOOP_USER}}
exit 0
loop_control:
loop_var: LOOP_USER
when: LOOP_USER != '' and LOOP_USER != []
with_items:
# not root
- "{{ base_system_users }}"
check_mode: false
- name: openssl.cnf cacert.pem
# FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt
environment: "{{ shell_env }}"
shell: |
PIP_CERT="{{ PLAY_CA_CERT }}"
ignore_errors: true
- block:
# host or guest
- name: /boot/grub/grub.cfg
environment: "{{ shell_env }}"
shell: |
grep -q quiet /boot/grub/grub.cfg || exit 0
sed -e 's/ quiet//' -i /boot/grub/grub.cfg
exit 0
- name: "include_tasks base users.yml"
include_tasks:
file: "users.yml"
apply:
environment: "{{ null_env }}"
become: yes
become_user: "{{ LOOP_USER }}"
check_mode: false
tags: always
loop_control:
loop_var: LOOP_USER
when:
- LOOP_USER != '' and LOOP_USER != []
- false # FixMe : filters
with_items:
- "base_system_users"
- "'root' if ansible_distribution != 'Msys' else ''"
#? when: CHROOT_GENTOO_STAGE3|default('') == ''
tags: always
- name: "include_tasks base after"
include_tasks:
file: "{{ LOOP_FILE }}.yml"
when:
- "LOOP_FILE != ''"
with_items:
# FixMe: WTF?
- "base_proxy"
# or
# before Gentoo.yml
- "{{ 'lati' if ansible_virtualization_role|replace('NA', 'host') == 'host' and HOSTNAME_HARDWARE|default('') == 'lati' else '' }}"
- "{{ ansible_distribution }}"
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
- "{{ 'guest_virtualbox' if ansible_bios_version|default('') == 'VirtualBox' else '' }}"
# - "{{ 'guest_whonix' if ansible_virtualization_type == 'kvm' and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] }}"
- "{{ 'guest_whonix' if ansible_connection in ['chroot', 'libvirt_qemu'] and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] else ''}}"
loop_control:
loop_var: LOOP_FILE
# "ansible_service_mgr": "systemd",

83
tasks/qerc_user.yml Normal file
View file

@ -0,0 +1,83 @@
#unused
- name: BASE_QERC_USERFILE
set_fact:
# Obviously you may also need this same info on the box REMOTE.
BASE_QERC_USERFILE: "{{BOX_USER_HOME}}/QeRcUser.yaml"
# If the local RUN_QERC_USERFILE is defined and exists and the BASE_QERC_USERFILE is defined,
# the local file will be copied to the REMOTE box
when: BASE_QERC_USERFILE|default('') == ''
- name: "REMOTE BASE_QERC_USERFILE"
stat:
path: "{{ BASE_QERC_USERFILE }}"
register: base_qerc_fact
check_mode: false
- block:
- debug:
msg: "INFO: creating ~/QeRcUser.yaml"
- name: "Copy the RUN_QERC_USERFILE to REMOTE BASE_QERC_USERFILE"
copy:
src: "{{ RUN_QERC_USERFILE }}"
dest: "{{ BASE_QERC_USERFILE }}"
mode: 0600
owner: "{{LOOP_USER}}"
when: run_qerc_fact.stat.exists
- name: "Create a default REMOTE BASE_QERC_USERFILE"
copy:
dest: "{{ BASE_QERC_USERFILE }}"
mode: 0600
owner: "{{LOOP_USER}}"
content: |
# -*-mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
# The QeRcUser.yaml file is expected to be found in your $HOME directory.
# On Windows, you may need to make sure that $HOME is set in the environment,
# it does not have to be the same as $USERPROFILE, but usually is.
# YAML files must be tab free, and ${/} CANNOT be used - it's YAML not robot.
# *** Variables ***
MY_CORP_USER: "jdoe"
MY_CORP_EMAIL: "jdoe@example.com"
MY_CORP_PASS: "MySecret"
MY_CORP_DOMAIN: "CORP"
# CORP_NTLM_PROXY: "http://example.net:3128"
when: not run_qerc_fact.stat.exists
when: not base_qerc_fact.stat.exists
- block:
- debug:
msg: "including ~/QeRcUser.yaml"
- name: "make a tempfile for ~/QeRcUser.yaml"
tempfile:
state: file
delegate_to: localhost
register: qerc_user_yml_file
- name: "slurp REMOTE ~/QeRcUser.yaml"
slurp:
src: "{{ BASE_QERC_USERFILE }}"
register: qerc_user_yml
- name: "copy slurped ~/QeRcUser.yaml to tempfile"
copy:
dest: "{{ qerc_user_yml_file.path}}"
content: "{{ qerc_user_yml['content']|b64decode }}"
delegate_to: localhost
- name: "include copied ~/QeRcUser.yaml"
include_vars: "{{qerc_user_yml_file.path}}"
rescue:
- debug:
msg: "WARN: error including ~/QeRcUser.yaml"

26
tasks/skel.yml Normal file
View file

@ -0,0 +1,26 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "collect list of skel files inside user homes that should be updated"
script: find_skels_to_update.sh {{ item | basename }}
register: fileset
changed_when: false
with_fileglob: skel/.*
when: skel_update_homes
- name: "update /etc/skel"
copy: >
src={{ item }}
dest=/etc/skel/{{ item | basename }}
owner=root group=root mode=0644
with_fileglob: skel/.*
- name: "update umodified skel files in user homes"
copy: >
src=skel/{{ item.split(':')[0] }}
dest={{ item.split(':')[1] }}/{{ item.split(':')[0] }}
owner={{ item.split(':')[2] }}
group={{ item.split(':')[3] }}
with_flattened: fileset.results | map(attribute='stdout_lines') | list
when: skel_update_homes

223
tasks/users.yml Normal file
View file

@ -0,0 +1,223 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "base users.yml {{LOOP_USER}}"
debug:
verbosity: 3
msg: "base users.yml {{LOOP_USER}} en http_proxy={{lookup('env', 'http_proxy')|default('')}}"
- name: "make ~/.config/testforge/"
file:
path: "{{ item|expanduser }}"
state: directory
mode: 0700
with_items:
#? - "~{{LOOP_USER}}"
- "~{{LOOP_USER}}/{{ BASE_USER_CONFIG_DIR }}"
- "~{{LOOP_USER}}/{{ BASE_USER_CONFIG_DIR }}/facts.d"
- "{{ BASE_TESTFORGE_YML|dirname }}"
# An exception occurred during task execution. The error was: _os.mkdir(file, 0700)
# msg: Unexpected failure during module execution.
ignore_errors: true
- name: ln -s 1777 /var/tmp/.ansible
shell: |
[ ! -d /var/tmp/.ansible ] && mkdir /var/tmp/.ansible && chmod 1777 /var/tmp/.ansible
[ -d ~/.ansible ] || mkdir ~/.ansible
[ -d ~/.ansible/tmp ] && [ -h ~/.ansible/tmp ] && exit 0
[ -h ~/.ansible/tmp ] || ln -s /var/tmp/.ansible ~/.ansible/tmp
exit 0
- name: "stat ~/.config/testforge/facts.d/testforge.yml"
stat:
path: "{{ BASE_TESTFORGE_YML }}"
register: base_testforge_ini_exists
- block:
- name: "make vagrant RO directories base"
file:
path: "{{ item|expanduser }}"
state: directory
mode: 0700
with_items:
- "~{{LOOP_USER}}/.cache"
- "~{{LOOP_USER}}/.config"
- "~{{LOOP_USER}}/.gpg"
- "~{{LOOP_USER}}/.local"
- "~{{LOOP_USER}}/.ssh"
- name: "make vagrant RO files base"
copy:
dest: "{{ item|expanduser }}"
src: "{{ item|expanduser }}"
force: yes
mode: 0600
with_items:
- "~{{LOOP_USER}}/.bashrc"
- "~{{LOOP_USER}}/.bash_profile"
# template or skel this
when: false
- block:
- name: "create ~/.config/testforge/facts.d/testforge.yml BOF"
lineinfile:
dest: "{{ BASE_TESTFORGE_YML }}"
insertbefore: BOF
mode: 0600
create: yes
regexp: "# -.- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -.-"
line: "# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-"
register: base_create_testforge_yml
when: not base_testforge_ini_exists.stat.exists
- name: "~/.config/testforge/facts.d/testforge.yml VERSION"
blockinfile:
dest: "{{ BASE_TESTFORGE_YML }}"
create: false
insertafter: "# -.- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -.-"
marker: "# {mark} ANSIBLE MANAGED BLOCK base [{{ elt.name }}]"
# lookup('vars', '{{ elt.name }}')
block: |
{{ elt.name }}: "{{ elt.val }}"
with_items:
- name: "TESTFORGE_VERSION"
val: "{{ TESTFORGE_VERSION|default('1.0') }}"
loop_control:
loop_var: elt
- name: "stat ~/.config/testforge/facts.d/testforge.yml"
stat:
path: "{{ BASE_TESTFORGE_YML }}"
register: testforge_ini_exists
- name: "including testforge.yml"
debug:
msg: "INFO: including {{BASE_TESTFORGE_YML}}"
when: testforge_ini_exists.stat.exists
- name: "WARN: NOT including testforge.yml"
debug:
msg: "WARN: NOT including {{BASE_TESTFORGE_YML}}"
when: not testforge_ini_exists.stat.exists
- name: "slurp REMOTE testforge.yml"
slurp:
src: "{{ BASE_TESTFORGE_YML }}"
register: testforge_user_yml
when: testforge_ini_exists.stat.exists
# Bug: This is NOT setting the value of the variables, but the include_vars does.
# Is this some kind of precedence issue?
- name: "set_fact testforge_user_yml"
set_fact:
# cacheable changes the persistance AND precedence
# cacheable: true
args: "{{ testforge_user_yml['content']|b64decode }}"
when: testforge_ini_exists.stat.exists
- name: "DEBUG: testforge_user_yml defined - does not error if not defined!"
# var: does not error if not defined!
debug:
var: TESTFORGE_VERSION
# finally fails in 2.8.12
ignore_errors: true
# set_fact fails silently on erroroneous content - an equals instead of a colon
- block:
- name: "DEBUG: testforge_user_yml contents"
debug:
verbosity: 1
msg: "{{ testforge_user_yml['content']|b64decode|to_yaml }}"
- name: "make a tempfile"
tempfile:
state: file
# path:
delegate_to: localhost
register: testforge_user_yml_file
- name: "copy testforge_user_yml_file to tempfile"
copy:
dest: "{{testforge_user_yml_file.path}}"
content: "{{ testforge_user_yml['content']|b64decode }}"
delegate_to: localhost
- name: "include_vars {{testforge_user_yml_file.path}}"
include_vars: "{{testforge_user_yml_file.path}}"
- name: "DEBUG: TESTFORGE_VERSION defined"
# msg: will error if not defined!
debug:
msg: "TESTFORGE_VERSION={{ TESTFORGE_VERSION }}"
when:
- not ansible_check_mode # needed
- base_testforge_ini_exists.stat.exists
# and TESTFORGE_VERSION|default('') != ''
rescue:
- debug:
msg: "ERROR: reading in testforge_user_yml_file "
check_mode: false
- name: "make pip dirs"
file:
path: "{{ item.dest | expanduser }}"
state: directory
owner: "{{ BOX_USER_NAME }}"
group: "{{ BOX_ALSO_GROUP }}"
mode: "{{ item.mode }}"
with_items:
- {dest: "~{{LOOP_USER}}/.cache/pip", mode: "0775" }
- {dest: "~{{LOOP_USER}}/.local/{{BASE_LIB}}", mode: "0755" }
# could be symlinks
ignore_errors: true
- name: "make .local symlinks dirs for pip --user"
file:
src: "{{ item.src }}"
dest: "{{ item.dest | expanduser }}"
state: link
with_items:
- src: "/usr/local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}"
dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}"
- src: "/usr/local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}"
dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}"
- src: "/usr/local/bin"
dest: "~{{LOOP_USER}}/.local/bin"
when:
- not ansible_check_mode
- name: "I think this is right make .local symlinks lib64 dirs"
file:
src: "{{ item.src | expanduser }}"
dest: "{{ item.dest | expanduser }}"
state: link
with_items:
- dest: "~{{LOOP_USER}}/.local/lib"
src: "~{{LOOP_USER}}/.local/lib64"
mode: "0755"
ignore_errors: true
when:
- not ansible_check_mode
- "BASE_LIB == 'lib64'"
- name: "I think this is right make .local symlinks lib dirs"
file:
src: "{{ item.src | expanduser }}"
dest: "{{ item.dest | expanduser }}"
state: link
with_items:
- dest: "~{{LOOP_USER}}/.local/lib64"
src: "~{{LOOP_USER}}/.local/lib"
mode: "0755"
ignore_errors: true
when:
- not ansible_check_mode
- "BASE_LIB == 'lib'"