├── .gitignore
├── .gitmodules
├── LICENSE
├── README.rst
├── TODO.md
├── ansible.cfg
├── inventory
├── group_vars
│ ├── decause
│ ├── dynamic
│ └── threebean
└── inventory
├── library
├── gsettings
├── gsettings.py
└── pass
├── playbooks
├── decause
│ ├── laptop.yml
│ └── vars
│ │ └── global.yml
├── nmap.yml
└── threebean
│ ├── destroy.yml
│ ├── dns.yml
│ ├── fedorashell.yml
│ ├── laptop.yml
│ ├── narcissus.yml
│ ├── provision.yml
│ ├── reboot.yml
│ ├── site.yml
│ └── vars
│ ├── global.yml
│ └── private.yml
├── roles
├── badges
│ ├── files
│ │ ├── add-badges-person
│ │ ├── award-badge
│ │ ├── get-badges-person-id
│ │ ├── openid.py
│ │ ├── tahrir.conf
│ │ ├── tahrir.wsgi
│ │ ├── threebean-pngs
│ │ │ ├── a-badge-er.png
│ │ │ ├── dark-and-horrible-magic.png
│ │ │ ├── foss-academy.png
│ │ │ ├── lightning.png
│ │ │ ├── love.png
│ │ │ ├── plus-one.png
│ │ │ ├── quantum.png
│ │ │ ├── special.png
│ │ │ └── sweet-suite.png
│ │ └── threebean-sitedocs
│ │ │ ├── about.rst
│ │ │ └── footer.rst
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ │ └── tahrir.ini
├── common
│ ├── files
│ │ ├── bashrc-decause
│ │ ├── bashrc-gitprompt
│ │ ├── bashrc-root
│ │ ├── gitconfig-decause
│ │ ├── gitconfig-threebean
│ │ ├── githelpers-decause
│ │ ├── githelpers-threebean
│ │ ├── tmux.conf
│ │ ├── vimrc.local-decause
│ │ ├── vimrc.local-root
│ │ ├── vimrc.local-threebean
│ │ ├── zshrc-global
│ │ ├── zshrc-root
│ │ └── zshrc-threebean
│ └── tasks
│ │ └── main.yml
├── development
│ ├── files
│ │ └── bin
│ │ │ ├── bonk
│ │ │ ├── build-blog.sh
│ │ │ ├── buildroot-monster.py
│ │ │ ├── check-anitya.py
│ │ │ ├── download-rpms.py
│ │ │ ├── flow-finish.sh
│ │ │ ├── freshness
│ │ │ ├── kill-pyc.sh
│ │ │ ├── make-changelog.py
│ │ │ ├── make-release.sh
│ │ │ ├── meeting-notes.py
│ │ │ ├── nosy.py
│ │ │ ├── rpmbuild-and-upload.sh
│ │ │ ├── ship-it.py
│ │ │ ├── slurp
│ │ │ ├── slurp-upstream
│ │ │ ├── teleport
│ │ │ └── updates-list.py
│ └── tasks
│ │ └── main.yml
├── flash
│ ├── files
│ │ ├── RPM-GPG-KEY-adobe-linux
│ │ └── adobe-linux-x86_64.repo
│ └── tasks
│ │ └── main.yml
├── gnome
│ ├── system
│ │ └── tasks
│ │ │ └── main.yml
│ └── user
│ │ ├── files
│ │ ├── clip-to-firefox
│ │ ├── clip-to-fpaste
│ │ ├── dagdclip
│ │ ├── pw-lookup.sh
│ │ ├── restart-gnome-shell
│ │ ├── xmodmap
│ │ └── xmodmap-decause
│ │ ├── handlers
│ │ └── main.yml
│ │ ├── tasks
│ │ └── main.yml
│ │ └── vars
│ │ └── main.yml
├── ipython-worker
│ ├── files
│ │ └── ipython-notebook.service
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── irc
│ ├── external
│ │ ├── files
│ │ │ ├── tmux-service
│ │ │ └── weechat
│ │ │ │ ├── _weechat
│ │ │ │ ├── alias.conf
│ │ │ │ ├── charset.conf
│ │ │ │ ├── irc.conf
│ │ │ │ ├── logger.conf
│ │ │ │ ├── perl
│ │ │ │ │ └── autoload
│ │ │ │ │ │ ├── buffers.pl
│ │ │ │ │ │ ├── highmon.pl
│ │ │ │ │ │ └── iset.pl
│ │ │ │ ├── plugins.conf
│ │ │ │ ├── python
│ │ │ │ │ └── autoload
│ │ │ │ │ │ ├── egrep.py
│ │ │ │ │ │ ├── shell.py
│ │ │ │ │ │ ├── shortenurl.py
│ │ │ │ │ │ └── weeget.py
│ │ │ │ ├── weechat.conf
│ │ │ │ └── xfer.conf
│ │ │ │ ├── alias.conf
│ │ │ │ ├── aspell.conf
│ │ │ │ ├── charset.conf
│ │ │ │ ├── logger.conf
│ │ │ │ ├── plugins.conf
│ │ │ │ ├── relay.conf
│ │ │ │ ├── rmodifier.conf
│ │ │ │ ├── script.conf
│ │ │ │ ├── weechat.conf
│ │ │ │ └── xfer.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── irc.conf
│ └── internal
│ │ ├── files
│ │ └── weechat
│ │ │ ├── _weechat
│ │ │ ├── alias.conf
│ │ │ ├── charset.conf
│ │ │ ├── irc.conf
│ │ │ ├── logger.conf
│ │ │ ├── perl
│ │ │ │ └── autoload
│ │ │ │ │ ├── buffers.pl
│ │ │ │ │ ├── highmon.pl
│ │ │ │ │ └── iset.pl
│ │ │ ├── plugins.conf
│ │ │ ├── weechat.conf
│ │ │ └── xfer.conf
│ │ │ ├── alias.conf
│ │ │ ├── aspell.conf
│ │ │ ├── charset.conf
│ │ │ ├── logger.conf
│ │ │ ├── plugins.conf
│ │ │ ├── relay.conf
│ │ │ ├── rmodifier.conf
│ │ │ ├── script.conf
│ │ │ ├── weechat.conf
│ │ │ └── xfer.conf
│ │ ├── tasks
│ │ └── main.yml
│ │ └── templates
│ │ └── irc.conf
├── jumpoff
│ ├── files
│ │ └── bin
│ │ │ ├── do-backup.sh
│ │ │ ├── innerd
│ │ │ ├── kaomojicli
│ │ │ ├── nag-decause
│ │ │ ├── nerd
│ │ │ ├── start-tunnel-irc.sh
│ │ │ ├── start-tunnel-stomp.sh
│ │ │ ├── start-tunnel-web.sh
│ │ │ ├── to-the-bat-cave
│ │ │ ├── unfuck-vpn
│ │ │ └── whatupcli
│ └── tasks
│ │ └── main.yml
├── justdecausethings
│ └── tasks
│ │ └── main.yml
├── mail
│ └── client
│ │ ├── files
│ │ ├── bin
│ │ │ └── mail-check.sh
│ │ ├── mailcap
│ │ ├── mbsync.redhat.crt
│ │ ├── mbsyncrc-decause
│ │ ├── mbsyncrc-threebean
│ │ ├── msmtprc-decause
│ │ ├── msmtprc-threebean
│ │ ├── mutt-decause
│ │ │ ├── aliases
│ │ │ ├── colors
│ │ │ ├── common
│ │ │ ├── gmail
│ │ │ ├── muttrc
│ │ │ ├── pgp
│ │ │ ├── redhat
│ │ │ ├── rit
│ │ │ └── sig
│ │ ├── mutt-threebean
│ │ │ ├── aliases
│ │ │ ├── colors
│ │ │ ├── common
│ │ │ ├── gmail
│ │ │ ├── muttrc
│ │ │ ├── pgp
│ │ │ ├── redhat
│ │ │ ├── rit
│ │ │ └── wrns
│ │ ├── notmuch-config-decause
│ │ └── notmuch-config-threebean
│ │ └── tasks
│ │ └── main.yml
├── nagios
│ ├── head
│ │ ├── files
│ │ │ ├── cgi.cfg
│ │ │ ├── commands.cfg
│ │ │ ├── nagios.cfg
│ │ │ └── nagios.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── host.cfg
│ └── nrpe
│ │ ├── common
│ │ ├── files
│ │ │ └── check_memory.py
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── nrpe.cfg
│ │ ├── proc
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ ├── nrpe-nagios-side-proc.cfg
│ │ │ └── nrpe-proc.cfg
│ │ ├── site
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ │ ├── nrpe-nagios-side-site.cfg
│ │ │ └── nrpe-site.cfg
│ │ └── websocket
│ │ ├── files
│ │ └── check_websocket.py
│ │ ├── handlers
│ │ └── main.yml
│ │ ├── tasks
│ │ └── main.yml
│ │ └── templates
│ │ ├── nrpe-nagios-side-websocket.cfg
│ │ └── nrpe-websocket.cfg
├── narcissus
│ ├── sender
│ │ ├── files
│ │ │ ├── narcissus-log-tailer.sh
│ │ │ └── narcissus-sender.service
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ └── server
│ │ ├── files
│ │ ├── narcissus-hub.service
│ │ ├── narcissus.conf
│ │ └── narcissus.wsgi
│ │ ├── handlers
│ │ └── main.yml
│ │ ├── tasks
│ │ └── main.yml
│ │ └── templates
│ │ └── narcissus.ini
├── nmap
│ └── tasks
│ │ └── main.yml
├── rss
│ └── client
│ │ ├── files
│ │ ├── config
│ │ └── urls
│ │ └── tasks
│ │ └── main.yml
├── s3backup
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ │ ├── s3-cronjob
│ │ └── s3cfg
├── security
│ ├── files
│ │ ├── 00-sshd.conf
│ │ ├── fail2ban.conf
│ │ └── fedora-updates-testing.repo
│ ├── handlers
│ │ ├── fail2ban.yml
│ │ ├── firewalld.yml
│ │ ├── main.yml
│ │ └── sshd.yml
│ └── tasks
│ │ ├── dnssec.yml
│ │ ├── fail2ban.yml
│ │ ├── firefox.yml
│ │ ├── firewalld.yml
│ │ ├── fprintd.yml
│ │ ├── ipv6.yml
│ │ ├── lynis.yml
│ │ ├── main.yml
│ │ ├── packages.yml
│ │ ├── rkhunter.yml
│ │ ├── selinux.yml
│ │ ├── sshd.yml
│ │ ├── sudo.yml
│ │ ├── suricata.yml
│ │ └── yum.yml
├── server
│ ├── handlers
│ │ ├── firewalld.yml
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── synergy
│ └── tasks
│ │ └── main.yml
├── task
│ ├── client
│ │ ├── files
│ │ │ ├── bin
│ │ │ │ ├── get_next_task
│ │ │ │ ├── make-report.sh
│ │ │ │ ├── next
│ │ │ │ ├── tanno
│ │ │ │ ├── task-backup.sh
│ │ │ │ ├── tdel
│ │ │ │ ├── tdone
│ │ │ │ ├── timesheet.sh
│ │ │ │ ├── tlow
│ │ │ │ ├── tstart
│ │ │ │ ├── tstop
│ │ │ │ ├── tsync
│ │ │ │ ├── twait-due
│ │ │ │ ├── twait-hour
│ │ │ │ ├── twait-later
│ │ │ │ ├── twait-month
│ │ │ │ ├── twait-soon
│ │ │ │ ├── twait-tomorrow
│ │ │ │ └── twait-week
│ │ │ ├── bugwarriorrc-decause
│ │ │ ├── bugwarriorrc-root
│ │ │ ├── bugwarriorrc-threebean
│ │ │ ├── taskrc-decause
│ │ │ ├── taskrc-root
│ │ │ └── taskrc-threebean
│ │ └── tasks
│ │ │ └── main.yml
│ └── server
│ │ ├── files
│ │ ├── config
│ │ └── ralph-taskd.repo
│ │ ├── handlers
│ │ └── main.yml
│ │ ├── tasks
│ │ └── main.yml
│ │ └── vars
│ │ └── main.yml
└── tw2-demos
│ ├── files
│ ├── requirements.txt
│ ├── tw2-demos.conf
│ └── tw2-demos.wsgi
│ └── tasks
│ └── main.yml
├── tasks
├── provision.yml
├── reboot.yml
└── record_hosts.yml
├── templates
└── hosts-localhost
└── vault_pass
/.gitignore:
--------------------------------------------------------------------------------
1 | roles/irc/files/weechat/weechat.log
2 | *.sw*
3 | *.py*
4 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "roles/common/files/oh-my-zsh"]
2 | path = roles/common/files/oh-my-zsh
3 | url = https://github.com/robbyrussell/oh-my-zsh.git
4 |
--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
1 | My Ansible Setup
2 | ================
3 |
4 | This is an ansible setup I use to manage my own machine(s).
5 |
6 | I've tried to make it generic enough that you can clone it and use it too.
7 |
8 | The playbooks in the ``playbooks/`` directory are separated out by user -- each
9 | user keeps their own scripts there with no particular structure. The
10 | ``roles/`` dir has shared roles, some of which do different things for
11 | different users based on the presence of vars. See
12 | ``roles/mail/client/tasks/main.yml`` for an example.
13 |
14 |
15 | Credentials
16 | -----------
17 |
18 | I use `pass` to store the Ansible Vault password, which is used to
19 | encrypt/decrypt the various passwords for each host in
20 | ``inventory/host_vars/hostname``.
21 |
22 | You can generate the primary vault password by running `pass generate
23 | sys/ansible/vault 32`. Then you can add something like `ansible_sudo_pass:
24 | 'foobar'` to `inventory/host_vars/127.0.0.1`.
25 |
--------------------------------------------------------------------------------
/TODO.md:
--------------------------------------------------------------------------------
1 | general
2 | - [x] abolish private repo in favor of ‘pass’ integration.
3 |
4 | local stuff
5 |
6 | - [x] mutt-kz+mbsync+notmuch
7 | - [x] ~/bin/
8 |
9 | server stuff
10 | - [ ] backups and restore from backup for tahrir db - duplicity or bakthat from git
11 | - [x] password for nagios htpasswd file
12 | - [ ] nagios check for open ports: nmap host
13 | - [ ] nagios openscap checks
14 | - [ ] nagios notifications to an IRC channel
15 | - [x] suricata? leaving this one to lmacken
16 | - [ ] get fail2ban to whitelist the ip that ansible-playbook is being run on (disabled for now)
17 |
--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | hostfile=inventory/inventory
3 | library=/usr/share/ansible:library
4 | roles_path=roles
5 | vault_password_file = vault_pass
6 |
7 | [ssh_connection]
8 | pipelining=True
9 | ssh_args = -o ForwardAgent=yes
10 |
--------------------------------------------------------------------------------
/inventory/group_vars/decause:
--------------------------------------------------------------------------------
1 | username: decause
2 |
3 | # This could conceivably go in the irc-bouncer role, but I'm going to try
4 | # keeping all my vars in one place.
5 | ircnick: decause
6 | twitternick: Remy_D
7 |
8 | # A dict of all users we want to provide stuff for.
9 | all_users:
10 | - user: decause
11 | homedir: /home/decause
12 | - user: root
13 | homedir: /root
14 |
15 | ansible_ssh_user: root
16 |
17 | permit_root_login: false
18 | shell: /usr/bin/bash
19 |
--------------------------------------------------------------------------------
/inventory/group_vars/dynamic:
--------------------------------------------------------------------------------
1 | permit_root_login: yes
2 | dont_pause_before_reboot: yes
3 |
--------------------------------------------------------------------------------
/inventory/group_vars/threebean:
--------------------------------------------------------------------------------
1 | username: threebean
2 |
3 | # This could conceivably go in the irc-bouncer role, but I'm going to try
4 | # keeping all my vars in one place.
5 | ircnick: threebean
6 | twitternick: ralphbean
7 |
8 | # A dict of all users we want to provide stuff for.
9 | all_users:
10 | - user: threebean
11 | homedir: /home/threebean
12 | - user: root
13 | homedir: /root
14 |
15 | ansible_ssh_user: root
16 |
17 | permit_root_login: false
18 |
19 | shell: /usr/bin/zsh
20 |
--------------------------------------------------------------------------------
/inventory/inventory:
--------------------------------------------------------------------------------
1 | [threebean-local]
2 | geier ansible_ssh_host=localhost
3 |
4 | [decause-local]
5 | chapeauxrouge ansible_ssh_host=localhost
6 |
7 | [dynamic]
8 | buttermilk ansible_ssh_host=45.55.48.40
9 | computer01 ansible_ssh_host=45.55.41.100
10 |
11 | [nagios]
12 | computer01 ansible_ssh_host=45.55.41.100
13 |
14 | [narcissus]
15 | pencil ansible_ssh_host=129.21.39.186 ansible_ssh_user=root
16 |
17 | [mirrors]
18 | smoke ansible_ssh_host=129.21.171.72 ansible_ssh_user=root
19 |
20 | [fedorashell]
21 | fedorashell ansible_ssh_host=fedorashell.rdu.redhat.com ansible_ssh_user=rbean
22 |
23 | # This is a meta group just so nagios knows who to monitor
24 | [monitored:children]
25 | dynamic
26 |
27 | [threebean:children]
28 | threebean-local
29 | dynamic
30 | fedorashell
31 |
32 | [decause:children]
33 | decause-local
34 |
--------------------------------------------------------------------------------
/library/gsettings:
--------------------------------------------------------------------------------
1 | gsettings.py
--------------------------------------------------------------------------------
/library/pass:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # TODO finish docs
4 | DOCUMENTATION = '''
5 | ---
6 | module: pass
7 | short_description: Query a local 'pass' database
8 | # ... snip ...
9 | '''
10 | # TODO examples
11 |
12 |
13 | def main():
14 | module = AnsibleModule(
15 | argument_spec=dict(
16 | name=dict(required=True),
17 | ),
18 | supports_check_mode=True,
19 | )
20 |
21 | name = module.params['name']
22 |
23 | pass_bin = module.get_bin_path('pass', required=True)
24 | cmd = [pass_bin, name]
25 | (rc, stdout, stderr) = module.run_command(cmd)
26 |
27 | if rc != 0:
28 | module.fail_json(msg="Failed stdout: %r, stderr: %r" % (stdout, stderr))
29 |
30 | module.exit_json(changed=True, secret=stdout.strip())
31 |
32 | from ansible.module_utils.basic import *
33 | if __name__ == '__main__':
34 | main()
35 |
--------------------------------------------------------------------------------
/playbooks/decause/laptop.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 |
4 | - name: system configuration (packages, etc...)
5 | hosts: chapeauxrouge
6 |
7 | vars_files:
8 | - vars/global.yml
9 |
10 | roles:
11 | - common
12 | - security
13 | - gnome/system
14 | - flash
15 | - jumpoff
16 | - justdecausethings
17 | - development
18 | - task/client
19 | - rss/client
20 | - role: mail/client
21 | user: decause
22 |
23 | - name: basics for the gnome user (shortcuts, etc..)
24 | hosts: chapeauxrouge
25 | su: yes
26 | su_user: decause
27 |
28 | vars_files:
29 | - vars/global.yml
30 |
31 | roles:
32 | - gnome/user
33 |
34 | # TODO -- two things not covered:
35 | # - ssh config, including the list of proxy commands
36 | # - gpg config, which doesn't really have anything in it anyways
37 |
--------------------------------------------------------------------------------
/playbooks/decause/vars/global.yml:
--------------------------------------------------------------------------------
1 | templates: /home/decause/code/lightsaber/templates
2 | tasks: /home/decause/code/lightsaber/tasks
3 |
--------------------------------------------------------------------------------
/playbooks/nmap.yml:
--------------------------------------------------------------------------------
1 | # Nmap port monitoring ansible role.
2 | # This role is for the master node, which will run nmap port scans against all
3 | # hosts, and commit the output to ~/.lightsaber/nmap_scans/$hostname
4 | # If any open port changes, the playbook will prompt the user.
5 |
6 | - name: playbook | nmap | Initiate git-backed port scanner
7 | hosts: nmap_scanner
8 | sudo: no
9 |
10 | vars_files:
11 | - vars/global.yml
12 |
13 | roles:
14 | - nmap
15 |
--------------------------------------------------------------------------------
/playbooks/threebean/destroy.yml:
--------------------------------------------------------------------------------
1 | # Requires a --extra-vars="target=computer01" option to be passed
2 | ---
3 | - name: go to sleep, shhhhh...
4 | hosts: "{{target}}"
5 | gather_facts: false
6 |
7 | vars_files:
8 | - vars/global.yml
9 | - vars/private.yml
10 |
11 | tasks:
12 | - name: shutdown the host from the inside
13 | shell: sleep 3; /usr/sbin/shutdown now --no-wall
14 | async: 45
15 | poll: 0
16 | ignore_errors: true
17 |
18 | - name: salt the earth
19 | hosts: localhost
20 | connection: local
21 | gather_facts: false
22 |
23 | vars_files:
24 | - vars/global.yml
25 | - vars/private.yml
26 |
27 | tasks:
28 | - name: kill it with fire
29 | digital_ocean:
30 | state: deleted
31 | name: "{{ item }}"
32 | client_id: "{{ do_client_id }}"
33 | api_key: "{{ do_api_key }}"
34 | unique_name: true
35 | with_items: target
36 |
37 | # TODO -- scrub the old host from ~/.ssh/known_hosts
38 |
--------------------------------------------------------------------------------
/playbooks/threebean/dns.yml:
--------------------------------------------------------------------------------
1 | - name: setup dns pointers
2 | hosts: localhost
3 | connection: local
4 | gather_facts: false
5 |
6 | vars_files:
7 | - vars/global.yml
8 | - vars/private.yml
9 |
10 | tasks:
11 | - name: set up dns for fml.threebean.org
12 | route53:
13 | aws_access_key: "{{ aws_access_key }}"
14 | aws_secret_key: "{{ aws_secret_key }}"
15 | command: create
16 | overwrite: yes
17 | zone: threebean.org
18 | record: fml.threebean.org
19 | type: A
20 | value: "{{hostvars.computer01.ansible_ssh_host}}"
21 | - name: set up dns for badges.threebean.org
22 | route53:
23 | aws_access_key: "{{ aws_access_key }}"
24 | aws_secret_key: "{{ aws_secret_key }}"
25 | command: create
26 | overwrite: yes
27 | zone: threebean.org
28 | record: badges.threebean.org
29 | type: A
30 | value: "{{hostvars.computer01.ansible_ssh_host}}"
31 | - name: set up dns for tw2-demos.threebean.org
32 | route53:
33 | aws_access_key: "{{ aws_access_key }}"
34 | aws_secret_key: "{{ aws_secret_key }}"
35 | command: create
36 | overwrite: yes
37 | zone: threebean.org
38 | record: tw2-demos.threebean.org
39 | type: A
40 | value: "{{hostvars.computer01.ansible_ssh_host}}"
41 |
42 | - name: set up dns for fml.threebean.net
43 | route53:
44 | aws_access_key: "{{ aws_access_key }}"
45 | aws_secret_key: "{{ aws_secret_key }}"
46 | command: create
47 | overwrite: yes
48 | zone: threebean.net
49 | record: fml.threebean.net
50 | type: A
51 | value: "{{hostvars.computer01.ansible_ssh_host}}"
52 | - name: set up dns for badges.threebean.net
53 | route53:
54 | aws_access_key: "{{ aws_access_key }}"
55 | aws_secret_key: "{{ aws_secret_key }}"
56 | command: create
57 | overwrite: yes
58 | zone: threebean.net
59 | record: badges.threebean.net
60 | type: A
61 | value: "{{hostvars.computer01.ansible_ssh_host}}"
62 | - name: set up dns for tw2-demos.threebean.net
63 | route53:
64 | aws_access_key: "{{ aws_access_key }}"
65 | aws_secret_key: "{{ aws_secret_key }}"
66 | command: create
67 | overwrite: yes
68 | zone: threebean.net
69 | record: tw2-demos.threebean.net
70 | type: A
71 | value: "{{hostvars.computer01.ansible_ssh_host}}"
72 |
--------------------------------------------------------------------------------
/playbooks/threebean/fedorashell.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set up internal bouncer
3 | hosts: fedorashell
4 | vars_files:
5 | - vars/global.yml
6 | roles:
7 | - irc/internal
8 |
--------------------------------------------------------------------------------
/playbooks/threebean/laptop.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 |
4 | - name: system configuration (packages, etc...)
5 | hosts: geier
6 |
7 | vars_files:
8 | - vars/global.yml
9 |
10 | roles:
11 | - common
12 | - security
13 | - gnome/system
14 | - flash
15 | - jumpoff
16 | - development
17 | - task/client
18 | - rss/client
19 | - role: mail/client
20 | user: threebean
21 |
22 | - name: basics for the gnome user (shortcuts, etc..)
23 | hosts: geier
24 | su: yes
25 | su_user: threebean
26 |
27 | vars_files:
28 | - vars/global.yml
29 |
30 | roles:
31 | - role: gnome/user
32 | # Override the gpg settings for me with a longer timeout
33 | gpg_gsettings:
34 | - key: gpg-cache-method
35 | value: 'timeout'
36 | schema: org.gnome.crypto.cache
37 | - key: gpg-cache-ttl
38 | # 2100 seconds is 35 minutes
39 | value: 2100
40 | schema: org.gnome.crypto.cache
41 |
42 |
43 | # TODO -- two things not covered:
44 | # - ssh config, including the list of proxy commands
45 | # - gpg config, which doesn't really have anything in it anyways
46 |
--------------------------------------------------------------------------------
/playbooks/threebean/narcissus.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: setup the log sender on mirrors
3 | hosts: mirrors
4 | roles:
5 | - narcissus/sender
6 |
7 | - name: narcissus stuff for pencil
8 | hosts: narcissus
9 | roles:
10 | - narcissus/server
11 |
--------------------------------------------------------------------------------
/playbooks/threebean/provision.yml:
--------------------------------------------------------------------------------
1 | - name: provision cloud nodes
2 | hosts: localhost
3 | connection: local
4 | gather_facts: false
5 |
6 | vars_files:
7 | - vars/global.yml
8 | - vars/private.yml
9 |
10 | tasks:
11 | - include: "{{ tasks }}/provision.yml"
12 |
13 | # For some reason this is broken now... it was nice to have.
14 | #- name: setup a local /etc/hosts
15 | # hosts: localhost
16 | # connection: local
17 | # user: root
18 | #
19 | # vars_files:
20 | # - vars/global.yml
21 | #
22 | # tasks:
23 | # - include: "{{ tasks }}/record_hosts.yml"
24 |
--------------------------------------------------------------------------------
/playbooks/threebean/reboot.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: reboot that host
3 | hosts: "{{ target }}"
4 | user: root
5 |
6 | vars_files:
7 | - vars/global.yml
8 |
9 | tasks:
10 | - name: reboot the cloud host
11 | command: /sbin/reboot
12 |
13 | - name: wait for host to come back - up to 6 minutes
14 | wait_for:
15 | host: "{{ target }}"
16 | port: 22
17 | delay: 120
18 | timeout: 420
19 |
--------------------------------------------------------------------------------
/playbooks/threebean/site.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include: provision.yml
3 | - include: dns.yml
4 |
5 | - name: playbook | site | Set up security
6 | hosts: dynamic
7 | vars_files:
8 | - vars/global.yml
9 | roles:
10 | - role: security
11 |
12 | - name: playbook | site | Set up basic server config
13 | hosts: dynamic
14 | vars_files:
15 | - vars/global.yml
16 | roles:
17 | - role: common
18 | - role: server
19 |
20 | - name: playbook | site | Set up nagios head
21 | hosts: nagios
22 | vars_files:
23 | - vars/global.yml
24 | - vars/private.yml
25 | roles:
26 | - role: nagios/nrpe/common
27 | - role: nagios/head
28 | nagios_password: "{{ nagios }}"
29 |
30 | - name: playbook | site | Set up nrpe monitoring on all our nodes
31 | hosts: dynamic
32 | vars_files:
33 | - vars/global.yml
34 | roles:
35 | - role: nagios/nrpe/common
36 |
37 | - name: playbook | site | Set up nrpe website monitoring.
38 | hosts: nagios
39 | vars_files:
40 | - vars/global.yml
41 | roles:
42 | - role: nagios/nrpe/site
43 | site: narcissus.rc.rit.edu
44 | target: narcissus
45 | path: /map/
46 | timeout: 10
47 | - role: nagios/nrpe/websocket
48 | name: narcissus
49 | address: "ws://narcissus.rc.rit.edu:9998"
50 | topic: http_geojson
51 | timeout: 4
52 | - role: nagios/nrpe/site
53 | site: threebean.org
54 | target: widget
55 | path: /blog/
56 | timeout: 10
57 | - role: nagios/nrpe/site
58 | site: toscawidgets.org
59 | target: ZOMG
60 | path: /
61 | timeout: 10
62 | - role: nagios/nrpe/site
63 | site: monroe-threebean.rhcloud.com
64 | target: foreclosures
65 | path: /graph\?from_date=01%2F01%2F2013\&to_date=01%2F01%2F2013
66 | timeout: 30
67 | - role: nagios/nrpe/site
68 | site: www.wintonroad.org
69 | target: experienced
70 | path: /
71 | timeout: 10
72 | - role: nagios/nrpe/websocket
73 | name: fedmsg-websocket
74 | address: "wss://hub.fedoraproject.org:9939"
75 | timeout: 10
76 |
77 | - name: playbook | site | Set up bouncer
78 | hosts: buttermilk
79 | vars_files:
80 | - vars/global.yml
81 | - vars/private.yml
82 | roles:
83 | - irc/external
84 |
85 | - name: playbook | site | Set up computer01 content
86 | hosts: computer01
87 | vars_files:
88 | - vars/global.yml
89 | - vars/private.yml
90 | roles:
91 | - role: badges
92 | db_user: "{{ tahrir_db_user }}"
93 | db_password: "{{ tahrir_db_password }}"
94 | session_secret: "{{ tahrir_session_secret }}"
95 | authn_secret: "{{ tahrir_authn_secret }}"
96 | - role: s3backup
97 | name: tahrir-db
98 | target: /var/cache/tahrir/tahrir-db.sql
99 | bucket: threebean-cloud-backup
100 | s3_aws_backup_access_key: "{{ aws_backup_access_key }}"
101 | s3_aws_backup_secret_key: "{{ aws_backup_secret_key }}"
102 | - role: nagios/nrpe/site
103 | site: badges.threebean.org
104 | target: Tahrir
105 | path: /
106 | timeout: 10
107 |
108 | - role: tw2-demos
109 |
110 | - role: nagios/nrpe/site
111 | site: tw2-demos.threebean.org
112 | target: widget
113 | path: /
114 | timeout: 10
115 |
--------------------------------------------------------------------------------
/playbooks/threebean/vars/global.yml:
--------------------------------------------------------------------------------
1 | templates: /home/threebean/devel/lightsaber/templates
2 | tasks: /home/threebean/devel/lightsaber/tasks
3 |
--------------------------------------------------------------------------------
/playbooks/threebean/vars/private.yml:
--------------------------------------------------------------------------------
1 | $ANSIBLE_VAULT;1.1;AES256
2 | 38313630666561383039313065373039323563643736646465366333306638613566646632326332
3 | 3333323463623963303562313737633565333831393461360a303237306363383339623738633861
4 | 35373364313862303932626439366635313463343839393161343633656432633136383634376561
5 | 6462623935623361640a313135333433663966313331623464663137303535313963636538343664
6 | 37396630383935663538663936646463373238623363333537643966326138663364343639343361
7 | 62346535646261336136633337333336316633383937313861346534353463323266366530613564
8 | 34376534366262303033306164633566393634613361626633306535333331653962376231633934
9 | 62316164376435333734326339306139643030346161376262626637616135643732333737313331
10 | 32333630363937313137353839636661383534376663616366616466333134386238326232653631
11 | 62313030623861623533663038303239613362316431653332356363663964376434323564303135
12 | 63613765303732653439366564666335303035623664373031313466666637333133643966343432
13 | 61376264306461313866623533373735633336316166326132316632613136663731663464353438
14 | 38616538313166616338666362666638316530646562633633303033343366353832343364323162
15 | 35326164366166333563313961356232623961653964613230336666386433656332383666333435
16 | 32306339663532636439316561663137333966346536346435653831386561326665613130313534
17 | 61373366623264613837393032383339626333623164306232386639643565353236613937313433
18 | 33353463383331373764653932336636323162326633393766396632613036376666653433316436
19 | 31386266333661333761386561393439623339313262653531306362636536343839663565353337
20 | 63613433336263363635613732666639326665303461636463666539316666353238636565643236
21 | 39366335316532306136303533636366346331373863383134656534373333323230633564383535
22 | 36353336376366316464656461633366373238663031323233643230306666663232313335353635
23 | 36373665613434636364313032633566663662613064346366653833633637623139303631336566
24 | 32623662323465316432613063636136623135616632633436356436663466626562326361373231
25 | 61393037613531366439653931376436353963616539376663663935626564646439383462303636
26 | 36386565373537343565663231653864373633373334613331343634373436626639353639616631
27 | 37326366303636326138373461393631386336346164636439373533623434356537626433656536
28 | 36346537376462366662616266323131333131303030303164356566666564346630623166393933
29 | 37313330323037316533623565383966376337666263653966383166313138366231333063613039
30 | 35643762323034396630363965373837656232666638343739613561663233393462373933396435
31 | 66613835633361383038396462353036633236616163326535616234643637373333643132393630
32 | 66653134663731633736626438363535326538303238393561373839663332613937653434346431
33 | 32663165313632613734333432386435363865353566633431646436646237313130396533313532
34 | 36393330626235356466343339653062316338303333356538386465343262663865656632316431
35 | 39633564376662643536363431663236633862316230386530303963383936656238363336393736
36 | 64366339663537636361373831353661653635326131666133643064326631303965616439613631
37 | 34393466326430656261613937656461376335636235323964626662396635353266393463626663
38 | 30653363383832396265646663633737306537653737396462333866366665613535
39 |
--------------------------------------------------------------------------------
/roles/badges/files/add-badges-person:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ This is a CLI script for retrieving a person's id in the badges db given
3 | their FAS username.
4 | """
5 |
6 | import __main__
7 | __main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"];
8 | import pkg_resources
9 | pkg_resources.require(__requires__)
10 |
11 | import argparse
12 | import transaction
13 | import sys
14 |
15 | from tahrir_api.dbapi import TahrirDatabase
16 |
17 | import fedmsg
18 | import fedmsg.config
19 |
20 |
21 | def parse_args():
22 | parser = argparse.ArgumentParser(__doc__)
23 | parser.add_argument('--user', default=None, help="A FAS username")
24 | args = parser.parse_args()
25 | if not args.user:
26 | print "You must specify a FAS username."
27 | sys.exit(1)
28 | return args
29 |
30 |
31 | def initialize():
32 | return TahrirDatabase('sqlite:////var/cache/tahrir/tahrir-db.sql')
33 |
34 |
35 | def main(tahrir, nickname):
36 | person = tahrir.get_person(nickname=nickname)
37 |
38 | if person:
39 | print "Person already exists! %r" % nickname
40 | sys.exit(1)
41 |
42 | try:
43 | transaction.begin()
44 | tahrir.add_person(nickname=nickname, email=nickname + "@fedoraproject.org")
45 | transaction.commit()
46 | person = tahrir.get_person(nickname=nickname)
47 | print person.nickname, "has the id", person.id
48 | except Exception as e:
49 | transaction.abort()
50 | print "Failure:", e
51 |
52 |
53 | if __name__ == '__main__':
54 | args = parse_args()
55 | tahrir = initialize()
56 | main(tahrir, args.user)
57 |
--------------------------------------------------------------------------------
/roles/badges/files/award-badge:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ This is a CLI script for awarding a single badge to a single person.
3 |
4 | The intent is to use it to batch award a badge to a list of people.
5 | """
6 |
7 | import __main__
8 | __main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"];
9 | import pkg_resources
10 | pkg_resources.require(__requires__)
11 |
12 | import argparse
13 | import transaction
14 | import sys
15 |
16 | from tahrir_api.dbapi import TahrirDatabase
17 |
18 | import fedmsg
19 | import fedmsg.config
20 |
21 |
22 | def parse_args():
23 | parser = argparse.ArgumentParser(__doc__)
24 | parser.add_argument('--user', default=None, help="A FAS username")
25 | parser.add_argument('--badge', default=None, help="A badge id")
26 | args = parser.parse_args()
27 | if not args.user:
28 | print "You must specify a FAS username."
29 | sys.exit(1)
30 | if not args.badge:
31 | print "You must specify a badge id."
32 | sys.exit(1)
33 | return args
34 |
35 |
36 | def initialize():
37 | return TahrirDatabase('sqlite:////var/cache/tahrir/tahrir-db.sql')
38 |
39 |
40 | def main(tahrir, nickname, badge_id):
41 | person = tahrir.get_person(nickname=nickname)
42 | badge = tahrir.get_badge(badge_id)
43 |
44 | if not person:
45 | print "No such person %r" % nickname
46 | sys.exit(1)
47 |
48 | if not badge:
49 | print "No such badge %r" % badge_id
50 | sys.exit(1)
51 |
52 | already_has_it = [assertion.person for assertion in badge.assertions]
53 |
54 | if person in already_has_it:
55 | print "%r already has the %r badge..." % (nickname, badge_id)
56 | return
57 |
58 | print person.nickname, "totally gets the %r badge." % badge_id
59 | try:
60 | transaction.begin()
61 | tahrir.add_assertion(badge.id, person.email, None)
62 | transaction.commit()
63 | except Exception as e:
64 | transaction.abort()
65 | print "Failure:", e
66 |
67 |
68 | if __name__ == '__main__':
69 | args = parse_args()
70 | tahrir = initialize()
71 | main(tahrir, args.user, args.badge)
72 |
--------------------------------------------------------------------------------
/roles/badges/files/get-badges-person-id:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ This is a CLI script for retrieving a person's id in the badges db given
3 | their FAS username.
4 | """
5 |
6 | import __main__
7 | __main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"];
8 | import pkg_resources
9 | pkg_resources.require(__requires__)
10 |
11 | import argparse
12 | import transaction
13 | import sys
14 |
15 | from tahrir_api.dbapi import TahrirDatabase
16 |
17 | import fedmsg
18 | import fedmsg.config
19 |
20 |
21 | def parse_args():
22 | parser = argparse.ArgumentParser(__doc__)
23 | parser.add_argument('--user', default=None, help="A FAS username")
24 | args = parser.parse_args()
25 | if not args.user:
26 | print "You must specify a FAS username."
27 | sys.exit(1)
28 | return args
29 |
30 |
31 | def initialize():
32 | return TahrirDatabase('sqlite:////var/cache/tahrir/tahrir-db.sql')
33 |
34 |
35 | def main(tahrir, nickname):
36 | person = tahrir.get_person(nickname=nickname)
37 |
38 | if not person:
39 | print "No such person %r" % nickname
40 | sys.exit(1)
41 |
42 | print person.nickname, "has the id", person.id
43 |
44 |
45 | if __name__ == '__main__':
46 | args = parse_args()
47 | tahrir = initialize()
48 | main(tahrir, args.user)
49 |
--------------------------------------------------------------------------------
/roles/badges/files/tahrir.conf:
--------------------------------------------------------------------------------
1 |
2 | WSGIDaemonProcess tahrir user=tahrir group=tahrir maximum-requests=1000 display-name=tahrir processes=1 threads=1
3 | WSGISocketPrefix run/wsgi
4 | WSGIRestrictStdout On
5 | WSGIRestrictSignal Off
6 | WSGIPythonOptimize 1
7 |
8 |
9 | ServerName badges.threebean.org
10 | ErrorLog /var/log/httpd/badges.threebean.org-error_log
11 | CustomLog /var/log/httpd/badges.threebean.org-access_log common
12 | #DocumentRoot /www/example2
13 |
14 | #Alias /static /usr/lib/python2.7/site-packages/tahrir/static
15 | Alias /static /usr/lib/python2.7/site-packages/threebean_tahrir_theme/static
16 | Alias /pngs /usr/share/badges/pngs
17 |
18 | WSGIScriptAlias / /usr/share/tahrir/tahrir.wsgi
19 |
20 |
21 | WSGIProcessGroup tahrir
22 | Require all granted
23 |
24 |
25 |
--------------------------------------------------------------------------------
/roles/badges/files/tahrir.wsgi:
--------------------------------------------------------------------------------
1 | import sys
2 | sys.stdout = sys.stderr
3 |
4 | import os
5 | os.environ['PYTHON_EGG_CACHE'] = '/var/www/.python-eggs'
6 |
7 | from pyramid.paster import get_app, setup_logging
8 | ini_path = '/etc/tahrir/tahrir.ini'
9 | setup_logging(ini_path)
10 |
11 | application = get_app(ini_path, 'main')
12 |
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/a-badge-er.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/a-badge-er.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/dark-and-horrible-magic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/dark-and-horrible-magic.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/foss-academy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/foss-academy.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/lightning.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/lightning.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/love.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/love.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/plus-one.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/plus-one.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/quantum.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/quantum.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/special.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/special.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-pngs/sweet-suite.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/badges/files/threebean-pngs/sweet-suite.png
--------------------------------------------------------------------------------
/roles/badges/files/threebean-sitedocs/about.rst:
--------------------------------------------------------------------------------
1 | threebean's badges
2 | ==================
3 |
4 | This is my own personal instance of `التحرير (Tahrir)
5 | `_, the web application that powers
6 | `Fedora Badges `_. I use it to award
7 | fun/random `open badges `_ to my friends and colleagues.
8 |
9 | I use an `ansible `_ playbook to deploy it to Fedora
10 | 19 on `digital ocean `_.
11 | You are more than welcome to `copy the playbook and/or role
12 | `_ to set up your own.
13 |
--------------------------------------------------------------------------------
/roles/badges/files/threebean-sitedocs/footer.rst:
--------------------------------------------------------------------------------
1 | A `😎 threebean 😎 `_ project.
2 |
--------------------------------------------------------------------------------
/roles/badges/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart httpd
2 | service:
3 | name: httpd
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/common/files/bashrc-decause:
--------------------------------------------------------------------------------
1 | # .bashrc
2 |
3 | # Source global definitions
4 | if [ -f /etc/bashrc ]; then
5 | . /etc/bashrc
6 | fi
7 |
8 | # Uncomment the following line if you don't like systemctl's auto-paging feature:
9 | # export SYSTEMD_PAGER=
10 |
11 | # User specific aliases and functions
12 | export GPG_INFO_FILE=~/.gpg-agent-info
13 | touch $GPG_INFO_FILE
14 | if [ "$(cat $GPG_INFO_FILE)" != "$GPG_AGENT_INFO" ]; then
15 | if [ "$GPG_AGENT_INFO" != "" ]; then
16 | echo $GPG_AGENT_INFO > $GPG_INFO_FILE
17 | chmod 600 $GPG_INFO_FILE
18 | else
19 | export GPG_AGENT_INFO=$(cat $GPG_INFO_FILE)
20 | fi
21 | fi
22 |
23 | # Run this every time a terminal is opened
24 | task list limit:page
25 |
--------------------------------------------------------------------------------
/roles/common/files/bashrc-gitprompt:
--------------------------------------------------------------------------------
1 | #/etc/bashrc-gitprompt
2 | # Git in my promptz
3 | if [[ $- == *i* ]] ; then
4 | c_cyan=`tput setaf 6`
5 | c_red=`tput setaf 1`
6 | c_green=`tput setaf 2`
7 | c_sgr0=`tput sgr0`
8 |
9 | parse_git_branch ()
10 | {
11 | if git rev-parse --git-dir >/dev/null 2>&1
12 | then
13 | gitver=$(git branch 2>/dev/null| sed -n '/^\*/s/^\* //p')
14 | numfil=$(git status | grep "# " | wc -l)
15 | echo -e git:$gitver:$numfil
16 |
17 | elif hg status -q >/dev/null 2>&1
18 | then
19 | hgver=$(hg branch 2>/dev/null)
20 | numfil=$(hg status | wc -l)
21 | echo -e hg:$hgver:$numfil
22 | else
23 | return 0
24 | fi
25 | }
26 |
27 | branch_color ()
28 | {
29 | color="${c_red}"
30 | if git rev-parse --git-dir >/dev/null 2>&1
31 | then
32 | if git status | grep "nothing to commit" 2>&1 > /dev/null
33 | then
34 | color=${c_green}
35 | fi
36 | elif hg status -q >/dev/null 2>&1
37 | then
38 | if expr $(hg status | wc -l) == 0 2>&1 > /dev/null
39 | then
40 | color=${c_green}
41 | fi
42 | else
43 | return 0
44 | fi
45 | echo -ne $color
46 | }
47 |
48 | PS1='[\u@\h \[${c_red}\]\W\[${c_sgr0}\] [\[$(branch_color)\]$(parse_git_branch)\[${c_sgr0}\]]]$ '
49 | fi
50 |
51 |
--------------------------------------------------------------------------------
/roles/common/files/bashrc-root:
--------------------------------------------------------------------------------
1 | # .bashrc
2 |
3 | # Source global definitions
4 | if [ -f /etc/bashrc ]; then
5 | . /etc/bashrc
6 | fi
7 |
8 | # Uncomment the following line if you don't like systemctl's auto-paging feature:
9 | # export SYSTEMD_PAGER=
10 |
11 | # User specific aliases and functions
12 |
--------------------------------------------------------------------------------
/roles/common/files/gitconfig-decause:
--------------------------------------------------------------------------------
1 | [user]
2 | name = Remy DeCausemaker
3 | email = decause@redhat.com
4 | [color]
5 | ui = auto
6 | [branch]
7 | autosetuprebase = always
8 | [alias]
9 | l = "!source ~/.githelpers && pretty_git_log"
10 | amend = commit --amend
11 | aa = add --all
12 | head = !git l -1
13 | h = !git head
14 | hp = "!source ~/.githelpers && show_git_head"
15 | r = !git l
16 | ra = !git r --all
17 | ff = merge --ff-only
18 | pullff = pull --ff-only
19 | noff = merge --no-ff
20 | la = !git l --all
21 | div = divergence
22 | gn = goodness
23 | gnc = goodness --cached
24 | fa = fetch --all
25 | pa = push --all
26 | b = branch
27 | ds = diff --stat=160,120
28 | dh1 = diff HEAD~1
29 | [giggle]
30 | main-window-maximized = true
31 | main-window-geometry = 700x550+1+61
32 | history-view-vpane-position = 362
33 | file-view-vpane-position = 578
34 | main-window-view = HistoryView
35 | [push]
36 | default = tracking
37 | [sendemail]
38 | smtpserver = /usr/bin/msmtp
39 |
--------------------------------------------------------------------------------
/roles/common/files/gitconfig-threebean:
--------------------------------------------------------------------------------
1 | [user]
2 | name = Ralph Bean
3 | email = rbean@redhat.com
4 | [color]
5 | ui = auto
6 | [branch]
7 | autosetuprebase = always
8 | [alias]
9 | l = "!source ~/.githelpers && pretty_git_log"
10 | amend = commit --amend
11 | aa = add --all
12 | head = !git l -1
13 | h = !git head
14 | hp = "!source ~/.githelpers && show_git_head"
15 | r = !git l
16 | ra = !git r --all
17 | ff = merge --ff-only
18 | pullff = pull --ff-only
19 | noff = merge --no-ff
20 | la = !git l --all
21 | div = divergence
22 | gn = goodness
23 | gnc = goodness --cached
24 | fa = fetch --all
25 | pa = push --all
26 | b = branch
27 | ds = diff --stat=160,120
28 | dh1 = diff HEAD~1
29 | [giggle]
30 | main-window-maximized = true
31 | main-window-geometry = 700x550+1+61
32 | history-view-vpane-position = 362
33 | file-view-vpane-position = 578
34 | main-window-view = HistoryView
35 | [push]
36 | default = tracking
37 | [sendemail]
38 | smtpserver = /usr/bin/msmtp
39 |
--------------------------------------------------------------------------------
/roles/common/files/githelpers-decause:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Log output:
4 | #
5 | # * 51c333e (12 days) add vim-eunuch
6 | #
7 | # The time massaging regexes start with ^[^<]* because that ensures that they
8 | # only operate before the first "<". That "<" will be the beginning of the
9 | # author name, ensuring that we don't destroy anything in the commit message
10 | # that looks like time.
11 | #
12 | # The log format uses } characters between each field, and `column` is later
13 | # used to split on them. A } in the commit subject or any other field will
14 | # break this.
15 |
16 | HASH="%C(yellow)%h%Creset"
17 | RELATIVE_TIME="%Cgreen(%ar)%Creset"
18 | AUTHOR="%C(bold blue)<%an>%Creset"
19 | REFS="%C(red)%d%Creset"
20 | SUBJECT="%s"
21 |
22 | FORMAT="$HASH}$RELATIVE_TIME}$AUTHOR}$REFS $SUBJECT"
23 |
24 | show_git_head() {
25 | pretty_git_log -1
26 | git show -p --pretty="tformat:"
27 | }
28 |
29 | pretty_git_log() {
30 | git log --graph --abbrev-commit --date=relative --pretty="tformat:${FORMAT}" $* |
31 | # Repalce (2 years ago) with (2 years)
32 | #sed -Ee 's/(^[^<]*) ago)/\1)/' |
33 | # Replace (2 years, 5 months) with (2 years)
34 | #sed -Ee 's/(^[^<]*), [[:digit:]]+ .*months?)/\1)/' |
35 | # Line columns up based on } delimiter
36 | column -s '}' -t |
37 | # Page only if we need to
38 | less -FXRS
39 | }
40 |
41 |
--------------------------------------------------------------------------------
/roles/common/files/githelpers-threebean:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Log output:
4 | #
5 | # * 51c333e (12 days) add vim-eunuch
6 | #
7 | # The time massaging regexes start with ^[^<]* because that ensures that they
8 | # only operate before the first "<". That "<" will be the beginning of the
9 | # author name, ensuring that we don't destroy anything in the commit message
10 | # that looks like time.
11 | #
12 | # The log format uses } characters between each field, and `column` is later
13 | # used to split on them. A } in the commit subject or any other field will
14 | # break this.
15 |
16 | HASH="%C(yellow)%h%Creset"
17 | RELATIVE_TIME="%Cgreen(%ar)%Creset"
18 | AUTHOR="%C(bold blue)<%an>%Creset"
19 | REFS="%C(red)%d%Creset"
20 | SUBJECT="%s"
21 |
22 | FORMAT="$HASH}$RELATIVE_TIME}$AUTHOR}$REFS $SUBJECT"
23 |
24 | show_git_head() {
25 | pretty_git_log -1
26 | git show -p --pretty="tformat:"
27 | }
28 |
29 | pretty_git_log() {
30 | git log --graph --abbrev-commit --date=relative --pretty="tformat:${FORMAT}" $* |
31 | # Repalce (2 years ago) with (2 years)
32 | #sed -Ee 's/(^[^<]*) ago)/\1)/' |
33 | # Replace (2 years, 5 months) with (2 years)
34 | #sed -Ee 's/(^[^<]*), [[:digit:]]+ .*months?)/\1)/' |
35 | # Line columns up based on } delimiter
36 | column -s '}' -t |
37 | # Page only if we need to
38 | less -FXRS
39 | }
40 |
41 |
--------------------------------------------------------------------------------
/roles/common/files/tmux.conf:
--------------------------------------------------------------------------------
1 | set -g default-terminal "screen-256color"
2 | setw -g utf8 on
3 | set -g status-utf8 on
4 | set -g status-justify centre
5 | setw -g monitor-activity on
6 | set -g visual-activity on
7 | setw -g mode-keys vi
8 |
9 | bind-key u capture-pane \; save-buffer /tmp/tmux-buffer \; new-window -n "urlview" '$SHELL -c "urlview < /tmp/tmux-buffer"'
10 |
11 | bind r source-file ~/.tmux.conf \; display "Reloaded!"
12 |
13 | # ctrl-a for executing commands in tested tmux sessions
14 | bind-key a send-prefix
15 |
16 | # rebind pane tiling
17 | bind V split-window -h
18 | bind H split-window
19 |
20 | # force a reload of the config file
21 | unbind r
22 | bind r source-file ~/.tmux.conf
23 |
24 | # status bar config
25 | set -g status-left "#h:[#S]"
26 | set -g status-left-length 50
27 | set -g status-right-length 50
28 | set -g status-right "⚡ %H:%M %d-%h-%Y"
29 | setw -g window-status-current-format "|#I:#W|"
30 | set-window-option -g automatic-rename off
31 |
32 | set -g mouse-select-pane on
33 | set -g mouse-resize-pane on
34 |
--------------------------------------------------------------------------------
/roles/common/files/vimrc.local-root:
--------------------------------------------------------------------------------
1 | " Nothing here yet
2 |
--------------------------------------------------------------------------------
/roles/common/files/zshrc-global:
--------------------------------------------------------------------------------
1 | # Path to your oh-my-zsh configuration.
2 | ZSH=/usr/local/share/oh-my-zsh
3 |
4 | # Set name of the theme to load.
5 | # Look in /usr/local/share/oh-my-zsh/themes/
6 | ZSH_THEME="dst"
7 | if [ $HOSTNAME = "geier" ]; then
8 | ZSH_THEME="nicoulaj"
9 | else
10 | ZSH_THEME="dst"
11 | fi
12 |
13 | # Set to this to use case-sensitive completion
14 | CASE_SENSITIVE="false"
15 |
16 | # Comment this out to disable weekly auto-update checks
17 | DISABLE_AUTO_UPDATE="true"
18 |
19 | # Uncomment following line if you want red dots to be displayed while waiting for completion
20 | COMPLETION_WAITING_DOTS="true"
21 |
22 | # Which plugins would you like to load? (plugins can be found in ~/.oh-my-zsh/plugins/*)
23 | # Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
24 | # Example format: plugins=(rails git textmate ruby lighthouse)
25 | plugins=(battery git git-flow github mercurial pip python taskwarrior yum)
26 |
27 | export EDITOR=vim
28 |
29 | # Pull in the big tamale
30 | source $ZSH/oh-my-zsh.sh
31 |
32 | export BATTERY=1
33 | export MAILCHECK=0
34 |
35 | export HGMERGE=/usr/bin/meld
36 | alias fdate="date '+%F'"
37 | alias gthumb="eog"
38 |
39 | bindkey '^[[1;5D' emacs-backward-word
40 | bindkey '^[[1;5C' emacs-forward-word
41 |
--------------------------------------------------------------------------------
/roles/common/files/zshrc-root:
--------------------------------------------------------------------------------
1 | # Nothing here yet
2 |
--------------------------------------------------------------------------------
/roles/common/files/zshrc-threebean:
--------------------------------------------------------------------------------
1 | # Path to your oh-my-zsh configuration.
2 | ZSH=/usr/local/share/oh-my-zsh
3 |
4 | # Set name of the theme to load.
5 | # Look in ~/.oh-my-zsh/themes/
6 | # Optionally, if you set this to "random", it'll load a random theme each
7 | # time that oh-my-zsh is loaded.
8 | if [ $HOSTNAME = "geier" ]; then
9 | ZSH_THEME="nicoulaj"
10 | else
11 | ZSH_THEME="dst"
12 | fi
13 |
14 | # Example aliases
15 | # alias zshconfig="mate ~/.zshrc"
16 | # alias ohmyzsh="mate ~/.oh-my-zsh"
17 |
18 | # Set to this to use case-sensitive completion
19 | CASE_SENSITIVE="false"
20 |
21 | # Comment this out to disable weekly auto-update checks
22 | # DISABLE_AUTO_UPDATE="true"
23 |
24 | # Uncomment following line if you want to disable colors in ls
25 | # DISABLE_LS_COLORS="true"
26 |
27 | # Uncomment following line if you want to disable autosetting terminal title.
28 | # DISABLE_AUTO_TITLE="true"
29 |
30 | # Uncomment following line if you want red dots to be displayed while waiting for completion
31 | COMPLETION_WAITING_DOTS="true"
32 |
33 | # Which plugins would you like to load? (plugins can be found in ~/.oh-my-zsh/plugins/*)
34 | # Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
35 | # Example format: plugins=(rails git textmate ruby lighthouse)
36 | plugins=(battery git git-flow github mercurial pip python taskwarrior yum)
37 |
38 | # Pull in the big tamale after setting up all those vars.
39 | source $ZSH/oh-my-zsh.sh
40 |
41 | export EDITOR=vim
42 |
43 | # virtualenv stuff (put here by the moksha fabric bootstrap process)
44 | export WORKON_HOME=/home/threebean/.virtualenvs;
45 | source /usr/bin/virtualenvwrapper.sh;
46 |
47 | # go lang stuff
48 | export GOPATH="$HOME/remotes"
49 |
50 | # Customize to your needs...
51 | export BATTERY=1
52 | export MAILCHECK=0
53 |
54 | export HGMERGE=/usr/bin/meld
55 | alias fdate="date '+%F'"
56 | alias gthumb="eog"
57 | alias sup="mutt"
58 | alias git="hub"
59 | alias teleport='pushd $VIRTUAL_ENV/lib/python*/site-packages/'
60 |
61 | #alias task="task proj.isnt:house"
62 | #alias iso="task proj:iso"
63 |
64 | export BODHI_USER="ralph"
65 |
66 | bindkey '^[[1;5D' emacs-backward-word
67 | bindkey '^[[1;5C' emacs-forward-word
68 |
69 | PATH=/home/threebean/bin:$PATH
70 | PATH=$PATH:/home/threebean/local/bin
71 |
72 |
73 | # Git stuff
74 | source ~/.githelpers
75 | alias glog="pretty_git_log"
76 |
77 | export GPG_INFO_FILE=~/.gpg-agent-info
78 | touch $GPG_INFO_FILE
79 | if [ "$(cat $GPG_INFO_FILE)" != "$GPG_AGENT_INFO" ]; then
80 | if [ "$GPG_AGENT_INFO" != "" ]; then
81 | echo $GPG_AGENT_INFO > $GPG_INFO_FILE
82 | chmod 600 $GPG_INFO_FILE
83 | else
84 | export GPG_AGENT_INFO=$(cat $GPG_INFO_FILE)
85 | fi
86 | fi
87 |
--------------------------------------------------------------------------------
/roles/development/files/bin/bonk:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | git stash && git stash pop
3 |
--------------------------------------------------------------------------------
/roles/development/files/bin/build-blog.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -x
2 |
3 | # build the blog
4 | pushd ~/devel/threebean-blog
5 | git pull origin master
6 | source ~/.virtualenvs/threebean-blog/bin/activate
7 | blogofile build
8 | rm -rf ~/scratch/threebean.org/blog
9 | cp -rf _site/ ~/scratch/threebean.org/blog
10 | deactivate
11 | source ~/.virtualenvs/awscli/bin/activate
12 | aws s3 sync ~/scratch/threebean.org s3://threebean.org
13 | popd
14 |
--------------------------------------------------------------------------------
/roles/development/files/bin/buildroot-monster.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ Take a list of packages as arguments.
3 |
4 | Print a giant shell oneliner to be executed by the user that generates buildroot
5 | overrides for all the latest builds of all the packages passed in.
6 |
7 | """
8 |
9 | import sh
10 | import sys
11 | import pprint
12 |
13 | if __name__ == '__main__':
14 | builds = set()
15 | packages = sys.argv[1:]
16 | for package in packages:
17 | print "Querying %r" % package
18 | output = sh.bodhi(latest=package)
19 | for line in output.strip().split('\n'):
20 | print "\t%r" % line.strip()
21 | root, build = line.strip().split(' ')
22 | if 'testing' in root or 'candidate' in root:
23 | builds.add(build)
24 |
25 | print "-" * 20
26 | pprint.pprint(builds)
27 | print "-" * 20
28 | notes = raw_input("Notes: ")
29 | print "-" * 20
30 |
31 | tmpl = "~/.virtualenvs/bodhi-python2.7/bin/bodhi overrides save {nvra} --user ralph --notes=\"{notes}\" --duration=20"
32 | print " &&\\\n".join([tmpl.format(nvra=build, notes=notes)
33 | for build in sorted(list(builds))])
34 |
--------------------------------------------------------------------------------
/roles/development/files/bin/check-anitya.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import requests
4 | import sys
5 |
6 | if __name__ == '__main__':
7 | project = sys.argv[-1]
8 |
9 | anitya_url = 'https://release-monitoring.org'
10 |
11 | url = '%s/api/projects/?pattern=%s' % (anitya_url, project)
12 | response = requests.get(url)
13 |
14 | data = response.json()
15 |
16 | if data['total'] < 1:
17 | print "No project by the name of %r found." % project
18 | sys.exit(1)
19 |
20 | if data['total'] > 1:
21 | print "Name %r ambiguous, %r entries found." % (project, data['total'])
22 | sys.exit(2)
23 |
24 | # OK - then we found the project. Now force a check.
25 | idx = data['projects'][0]['id']
26 | url = '%s/api/version/get' % anitya_url
27 | resp = requests.post(url, data=dict(id=idx))
28 | data = resp.json()
29 |
30 | if 'error' in data:
31 | print 'Anitya error: %r' % data['error']
32 | sys.exit(3)
33 |
34 | print "Check yielded upstream version %s for %s" % (
35 | data['version'], data['name'])
36 |
37 | if not any([p['distro'] == 'Fedora' for p in data['packages']]):
38 | print "WARN: Not mapped to Fedora."
39 | print "%s/project/%i" % (anitya_url, idx)
40 |
--------------------------------------------------------------------------------
/roles/development/files/bin/download-rpms.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ Downloads rpms from a koji task.
3 |
4 | Kind of like 'koji download-build' except:
5 |
6 | 1) it is standalone
7 | 2) it works on tasks, not just builds.
8 |
9 | Author: Ralph Bean
10 |
11 | """
12 |
13 | import bs4
14 | import os
15 | import requests
16 | import sys
17 | import urllib
18 |
19 | idx = sys.argv[-1]
20 | int(idx) # Be sure its an int.
21 |
22 | prefix = '/var/tmp/ralph-rpms'
23 |
24 | template = 'http://koji.fedoraproject.org/koji/taskinfo?taskID={idx}'
25 | response = requests.get(template.format(idx=idx))
26 |
27 | soup = bs4.BeautifulSoup(response.text)
28 |
29 | anchors = soup.findAll('a')
30 | for anchor in anchors:
31 | href = anchor['href']
32 | if href.endswith('.rpm'):
33 | filename = os.path.join(prefix, href.split('/')[-1])
34 | print "* Downloading", href
35 | print " to", filename
36 | urllib.urlretrieve(href, filename)
37 |
--------------------------------------------------------------------------------
/roles/development/files/bin/flow-finish.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | git push origin develop:develop
4 | git push origin master:master
5 | git push origin --tags
6 |
--------------------------------------------------------------------------------
/roles/development/files/bin/freshness:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | git checkout master
4 | git fetch
5 | git pull origin master
6 |
--------------------------------------------------------------------------------
/roles/development/files/bin/kill-pyc.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | find . -name "*.py[co]" -delete -or -name "__pycache__" -delete -or -name "*.egg*" -delete
3 |
--------------------------------------------------------------------------------
/roles/development/files/bin/meeting-notes.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import collections
4 | import time
5 | import datetime
6 |
7 | import requests
8 |
9 | mon, tue, wed, thu, fri, sat, sun = range(7)
10 |
11 | def last(day):
12 | today = datetime.date.today()
13 | offset = (today.weekday() + 6 - day) % 7
14 | return today - datetime.timedelta(days=offset)
15 |
16 | last_wednesday = time.mktime(last(thu).timetuple())
17 |
18 | def place_child(container, message):
19 | """ Recursively try to place a child message with its parent. """
20 | if not message['in-reply-to']:
21 | return False
22 | if message['in-reply-to'] in container:
23 | container[message['in-reply-to']]['children'][message['message-id']] = message
24 | return True
25 | for parent_id, parent in container.items():
26 | if place_child(parent['children'], message):
27 | return True
28 | return False
29 |
30 | def print_tree(tree, depth=0):
31 | """ Recursively print out a tree of responses. """
32 | prefix = "#info"
33 | if depth:
34 | prefix = " " * len(prefix) + " " * depth
35 |
36 | for idx, msg in tree.items():
37 | subject = msg['subject']
38 | author = msg['from'].split()[0]
39 | link = msg['archived-at'].strip('<>')
40 | print("%s %s - %s - %s" % (prefix, subject, author, link))
41 | print_tree(msg['children'], depth + 1)
42 |
43 | if __name__ == '__main__':
44 | datagrepper = 'https://apps.fedoraproject.org/datagrepper/raw'
45 | response = requests.get(datagrepper, params=dict(
46 | topic='org.fedoraproject.prod.mailman.receive',
47 | contains='infrastructure',
48 | rows_per_page=100,
49 | start=last_wednesday,
50 | order='asc',
51 | ))
52 |
53 | data = response.json()
54 | original_messages = data['raw_messages']
55 | threaded_messages = collections.OrderedDict()
56 |
57 | for message in original_messages:
58 | msg = message['msg']['msg']
59 | msg['children'] = collections.OrderedDict()
60 | if not place_child(threaded_messages, msg):
61 | threaded_messages[msg['message-id']] = msg
62 |
63 | print_tree(threaded_messages)
64 |
--------------------------------------------------------------------------------
/roles/development/files/bin/rpmbuild-and-upload.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | spec=$1
4 |
5 | srpm=$(rpmbuild -bs $spec | awk ' { print $2 } ')
6 | srpm=$(python -c "import os.path; print os.path.relpath('$srpm')")
7 |
8 | cp $spec ~/scratch/threebean.org/rpm/SPECS/.
9 | cp $srpm ~/scratch/threebean.org/rpm/SRPMS/.
10 |
11 | # Buckets -> Duckets
12 | /home/threebean/.virtualenvs/awscli/bin/aws s3 sync \
13 | ~/scratch/threebean.org/ s3://threebean.org
14 |
15 | echo "Spec URL: http://threebean.org/rpm/$spec"
16 | echo "SRPM URL: http://threebean.org/rpm/$srpm"
17 |
--------------------------------------------------------------------------------
/roles/development/files/bin/slurp:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | git checkout develop
4 | git pull origin develop
5 |
--------------------------------------------------------------------------------
/roles/development/files/bin/slurp-upstream:
--------------------------------------------------------------------------------
1 | #!/bin/bash -xv
2 |
3 | VERSION=$1
4 |
5 | if [ -z "$VERSION" ]; then
6 | echo "Must pass a VERSION";
7 | exit 1
8 | fi
9 |
10 | freshness
11 |
12 | rpmdev-bumpspec -n $VERSION *.spec
13 | spectool -g *.spec
14 |
15 | cp * ~/rpmbuild/SOURCES/.
16 |
17 | srpm=$(rpmbuild -bs *.spec | awk ' { print $2 } ')
18 | echo $srpm
19 | koji build --scratch rawhide $srpm && \
20 | fedpkg new-sources *$VERSION* && \
21 | bonk && \
22 | git commit -a -m "$VERSION" && \
23 | fedpkg push && fedpkg build && echo "check for the hotness msg"
24 |
--------------------------------------------------------------------------------
/roles/development/files/bin/teleport:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | cd $VIRTUAL_ENV/lib/python*/site-packages/
4 |
--------------------------------------------------------------------------------
/roles/development/files/bin/updates-list.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import fedora.client.bodhi
4 |
5 | username = "ralph"
6 |
7 | client = fedora.client.bodhi.Bodhi2Client()
8 |
9 | print " * Making query against bodhi."
10 | data = client.query(
11 | status="testing",
12 | user=username,
13 | limit=999,
14 | )
15 |
16 | link = lambda s: "https://bodhi.fedoraproject.org/updates/%s" % s
17 |
18 | good, bad = [], []
19 |
20 | # Scrape the comments to figure out what we can do. :-x
21 | for update in data['updates']:
22 | if update.request:
23 | continue
24 | if update.meets_testing_requirements:
25 | good.append(update)
26 | else:
27 | bad.append(update)
28 |
29 | def print_title(title):
30 | print
31 | print '-' * len(title)
32 | print title
33 | print '-' * len(title)
34 |
35 | print_title("these are not ready to be pushed")
36 |
37 | for update in bad:
38 | print " -", update.karma, link(update.title)
39 |
40 | print_title("these should be good to go")
41 |
42 | for update in good:
43 | print " +", update.karma, link(update.title)
44 |
--------------------------------------------------------------------------------
/roles/development/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Include some packages
2 | dnf:
3 | name: "{{ item }}"
4 | state: present
5 | with_items:
6 | - git
7 | - gitflow
8 | - hub
9 | - python-sh
10 | - python-virtualenvwrapper
11 | - python-pip
12 | - gcc
13 | - gcc-c++
14 | - libcurl-devel
15 | - hovercraft
16 | - libffi-devel
17 | - zeromq-devel
18 | - pkgwat
19 | - fedpkg
20 | - fedora-packager
21 | - redhat-rpm-config
22 | - libxslt-devel # For building lxml in a venv
23 | tags:
24 | - development
25 |
26 | - name: Synchronize some scripts to /usr/local/bin
27 | synchronize:
28 | src: bin/
29 | dest: /usr/local/bin/
30 | tags:
31 | - development
32 |
--------------------------------------------------------------------------------
/roles/flash/files/RPM-GPG-KEY-adobe-linux:
--------------------------------------------------------------------------------
1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
2 | Version: GnuPG v1.2.6 (GNU/Linux)
3 |
4 | mQGiBEXlsbkRBACdGA0PaNHSYxn9K5SPo5e7mEsVpl37Xm7F2m1nTIMLq2v/IT8Z
5 | bhLhVXTCR9amFRR4qV+AN6SJeXEYeMrZW/7TiMkULfkoThrtTF/spUK5/HvTGgqh
6 | iGVbBQfqx65mboeXNQwLGXSBCtA7zA2PM/E0oLwpEuJidAodsQLKNQIKWwCgxDq8
7 | wz0/jcqyIULCYasHmz56dFsD/2Ye27k52I1TRT3EvBIjOkmNfic8rkkoJfuTFRFM
8 | Ivb+jot1Y6JltCHjqgwGmBi3hPJjOxti0yO1s82m9RKBKzKNGl4/yp4QI6mftK0x
9 | F0U8RW5kD7oKD5jYGU6ZZuivZ9SpBg7PdEFXzTTYXwrBD3/W0AkXB/mGSlO4cA9f
10 | GsUuA/97tCsspIJKTuKLrt82heu9BUk7Uq56fB2HGjrwAlPgKAR9ajuXjdNwfEOS
11 | 928kKP544YE5U3pL1J4INEjgzeAiKjtK7npxOVj7clXvO8bi1D3IjJe1NtF2gGbt
12 | +gmi38fDqj8iox43ihNbiib3od8GFu30wmr0uJCQC2cEF+paw7RFQWRvYmUgU3lz
13 | dGVtcyBJbmNvcnBvcmF0ZWQgKExpbnV4IFJQTSBTaWduaW5nIEtleSkgPHNlY3Vy
14 | ZUBhZG9iZS5jb20+iF4EExECAB4FAkXlsbkCGwMGCwkIBwMCAxUCAwMWAgECHgEC
15 | F4AACgkQOmm9JPZ3fGe6bgCfRyDO0U8iQM5kHs6kesgio556JPUAoJw5ta+DACp2
16 | SbHaG7wwEVOZQBdeuQINBEXlsb4QCACPQRsfdoPMxwACfGh9hc6toEctrLNbzmz0
17 | W6tDKBWmbUm5c0RMKSBOHWBQtVhtS6XI2eIPB8XPKoz0uXaeqSYoZaG/vol1mUVz
18 | ovVQa16yOHjzwK9VaQ1OxwF2UQ77amI1mT06FBuvu9xw/qyzCQiEqv6mXHp3yw8p
19 | yU4n99Jc+B5M3Qs2Ppx8DRu31uM+jW6WIxP5uFWwFty1zftqTFrfbU6DXsJsAdto
20 | FnzcbUaweK7Ibd03jdLzibkztrXKb4VasW92RlkCucJU2CaYXpW8CCBJnZ+hzvJp
21 | RMp1YKBCcgWCm743pjpRtY5aPMl+5hBAuBsAJ+odLNM2LlWeWbzjAAMFB/44U5sJ
22 | WDveeN1drH+WCCMNO83Ixv3i8YAxJgtArQZ36MHauRrAQQLjzjC78YHzeydixoeM
23 | iBPvCpqz+kggxl2Nk2YyLIzzuP4BkZuusb46QvEO3FVHGeMNJnF7phbyg5/wE8gS
24 | /KjlbiAQ8sDQ/ddDQbJfpgxQT5dBou3lcjrD7L5xJokDFJUoQ3w9N0Wnk96YgtFY
25 | rdw0qXm/s5bnes4udSmwheGsKyvaP0r+ahfznQGJlNOxsqNWLGESyA79lnf3Hs79
26 | 8Tr3n4rqBkecRVdHzLFtzI+mRmwRtQETMr7SL6vRD4c1Vq7aZMuRQ0kgeDP38v7z
27 | D+Er8IEvnKgfHdMIiEkEGBECAAkFAkXlsb4CGwwACgkQOmm9JPZ3fGcL8QCgwyz3
28 | RWeAGeteAaS6ksAkKtLti/IAoKU5fzzgfcGUfIuyWqPIUAu906XA
29 | =QO07
30 | -----END PGP PUBLIC KEY BLOCK-----
31 |
--------------------------------------------------------------------------------
/roles/flash/files/adobe-linux-x86_64.repo:
--------------------------------------------------------------------------------
1 | [adobe-linux-x86_64]
2 | name=Adobe Systems Incorporated
3 | baseurl=http://linuxdownload.adobe.com/linux/x86_64/
4 | enabled=1
5 | gpgcheck=1
6 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
7 |
8 |
--------------------------------------------------------------------------------
/roles/flash/tasks/main.yml:
--------------------------------------------------------------------------------
1 |
2 | - name: Install the adobe-linux repo
3 | copy:
4 | src: adobe-linux-x86_64.repo
5 | dest: /etc/yum.repos.d/
6 |
7 | - name: Install their gpg public key
8 | copy:
9 | src: RPM-GPG-KEY-adobe-linux
10 | dest: /etc/pki/rpm-gpg/
11 |
12 | # Import that public key!??!
13 | # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
14 |
15 | - name: Using that repo, install the plugin
16 | dnf:
17 | name: flash-plugin
18 | state: present
19 |
--------------------------------------------------------------------------------
/roles/gnome/system/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install packages
2 | dnf:
3 | name: "{{item}}"
4 | state: present
5 | with_items:
6 | - xclip
7 | - xsel
8 | - gvim
9 | - gnome-tweak-tool
10 | tags:
11 | - gnome
12 | - gnome/system
13 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/clip-to-firefox:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | firefox $(xsel -o)
4 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/clip-to-fpaste:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | notify-send fpaste $(fpaste -i -o)
4 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/dagdclip:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # URL shortener
3 |
4 | url=$(xclip -o)
5 | short=$(curl -G --data-urlencode "url=$url" http://da.gd/s)
6 | echo -n $short | xclip -i
7 | notify-send "da.gd" "$url -> $short"
8 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/pw-lookup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | if [ "$1" == "" ]; then
4 | key=$(zenity --entry --text="which password do you want?" --title="/usr/bin/pass")
5 | else
6 | key=$1
7 | fi
8 |
9 | /usr/bin/pass -c $key
10 |
11 | if [ $? -eq 0 ]; then
12 | notify-send "ok" "copied '$key'"
13 | else
14 | notify-send -c error "uh oh" "something went wrong with '$key'"
15 | fi
16 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/restart-gnome-shell:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | yes | nohup gnome-shell --display :0 --replace &
4 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/xmodmap:
--------------------------------------------------------------------------------
1 | ! keycode 134 = Super_L
2 | keysym Alt_L = Super_L
3 | ! keysym Super_R = Super_L
4 |
--------------------------------------------------------------------------------
/roles/gnome/user/files/xmodmap-decause:
--------------------------------------------------------------------------------
1 | clear Control
2 |
3 | add Control = Control_L Control_R Home End
4 |
--------------------------------------------------------------------------------
/roles/gnome/user/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart gnome-shell
2 | command: killall --signal 1 gnome-shell
3 |
--------------------------------------------------------------------------------
/roles/gnome/user/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Set up a bunch of GPG gsettings values
2 | gsettings:
3 | schema: "{{ item.schema }}"
4 | key: "{{ item.key }}"
5 | value: "{{ item.value }}"
6 | notify:
7 | - restart gnome-shell
8 | with_items: "{{ gpg_gsettings }}"
9 | tags:
10 | - gnome/user
11 | - gnome
12 |
13 | - name: Set up a bunch of keyboard gsettings values
14 | gsettings:
15 | schema: "{{ item.schema }}"
16 | key: "{{ item.key }}"
17 | value: "{{ item.value }}"
18 | notify:
19 | - restart gnome-shell
20 | with_items: "{{ standard_keyboard_gsettings }}"
21 | tags:
22 | - gnome/user
23 | - gnome
24 |
25 | - name: Make a dir for my shortcut scripts
26 | file:
27 | dest: ~/bin
28 | state: directory
29 | owner: "{{username}}"
30 | group: "{{username}}"
31 | tags:
32 | - gnome/user
33 | - gnome
34 |
35 | - name: Copy over my shortcut scripts there
36 | copy:
37 | src: "{{item}}"
38 | dest: "~/bin/{{item}}"
39 | mode: 0755
40 | with_items:
41 | - dagdclip
42 | - clip-to-firefox
43 | - restart-gnome-shell
44 | - pw-lookup.sh
45 | tags:
46 | - gnome/user
47 | - gnome
48 |
49 | - name: Setup custom keyboard shortcuts | just the names
50 | gsettings:
51 | schema: org.gnome.settings-daemon.plugins.media-keys.custom-keybinding
52 | path: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/{{ item.index }}/"
53 | key: name
54 | value: "{{ item.name }}"
55 | notify:
56 | - restart gnome-shell
57 | with_items: "{{ custom_shortcuts }}"
58 | tags:
59 | - gnome/user
60 | - gnome
61 |
62 | - name: Setup custom keyboard shortcuts | just the commands
63 | gsettings:
64 | schema: org.gnome.settings-daemon.plugins.media-keys.custom-keybinding
65 | path: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/{{ item.index }}/"
66 | key: command
67 | value: "{{ item.command }}"
68 | notify:
69 | - restart gnome-shell
70 | with_items: "{{ custom_shortcuts }}"
71 | tags:
72 | - gnome/user
73 | - gnome
74 |
75 | - name: Setup custom keyboard shortcuts | just the bindings
76 | gsettings:
77 | schema: org.gnome.settings-daemon.plugins.media-keys.custom-keybinding
78 | path: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/{{ item.index }}/"
79 | key: binding
80 | value: "{{ item.binding }}"
81 | notify:
82 | - restart gnome-shell
83 | with_items: "{{ custom_shortcuts }}"
84 | tags:
85 | - gnome/user
86 | - gnome
87 |
88 | - name: Lastly, put in the full list of short indices
89 | gsettings:
90 | schema: org.gnome.settings-daemon.plugins.media-keys
91 | key: custom-keybindings
92 | value: "{{ custom_shortcuts_list }}"
93 | notify:
94 | - restart gnome-shell
95 | tags:
96 | - gnome/user
97 | - gnome
98 |
99 | - name: Copy over xmodmap settings for my kinesis
100 | copy:
101 | src: xmodmap
102 | dest: ~/.xmodmap
103 | tags:
104 | - gnome/user
105 | - gnome
106 |
--------------------------------------------------------------------------------
/roles/gnome/user/vars/main.yml:
--------------------------------------------------------------------------------
1 | gpg_gsettings:
2 | - key: gpg-cache-method
3 | value: 'timeout'
4 | schema: org.gnome.crypto.cache
5 |
6 | - key: gpg-cache-ttl
7 | value: 300
8 | schema: org.gnome.crypto.cache
9 |
10 | standard_keyboard_gsettings:
11 | - key: clock-show-date
12 | value: 'true'
13 | schema: org.gnome.desktop.interface
14 |
15 | - key: clock-format
16 | value: '12h'
17 | schema: org.gnome.desktop.interface
18 |
19 | - key: screensaver
20 | value: "BackSpace"
21 | schema: org.gnome.settings-daemon.plugins.media-keys
22 |
23 | - key: toggle-tiled-left
24 | value: "[\\'h\\']"
25 | schema: org.gnome.mutter.keybindings
26 |
27 | - key: toggle-tiled-right
28 | value: "[\\'l\\']"
29 | schema: org.gnome.mutter.keybindings
30 |
31 | - key: toggle-maximized
32 | value: "[\\'k\\']"
33 | schema: org.gnome.desktop.wm.keybindings
34 |
35 | - key: switch-to-workspace-down
36 | value: "[\\'j\\']"
37 | schema: org.gnome.desktop.wm.keybindings
38 |
39 | - key: switch-to-workspace-up
40 | value: "[\\'k\\']"
41 | schema: org.gnome.desktop.wm.keybindings
42 |
43 | - key: move-to-workspace-down
44 | value: "[\\'j\\']"
45 | schema: org.gnome.desktop.wm.keybindings
46 |
47 | - key: move-to-workspace-up
48 | value: "[\\'k\\']"
49 | schema: org.gnome.desktop.wm.keybindings
50 |
51 | custom_shortcuts:
52 | - index: custom0
53 | name: terminal
54 | command: /usr/bin/gnome-terminal
55 | binding: 'Return'
56 |
57 | - index: custom1
58 | name: clip-to-fox
59 | command: '/home/{{username}}/bin/clip-to-firefox'
60 | binding: 'G'
61 |
62 | - index: custom2
63 | name: dagd-clipboard
64 | command: '/home/{{username}}/bin/dagdclip'
65 | binding: 'Space'
66 |
67 | - index: custom3
68 | name: password
69 | command: '/home/{{username}}/bin/pw-lookup.sh'
70 | binding: '1'
71 |
72 | - index: custom4
73 | name: fas
74 | command: "'/home/{{username}}/bin/pw-lookup.sh sys/fas'"
75 | binding: '2'
76 |
77 | - index: custom5
78 | name: unfuck-kinesis
79 | command: "'/usr/bin/xmodmap /home/{{username}}/.xmodmap'"
80 | binding: 'F1'
81 |
82 | # This is a painfully long list that I would love to be able to generate. Help.
83 | custom_shortcuts_list: "[\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/\\',\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/\\',\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/\\',\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/\\',\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/\\',\\'/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/\\']"
84 |
--------------------------------------------------------------------------------
/roles/ipython-worker/files/ipython-notebook.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=IPython notebook
3 |
4 | [Service]
5 | Type=simple
6 | PIDFile=/var/run/ipython-notebook.pid
7 | ExecStart=/usr/bin/ipython notebook --no-browser --pylab=inline --ip=0.0.0.0 --port=8891
8 | User=ipynb
9 | Group=ipynb
10 | WorkingDirectory=/home/ipynb/notebooks
11 |
12 | [Install]
13 | WantedBy=multi-user.target
14 |
--------------------------------------------------------------------------------
/roles/ipython-worker/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/ipython-worker/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: IPython | install required packages
2 | dnf:
3 | state: present
4 | name: "{{ item }}"
5 | with_items:
6 | - ipython
7 | - systemd
8 | tags:
9 | - packages
10 |
11 | - name: IPython | create the required user.
12 | user:
13 | name: ipynb
14 |
15 | - name: IPython | create the required group.
16 | group:
17 | name: ipynb
18 |
19 | - name: IPython | Ensure that the ipynb user has a homedir
20 | file:
21 | dest: "{{ item }}"
22 | owner: ipynb
23 | group: ipynb
24 | state: directory
25 | with_items:
26 | - /home/ipynb
27 | - /home/ipynb/notebooks
28 |
29 | - name: IPython | Copy over the systemd service file
30 | copy:
31 | src: ipython-notebook.service
32 | dest: /usr/lib/systemd/system/ipython-notebook.service
33 |
34 | - name: IPython | Start the notebook daemon
35 | service:
36 | name: ipython-notebook
37 | state: started
38 |
39 | - name: IPython | Open a port
40 | firewalld:
41 | port: "{{ item }}/tcp"
42 | state: enabled
43 | permanent: true
44 | zone: public
45 | with_items:
46 | - 8891
47 | notify:
48 | - restart firewalld
49 |
--------------------------------------------------------------------------------
/roles/irc/external/files/tmux-service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Start tmux in detached session
3 |
4 | [Service]
5 | Type=forking
6 | User=%I
7 | ExecStart=/usr/bin/tmux new-session -s %u -d 'TZ=UTC weechat-curses'
8 | ExecStop=/usr/bin/tmux kill-session -t %u
9 | WorkingDirectory=/home/%u/
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/alias.conf:
--------------------------------------------------------------------------------
1 | #
2 | # alias.conf -- weechat v0.3.2
3 | #
4 |
5 | [cmd]
6 | BYE = "quit"
7 | C = "buffer clear"
8 | CHAT = "dcc chat"
9 | CL = "buffer clear"
10 | CLOSE = "buffer close"
11 | EXIT = "quit"
12 | IG = "ignore"
13 | J = "join"
14 | K = "kick"
15 | KB = "kickban"
16 | LEAVE = "part"
17 | M = "msg"
18 | MUB = "unban *"
19 | N = "names"
20 | Q = "query"
21 | REDRAW = "window refresh"
22 | SAY = "msg *"
23 | SIGNOFF = "quit"
24 | T = "topic"
25 | UB = "unban"
26 | V = "command core version"
27 | W = "who"
28 | WC = "window merge"
29 | WI = "whois"
30 | WII = "whois $1 $1"
31 | WW = "whowas"
32 |
33 | [completion]
34 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/charset.conf:
--------------------------------------------------------------------------------
1 | #
2 | # charset.conf -- weechat v0.3.2
3 | #
4 |
5 | [default]
6 | decode = "iso-8859-1"
7 | encode = ""
8 |
9 | [decode]
10 |
11 | [encode]
12 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/irc.conf:
--------------------------------------------------------------------------------
1 | #
2 | # irc.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | color_nicks_in_server_messages = on
7 | color_pv_nick_like_channel = on
8 | display_away = local
9 | display_ctcp_blocked = on
10 | display_ctcp_reply = on
11 | display_ctcp_unknown = on
12 | display_old_topic = on
13 | hide_nickserv_pwd = on
14 | highlight_tags = "irc_privmsg,irc_notice"
15 | item_channel_modes = on
16 | item_channel_modes_hide_key = off
17 | item_display_server = buffer_plugin
18 | item_nick_modes = on
19 | item_nick_prefix = on
20 | msgbuffer_fallback = current
21 | nick_completion_smart = speakers
22 | nick_prefix = ""
23 | nick_suffix = ""
24 | notice_as_pv = auto
25 | open_channel_near_server = on
26 | open_pv_near_server = on
27 | part_closes_buffer = off
28 | raw_messages = 256
29 | server_buffer = independent
30 | show_away_once = on
31 | smart_filter = on
32 | smart_filter_delay = 5
33 | smart_filter_join = on
34 | smart_filter_quit = on
35 | topic_strip_colors = off
36 |
37 | [color]
38 | input_nick = lightcyan
39 | item_away = yellow
40 | item_channel_modes = default
41 | message_join = green
42 | message_quit = red
43 | notice = green
44 |
45 | [network]
46 | anti_flood_prio_high = 2
47 | anti_flood_prio_low = 2
48 | away_check = 0
49 | away_check_max_nicks = 0
50 | colors_receive = on
51 | colors_send = on
52 | connection_timeout = 60
53 | default_msg_part = "WeeChat %v"
54 | default_msg_quit = "WeeChat %v"
55 | lag_check = 60
56 | lag_disconnect = 0
57 | lag_min_show = 1
58 | send_unknown_commands = off
59 |
60 | [msgbuffer]
61 |
62 | [ctcp]
63 |
64 | [ignore]
65 |
66 | [server_default]
67 | addresses = ""
68 | autoconnect = off
69 | autojoin = ""
70 | autoreconnect = on
71 | autoreconnect_delay = 30
72 | autorejoin = off
73 | autorejoin_delay = 30
74 | command = ""
75 | command_delay = 0
76 | ipv6 = off
77 | local_hostname = ""
78 | nicks = "weebean,weebean_,weebean^"
79 | password = ""
80 | proxy = ""
81 | realname = "Ralph Bean"
82 | sasl_mechanism = plain
83 | sasl_password = ""
84 | sasl_timeout = 15
85 | sasl_username = ""
86 | ssl = off
87 | ssl_cert = ""
88 | ssl_dhkey_size = 2048
89 | ssl_verify = on
90 | username = "weebean"
91 |
92 | [server]
93 | freenode.addresses = "chat.freenode.net/6667"
94 | freenode.proxy
95 | freenode.ipv6
96 | freenode.ssl
97 | freenode.ssl_cert
98 | freenode.ssl_dhkey_size
99 | freenode.ssl_verify
100 | freenode.password
101 | freenode.sasl_mechanism
102 | freenode.sasl_username
103 | freenode.sasl_password
104 | freenode.sasl_timeout
105 | freenode.autoconnect
106 | freenode.autoreconnect
107 | freenode.autoreconnect_delay
108 | freenode.nicks
109 | freenode.username
110 | freenode.realname
111 | freenode.local_hostname
112 | freenode.command
113 | freenode.command_delay
114 | freenode.autojoin
115 | freenode.autorejoin
116 | freenode.autorejoin_delay
117 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/logger.conf:
--------------------------------------------------------------------------------
1 | #
2 | # logger.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | backlog = 20
7 |
8 | [file]
9 | auto_log = on
10 | info_lines = off
11 | mask = "$plugin.$name.weechatlog"
12 | name_lower_case = on
13 | path = "%h/logs/"
14 | replacement_char = "_"
15 | time_format = "%Y-%m-%d %H:%M:%S"
16 |
17 | [level]
18 |
19 | [mask]
20 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/plugins.conf:
--------------------------------------------------------------------------------
1 | #
2 | # plugins.conf -- weechat v0.3.2
3 | #
4 |
5 | [var]
6 | fifo.fifo = "on"
7 | lua.check_license = "on"
8 | perl.buffers.color_current = "lightcyan,red"
9 | perl.buffers.color_default = "default"
10 | perl.buffers.color_hotlist_highlight = "magenta"
11 | perl.buffers.color_hotlist_low = "white"
12 | perl.buffers.color_hotlist_message = "yellow"
13 | perl.buffers.color_hotlist_private = "lightgreen"
14 | perl.buffers.color_number = "lightgreen"
15 | perl.buffers.hide_merged_buffers = "off"
16 | perl.buffers.indenting = "on"
17 | perl.buffers.short_names = "on"
18 | perl.check_license = "on"
19 | perl.highmon.alignment = "channel"
20 | perl.highmon.away_only = "off"
21 | perl.highmon.hotlist_show = "off"
22 | perl.highmon.output = "bar"
23 | perl.highmon.short_names = "on"
24 | perl.iset.color_bg_selected = "red"
25 | perl.iset.color_help_default_value = "green"
26 | perl.iset.color_help_option_name = "white"
27 | perl.iset.color_help_text = "default"
28 | perl.iset.color_option = "default"
29 | perl.iset.color_option_selected = "white"
30 | perl.iset.color_type = "brown"
31 | perl.iset.color_type_selected = "yellow"
32 | perl.iset.color_value = "cyan"
33 | perl.iset.color_value_selected = "lightcyan"
34 | perl.iset.color_value_undef = "green"
35 | perl.iset.color_value_undef_selected = "lightgreen"
36 | perl.iset.show_help_bar = "on"
37 | perl.iset.show_help_extra_info = "on"
38 | python.check_license = "on"
39 | python.egrep.clear_buffer = "off"
40 | python.egrep.go_to_buffer = "on"
41 | python.egrep.log_filter = ""
42 | python.egrep.max_lines = "4000"
43 | python.egrep.show_summary = "on"
44 | python.shortenurl.color = "red"
45 | python.shortenurl.public = "off"
46 | python.shortenurl.shortener = "isgd"
47 | python.shortenurl.urllength = "30"
48 | ruby.check_license = "on"
49 | ruby.url_shorten.bitly_key = ""
50 | ruby.url_shorten.bitly_login = ""
51 | ruby.url_shorten.color = "red"
52 | ruby.url_shorten.maxlen = "50"
53 | ruby.url_shorten.shortener = "tinyurl"
54 | tcl.check_license = "on"
55 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/_weechat/xfer.conf:
--------------------------------------------------------------------------------
1 | #
2 | # xfer.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | progress_bar_size = 20
8 |
9 | [color]
10 | status_aborted = lightred
11 | status_active = lightblue
12 | status_connecting = yellow
13 | status_done = lightgreen
14 | status_failed = lightred
15 | status_waiting = lightcyan
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | blocksize = 65536
22 | fast_send = on
23 | own_ip = ""
24 | port_range = ""
25 | speed_limit = 0
26 | timeout = 300
27 |
28 | [file]
29 | auto_accept_chats = off
30 | auto_accept_files = off
31 | auto_rename = on
32 | auto_resume = on
33 | convert_spaces = on
34 | download_path = "%h/xfer"
35 | upload_path = "~"
36 | use_nick_in_filename = on
37 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/alias.conf:
--------------------------------------------------------------------------------
1 | #
2 | # alias.conf -- weechat v0.4.1
3 | #
4 |
5 | [cmd]
6 | AAWAY = "allserv /away"
7 | AME = "allchan /me"
8 | AMSG = "allchan /msg *"
9 | ANICK = "allserv /nick"
10 | BYE = "quit"
11 | C = "buffer clear"
12 | CHAT = "dcc chat"
13 | CL = "buffer clear"
14 | CLOSE = "buffer close"
15 | EXIT = "quit"
16 | IG = "ignore"
17 | J = "join"
18 | K = "kick"
19 | KB = "kickban"
20 | LEAVE = "part"
21 | M = "msg"
22 | MUB = "unban *"
23 | N = "names"
24 | Q = "query"
25 | REDRAW = "window refresh"
26 | SAY = "msg *"
27 | SIGNOFF = "quit"
28 | T = "topic"
29 | UB = "unban"
30 | UMODE = "mode $nick"
31 | V = "command core version"
32 | W = "who"
33 | WC = "window merge"
34 | WI = "whois"
35 | WII = "whois $1 $1"
36 | WW = "whowas"
37 |
38 | [completion]
39 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/aspell.conf:
--------------------------------------------------------------------------------
1 | #
2 | # aspell.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | color = lightred
7 |
8 | [check]
9 | commands = "ame,amsg,away,command,cycle,kick,kickban,me,msg,notice,part,query,quit,topic"
10 | default_dict = ""
11 | during_search = off
12 | enabled = off
13 | real_time = off
14 | suggestions = -1
15 | word_min_length = 2
16 |
17 | [dict]
18 |
19 | [option]
20 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/charset.conf:
--------------------------------------------------------------------------------
1 | #
2 | # charset.conf -- weechat v0.4.1
3 | #
4 |
5 | [default]
6 | decode = "iso-8859-1"
7 | encode = ""
8 |
9 | [decode]
10 |
11 | [encode]
12 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/logger.conf:
--------------------------------------------------------------------------------
1 | #
2 | # logger.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | backlog = 200
7 |
8 | [color]
9 | backlog_end = darkgray
10 | backlog_line = darkgray
11 |
12 | [file]
13 | auto_log = on
14 | flush_delay = 120
15 | info_lines = off
16 | mask = "$plugin.$name.weechatlog"
17 | name_lower_case = on
18 | nick_prefix = ""
19 | nick_suffix = ""
20 | path = "%h/../weechat-logs/"
21 | replacement_char = "_"
22 | time_format = "%Y-%m-%d %H:%M:%S"
23 |
24 | [level]
25 |
26 | [mask]
27 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/plugins.conf:
--------------------------------------------------------------------------------
1 | #
2 | # plugins.conf -- weechat v0.4.1
3 | #
4 |
5 | [var]
6 | fifo.fifo = "on"
7 | lua.check_license = "on"
8 | perl.check_license = "on"
9 | python.check_license = "on"
10 | ruby.check_license = "on"
11 | tcl.check_license = "on"
12 |
13 | [desc]
14 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/relay.conf:
--------------------------------------------------------------------------------
1 | #
2 | # relay.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | raw_messages = 256
8 |
9 | [color]
10 | client = cyan
11 | status_active = lightblue
12 | status_auth_failed = lightred
13 | status_connecting = yellow
14 | status_disconnected = lightred
15 | status_waiting_auth = brown
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | allowed_ips = ""
22 | bind_address = ""
23 | compression_level = 6
24 | ipv6 = on
25 | max_clients = 5
26 | password = ""
27 | ssl_cert_key = "%h/ssl/relay.pem"
28 | websocket_allowed_origins = ""
29 |
30 | [irc]
31 | backlog_max_minutes = 1440
32 | backlog_max_number = 256
33 | backlog_since_last_disconnect = on
34 | backlog_tags = "irc_privmsg"
35 | backlog_time_format = "[%H:%M] "
36 |
37 | [port]
38 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/rmodifier.conf:
--------------------------------------------------------------------------------
1 | #
2 | # rmodifier.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | hide_char = "*"
7 |
8 | [modifier]
9 | nickserv = "history_add,input_text_display;^(/(msg|quote) +nickserv +(id|identify|ghost \S+|release \S+) +)(.*);1,4*"
10 | oper = "history_add,input_text_display;^(/oper +\S+ +)(.*);1,2*"
11 | quote_pass = "history_add,input_text_display;^(/quote pass +)(.*);1,2*"
12 | server = "history_add,input_text_display;^(/(server|connect) .*-(sasl_)?password=)(\S+)(.*);1,4*,5"
13 | set_pass = "history_add;^(/set +\S*password\S* +)(.*);1,2*"
14 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/script.conf:
--------------------------------------------------------------------------------
1 | #
2 | # script.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | columns = "%s %n %V %v %u | %d | %t"
7 | diff_color = on
8 | diff_command = "auto"
9 | display_source = on
10 | quiet_actions = on
11 | sort = "p,n"
12 | translate_description = on
13 | use_keys = on
14 |
15 | [color]
16 | status_autoloaded = cyan
17 | status_held = white
18 | status_installed = lightcyan
19 | status_obsolete = lightmagenta
20 | status_popular = yellow
21 | status_running = lightgreen
22 | status_unknown = lightred
23 | text = default
24 | text_bg = default
25 | text_bg_selected = red
26 | text_date = default
27 | text_date_selected = white
28 | text_delimiters = darkgray
29 | text_description = default
30 | text_description_selected = white
31 | text_extension = default
32 | text_extension_selected = white
33 | text_name = cyan
34 | text_name_selected = lightcyan
35 | text_selected = white
36 | text_tags = brown
37 | text_tags_selected = yellow
38 | text_version = magenta
39 | text_version_loaded = default
40 | text_version_loaded_selected = white
41 | text_version_selected = lightmagenta
42 |
43 | [scripts]
44 | autoload = on
45 | cache_expire = 60
46 | dir = "%h/script"
47 | hold = ""
48 | url = "http://www.weechat.org/files/plugins.xml.gz"
49 |
--------------------------------------------------------------------------------
/roles/irc/external/files/weechat/xfer.conf:
--------------------------------------------------------------------------------
1 | #
2 | # xfer.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | progress_bar_size = 20
8 |
9 | [color]
10 | status_aborted = lightred
11 | status_active = lightblue
12 | status_connecting = yellow
13 | status_done = lightgreen
14 | status_failed = lightred
15 | status_waiting = lightcyan
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | blocksize = 65536
22 | fast_send = on
23 | own_ip = ""
24 | port_range = ""
25 | speed_limit = 0
26 | timeout = 300
27 |
28 | [file]
29 | auto_accept_chats = off
30 | auto_accept_files = off
31 | auto_accept_nicks = ""
32 | auto_rename = on
33 | auto_resume = on
34 | convert_spaces = on
35 | download_path = "%h/xfer"
36 | upload_path = "~"
37 | use_nick_in_filename = on
38 |
--------------------------------------------------------------------------------
/roles/irc/external/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: reload systemd service files
2 | command: systemctl daemon-reload
3 |
--------------------------------------------------------------------------------
/roles/irc/external/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: install common packages
2 | dnf:
3 | state: present
4 | name: "{{ item }}"
5 | with_items:
6 | - weechat
7 | - bitlbee
8 | - tmux
9 | tags:
10 | - packages
11 | - irc
12 |
13 | - name: Copy weechat config with rsync
14 | synchronize:
15 | src: weechat/
16 | dest: "/home/{{username}}/.weechat/"
17 | tags: irc
18 |
19 | - name: Copy weechat config template directly
20 | template:
21 | src: irc.conf
22 | dest: "/home/{{ username }}/.weechat/irc.conf"
23 | owner: "{{ username }}"
24 | tags: irc
25 |
26 | - name: Set bitlbee to start
27 | service:
28 | name: bitlbee
29 | state: started
30 | enabled: yes
31 | tags: irc
32 |
33 | - name: Copy in a tmux systemd service file
34 | copy:
35 | src: tmux-service
36 | dest: "/usr/lib/systemd/system/tmux@{{username}}.service"
37 | notify: reload systemd service files
38 | tags: irc
39 |
40 | - name: Set that tmux session to start
41 | service:
42 | name: "tmux@{{username}}"
43 | state: started
44 | enabled: yes
45 | tags: irc
46 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/alias.conf:
--------------------------------------------------------------------------------
1 | #
2 | # alias.conf -- weechat v0.3.2
3 | #
4 |
5 | [cmd]
6 | BYE = "quit"
7 | C = "buffer clear"
8 | CHAT = "dcc chat"
9 | CL = "buffer clear"
10 | CLOSE = "buffer close"
11 | EXIT = "quit"
12 | IG = "ignore"
13 | J = "join"
14 | K = "kick"
15 | KB = "kickban"
16 | LEAVE = "part"
17 | M = "msg"
18 | MUB = "unban *"
19 | N = "names"
20 | Q = "query"
21 | REDRAW = "window refresh"
22 | SAY = "msg *"
23 | SIGNOFF = "quit"
24 | T = "topic"
25 | UB = "unban"
26 | V = "command core version"
27 | W = "who"
28 | WC = "window merge"
29 | WI = "whois"
30 | WII = "whois $1 $1"
31 | WW = "whowas"
32 |
33 | [completion]
34 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/charset.conf:
--------------------------------------------------------------------------------
1 | #
2 | # charset.conf -- weechat v0.3.2
3 | #
4 |
5 | [default]
6 | decode = "iso-8859-1"
7 | encode = ""
8 |
9 | [decode]
10 |
11 | [encode]
12 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/irc.conf:
--------------------------------------------------------------------------------
1 | #
2 | # irc.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | color_nicks_in_server_messages = on
7 | color_pv_nick_like_channel = on
8 | display_away = local
9 | display_ctcp_blocked = on
10 | display_ctcp_reply = on
11 | display_ctcp_unknown = on
12 | display_old_topic = on
13 | hide_nickserv_pwd = on
14 | highlight_tags = "irc_privmsg,irc_notice"
15 | item_channel_modes = on
16 | item_channel_modes_hide_key = off
17 | item_display_server = buffer_plugin
18 | item_nick_modes = on
19 | item_nick_prefix = on
20 | msgbuffer_fallback = current
21 | nick_completion_smart = speakers
22 | nick_prefix = ""
23 | nick_suffix = ""
24 | notice_as_pv = auto
25 | open_channel_near_server = on
26 | open_pv_near_server = on
27 | part_closes_buffer = off
28 | raw_messages = 256
29 | server_buffer = independent
30 | show_away_once = on
31 | smart_filter = on
32 | smart_filter_delay = 5
33 | smart_filter_join = on
34 | smart_filter_quit = on
35 | topic_strip_colors = off
36 |
37 | [color]
38 | input_nick = lightcyan
39 | item_away = yellow
40 | item_channel_modes = default
41 | message_join = green
42 | message_quit = red
43 | notice = green
44 |
45 | [network]
46 | anti_flood_prio_high = 2
47 | anti_flood_prio_low = 2
48 | away_check = 0
49 | away_check_max_nicks = 0
50 | colors_receive = on
51 | colors_send = on
52 | connection_timeout = 60
53 | default_msg_part = "WeeChat %v"
54 | default_msg_quit = "WeeChat %v"
55 | lag_check = 60
56 | lag_disconnect = 0
57 | lag_min_show = 1
58 | send_unknown_commands = off
59 |
60 | [msgbuffer]
61 |
62 | [ctcp]
63 |
64 | [ignore]
65 |
66 | [server_default]
67 | addresses = ""
68 | autoconnect = off
69 | autojoin = ""
70 | autoreconnect = on
71 | autoreconnect_delay = 30
72 | autorejoin = off
73 | autorejoin_delay = 30
74 | command = ""
75 | command_delay = 0
76 | ipv6 = off
77 | local_hostname = ""
78 | nicks = "weebean,weebean_,weebean^"
79 | password = ""
80 | proxy = ""
81 | realname = "Ralph Bean"
82 | sasl_mechanism = plain
83 | sasl_password = ""
84 | sasl_timeout = 15
85 | sasl_username = ""
86 | ssl = off
87 | ssl_cert = ""
88 | ssl_dhkey_size = 2048
89 | ssl_verify = on
90 | username = "weebean"
91 |
92 | [server]
93 | freenode.addresses = "chat.freenode.net/6667"
94 | freenode.proxy
95 | freenode.ipv6
96 | freenode.ssl
97 | freenode.ssl_cert
98 | freenode.ssl_dhkey_size
99 | freenode.ssl_verify
100 | freenode.password
101 | freenode.sasl_mechanism
102 | freenode.sasl_username
103 | freenode.sasl_password
104 | freenode.sasl_timeout
105 | freenode.autoconnect
106 | freenode.autoreconnect
107 | freenode.autoreconnect_delay
108 | freenode.nicks
109 | freenode.username
110 | freenode.realname
111 | freenode.local_hostname
112 | freenode.command
113 | freenode.command_delay
114 | freenode.autojoin
115 | freenode.autorejoin
116 | freenode.autorejoin_delay
117 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/logger.conf:
--------------------------------------------------------------------------------
1 | #
2 | # logger.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | backlog = 20
7 |
8 | [file]
9 | auto_log = on
10 | info_lines = off
11 | mask = "$plugin.$name.weechatlog"
12 | name_lower_case = on
13 | path = "%h/logs/"
14 | replacement_char = "_"
15 | time_format = "%Y-%m-%d %H:%M:%S"
16 |
17 | [level]
18 |
19 | [mask]
20 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/plugins.conf:
--------------------------------------------------------------------------------
1 | #
2 | # plugins.conf -- weechat v0.3.2
3 | #
4 |
5 | [var]
6 | fifo.fifo = "on"
7 | lua.check_license = "on"
8 | perl.buffers.color_current = "lightcyan,red"
9 | perl.buffers.color_default = "default"
10 | perl.buffers.color_hotlist_highlight = "magenta"
11 | perl.buffers.color_hotlist_low = "white"
12 | perl.buffers.color_hotlist_message = "yellow"
13 | perl.buffers.color_hotlist_private = "lightgreen"
14 | perl.buffers.color_number = "lightgreen"
15 | perl.buffers.hide_merged_buffers = "off"
16 | perl.buffers.indenting = "on"
17 | perl.buffers.short_names = "on"
18 | perl.check_license = "on"
19 | perl.highmon.alignment = "channel"
20 | perl.highmon.away_only = "off"
21 | perl.highmon.hotlist_show = "off"
22 | perl.highmon.output = "bar"
23 | perl.highmon.short_names = "on"
24 | perl.iset.color_bg_selected = "red"
25 | perl.iset.color_help_default_value = "green"
26 | perl.iset.color_help_option_name = "white"
27 | perl.iset.color_help_text = "default"
28 | perl.iset.color_option = "default"
29 | perl.iset.color_option_selected = "white"
30 | perl.iset.color_type = "brown"
31 | perl.iset.color_type_selected = "yellow"
32 | perl.iset.color_value = "cyan"
33 | perl.iset.color_value_selected = "lightcyan"
34 | perl.iset.color_value_undef = "green"
35 | perl.iset.color_value_undef_selected = "lightgreen"
36 | perl.iset.show_help_bar = "on"
37 | perl.iset.show_help_extra_info = "on"
38 | python.check_license = "on"
39 | python.egrep.clear_buffer = "off"
40 | python.egrep.go_to_buffer = "on"
41 | python.egrep.log_filter = ""
42 | python.egrep.max_lines = "4000"
43 | python.egrep.show_summary = "on"
44 | python.shortenurl.color = "red"
45 | python.shortenurl.public = "off"
46 | python.shortenurl.shortener = "isgd"
47 | python.shortenurl.urllength = "30"
48 | ruby.check_license = "on"
49 | ruby.url_shorten.bitly_key = ""
50 | ruby.url_shorten.bitly_login = ""
51 | ruby.url_shorten.color = "red"
52 | ruby.url_shorten.maxlen = "50"
53 | ruby.url_shorten.shortener = "tinyurl"
54 | tcl.check_license = "on"
55 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/_weechat/xfer.conf:
--------------------------------------------------------------------------------
1 | #
2 | # xfer.conf -- weechat v0.3.2
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | progress_bar_size = 20
8 |
9 | [color]
10 | status_aborted = lightred
11 | status_active = lightblue
12 | status_connecting = yellow
13 | status_done = lightgreen
14 | status_failed = lightred
15 | status_waiting = lightcyan
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | blocksize = 65536
22 | fast_send = on
23 | own_ip = ""
24 | port_range = ""
25 | speed_limit = 0
26 | timeout = 300
27 |
28 | [file]
29 | auto_accept_chats = off
30 | auto_accept_files = off
31 | auto_rename = on
32 | auto_resume = on
33 | convert_spaces = on
34 | download_path = "%h/xfer"
35 | upload_path = "~"
36 | use_nick_in_filename = on
37 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/alias.conf:
--------------------------------------------------------------------------------
1 | #
2 | # alias.conf -- weechat v0.4.1
3 | #
4 |
5 | [cmd]
6 | AAWAY = "allserv /away"
7 | AME = "allchan /me"
8 | AMSG = "allchan /msg *"
9 | ANICK = "allserv /nick"
10 | BYE = "quit"
11 | C = "buffer clear"
12 | CHAT = "dcc chat"
13 | CL = "buffer clear"
14 | CLOSE = "buffer close"
15 | EXIT = "quit"
16 | IG = "ignore"
17 | J = "join"
18 | K = "kick"
19 | KB = "kickban"
20 | LEAVE = "part"
21 | M = "msg"
22 | MUB = "unban *"
23 | N = "names"
24 | Q = "query"
25 | REDRAW = "window refresh"
26 | SAY = "msg *"
27 | SIGNOFF = "quit"
28 | T = "topic"
29 | UB = "unban"
30 | UMODE = "mode $nick"
31 | V = "command core version"
32 | W = "who"
33 | WC = "window merge"
34 | WI = "whois"
35 | WII = "whois $1 $1"
36 | WW = "whowas"
37 |
38 | [completion]
39 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/aspell.conf:
--------------------------------------------------------------------------------
1 | #
2 | # aspell.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | color = lightred
7 |
8 | [check]
9 | commands = "ame,amsg,away,command,cycle,kick,kickban,me,msg,notice,part,query,quit,topic"
10 | default_dict = ""
11 | during_search = off
12 | enabled = off
13 | real_time = off
14 | suggestions = -1
15 | word_min_length = 2
16 |
17 | [dict]
18 |
19 | [option]
20 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/charset.conf:
--------------------------------------------------------------------------------
1 | #
2 | # charset.conf -- weechat v0.4.1
3 | #
4 |
5 | [default]
6 | decode = "iso-8859-1"
7 | encode = ""
8 |
9 | [decode]
10 |
11 | [encode]
12 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/logger.conf:
--------------------------------------------------------------------------------
1 | #
2 | # logger.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | backlog = 200
7 |
8 | [color]
9 | backlog_end = darkgray
10 | backlog_line = darkgray
11 |
12 | [file]
13 | auto_log = on
14 | flush_delay = 120
15 | info_lines = off
16 | mask = "$plugin.$name.weechatlog"
17 | name_lower_case = on
18 | nick_prefix = ""
19 | nick_suffix = ""
20 | path = "%h/../weechat-logs/"
21 | replacement_char = "_"
22 | time_format = "%Y-%m-%d %H:%M:%S"
23 |
24 | [level]
25 |
26 | [mask]
27 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/plugins.conf:
--------------------------------------------------------------------------------
1 | #
2 | # plugins.conf -- weechat v0.4.1
3 | #
4 |
5 | [var]
6 | fifo.fifo = "on"
7 | lua.check_license = "on"
8 | perl.check_license = "on"
9 | python.check_license = "on"
10 | ruby.check_license = "on"
11 | tcl.check_license = "on"
12 |
13 | [desc]
14 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/relay.conf:
--------------------------------------------------------------------------------
1 | #
2 | # relay.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | raw_messages = 256
8 |
9 | [color]
10 | client = cyan
11 | status_active = lightblue
12 | status_auth_failed = lightred
13 | status_connecting = yellow
14 | status_disconnected = lightred
15 | status_waiting_auth = brown
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | allowed_ips = ""
22 | bind_address = ""
23 | compression_level = 6
24 | ipv6 = on
25 | max_clients = 5
26 | password = ""
27 | ssl_cert_key = "%h/ssl/relay.pem"
28 | websocket_allowed_origins = ""
29 |
30 | [irc]
31 | backlog_max_minutes = 1440
32 | backlog_max_number = 256
33 | backlog_since_last_disconnect = on
34 | backlog_tags = "irc_privmsg"
35 | backlog_time_format = "[%H:%M] "
36 |
37 | [port]
38 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/rmodifier.conf:
--------------------------------------------------------------------------------
1 | #
2 | # rmodifier.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | hide_char = "*"
7 |
8 | [modifier]
9 | nickserv = "history_add,input_text_display;^(/(msg|quote) +nickserv +(id|identify|ghost \S+|release \S+) +)(.*);1,4*"
10 | oper = "history_add,input_text_display;^(/oper +\S+ +)(.*);1,2*"
11 | quote_pass = "history_add,input_text_display;^(/quote pass +)(.*);1,2*"
12 | server = "history_add,input_text_display;^(/(server|connect) .*-(sasl_)?password=)(\S+)(.*);1,4*,5"
13 | set_pass = "history_add;^(/set +\S*password\S* +)(.*);1,2*"
14 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/script.conf:
--------------------------------------------------------------------------------
1 | #
2 | # script.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | columns = "%s %n %V %v %u | %d | %t"
7 | diff_color = on
8 | diff_command = "auto"
9 | display_source = on
10 | quiet_actions = on
11 | sort = "p,n"
12 | translate_description = on
13 | use_keys = on
14 |
15 | [color]
16 | status_autoloaded = cyan
17 | status_held = white
18 | status_installed = lightcyan
19 | status_obsolete = lightmagenta
20 | status_popular = yellow
21 | status_running = lightgreen
22 | status_unknown = lightred
23 | text = default
24 | text_bg = default
25 | text_bg_selected = red
26 | text_date = default
27 | text_date_selected = white
28 | text_delimiters = darkgray
29 | text_description = default
30 | text_description_selected = white
31 | text_extension = default
32 | text_extension_selected = white
33 | text_name = cyan
34 | text_name_selected = lightcyan
35 | text_selected = white
36 | text_tags = brown
37 | text_tags_selected = yellow
38 | text_version = magenta
39 | text_version_loaded = default
40 | text_version_loaded_selected = white
41 | text_version_selected = lightmagenta
42 |
43 | [scripts]
44 | autoload = on
45 | cache_expire = 60
46 | dir = "%h/script"
47 | hold = ""
48 | url = "http://www.weechat.org/files/plugins.xml.gz"
49 |
--------------------------------------------------------------------------------
/roles/irc/internal/files/weechat/xfer.conf:
--------------------------------------------------------------------------------
1 | #
2 | # xfer.conf -- weechat v0.4.1
3 | #
4 |
5 | [look]
6 | auto_open_buffer = on
7 | progress_bar_size = 20
8 |
9 | [color]
10 | status_aborted = lightred
11 | status_active = lightblue
12 | status_connecting = yellow
13 | status_done = lightgreen
14 | status_failed = lightred
15 | status_waiting = lightcyan
16 | text = default
17 | text_bg = default
18 | text_selected = white
19 |
20 | [network]
21 | blocksize = 65536
22 | fast_send = on
23 | own_ip = ""
24 | port_range = ""
25 | speed_limit = 0
26 | timeout = 300
27 |
28 | [file]
29 | auto_accept_chats = off
30 | auto_accept_files = off
31 | auto_accept_nicks = ""
32 | auto_rename = on
33 | auto_resume = on
34 | convert_spaces = on
35 | download_path = "%h/xfer"
36 | upload_path = "~"
37 | use_nick_in_filename = on
38 |
--------------------------------------------------------------------------------
/roles/irc/internal/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Copy weechat config with rsync
2 | synchronize:
3 | src: weechat/
4 | dest: "~/.weechat/"
5 | tags: irc
6 |
7 | - name: Copy weechat config template directly
8 | template:
9 | src: irc.conf
10 | dest: "~/.weechat/irc.conf"
11 | tags: irc
12 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/do-backup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -xv
2 |
3 | dest=/run/media/threebean/14ec7ae9-a7f6-4702-92fd-146b6ed2b074
4 |
5 | for item in password-store gnupg ssh task; do
6 | #cp -rvf ~/.${item} ${dest}/${item}
7 | rsync -avzh --progress ~/.${item}/ ${dest}/${item}
8 | done
9 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/innerd:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ssh rbean@fedorashell.rdu.redhat.com -t 'tmux attach'
4 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/kaomojicli:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # -*- coding: utf-8 -*-
3 | """ kaomojicli.py - Print the latest tweet from @kaomojicafe
4 |
5 | Run with hotkey as 'kaomojicli.py | xclip -i' for great effect.
6 |
7 | Still better::
8 |
9 | kaomojicli | pee 'xclip -i' 'xargs --null notify-send "kaomojicli got"'
10 |
11 | """
12 |
13 | import os
14 |
15 | import tweepy
16 | import yaml
17 |
18 | with open(os.path.expanduser("~/.local/twitter-read-only.yml"), 'r') as f:
19 | config = yaml.load(f)
20 |
21 | auth_handler = tweepy.OAuthHandler(**config['consumer'])
22 | auth_handler.set_access_token(**config['token'])
23 | twitter = tweepy.API(auth_handler)
24 |
25 | user = twitter.get_user('kaomojicafe')
26 | print user.timeline()[0].text.strip().encode('utf-8'), # ⁝(ृ•ˇ‸ˇ•。 ृ )ु⁝
27 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/nag-decause:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | echo https://fedora-infra.github.io/fedora-stats-tools/ | cowsay -W 55 -f $(ls /usr/share/cowsay | shuf | head -1) | vipe | mutt -s "GOOD MJORNING $(kaomojicli)" decause@redhat.com
4 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/nerd:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | mosh buttermilk tmux attach
4 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/start-tunnel-irc.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/bash
2 |
3 | ssh -t -p 330 -l rbean -L 6667:irc.bos.redhat.com:6667 ovpn-phx2.redhat.com
4 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/start-tunnel-stomp.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/bash
2 |
3 | # STOMP
4 | #ssh -t -p 330 -l rbean \
5 | # -L 61617:fuse-fabric-01.app.eng.brq.redhat.com:61617 \
6 | # ovpn-phx2.redhat.com
7 | ssh -t -p 330 -l rbean \
8 | -L 61617:fuse-fabric-01-stg.jboss.org:61617 \
9 | ovpn-phx2.redhat.com
10 | #ssh -t -p 330 -l rbean \
11 | # -L 61617:fuse-fabric-01.app.eng.brq.redhat.com:61617 \
12 | # -L 61618:fuse-fabric-02.app.eng.brq.redhat.com:61617 \
13 | # -L 61619:fuse-fabric-03.app.eng.brq.redhat.com:61617 \
14 | # ovpn-phx2.redhat.com
15 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/start-tunnel-web.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/bash
2 |
3 | # STOMP
4 | #ssh -t -p 330 -l rbean -L 61619:amq-fab-01-stg.mw.lab.eng.brq.redhat.com:61619 ovpn-phx2.redhat.com
5 |
6 | # AMQP
7 | #ssh -t -p 330 -l rbean -L 61618:amq-fab-01-stg.mw.lab.eng.brq.redhat.com:61618 ovpn-phx2.redhat.com
8 |
9 | # Web UI
10 | ssh -t -p 330 -l rbean -L 8181:amq-fab-01-stg.mw.lab.eng.brq.redhat.com:8181 ovpn-phx2.redhat.com
11 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/to-the-bat-cave:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ssh batcave -t "tmux attach" || ssh batcave -t "tmux"
4 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/unfuck-vpn:
--------------------------------------------------------------------------------
1 | #!/usr/bin/bash -x
2 |
3 | sudo unbound-control forward_add redhat.com 10.5.30.160 10.11.5.19
4 | sudo unbound-control flush_zone redhat.com
5 |
--------------------------------------------------------------------------------
/roles/jumpoff/files/bin/whatupcli:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # -*- coding: utf-8 -*-
3 | """ whatupcli.py - Print a random greeting
4 |
5 | Run with hotkey as 'whatupcli.py | xclip -i' for great effect.
6 |
7 | Still better::
8 |
9 | whatupcli | pee 'xclip -i' 'xargs --null notify-send "whatupcli got"'
10 |
11 | """
12 |
13 | import random
14 | import requests
15 |
16 | response = requests.get('http://www.finnie.org/stuff/whatup.txt')
17 | contents = response.text
18 | lines = [t.split('> ', 1)[1] for t in contents.split('\n') if t.strip()]
19 | choice = random.choice(lines)
20 | print choice.strip().encode('utf-8')
21 |
--------------------------------------------------------------------------------
/roles/jumpoff/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Include some packages
2 | dnf:
3 | name: "{{ item }}"
4 | state: present
5 | with_items:
6 | - mosh
7 | - NetworkManager-vpnc
8 | - rubygem-rhc
9 | - ansible
10 | - python-dopy
11 | - python-boto
12 | tags:
13 | - jumpoff
14 |
15 | - name: Synchronize some scripts to /usr/local/bin
16 | synchronize:
17 | src: bin/
18 | dest: /usr/local/bin/
19 | tags:
20 | - jumpoff
21 |
22 | - seboolean: name=mozilla_plugin_use_bluejeans persistent=yes state=yes
23 | tags:
24 | - jumpoff
25 | - selinux
26 |
--------------------------------------------------------------------------------
/roles/justdecausethings/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: JustDecauseThings | install common packages
2 | dnf:
3 | state: present
4 | name: "{{ item }}"
5 | with_items:
6 | - nethack
7 | - wesnoth
8 | - wesnoth-server
9 | - inkscape
10 | - xournal
11 | - tex
12 | - audacity
13 | - gnome-tweak-tool
14 | - fedmsg-notify
15 | - ipython
16 | - fpaste
17 | - pronterface
18 | - nethogs
19 | - libreoffice
20 | - gimp
21 | - pianobooster
22 | - steghide
23 | - strace
24 | - fedpkg
25 | - cura
26 | - pronsole
27 | - libcaca
28 | - xcalc
29 | - liberation-serif-fonts
30 | - liberation-sans-fonts
31 | - hydrogen
32 | - libtheora
33 | - wireshark
34 | - gcc-c++
35 | - python-pip
36 | - aircrack-ng
37 | - qrencode
38 | - gnuchess
39 | - python-flake8
40 | - mercurial
41 | - bsd-games
42 | - screen
43 | - openscad
44 | - caca-utils
45 | - lucidlife
46 | - dos2unix
47 | - blender
48 | - slic3r
49 | - joystick-support
50 | - liveusb-creator
51 | - xchat
52 | tags:
53 | - packages
54 | - justdecausethings
55 |
--------------------------------------------------------------------------------
/roles/mail/client/files/bin/mail-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Using mbsync/isync now-a-days..
4 | #/usr/bin/offlineimap
5 | /usr/bin/mbsync -a
6 |
7 | /usr/bin/notmuch new
8 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mailcap:
--------------------------------------------------------------------------------
1 | # mailcap - MIME configuration file
2 |
3 | text/html; elinks %s; nametemplate=%s.html
4 | text/html; elinks -dump %s; nametemplate=%s.html; copiousoutput
5 |
6 | text/*; cat; copiousoutput; edit=$VISUAL %s
7 | message/rfc822; cat; copiousoutput; edit=$VISUAL %s
8 |
9 | application/msword; mutt_bgrun libreoffice %s
10 | application/vnd.msword; mutt_bgrun libreoffice %s
11 | application/excel; mutt_bgrun libreoffice %s
12 | application/msexcel; mutt_bgrun libreoffice %s
13 | application/vnd.ms-excel; mutt_bgrun libreoffice %s
14 | application/x-excel; mutt_bgrun libreoffice %s
15 | application/x-msexcel; mutt_bgrun libreoffice %s
16 | application/ms-Excel; mutt_bgrun libreoffice %s
17 | application/vnd.ms-powerpoint; mutt_bgrun libreoffice %s
18 | application/x-mspowerpoint; mutt_bgrun libreoffice %s
19 | application/ppt; mutt_bgrun libreoffice %s
20 |
21 | application/pdf; mutt_bgrun evince %s
22 | application/postscript; mutt_bgrun evince %s
23 | image/*; mutt_bgrun eog %s
24 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mbsync.redhat.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
3 | FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
4 | VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
5 | dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
6 | HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
7 | FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
8 | VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
9 | dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
10 | gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
11 | QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
12 | i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
13 | WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
14 | 6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
15 | MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
16 | BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
17 | MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
18 | bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
19 | A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
20 | mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
21 | voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnB
22 | -----END CERTIFICATE-----
23 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mbsyncrc-decause:
--------------------------------------------------------------------------------
1 | IMAPAccount gmail
2 | # Address to connect to
3 | Host imap.gmail.com
4 | User decause@gmail.com
5 | PassCmd "/usr/bin/pass mail/gmail/mbsync"
6 | # Use SSL
7 | AuthMechs PLAIN
8 | SSLType IMAPS
9 | SSLVersions TLSv1 TLSv1.1 TLSv1.2
10 | CertificateFile /etc/ssl/certs/ca-bundle.crt
11 |
12 | IMAPStore gmail-remote
13 | Account gmail
14 |
15 | MaildirStore gmail-local
16 | # The trailing "/" is important
17 | Path ~/.imap-mail/gmail/
18 | Inbox ~/.imap-mail/gmail/Inbox
19 |
20 | Channel gmail
21 | Master :gmail-remote:
22 | Slave :gmail-local:
23 | # Exclude certain things
24 | #Patterns * !@* !howard-eagle ![Gmail]*
25 | # Or include everything
26 | Patterns *
27 | # Automatically create missing mailboxes, both locally and on the server
28 | Create Both
29 | # Save the synchronization state files in the relevant directory
30 | SyncState *
31 |
32 |
33 | IMAPAccount redhat
34 | # Address to connect to
35 | Host mail.corp.redhat.com
36 | User rdecause
37 | PassCmd "/usr/bin/pass mail/redhat/krb5"
38 | # Use SSL
39 | AuthMechs PLAIN
40 | SSLType IMAPS
41 | SSLVersions TLSv1 TLSv1.1 TLSv1.2
42 |
43 | # We use a self-signed cert for our imaps server. You need to get the CA cert
44 | # with: $ openssl s_client -showcerts -connect mail.corp.redhat.com:993
45 | # It is the second certificate listed (the first is the server cert).
46 | CertificateFile /home/decause/.mbsync.redhat.crt
47 |
48 | IMAPStore redhat-remote
49 | Account redhat
50 |
51 | MaildirStore redhat-local
52 | # The trailing "/" is important
53 | Path ~/.imap-mail/redhat/
54 | Inbox ~/.imap-mail/redhat/Inbox
55 |
56 | Channel redhat
57 | Master :redhat-remote:
58 | Slave :redhat-local:
59 | Patterns * !Contacts !Chats !Junk !Trash !nagios !webapps !fedoracommunity
60 | Create Both
61 | SyncState *
62 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mbsyncrc-threebean:
--------------------------------------------------------------------------------
1 | IMAPAccount gmail
2 | # Address to connect to
3 | Host imap.gmail.com
4 | User ralph.bean@gmail.com
5 | PassCmd "/usr/bin/pass mail/gmail/mbsync"
6 | # Use SSL
7 | AuthMechs PLAIN
8 | SSLType IMAPS
9 | SSLVersions TLSv1 TLSv1.1 TLSv1.2
10 | CertificateFile /etc/ssl/certs/ca-bundle.crt
11 |
12 | IMAPStore gmail-remote
13 | Account gmail
14 |
15 | MaildirStore gmail-local
16 | # The trailing "/" is important
17 | Path ~/.imap-mail/gmail/
18 | Inbox ~/.imap-mail/gmail/Inbox
19 |
20 | Channel gmail
21 | Master :gmail-remote:
22 | Slave :gmail-local:
23 | # Exclude certain things
24 | Patterns * !@* !howard-eagle ![Gmail]*
25 | # Or include everything
26 | #Patterns *
27 | # Automatically create missing mailboxes, both locally and on the server
28 | Create Both
29 | # Save the synchronization state files in the relevant directory
30 | SyncState *
31 |
32 |
33 | IMAPAccount wrns
34 | # Address to connect to
35 | Host imap.gmail.com
36 | User webmaster@wintonroad.org
37 | PassCmd "/usr/bin/pass mail/gmail/wrns"
38 | # Use SSL
39 | AuthMechs PLAIN
40 | SSLType IMAPS
41 | SSLVersions TLSv1 TLSv1.1 TLSv1.2
42 | CertificateFile /etc/ssl/certs/ca-bundle.crt
43 |
44 | IMAPStore wrns-remote
45 | Account wrns
46 |
47 | MaildirStore wrns-local
48 | # The trailing "/" is important
49 | Path ~/.imap-mail/wrns/
50 | Inbox ~/.imap-mail/wrns/Inbox
51 |
52 | Channel wrns
53 | Master :wrns-remote:
54 | Slave :wrns-local:
55 | # Exclude certain things
56 | #Patterns * !@* !howard-eagle ![Gmail]*
57 | # Or include everything
58 | #Patterns *
59 | # Automatically create missing mailboxes, both locally and on the server
60 | Create Both
61 | # Save the synchronization state files in the relevant directory
62 | SyncState *
63 |
64 |
65 | IMAPAccount redhat
66 | # Address to connect to
67 | Host mail.corp.redhat.com
68 | User rbean
69 | PassCmd "/usr/bin/pass mail/redhat/krb5"
70 | # Use SSL
71 | AuthMechs PLAIN
72 | SSLType IMAPS
73 | SSLVersions TLSv1 TLSv1.1 TLSv1.2
74 | # We use a self-signed cert for our imaps server. You need to get the CA cert
75 | # with: $ openssl s_client -showcerts -connect mail.corp.redhat.com:993
76 | # It is the second certificate listed (the first is the server cert).
77 | CertificateFile /home/threebean/.mbsync.redhat.crt
78 |
79 | IMAPStore redhat-remote
80 | Account redhat
81 |
82 | MaildirStore redhat-local
83 | # The trailing "/" is important
84 | Path ~/.imap-mail/redhat/
85 | Inbox ~/.imap-mail/redhat/Inbox
86 |
87 | Channel redhat
88 | Master :redhat-remote:
89 | Slave :redhat-local:
90 | Patterns * !Contacts !Chats !Junk !Trash !nagios !webapps !fedoracommunity
91 | Create Both
92 | SyncState *
93 |
--------------------------------------------------------------------------------
/roles/mail/client/files/msmtprc-decause:
--------------------------------------------------------------------------------
1 | # Set default values for all following accounts.
2 | defaults
3 | tls on
4 | tls_starttls on
5 | tls_certcheck off
6 | logfile ~/.msmtp.log
7 | auto_from on
8 | maildomain civx.us
9 |
10 | # Gmail
11 | account gmail
12 | host smtp.gmail.com
13 | port 587
14 | auth on
15 | user decause@gmail.com
16 | passwordeval "pass mail/gmail/mbsync"
17 |
18 | # red hat
19 | account redhat
20 | host smtp.corp.redhat.com
21 | port 25
22 | #auth on
23 | user rdecause@redhat.com
24 | passwordeval "pass mail/redhat/krb5"
25 |
26 | # Set a default account
27 | account default : redhat
28 |
--------------------------------------------------------------------------------
/roles/mail/client/files/msmtprc-threebean:
--------------------------------------------------------------------------------
1 | # Set default values for all following accounts.
2 | defaults
3 | tls on
4 | tls_starttls on
5 | tls_certcheck off
6 | logfile ~/.msmtp.log
7 | auto_from on
8 | maildomain threebean.org
9 |
10 | # Gmail
11 | account gmail
12 | host smtp.gmail.com
13 | port 587
14 | auth on
15 | user ralph.bean@gmail.com
16 | passwordeval "pass mail/gmail/mbsync"
17 |
18 | # WRNS
19 | account wrns
20 | host smtp.gmail.com
21 | port 587
22 | auth on
23 | user webmaster@wintonroad.org
24 | passwordeval "pass mail/gmail/wrns"
25 |
26 | # red hat
27 | account redhat
28 | host smtp.corp.redhat.com
29 | port 25
30 | #auth on
31 | user rbean@redhat.com
32 | passwordeval "pass mail/redhat/krb5"
33 |
34 | # Set a default account
35 | account default : redhat
36 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/aliases:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/mail/client/files/mutt-decause/aliases
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/colors:
--------------------------------------------------------------------------------
1 | # 'black' turns out grey is my terminal
2 | #
3 | # color object foreground background
4 | color attachment magenta default
5 | color error white red # errors yell at you in red
6 | color hdrdefault green default # headers
7 | color indicator cyan default # currently selected message
8 | color markers cyan default # the + for wrapped pager lines
9 | color message cyan default # informational messages, not mail
10 | color normal white default # plain text
11 | color quoted green default # quoted text
12 | color search green default # hilite search patterns in the pager
13 | color signature red default # signature (after "-- ") is red
14 | color status blue default # status bar is yellow *on blue*
15 | color tilde blue default # ~'s after message body
16 | color tree red default # thread tree in index menu is magenta
17 | color signature red default
18 | color underline yellow default
19 | color header cyan default ^(From|Subject): # Important headers
20 | color body magenta default "(ftp|http)://[^ ]+" # picks up URLs
21 | color body magenta default [-a-z_0-9.]+@[-a-z_0-9.]+
22 |
23 | # Coloring quoted text - coloring the first 7 levels:
24 | color quoted cyan black
25 | color quoted1 yellow black
26 | color quoted2 red black
27 | color quoted3 green black
28 | color quoted4 cyan black
29 | color quoted5 yellow black
30 | color quoted6 red black
31 | color quoted7 green black
32 |
33 | # Colorize smileys: :-) ;-) :-/ :-(
34 | color body yellow default "[;:]-[)/(|]"
35 | color body yellow default "[;:][)/(|]"
36 | color body green default "[[:alpha:]]\+://[^ ]*"
37 |
38 | color index green default ~N # New
39 | color index yellow default ~O # Old
40 | color index magenta default ~P # From me
41 | color index cyan default ~F # Flagged
42 | color index blue default ~T # Tagged
43 | color index red default ~D # Deleted
44 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/common:
--------------------------------------------------------------------------------
1 | #------------------------------------------------------#
2 | # ~/.mutt/common
3 |
4 | set realname = "Remy DeCausemaker"
5 |
6 | # Check for and beep when new mail shows up while mutt is open.
7 | #
8 | set check_new = yes
9 | set beep_new = yes
10 | unset beep
11 |
12 | set mail_check = 60 # Check for new mail in all mailboxes
13 | # every minute
14 | set timeout = 30
15 |
16 | # To open html with mailcap, elinks.
17 | auto_view text/html
18 | alternative_order text/plain text/html
19 |
20 |
21 | # Sort by threads and last-date-received:
22 | # will be gmail's style of threading, if the threading
23 | # was shown in the main display.
24 | #
25 | set sort = 'threads'
26 | set sort_aux = 'reverse-last-date-received'
27 |
28 | # Only check the mailboxes that we have in the muttmailboxes file
29 | #
30 | #set imap_check_subscribed = yes
31 |
32 | # Not strictly necessary since we are using locally cached
33 | # email with offlineimap, but if we were having mutt fetch
34 | # the mail directly, this would help make it faster.
35 | #
36 | #set header_cache=~/.mutt/cache/headers
37 | #set message_cachedir=~/.mutt/cache/bodies
38 | #set certificate_file=~/.mutt/certificates
39 |
40 | # Don't move mail from the spool.
41 | #
42 | set move=no
43 |
44 | #======================================================#
45 | # which editor do you want to use?
46 | # vim of course!
47 | set editor="vim -c 'set tw=70 et' -c 'set spell' '+/^$' +9999999"
48 | set edit_headers # See the headers when editing
49 |
50 | #======================================================#
51 | # Order of headers and what to show
52 | hdr_order Date: From: User-Agent: X-Mailer \
53 | To: Cc: Reply-To: Subject:
54 | ignore *
55 | unignore Date: From: User-Agent: X-Mailer: X-PGP-Key: \
56 | To: Cc: Reply-To: Subject:
57 |
58 | #======================================================#
59 | # Odds and Ends
60 | set sort_alias=alias # sort aliases in alpha order by alias name
61 | set markers # mark wrapped lines of text in the pager with a +
62 | set smart_wrap # Don't wrap mid-word
63 | set pager_context=6 # Retain 6 lines of previous page when scrolling.
64 | set status_on_top # Status bar on top.
65 | push # Shows mutt version at startup
66 |
67 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/gmail:
--------------------------------------------------------------------------------
1 | set spoolfile = +"gmail/INBOX"
2 | set mbox = +"gmail/[Gmail].All Mail"
3 | set postponed = +"gmail/[Gmail].Drafts"
4 | set from=decause@gmail.com
5 | set sendmail="/usr/bin/msmtp -a gmail"
6 |
7 | macro index,pager A +gmail/archive.*
8 | macro index,pager a +gmail/archive.*
9 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/pgp:
--------------------------------------------------------------------------------
1 | # from Justin R. Miller's
2 | # `Everything You Need To Know To Start Using GnuPG with Mutt'
3 | # http://codesorcery.net/old/mutt/mutt-gnupg-howto
4 |
5 | set pgp_decode_command="gpg2 %?p?--use-agent? --no-verbose --output - %f"
6 | set pgp_verify_command="gpg2 --no-verbose --output - --verify %s %f"
7 | set pgp_decrypt_command="gpg2 --use-agent --no-verbose --output - %f"
8 | set pgp_sign_command="gpg2 --no-verbose --output - --use-agent --armor --detach-sign --textmode %?a?-u %a? %f"
9 | set pgp_clearsign_command="gpg2 --no-verbose --output - --use-agent --armor --textmode --clearsign %?a?-u %a? %f"
10 | set pgp_encrypt_only_command="/usr/bin/pgpewrap gpg2 --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
11 | set pgp_encrypt_sign_command="/usr/bin/pgpewrap gpg2 --use-agent --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
12 | set pgp_import_command="gpg2 --no-verbose --import -v %f"
13 | set pgp_export_command="gpg2 --no-verbose --export --armor %r"
14 | set pgp_verify_key_command="gpg2 --no-verbose --fingerprint --check-sigs %r"
15 | set pgp_list_pubring_command="gpg2 --no-verbose --with-colons --list-keys %r"
16 | set pgp_list_secring_command="gpg2 --no-verbose --with-colons --list-secret-keys %r"
17 |
18 | # If you want all of your email to be autosigned, use this.
19 | # I only sign email sent from my school address, not gmail, so
20 | # this is found in my school configuration file.
21 | #
22 | set pgp_autosign=yes
23 | set pgp_sign_as=308CA5040B471503C9D9E670E633A79B0BB0F6D9
24 | set pgp_replyencrypt=yes
25 | set pgp_timeout=1800
26 | set pgp_good_sign="^gpg: Good signature from"
27 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/redhat:
--------------------------------------------------------------------------------
1 | set spoolfile = +"redhat/INBOX"
2 | set mbox = +"redhat/Trash"
3 | set postponed = +"redhat/Drafts"
4 | set from=decause@redhat.com
5 | set sendmail="/usr/bin/msmtp -a redhat"
6 |
7 | #macro index,pager a +redhat/archive
8 | macro index,pager A +redhat/archive.*
9 | macro index,pager a +redhat/archive.*
10 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/rit:
--------------------------------------------------------------------------------
1 | set spoolfile = +"rit/INBOX"
2 | set mbox = +"rit/Deleted Items"
3 | set postponed = +"rit/Drafts"
4 | set from=rjbpop@rit.edu
5 | set sendmail="/usr/bin/msmtp -a rit"
6 |
7 | macro index,pager A +rit/archive.*
8 | macro index,pager a +rit/archive.*
9 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-decause/sig:
--------------------------------------------------------------------------------
1 | Remy DeCausemaker
2 |
3 | Fedora Community Lead & Council Member
4 | http://whatcanidoforfedora.org
5 |
6 | 308C A504 0B47 1503 C9D9 E670 E633 A79B 0BB0 F6D9
7 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/aliases:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ralphbean/lightsaber/ce466925caad83976c978bc5e2b95ad5f9ae38f3/roles/mail/client/files/mutt-threebean/aliases
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/colors:
--------------------------------------------------------------------------------
1 | # 'black' turns out grey is my terminal
2 | #
3 | # color object foreground background
4 | color attachment magenta default
5 | color error white red # errors yell at you in red
6 | color hdrdefault green default # headers
7 | color indicator cyan default # currently selected message
8 | color markers cyan default # the + for wrapped pager lines
9 | color message cyan default # informational messages, not mail
10 | color normal white default # plain text
11 | color quoted green default # quoted text
12 | color search green default # hilite search patterns in the pager
13 | color signature red default # signature (after "-- ") is red
14 | color status blue default # status bar is yellow *on blue*
15 | color tilde blue default # ~'s after message body
16 | color tree red default # thread tree in index menu is magenta
17 | color signature red default
18 | color underline yellow default
19 | color header cyan default ^(From|Subject): # Important headers
20 | color body magenta default "(ftp|http)://[^ ]+" # picks up URLs
21 | color body magenta default [-a-z_0-9.]+@[-a-z_0-9.]+
22 |
23 | # Coloring quoted text - coloring the first 7 levels:
24 | color quoted cyan black
25 | color quoted1 yellow black
26 | color quoted2 red black
27 | color quoted3 green black
28 | color quoted4 cyan black
29 | color quoted5 yellow black
30 | color quoted6 red black
31 | color quoted7 green black
32 |
33 | # Colorize smileys: :-) ;-) :-/ :-(
34 | color body yellow default "[;:]-[)/(|]"
35 | color body yellow default "[;:][)/(|]"
36 | color body green default "[[:alpha:]]\+://[^ ]*"
37 |
38 | color index green default ~N # New
39 | color index yellow default ~O # Old
40 | color index magenta default ~P # From me
41 | color index cyan default ~F # Flagged
42 | color index blue default ~T # Tagged
43 | color index red default ~D # Deleted
44 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/common:
--------------------------------------------------------------------------------
1 | #------------------------------------------------------#
2 | # ~/.mutt/common
3 |
4 | set realname = "Ralph Bean"
5 |
6 | # Check for and beep when new mail shows up while mutt is open.
7 | #
8 | set check_new = yes
9 | set beep_new = yes
10 | unset beep
11 |
12 | set mail_check = 60 # Check for new mail in all mailboxes
13 | # every minute
14 | set timeout = 30
15 |
16 | # To open html with mailcap, elinks.
17 | auto_view text/html
18 | alternative_order text/plain text/html
19 |
20 |
21 | # Sort by threads and last-date-received:
22 | # will be gmail's style of threading, if the threading
23 | # was shown in the main display.
24 | #
25 | set sort = 'threads'
26 | set sort_aux = 'reverse-last-date-received'
27 |
28 | # Only check the mailboxes that we have in the muttmailboxes file
29 | #
30 | #set imap_check_subscribed = yes
31 |
32 | # Not strictly necessary since we are using locally cached
33 | # email with offlineimap, but if we were having mutt fetch
34 | # the mail directly, this would help make it faster.
35 | #
36 | #set header_cache=~/.mutt/cache/headers
37 | #set message_cachedir=~/.mutt/cache/bodies
38 | #set certificate_file=~/.mutt/certificates
39 |
40 | # Don't move mail from the spool.
41 | #
42 | set move=no
43 |
44 | #======================================================#
45 | # which editor do you want to use?
46 | # vim of course!
47 | set editor="vim -c 'set tw=70 et' -c 'set spell' '+/^$' +9999999"
48 | set edit_headers # See the headers when editing
49 |
50 | #======================================================#
51 | # Order of headers and what to show
52 | hdr_order Date: From: User-Agent: X-Mailer \
53 | To: Cc: Reply-To: Subject:
54 | ignore *
55 | unignore Date: From: User-Agent: X-Mailer: X-PGP-Key: \
56 | To: Cc: Reply-To: Subject:
57 |
58 | #======================================================#
59 | # Odds and Ends
60 | set sort_alias=alias # sort aliases in alpha order by alias name
61 | set markers # mark wrapped lines of text in the pager with a +
62 | set smart_wrap # Don't wrap mid-word
63 | set pager_context=6 # Retain 6 lines of previous page when scrolling.
64 | set status_on_top # Status bar on top.
65 | push # Shows mutt version at startup
66 |
67 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/gmail:
--------------------------------------------------------------------------------
1 | set spoolfile = +"gmail/INBOX"
2 | set mbox = +"gmail/[Gmail].All Mail"
3 | set postponed = +"gmail/[Gmail].Drafts"
4 | set from=ralph.bean@gmail.com
5 | set sendmail="/usr/bin/msmtp -a gmail"
6 |
7 | macro index,pager A +gmail/archive.*
8 | macro index,pager a +gmail/archive.*
9 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/pgp:
--------------------------------------------------------------------------------
1 | # from Justin R. Miller's
2 | # `Everything You Need To Know To Start Using GnuPG with Mutt'
3 | # http://codesorcery.net/old/mutt/mutt-gnupg-howto
4 |
5 | set pgp_decode_command="gpg2 %?p?--use-agent? --no-verbose --output - %f"
6 | set pgp_verify_command="gpg2 --no-verbose --output - --verify %s %f"
7 | set pgp_decrypt_command="gpg2 --use-agent --no-verbose --output - %f"
8 | set pgp_sign_command="gpg2 --no-verbose --output - --use-agent --armor --detach-sign --textmode %?a?-u %a? %f"
9 | set pgp_clearsign_command="gpg2 --no-verbose --output - --use-agent --armor --textmode --clearsign %?a?-u %a? %f"
10 | set pgp_encrypt_only_command="/usr/bin/pgpewrap gpg2 --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
11 | set pgp_encrypt_sign_command="/usr/bin/pgpewrap gpg2 --use-agent --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
12 | set pgp_import_command="gpg2 --no-verbose --import -v %f"
13 | set pgp_export_command="gpg2 --no-verbose --export --armor %r"
14 | set pgp_verify_key_command="gpg2 --no-verbose --fingerprint --check-sigs %r"
15 | set pgp_list_pubring_command="gpg2 --no-verbose --with-colons --list-keys %r"
16 | set pgp_list_secring_command="gpg2 --no-verbose --with-colons --list-secret-keys %r"
17 |
18 | # If you want all of your email to be autosigned, use this.
19 | # I only sign email sent from my school address, not gmail, so
20 | # this is found in my school configuration file.
21 | #
22 | set pgp_autosign=yes
23 | set pgp_sign_as=94504C3AE11DD197920058ABA90ED7DE971095FF
24 | set pgp_replyencrypt=yes
25 | set pgp_timeout=1800
26 | set pgp_good_sign="^gpg: Good signature from"
27 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/redhat:
--------------------------------------------------------------------------------
1 | set spoolfile = +"redhat/INBOX"
2 | set mbox = +"redhat/Trash"
3 | set postponed = +"redhat/Drafts"
4 | set from=rbean@redhat.com
5 | set sendmail="/usr/bin/msmtp -a redhat"
6 |
7 | #macro index,pager a +redhat/archive
8 | macro index,pager A +redhat/archive.*
9 | macro index,pager a +redhat/archive.*
10 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/rit:
--------------------------------------------------------------------------------
1 | set spoolfile = +"rit/INBOX"
2 | set mbox = +"rit/Deleted Items"
3 | set postponed = +"rit/Drafts"
4 | set from=rjbpop@rit.edu
5 | set sendmail="/usr/bin/msmtp -a rit"
6 |
7 | macro index,pager A +rit/archive.*
8 | macro index,pager a +rit/archive.*
9 |
--------------------------------------------------------------------------------
/roles/mail/client/files/mutt-threebean/wrns:
--------------------------------------------------------------------------------
1 | set spoolfile = +"wrns/INBOX"
2 | set mbox = +"wrns/[Gmail].All Mail"
3 | set postponed = +"wrns/[Gmail].Drafts"
4 | set from=webmaster@wintonroad.org
5 | set sendmail="/usr/bin/msmtp -a wrns"
6 |
7 | macro index,pager A +wrns/archive.*
8 | macro index,pager a +wrns/archive.*
9 |
--------------------------------------------------------------------------------
/roles/mail/client/files/notmuch-config-decause:
--------------------------------------------------------------------------------
1 | # .notmuch-config - Configuration file for the notmuch mail system
2 | #
3 | # For more information about notmuch, see http://notmuchmail.org
4 |
5 | # Database configuration
6 | #
7 | # The only value supported here is 'path' which should be the top-level
8 | # directory where your mail currently exists and to where mail will be
9 | # delivered in the future. Files should be individual email messages.
10 | # Notmuch will store its database within a sub-directory of the path
11 | # configured here named ".notmuch".
12 | #
13 | [database]
14 | path=/home/decause/.imap-mail
15 |
16 | # User configuration
17 | #
18 | # Here is where you can let notmuch know how you would like to be
19 | # addressed. Valid settings are
20 | #
21 | # name Your full name.
22 | # primary_email Your primary email address.
23 | # other_email A list (separated by ';') of other email addresses
24 | # at which you receive email.
25 | #
26 | # Notmuch will use the various email addresses configured here when
27 | # formatting replies. It will avoid including your own addresses in the
28 | # recipient list of replies, and will set the From address based on the
29 | # address to which the original email was addressed.
30 | #
31 | [user]
32 | name=Remy DeCausemaker
33 | primary_email=decause@gmail.com
34 | other_email=rdecause@redhat.com;decause@redhat.com;
35 |
36 | # Configuration for "notmuch new"
37 | #
38 | # The following options are supported here:
39 | #
40 | # tags A list (separated by ';') of the tags that will be
41 | # added to all messages incorporated by "notmuch new".
42 | #
43 | [new]
44 | tags=unread;inbox;
45 |
46 | # Maildir compatibility configuration
47 | #
48 | # The following option is supported here:
49 | #
50 | # synchronize_flags Valid values are true and false.
51 | #
52 | # If true, then the following maildir flags (in message filenames)
53 | # will be synchronized with the corresponding notmuch tags:
54 | #
55 | # Flag Tag
56 | # ---- -------
57 | # D draft
58 | # F flagged
59 | # P passed
60 | # R replied
61 | # S unread (added when 'S' flag is not present)
62 | #
63 | # The "notmuch new" command will notice flag changes in filenames
64 | # and update tags, while the "notmuch tag" and "notmuch restore"
65 | # commands will notice tag changes and update flags in filenames
66 | #
67 | [maildir]
68 | synchronize_flags=true
69 |
--------------------------------------------------------------------------------
/roles/mail/client/files/notmuch-config-threebean:
--------------------------------------------------------------------------------
1 | # .notmuch-config - Configuration file for the notmuch mail system
2 | #
3 | # For more information about notmuch, see http://notmuchmail.org
4 |
5 | # Database configuration
6 | #
7 | # The only value supported here is 'path' which should be the top-level
8 | # directory where your mail currently exists and to where mail will be
9 | # delivered in the future. Files should be individual email messages.
10 | # Notmuch will store its database within a sub-directory of the path
11 | # configured here named ".notmuch".
12 | #
13 | [database]
14 | path=/home/threebean/.imap-mail
15 |
16 | # User configuration
17 | #
18 | # Here is where you can let notmuch know how you would like to be
19 | # addressed. Valid settings are
20 | #
21 | # name Your full name.
22 | # primary_email Your primary email address.
23 | # other_email A list (separated by ';') of other email addresses
24 | # at which you receive email.
25 | #
26 | # Notmuch will use the various email addresses configured here when
27 | # formatting replies. It will avoid including your own addresses in the
28 | # recipient list of replies, and will set the From address based on the
29 | # address to which the original email was addressed.
30 | #
31 | [user]
32 | name=Ralph Bean
33 | primary_email=ralph.bean@gmail.com
34 | other_email=rbean@redhat.com;webmaster@wintonroad.org;
35 |
36 | # Configuration for "notmuch new"
37 | #
38 | # The following options are supported here:
39 | #
40 | # tags A list (separated by ';') of the tags that will be
41 | # added to all messages incorporated by "notmuch new".
42 | #
43 | [new]
44 | tags=unread;inbox;
45 |
46 | # Maildir compatibility configuration
47 | #
48 | # The following option is supported here:
49 | #
50 | # synchronize_flags Valid values are true and false.
51 | #
52 | # If true, then the following maildir flags (in message filenames)
53 | # will be synchronized with the corresponding notmuch tags:
54 | #
55 | # Flag Tag
56 | # ---- -------
57 | # D draft
58 | # F flagged
59 | # P passed
60 | # R replied
61 | # S unread (added when 'S' flag is not present)
62 | #
63 | # The "notmuch new" command will notice flag changes in filenames
64 | # and update tags, while the "notmuch tag" and "notmuch restore"
65 | # commands will notice tag changes and update flags in filenames
66 | #
67 | [maildir]
68 | synchronize_flags=true
69 |
--------------------------------------------------------------------------------
/roles/mail/client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Include some packages
2 | dnf:
3 | name: "{{ item }}"
4 | state: present
5 | with_items:
6 | - dnf
7 | - dnf-plugins-core
8 | - elinks
9 | tags:
10 | - mail/client
11 |
12 | - name: Enable the mutt-kz copr
13 | command: dnf copr enable -y fatka/mutt-kz
14 | args:
15 | creates: /etc/yum.repos.d/_copr_fatka-mutt-kz.repo
16 | tags:
17 | - mail/client
18 |
19 | - name: And install it, of course.
20 | dnf:
21 | name: mutt-kz
22 | state: present
23 | tags:
24 | - mail/client
25 |
26 | - name: Also, we want msmtp for sending and isync for receipt
27 | dnf:
28 | name: "{{ item }}"
29 | state: present
30 | with_items:
31 | - msmtp
32 | - isync
33 | tags:
34 | - mail/client
35 |
36 | - name: Synchronize some mail-checkery scripts to /usr/local/bin
37 | synchronize:
38 | src: bin/
39 | dest: /usr/local/bin/
40 | tags:
41 | - mail/client
42 |
43 | - name: Ensure that maildirs are present in homedir.
44 | file:
45 | dest: "/home/{{user}}/.imap-mail/{{item}}"
46 | state: directory
47 | owner: "{{user}}"
48 | group: "{{user}}"
49 | mode: 0750
50 | with_items:
51 | - gmail
52 | - redhat
53 | - wrns
54 | tags:
55 | - mail/client
56 |
57 | - name: Copy top level generic configs
58 | copy:
59 | src: "{{item}}"
60 | dest: "/home/{{user}}/.{{item}}"
61 | owner: "{{user}}"
62 | group: "{{user}}"
63 | mode: 0600
64 | with_items:
65 | - mbsync.redhat.crt
66 | - mailcap
67 | tags:
68 | - mail/client
69 |
70 | - name: Copy top level user-specific configs
71 | copy:
72 | src: "{{item}}-{{username}}"
73 | dest: "/home/{{user}}/.{{item}}"
74 | owner: "{{user}}"
75 | group: "{{user}}"
76 | mode: 0600
77 | with_items:
78 | - msmtprc
79 | - mbsyncrc
80 | - notmuch-config
81 | tags:
82 | - mail/client
83 |
84 | - name: Sync over the .mutt/ dir.
85 | synchronize:
86 | src: "mutt-{{username}}/"
87 | dest: "/home/{{user}}/.mutt"
88 | tags:
89 | - mail/client
90 |
91 | - name: Lastly, symlink the main muttrc into place
92 | file:
93 | src: "/home/{{user}}/.mutt/muttrc"
94 | dest: "/home/{{user}}/.muttrc"
95 | state: link
96 | tags:
97 | - mail/client
98 |
--------------------------------------------------------------------------------
/roles/nagios/head/files/nagios.conf:
--------------------------------------------------------------------------------
1 | # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
2 | # Last Modified: 11-26-2005
3 | #
4 | # This file contains examples of entries that need
5 | # to be incorporated into your Apache web server
6 | # configuration file. Customize the paths, etc. as
7 | # needed to fit your system.
8 |
9 |
10 |
11 | ServerName fml.threebean.org
12 | DocumentRoot /usr/share/nagios/html
13 | ErrorLog /var/log/httpd/fml.threebean.org-error_log
14 | CustomLog /var/log/httpd/fml.threebean.org-access_log common
15 |
16 | ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
17 | ScriptAlias /cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
18 |
19 |
20 | # SSLRequireSSL
21 | Options ExecCGI
22 | AllowOverride None
23 | SetOutputFilter DEFLATE
24 |
25 | AuthName "Nagios Access"
26 | AuthType Basic
27 | AuthUserFile /etc/nagios/passwd
28 |
29 |
30 | Require all granted
31 | # Require local
32 | Require valid-user
33 |
34 |
35 |
36 | Alias /nagios "/usr/share/nagios/html"
37 |
38 |
39 | # SSLRequireSSL
40 | Options None
41 | AllowOverride None
42 | SetOutputFilter DEFLATE
43 |
44 | AuthName "Nagios Access"
45 | AuthType Basic
46 | AuthUserFile /etc/nagios/passwd
47 |
48 |
49 | Require all granted
50 | # Require local
51 | Require valid-user
52 |
53 |
54 |
55 |
--------------------------------------------------------------------------------
/roles/nagios/head/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart nagios
2 | service:
3 | name: nagios
4 | state: restarted
5 |
6 | - name: restart firewalld
7 | service:
8 | name: firewalld
9 | state: restarted
10 |
11 | - name: restart httpd
12 | service:
13 | name: httpd
14 | state: restarted
15 |
--------------------------------------------------------------------------------
/roles/nagios/head/templates/host.cfg:
--------------------------------------------------------------------------------
1 | define host{
2 | use linux-server
3 | host_name {{ item }}
4 | alias {{ item }}
5 | address {{ hostvars[item]['ansible_ssh_host'] }}
6 | }
7 |
8 | define service{
9 | use local-service
10 | host_name {{ item }}
11 | service_description PING
12 | check_command check_ping!100.0,20%!500.0,60%
13 | }
14 |
15 | define service{
16 | use local-service
17 | host_name {{ item }}
18 | service_description Current Local Load
19 | check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
20 | }
21 |
22 | define service{
23 | use generic-service
24 | host_name {{ item }}
25 | service_description Disk Space 1
26 | check_command check_nrpe!check_root
27 | }
28 |
29 | define service{
30 | use generic-service
31 | host_name {{ item }}
32 | service_description Current Users
33 | check_command check_nrpe!check_users
34 | }
35 |
36 | define service{
37 | use generic-service
38 | host_name {{ item }}
39 | service_description Total Processes
40 | check_command check_nrpe!check_total_procs
41 | }
42 |
43 | define service{
44 | use generic-service
45 | host_name {{ item }}
46 | service_description Zombie Processes
47 | check_command check_nrpe!check_zombie_procs
48 | }
49 |
50 | define service{
51 | use generic-service
52 | host_name {{ item }}
53 | service_description SSH
54 | check_command check_ssh
55 | }
56 |
57 | define service{
58 | use generic-service
59 | host_name {{ item }}
60 | service_description Current Load
61 | check_command check_nrpe!check_load!5.0,4.0,3.0!10.0,6.0,4.0
62 | }
63 |
64 | define service{
65 | use generic-service
66 | host_name {{ item }}
67 | service_description Needs Updates
68 | check_command check_nrpe!check_updates
69 | }
70 |
71 | # Currently unused
72 | #
73 | #define service{
74 | # use generic-service
75 | # host_name {{ item }}
76 | # service_description SWAP
77 | # check_command check_nrpe!check_swap
78 | #}
79 |
80 | define service{
81 | use generic-service
82 | host_name {{ item }}
83 | service_description Free Memory
84 | check_command check_nrpe!check_memory
85 | }
86 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/common/files/check_memory.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import argparse
4 | import subprocess as sp
5 | import sys
6 |
7 | parser = argparse.ArgumentParser()
8 | parser.add_argument('-w', '--warning', default=60, type=int,
9 | help="WARN if percent memory is used.")
10 | parser.add_argument('-c', '--critical', default=80, type=int,
11 | help="CRIT if percent memory is used.")
12 | parser.add_argument('-s', '--swap', default=False, action='store_true',
13 | help="Check swap instead of memory.")
14 | args = parser.parse_args()
15 |
16 | if args.warning >= args.critical:
17 | print "UNKNOWN: --warning must be less than --critical"
18 | sys.exit(3)
19 |
20 | proc = sp.Popen(['free'], stdout=sp.PIPE, stderr=sp.PIPE)
21 | stdout, stderr = proc.communicate()
22 | if proc.returncode != 0:
23 | print "UNKOWN: 'free' return code was %r" % proc.returncode
24 | sys.exit(3)
25 |
26 | headers, memory, swap = stdout.strip().split('\n')
27 |
28 | if args.swap:
29 | name, target = 'swap', swap
30 | else:
31 | name, target = 'memory', memory
32 |
33 | total, used, free = map(int, target.split()[1:4])
34 | percent = 100 * float(used) / float(total)
35 |
36 | if percent > args.critical:
37 | print "CRITICAL: %0.1f percent of %s used." % (percent, name)
38 | sys.exit(2)
39 |
40 | if percent > args.warning:
41 | print "WARNING: %0.1f percent of %s used." % (percent, name)
42 | sys.exit(1)
43 |
44 | print "OKAY: %0.1f percent of %s used." % (percent, name)
45 | sys.exit(0)
46 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/common/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
6 | - name: restart nrpe
7 | service:
8 | name: nrpe
9 | state: restarted
10 |
11 | # it would be sick if we could delegate to a group
12 | - name: restart nagios
13 | service:
14 | name: nagios
15 | state: restarted
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 |
19 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/common/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: nrpe | install nrpe
2 | dnf:
3 | state: latest
4 | pkg: "{{ item }}"
5 | with_items:
6 | - nagios-plugins-all
7 | - nagios-plugins-check-updates
8 | - perl-Nagios-Plugin
9 | - perl-Sort-Versions
10 | - perl-Readonly
11 | - nrpe
12 | notify:
13 | - restart nrpe
14 | tags:
15 | - nagios
16 |
17 | - name: copy memory plugin in
18 | copy:
19 | src: check_memory.py
20 | dest: /usr/lib64/nagios/plugins/check_memory.py
21 | mode: 0755
22 |
23 | - name: nrpe | copy over basic nrpe tasks
24 | template:
25 | src: nrpe.cfg
26 | dest: /etc/nagios/nrpe.cfg
27 | notify:
28 | - restart nrpe
29 | tags:
30 | - nagios
31 |
32 | - name: nrpe | make sure nrpe can ping (sticky bit)
33 | file:
34 | dest: /usr/bin/ping
35 | mode: 4755
36 | tags:
37 | - nagios
38 |
39 | - name: nrpe | start nrpe
40 | service:
41 | name: nrpe
42 | enabled: yes
43 | state: started
44 | tags:
45 | - nagios
46 |
47 | - name: nrpe | open a port
48 | firewalld:
49 | port: "{{ item }}/tcp"
50 | state: enabled
51 | permanent: true
52 | zone: public
53 | with_items:
54 | - 5666
55 | notify:
56 | - restart firewalld
57 | tags:
58 | - nagios
59 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/common/templates/nrpe.cfg:
--------------------------------------------------------------------------------
1 | allowed_hosts=127.0.0.1,{{ hostvars[groups['nagios'][0]]['ansible_ssh_host'] }}
2 |
3 | include_dir=/etc/nrpe.d/
4 | command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
5 | command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
6 | command[check_root]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -p /dev/vda
7 | command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
8 | command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 220 -c 250
9 | command[check_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 3 -c 10 -M postfix
10 | command[check_updates]=/usr/lib64/nagios/plugins/check_updates --no-boot-check -w 15 -c 20
11 | command[check_memory]=/usr/lib64/nagios/plugins/check_memory.py -w 75 -c 90
12 |
13 | # Currently unused
14 | #command[check_swap]=/usr/lib64/nagios/plugins/check_memory.py -s -w 80 -c 90
15 |
16 | log_facility=daemon
17 | pid_file=/var/run/nrpe/nrpe.pid
18 | server_port=5666
19 | nrpe_user=nrpe
20 | nrpe_group=nrpe
21 | dont_blame_nrpe=0
22 | debug=0
23 | command_timeout=60
24 | connection_timeout=300
25 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/proc/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
6 | - name: restart nrpe
7 | service:
8 | name: nrpe
9 | state: restarted
10 |
11 | # it would be sick if we could delegate to a group
12 | - name: restart nagios
13 | service:
14 | name: nagios
15 | state: restarted
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/proc/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: nrpe | copy proc config to the monitored node
2 | template:
3 | src: nrpe-proc.cfg
4 | dest: "/etc/nrpe.d/proc-{{ proc }}.cfg"
5 | mode: 0644
6 | notify: restart nrpe
7 | tags:
8 | - nagios
9 |
10 | - name: nrpe | copy proc monitor config to the nagios head
11 | template:
12 | src: nrpe-nagios-side-proc.cfg
13 | dest: "/etc/nagios/hosts/{{ inventory_hostname }}.proc.{{ proc }}.cfg"
14 | mode: 0644
15 | notify: restart nagios
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 | tags:
19 | - nagios
20 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/proc/templates/nrpe-nagios-side-proc.cfg:
--------------------------------------------------------------------------------
1 | define service{
2 | use generic-service
3 | host_name {{ inventory_hostname }}
4 | service_description Check for the {{ proc }} process.
5 | check_command check_nrpe!check_proc_{{ proc }}
6 | }
7 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/proc/templates/nrpe-proc.cfg:
--------------------------------------------------------------------------------
1 | command[check_proc_{{ proc }}]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C {{ proc }} -u {{ user }}
2 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/site/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
6 | - name: restart nrpe
7 | service:
8 | name: nrpe
9 | state: restarted
10 |
11 | # it would be sick if we could delegate to a group
12 | - name: restart nagios
13 | service:
14 | name: nagios
15 | state: restarted
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/site/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: nrpe | copy site config to the monitored node
2 | template:
3 | src: nrpe-site.cfg
4 | dest: "/etc/nrpe.d/site-{{ site }}.cfg"
5 | mode: 0644
6 | notify: restart nrpe
7 | tags:
8 | - nagios
9 |
10 | - name: nrpe | copy httpd/site config to the nagios head
11 | template:
12 | src: nrpe-nagios-side-site.cfg
13 | dest: "/etc/nagios/hosts/{{ inventory_hostname }}.{{ site }}.cfg"
14 | mode: 0644
15 | notify: restart nagios
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 | tags:
19 | - nagios
20 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/site/templates/nrpe-nagios-side-site.cfg:
--------------------------------------------------------------------------------
1 | define service{
2 | use generic-service
3 | host_name {{ inventory_hostname }}
4 | service_description HTTP - check for {{ target }} in {{ site }}
5 | check_command check_nrpe!check_http_{{ site }}
6 | }
7 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/site/templates/nrpe-site.cfg:
--------------------------------------------------------------------------------
1 | command[check_http_{{ site }}]=/usr/lib64/nagios/plugins/check_http -H {{ site }} -s {{ target }} -u {{ path }} -t {{ timeout }}
2 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/websocket/files/check_websocket.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """ Nagios/nrpe script to check for moksha websocket activity. """
3 |
4 | import argparse
5 | import json
6 | import socket
7 | import sys
8 |
9 | import websocket
10 |
11 | parser = argparse.ArgumentParser()
12 | parser.add_argument('--timeout', type=int)
13 | parser.add_argument('--address')
14 | parser.add_argument('--topic', default='*')
15 | args = parser.parse_args()
16 |
17 | for attr in ['timeout', 'address']:
18 | if not getattr(args, attr, None):
19 | print "UNK: --%s is required" % attr
20 | sys.exit(3)
21 |
22 | timeout = args.timeout
23 | address = args.address
24 | topic = args.topic
25 |
26 | client = websocket.create_connection(address)
27 | client.settimeout(timeout)
28 | client.send(json.dumps(dict(
29 | topic="__topic_subscribe__",
30 | body=topic,
31 | )))
32 |
33 | try:
34 | body = client.recv()
35 | contents = json.loads(body)
36 | assert 'body' in contents
37 | print "OK - %r websocket message received from %r" % (topic, address)
38 | sys.exit(0)
39 | except socket.timeout:
40 | print "CRIT - no %r websocket message received from %r in %r seconds" % (
41 | topic, address, timeout)
42 | sys.exit(2)
43 | except Exception as e:
44 | print "WARN - %r" % e
45 | sys.exit(1)
46 | finally:
47 | client.close()
48 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/websocket/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
6 | - name: restart nrpe
7 | service:
8 | name: nrpe
9 | state: restarted
10 |
11 | # it would be sick if we could delegate to a group
12 | - name: restart nagios
13 | service:
14 | name: nagios
15 | state: restarted
16 | delegate_to: "{{ item }}"
17 | with_items: groups.nagios
18 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/websocket/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: nrpe | install deps for websocket plugin
2 | dnf:
3 | pkg: python-websocket-client
4 | state: present
5 | tags:
6 | - nagios
7 |
8 | - name: nrpe | copy websocket plugin to the monitored node
9 | copy:
10 | src: check_websocket.py
11 | dest: /usr/lib64/nagios/plugins/check_websocket.py
12 | mode: 0755
13 | tags:
14 | - nagios
15 |
16 | - name: nrpe | copy websocket config to the monitored node
17 | template:
18 | src: nrpe-websocket.cfg
19 | dest: "/etc/nrpe.d/websocket-{{ name }}.cfg"
20 | mode: 0644
21 | notify: restart nrpe
22 | tags:
23 | - nagios
24 |
25 | - name: nrpe | copy httpd/websocket config to the nagios head
26 | template:
27 | src: nrpe-nagios-side-websocket.cfg
28 | dest: "/etc/nagios/hosts/{{ inventory_hostname }}.{{ name }}.cfg"
29 | mode: 0644
30 | notify: restart nagios
31 | delegate_to: "{{ item }}"
32 | with_items: groups.nagios
33 | tags:
34 | - nagios
35 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/websocket/templates/nrpe-nagios-side-websocket.cfg:
--------------------------------------------------------------------------------
1 | define service{
2 | use generic-service
3 | host_name {{ inventory_hostname }}
4 | service_description WS - check for messages from {{ address }}
5 | check_command check_nrpe!check_websocket_{{ name }}
6 | }
7 |
--------------------------------------------------------------------------------
/roles/nagios/nrpe/websocket/templates/nrpe-websocket.cfg:
--------------------------------------------------------------------------------
1 | {% if topic is defined %}
2 | command[check_websocket_{{ name }}]=/usr/lib64/nagios/plugins/check_websocket.py --address {{ address }} --timeout {{ timeout }} --topic {{ topic }}
3 | {% else %}
4 | command[check_websocket_{{ name }}]=/usr/lib64/nagios/plugins/check_websocket.py --address {{ address }} --timeout {{ timeout }}
5 | {% endif %}
6 |
--------------------------------------------------------------------------------
/roles/narcissus/sender/files/narcissus-log-tailer.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # This will be publishing logs locally at 5672.
4 | # That needs to be locked down with iptables so that only pencil.rc.rit.edu can
5 | # connect.
6 |
7 | while [ "1" -eq "1" ] ; do
8 | tail \
9 | -F /var/log/lighttpd/access.log \
10 | -F /var/log/lighttpd/clamav.mirrors.rit.edu.access.log \
11 | 2>&1 | \
12 | /usr/bin/narcissus-zeromq-source --targets=tcp://0.0.0.0:5672
13 | done
14 |
--------------------------------------------------------------------------------
/roles/narcissus/sender/files/narcissus-sender.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Narcissus Log Sending Script
3 | After=network.target
4 | Documentation=https://github.com/ralphbean/narcissus
5 |
6 | [Service]
7 | ExecStart=/usr/local/bin/narcissus-log-tailer.sh
8 | Type=simple
9 | User=lighttpd
10 | Group=lighttpd
11 | Restart=on-failure
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/roles/narcissus/sender/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: reload systemd
2 | command: systemctl daemon-reload
3 | when: ansible_distribution_major_version != '6'
4 |
5 | - name: restart narcissus sender
6 | command: systemctl restart narcissus-sender
7 | when: ansible_distribution_major_version != '6'
8 |
9 | - name: save iptables
10 | command: iptables-save
11 |
--------------------------------------------------------------------------------
/roles/narcissus/sender/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install packages
2 | yum:
3 | name: "{{item}}"
4 | state: latest
5 | with_items:
6 | - python-narcissus-common
7 | - libselinux-python
8 | tags: narcissus
9 | notify: restart narcissus sender
10 |
11 | - name: Copy our tailing script
12 | copy:
13 | src: narcissus-log-tailer.sh
14 | dest: /usr/local/bin/narcissus-log-tailer.sh
15 | mode: 0755
16 | tags: narcissus
17 | notify: restart narcissus sender
18 |
19 | - name: Copy over a systemd service file for the sender
20 | copy:
21 | src: narcissus-sender.service
22 | dest: /usr/lib/systemd/system/narcissus-sender.service
23 | tags: narcissus
24 | when: ansible_distribution_major_version != '6'
25 | notify:
26 | - reload systemd
27 | - restart narcissus sender
28 |
29 | - name: Check if port 5672 is managed by iptables
30 | shell: iptables -L | grep -q "Let in pencil for narcissus"
31 | register: check_allow_narcissus
32 | ignore_errors: yes
33 | changed_when: no
34 | always_run: yes
35 | tags: narcissus
36 |
37 | - name: Let in pencil on port 5672
38 | command: >
39 | iptables -A INPUT -p tcp -m tcp --dport 5672
40 | -s "{{ hostvars['pencil']['ansible_ssh_host'] }}"
41 | -m comment --comment "Let in pencil for narcissus" -j ACCEPT
42 | when: check_allow_narcissus.rc != 0
43 | notify: save iptables
44 | tags: narcissus
45 |
46 | - name: Keep out everyone else on port 5672
47 | command: >
48 | iptables -A INPUT -p tcp -m tcp --dport 5672
49 | -m comment --comment "Keep out everyone else" -j REJECT
50 | when: check_allow_narcissus.rc != 0
51 | notify: save iptables
52 | tags: narcissus
53 |
54 | - name: Set log tailer service to start
55 | service:
56 | name: narcissus-sender
57 | state: running
58 | enabled: yes
59 | when: ansible_distribution_major_version != '6'
60 | tags: narcissus
61 |
--------------------------------------------------------------------------------
/roles/narcissus/server/files/narcissus-hub.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Narcissus message processing daemon
3 | After=network.target
4 | Documentation=https://github.com/ralphbean/narcissus
5 |
6 | [Service]
7 | ExecStart=/usr/bin/moksha-hub /etc/narcissus.ini
8 | Type=simple
9 | User=nobody
10 | Group=nobody
11 | Restart=on-failure
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/roles/narcissus/server/files/narcissus.conf:
--------------------------------------------------------------------------------
1 | WSGISocketPrefix run/wsgi
2 | WSGIRestrictSignal Off
3 | WSGIPythonOptimize 1
4 |
5 |
6 | # TODO -- figure out how to point at all those resources if necessary...
7 | #Alias /static /usr/lib/python2.7/site-packages/narcissus.app/widgetstatic/
8 |
9 | WSGIDaemonProcess narcissus user=apache maximum-requests=1000 display-name=narcissus processes=2 threads=2
10 |
11 | WSGIScriptAlias / /var/www/narcissus.wsgi
12 |
13 |
14 | WSGIProcessGroup narcissus
15 |
16 | # Apache 2.4
17 | Require all granted
18 |
19 |
20 | # Apache 2.2
21 | Order deny,allow
22 | Allow from all
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/roles/narcissus/server/files/narcissus.wsgi:
--------------------------------------------------------------------------------
1 | #-*- coding: UTF-8 -*-
2 |
3 | import logging, sys, os
4 | logging.basicConfig(stream=sys.stderr)
5 |
6 | from moksha.wsgi.middleware import make_moksha_middleware
7 | from moksha.common.lib.helpers import get_moksha_appconfig
8 |
9 | from tw2.core.middleware import make_middleware
10 |
11 | from narcissus.app.routes import app as application
12 | from narcissus.app.routes import load_production_config
13 |
14 | production_filename = "/etc/narcissus.ini"
15 | if os.path.exists(production_filename):
16 | config = load_production_config(production_filename)
17 | else:
18 | # Load development.ini
19 | config = get_moksha_appconfig()
20 |
21 | # Wrap the inner wsgi app with our middlewares
22 | application.wsgi_app = make_moksha_middleware(application.wsgi_app, config)
23 | application.wsgi_app = make_middleware(application.wsgi_app)
24 |
--------------------------------------------------------------------------------
/roles/narcissus/server/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart httpd
2 | command: apachectl graceful
3 |
4 | - name: restart narcissus-hub
5 | command: systemctl restart narcissus-hub
6 |
7 | - name: reload systemd
8 | command: systemctl daemon-reload
9 |
--------------------------------------------------------------------------------
/roles/narcissus/server/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install packages
2 | yum:
3 | name: "{{item}}"
4 | state: latest
5 | with_items:
6 | - python-narcissus-hub
7 | - python-narcissus-app
8 | - libselinux-python
9 | - python-moksha-hub
10 | - GeoIP
11 | tags: narcissus
12 | notify:
13 | - restart httpd
14 | - restart narcissus-hub
15 |
16 | - name: Copy over httpd conf file for narcissus wsgi app
17 | copy:
18 | src: narcissus.conf
19 | dest: /etc/httpd/conf.d/narcissus.conf
20 | tags: narcissus
21 | notify: restart httpd
22 |
23 | - name: Copy over mod_wsgi script for the narcissus app
24 | copy:
25 | src: narcissus.wsgi
26 | dest: /var/www/narcissus.wsgi
27 | tags: narcissus
28 | notify: restart httpd
29 |
30 | - name: Copy over config file shared by hub and apache
31 | template:
32 | src: narcissus.ini
33 | dest: /etc/narcissus.ini
34 | tags: narcissus
35 | notify:
36 | - restart httpd
37 | - restart narcissus-hub
38 |
39 | - name: Make a directory for moksha config
40 | file:
41 | dest: /etc/moksha
42 | state: directory
43 | tags: narcissus
44 | notify:
45 | - restart httpd
46 | - restart narcissus-hub
47 |
48 | - name: Symlink the config to another name
49 | file:
50 | src: /etc/narcissus.ini
51 | dest: /etc/moksha/production.ini
52 | state: link
53 | tags: narcissus
54 | notify:
55 | - restart httpd
56 | - restart narcissus-hub
57 |
58 | - name: Copy over narcissus-hub systemd service file
59 | copy:
60 | src: narcissus-hub.service
61 | dest: /usr/lib/systemd/system/narcissus-hub.service
62 | tags: narcissus
63 | notify:
64 | - reload systemd
65 | - restart narcissus-hub
66 |
67 | - name: Update our GeoIP databases from maxmind
68 | command: geoipupdate
69 | register: geoipupdate
70 | changed_when: geoipupdate.rc == 0
71 | ignore_errors: yes
72 | tags: narcissus
73 | notify:
74 | - restart narcissus-hub
75 |
76 | - name: Set the narcissus hub service to start
77 | service:
78 | name: narcissus-hub
79 | state: running
80 | enabled: yes
81 | tags: narcissus
82 |
--------------------------------------------------------------------------------
/roles/narcissus/server/templates/narcissus.ini:
--------------------------------------------------------------------------------
1 | [app:main]
2 |
3 | debug = False
4 | host = narcissus.rc.rit.edu
5 | port = 80
6 |
7 | moksha.domain = narcissus.rc.rit.edu
8 |
9 | moksha.notifications = True
10 | moksha.socket.notify = True
11 |
12 | moksha.livesocket = True
13 | moksha.livesocket.backend = websocket
14 | moksha.livesocket.reconnect_interval = 5000
15 | moksha.livesocket.websocket.port = 9998
16 | moksha.livesocket.websocket.host = narcissus.rc.rit.edu
17 |
18 | zmq_enabled = True
19 | #zmq_strict = True
20 | zmq_publish_endpoints = tcp://*:11981
21 | zmq_subscribe_endpoints = tcp://127.0.0.1:11981,tcp://{{hostvars['smoke']['ansible_ssh_host']}}:5672
22 |
--------------------------------------------------------------------------------
/roles/nmap/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Ensure nmap is installed
2 | dnf:
3 | name: nmap
4 | state: installed
5 | tags:
6 | - security
7 | - nmap
8 |
9 | - name: Check if ~/.lightsaber/nmap_scans exists
10 | stat:
11 | path: "/home/{{ username }}/.lightsaber/nmap_scans"
12 | register: nmap_init
13 | tags:
14 | - security
15 | - nmap
16 |
17 | - name: Create ~/.lightsaber/nmap_scans
18 | command: /usr/bin/mkdir -p /home/{{ username }}/.lightsaber/nmap_scans
19 | when: not nmap_init.stat.exists
20 | tags:
21 | - security
22 | - nmap
23 |
24 | - name: Run the nmap port scanner
25 | shell: "/usr/bin/nmap -Pn -p 1-65535 -sS -T4 {{ item }} | awk '/PORT/,/done/' | head -n-2 | tr -s ' ' ' ' > /home/{{ username }}/.lightsaber/nmap_scans/{{ item }}"
26 | sudo: yes
27 | with_items: groups['all']
28 | changed_when: False
29 | tags:
30 | - security
31 | - nmap
32 |
33 | - name: Initialize the nmap_scans git repo
34 | command: /usr/bin/git init chdir=~/.lightsaber/nmap_scans
35 | when: not nmap_init.stat.exists
36 | tags:
37 | - security
38 | - nmap
39 |
40 | - name: Add the scan results to the git repo
41 | command: /usr/bin/git add . chdir=~/.lightsaber/nmap_scans
42 | when: not nmap_init.stat.exists
43 | tags:
44 | - security
45 | - nmap
46 |
47 | - name: Commit the initial scan results
48 | command: /usr/bin/git commit -am "Initial scan" chdir=~/.lightsaber/nmap_scans
49 | when: not nmap_init.stat.exists
50 | tags:
51 | - security
52 | - nmap
53 |
54 | - name: See if any ports changed
55 | command: /usr/bin/git diff chdir=~/.lightsaber/nmap_scans
56 | register: nmap_diff
57 | changed_when: False
58 | tags:
59 | - security
60 | - nmap
61 |
62 | - name: Commit the latest scan results
63 | command: /usr/bin/git commit -am "Updated by lightsaber" chdir=~/.lightsaber/nmap_scans
64 | when: nmap_init.stat.exists
65 | changed_when: False
66 | ignore_errors: yes
67 | tags:
68 | - security
69 | - nmap
70 |
71 |
72 | - name: Output the port changes
73 | debug:
74 | msg: "{{ nmap_diff.stdout }}"
75 | when: nmap_diff.stdout != ''
76 | tags:
77 | - security
78 | - nmap
79 |
80 | - name: Host ports have changed!
81 | pause:
82 | prompt: "The port scanner has detected a change in open ports"
83 | when: nmap_diff.stdout != ''
84 | tags:
85 | - security
86 | - nmap
87 |
--------------------------------------------------------------------------------
/roles/rss/client/files/config:
--------------------------------------------------------------------------------
1 | browser /usr/bin/firefox %u
2 |
--------------------------------------------------------------------------------
/roles/rss/client/files/urls:
--------------------------------------------------------------------------------
1 | http://planet.fedoraproject.org/rss20.xml
2 | http://www.jacobinmag.com/feed/atom/
3 | http://socialistworker.org/recent/feed
4 |
--------------------------------------------------------------------------------
/roles/rss/client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install newsbeuter
2 | dnf:
3 | name: "{{item}}"
4 | state: present
5 | with_items:
6 | - newsbeuter
7 | tags:
8 | - rss/client
9 |
10 | - name: Make directories
11 | file:
12 | dest: "{{item.homedir}}/.newsbeuter/"
13 | state: directory
14 | owner: "{{item.user}}"
15 | group: "{{item.user}}"
16 | with_items: "{{ all_users }}"
17 | tags:
18 | - rss/client
19 |
20 | - name: Copy over configs
21 | copy:
22 | src: config
23 | dest: "{{item.homedir}}/.newsbeuter/config"
24 | owner: "{{item.user}}"
25 | group: "{{item.user}}"
26 | with_items: "{{ all_users }}"
27 | tags:
28 | - rss/client
29 |
30 | - name: Copy over urls
31 | copy:
32 | src: urls
33 | dest: "{{item.homedir}}/.newsbeuter/urls"
34 | owner: "{{item.user}}"
35 | group: "{{item.user}}"
36 | with_items: "{{ all_users }}"
37 | tags:
38 | - rss/client
39 |
--------------------------------------------------------------------------------
/roles/s3backup/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install s3cmd
3 | dnf:
4 | pkg: s3cmd
5 | state: present
6 | tags:
7 | - backups
8 |
9 | - name: copy s3 config
10 | template:
11 | src: s3cfg
12 | dest: /root/.s3cfg
13 | tags:
14 | - backups
15 |
16 | - name: add a cronjob to backup
17 | template:
18 | src: s3-cronjob
19 | dest: "/etc/cron.d/s3-backup-{{name}}"
20 | tags:
21 | - backups
22 |
--------------------------------------------------------------------------------
/roles/s3backup/templates/s3-cronjob:
--------------------------------------------------------------------------------
1 | 0 0 * * * root /usr/bin/s3cmd sync "{{target}}" s3://{{bucket}}/{{name}}/ >> /var/log/s3cron.log 2>&1
2 |
--------------------------------------------------------------------------------
/roles/s3backup/templates/s3cfg:
--------------------------------------------------------------------------------
1 | [default]
2 | access_key = {{ s3_aws_backup_access_key }}
3 | access_token =
4 | add_encoding_exts =
5 | add_headers =
6 | bucket_location = US
7 | cache_file =
8 | cloudfront_host = cloudfront.amazonaws.com
9 | default_mime_type = binary/octet-stream
10 | delay_updates = False
11 | delete_after = False
12 | delete_after_fetch = False
13 | delete_removed = False
14 | dry_run = False
15 | enable_multipart = True
16 | encoding = UTF-8
17 | encrypt = False
18 | follow_symlinks = False
19 | force = False
20 | get_continue = False
21 | gpg_command = /usr/bin/gpg
22 | gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
23 | gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
24 | gpg_passphrase = blahahah
25 | guess_mime_type = True
26 | host_base = s3.amazonaws.com
27 | host_bucket = %(bucket)s.s3.amazonaws.com
28 | human_readable_sizes = False
29 | invalidate_default_index_on_cf = False
30 | invalidate_default_index_root_on_cf = True
31 | invalidate_on_cf = False
32 | list_md5 = False
33 | log_target_prefix =
34 | mime_type =
35 | multipart_chunk_size_mb = 15
36 | preserve_attrs = True
37 | progress_meter = True
38 | proxy_host =
39 | proxy_port = 0
40 | recursive = False
41 | recv_chunk = 4096
42 | reduced_redundancy = False
43 | secret_key = {{ s3_aws_backup_secret_key }}
44 | send_chunk = 4096
45 | simpledb_host = sdb.amazonaws.com
46 | skip_existing = False
47 | socket_timeout = 300
48 | urlencoding_mode = normal
49 | use_https = True
50 | verbosity = WARNING
51 | website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
52 | website_error =
53 | website_index = index.html
54 |
--------------------------------------------------------------------------------
/roles/security/files/00-sshd.conf:
--------------------------------------------------------------------------------
1 | [DEFAULT]
2 | bantime = 3600
3 | backend = systemd
4 |
5 | [sshd]
6 | enabled = true
7 | backend = systemd
8 |
9 | [sshd-ddos]
10 | enabled = true
11 | backend = systemd
12 |
--------------------------------------------------------------------------------
/roles/security/files/fail2ban.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban main configuration file
2 | #
3 | # Comments: use '#' for comment lines and ';' (following a space) for inline comments
4 | #
5 | # Changes: in most of the cases you should not modify this
6 | # file, but provide customizations in fail2ban.local file, e.g.:
7 | #
8 | # [Definition]
9 | # loglevel = DEBUG
10 | #
11 |
12 | [Definition]
13 |
14 | # Option: loglevel
15 | # Notes.: Set the log level output.
16 | # CRITICAL
17 | # ERROR
18 | # WARNING
19 | # NOTICE
20 | # INFO
21 | # DEBUG
22 | # Values: [ LEVEL ] Default: ERROR
23 | #
24 | loglevel = INFO
25 |
26 | # Option: logtarget
27 | # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
28 | # Only one log target can be specified.
29 | # If you change logtarget from the default value and you are
30 | # using logrotate -- also adjust or disable rotation in the
31 | # corresponding configuration file
32 | # (e.g. /etc/logrotate.d/fail2ban on Debian systems)
33 | # Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
34 | #
35 | logtarget = SYSLOG
36 |
37 | # Option: socket
38 | # Notes.: Set the socket file. This is used to communicate with the daemon. Do
39 | # not remove this file when Fail2ban runs. It will not be possible to
40 | # communicate with the server afterwards.
41 | # Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
42 | #
43 | socket = /var/run/fail2ban/fail2ban.sock
44 |
45 | # Option: pidfile
46 | # Notes.: Set the PID file. This is used to store the process ID of the
47 | # fail2ban server.
48 | # Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
49 | #
50 | pidfile = /var/run/fail2ban/fail2ban.pid
51 |
52 | # Options: dbfile
53 | # Notes.: Set the file for the fail2ban persistent data to be stored.
54 | # A value of ":memory:" means database is only stored in memory
55 | # and data is lost when fail2ban is stopped.
56 | # A value of "None" disables the database.
57 | # Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
58 | dbfile = /var/lib/fail2ban/fail2ban.sqlite3
59 |
60 | # Options: dbpurgeage
61 | # Notes.: Sets age at which bans should be purged from the database
62 | # Values: [ SECONDS ] Default: 86400 (24hours)
63 | dbpurgeage = 86400
64 |
--------------------------------------------------------------------------------
/roles/security/files/fedora-updates-testing.repo:
--------------------------------------------------------------------------------
1 | [updates-testing]
2 | name=Fedora $releasever - $basearch - Test Updates
3 | failovermethod=priority
4 | #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
5 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
6 | enabled=1
7 | gpgcheck=1
8 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
9 |
10 | [updates-testing-debuginfo]
11 | name=Fedora $releasever - $basearch - Test Updates Debug
12 | failovermethod=priority
13 | #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
14 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
15 | enabled=1
16 | gpgcheck=1
17 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
18 |
19 | [updates-testing-source]
20 | name=Fedora $releasever - Test Updates Source
21 | failovermethod=priority
22 | #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
23 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
24 | enabled=1
25 | gpgcheck=1
26 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
27 |
--------------------------------------------------------------------------------
/roles/security/handlers/fail2ban.yml:
--------------------------------------------------------------------------------
1 | - name: restart fail2ban
2 | service:
3 | name: fail2ban
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/security/handlers/firewalld.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/security/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - include: firewalld.yml
2 | - include: sshd.yml
3 | - include: fail2ban.yml
4 |
--------------------------------------------------------------------------------
/roles/security/handlers/sshd.yml:
--------------------------------------------------------------------------------
1 | - name: restart sshd
2 | service:
3 | name: sshd
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/security/tasks/dnssec.yml:
--------------------------------------------------------------------------------
1 | - name: Security | dnssec | Ensure packages are installed
2 | dnf:
3 | pkg: dnssec-trigger
4 | state: present
5 |
6 | - name: Security | dnssec | start dnssec-triggerd and friends
7 | service:
8 | name: "{{item}}"
9 | enabled: yes
10 | state: started
11 | with_items:
12 | - dnssec-triggerd
13 | - unbound
14 |
--------------------------------------------------------------------------------
/roles/security/tasks/fail2ban.yml:
--------------------------------------------------------------------------------
1 | - name: Install fail2ban
2 | dnf:
3 | pkg: fail2ban-systemd
4 | state: present
5 | notify: restart fail2ban
6 | tags:
7 | - security
8 | - fail2ban
9 |
10 | - name: Enable sshd filtering
11 | copy:
12 | src: 00-sshd.conf
13 | dest: /etc/fail2ban/jail.d/00-sshd.conf
14 | notify: restart fail2ban
15 | tags:
16 | - security
17 | - fail2ban
18 |
19 | - name: Send fail2ban logs to syslog
20 | copy:
21 | src: fail2ban.conf
22 | dest: /etc/fail2ban/fail2ban.conf
23 | notify: restart fail2ban
24 | tags:
25 | - security
26 | - fail2ban
27 |
28 | - name: Fire it up
29 | service:
30 | name: fail2ban
31 | enabled: yes
32 | state: started
33 | notify: restart fail2ban
34 | tags:
35 | - security
36 | - fail2ban
37 |
--------------------------------------------------------------------------------
/roles/security/tasks/firefox.yml:
--------------------------------------------------------------------------------
1 |
2 | - name: Check if Firefox is installed
3 | stat:
4 | path: /usr/bin/firefox
5 | register: firefox
6 | tags:
7 | - security
8 | - firefox
9 |
10 |
11 | - name: Install Firefox security extensions
12 | dnf:
13 | name: "{{ item }}"
14 | state: present
15 | with_items:
16 | - mozilla-noscript
17 | - mozilla-https-everywhere
18 | - mozilla-adblockplus
19 | when: firefox.stat.exists
20 | tags:
21 | - security
22 | - firefox
23 |
--------------------------------------------------------------------------------
/roles/security/tasks/firewalld.yml:
--------------------------------------------------------------------------------
1 | - name: Security | firewalld | Make sure firewalld is installed
2 | dnf:
3 | name: firewalld
4 | state: present
5 | tags:
6 | - security
7 | - firewall
8 |
9 | # On Pidora the firewalld unit is masked
10 | - file:
11 | path: /etc/systemd/system/firewalld.service
12 | follow: yes
13 | register: firewalld_unit
14 | failed_when: False
15 | tags:
16 | - security
17 | - firewall
18 |
19 | - name: Security | firewalld | Ensure the service is unmasked
20 | command: /usr/bin/systemctl unmask firewalld
21 | when: firewalld_unit.state != 'absent' and firewalld_unit.src == '/dev/null'
22 | tags:
23 | - security
24 | - firewall
25 |
26 | - name: Security | firewalld | Start the firewalld service
27 | service:
28 | name: firewalld
29 | enabled: yes
30 | state: started
31 | tags:
32 | - security
33 | - firewall
34 |
--------------------------------------------------------------------------------
/roles/security/tasks/fprintd.yml:
--------------------------------------------------------------------------------
1 | - name: fprintd | Remove the fingerprint reader service
2 | dnf:
3 | name: libfprint
4 | state: absent
5 | tags:
6 | - security
7 | - auth
8 | - fingerprint
9 |
10 | - name: fprintd | Install authconfig
11 | dnf:
12 | name: authconfig
13 | state: present
14 | tags:
15 | - security
16 | - auth
17 | - fingerprint
18 |
19 | - name: fprintd | Update the pam system-auth configuration
20 | command: /usr/sbin/authconfig --disablefingerprint --update
21 | changed_when: False
22 | tags:
23 | - security
24 | - auth
25 | - fingerprint
26 |
--------------------------------------------------------------------------------
/roles/security/tasks/ipv6.yml:
--------------------------------------------------------------------------------
1 | # https://tools.ietf.org/html/rfc4941
2 | - name: ipv6 | Enable Privacy Extensions (RFC 4941)
3 | sysctl:
4 | name: "net.ipv6.conf.{{ item }}.use_tempaddr"
5 | value: 2
6 | sysctl_set: yes
7 | state: present
8 | reload: yes
9 | with_items:
10 | - "{{ ansible_default_ipv6.interface }}"
11 | - default
12 | - all
13 | tags:
14 | - security
15 | - ipv6
16 |
--------------------------------------------------------------------------------
/roles/security/tasks/lynis.yml:
--------------------------------------------------------------------------------
1 | # file: roles/security/tasks/lynis.yml
2 |
3 | - name: Security | lynis | Make sure lynis is installed
4 | dnf:
5 | name: lynis
6 | state: present
7 | tags:
8 | - security
9 | - lynis
10 |
--------------------------------------------------------------------------------
/roles/security/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - include: packages.yml
2 | - dnf:
3 | name: ntp
4 | state: present
5 | - service: name=ntpd state=started enabled=yes
6 | - include: rkhunter.yml
7 | - include: lynis.yml
8 | - include: selinux.yml
9 | - include: firewalld.yml
10 | - include: dnssec.yml
11 | - include: yum.yml
12 | - include: sudo.yml
13 | - include: sshd.yml
14 | - include: fprintd.yml
15 | - include: suricata.yml
16 | - include: firefox.yml
17 |
18 | # Ignore fail2ban for now until I have a good way to whitelist myself. I keep
19 | # getting banned when ansible "waits for ssh to come back" because it just
20 | # tries to ssh over and over again... and gets banned.
21 | #- include: fail2ban.yml
22 |
23 | # Lock down ipv6 when ipv6 is available
24 | - include: ipv6.yml
25 | when: "ansible_default_ipv6 != {}"
26 |
--------------------------------------------------------------------------------
/roles/security/tasks/packages.yml:
--------------------------------------------------------------------------------
1 | - name: Enable the updates-testing repository
2 | copy:
3 | src: fedora-updates-testing.repo
4 | dest: /etc/yum.repos.d/fedora-updates-testing.repo
5 |
6 | - name: Common | update all packages
7 | dnf:
8 | state: latest
9 | name: "*"
10 |
11 | - name: See if any updated packages need restarting
12 | command: /usr/bin/needs-restarting
13 | changed_when: False
14 | register: needs_restarting
15 |
16 | - name: Pause before rebooting
17 | pause:
18 | prompt: "We need to restart for the updates to take effect"
19 | when: needs_restarting.stdout and dont_pause_before_reboot is not defined
20 |
21 | - name: Reboot for updated packages
22 | include: "{{ tasks }}/reboot.yml"
23 | when: needs_restarting.stdout
24 |
--------------------------------------------------------------------------------
/roles/security/tasks/rkhunter.yml:
--------------------------------------------------------------------------------
1 | # file: roles/security/tasks/rkhunter.yml
2 |
3 | - name: Security | rkhunter | Make sure rkhunter is installed and up to date
4 | dnf:
5 | name: rkhunter
6 | state: present
7 | tags:
8 | - security
9 | - rkhunter
10 |
--------------------------------------------------------------------------------
/roles/security/tasks/selinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Installed - policycoreutils-python
3 | dnf:
4 | pkg: policycoreutils-python
5 | state: present
6 | tags:
7 | - security
8 | - selinux
9 |
10 | - name: SELinux Enforcing (Targeted)
11 | selinux:
12 | policy: targeted
13 | state: enforcing
14 | register: selinux_result
15 | tags:
16 | - security
17 | - selinux
18 |
19 | - name: Reboot to enable selinux if necessary
20 | include: "{{ tasks }}/reboot.yml"
21 | when: selinux_result|changed
22 | tags:
23 | - security
24 | - selinux
25 |
--------------------------------------------------------------------------------
/roles/security/tasks/sshd.yml:
--------------------------------------------------------------------------------
1 | - name: sshd | Lock down sshd
2 | lineinfile:
3 | dest: /etc/ssh/sshd_config
4 | regexp: "{{ item.regexp }}"
5 | line: "{{ item.line }}"
6 | backup: yes
7 | with_items:
8 | - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
9 | - { regexp: '^PermitEmptyPasswords', line: 'PermitEmptyPasswords no' }
10 | - { regexp: '^ClientAliveInterval', line: 'ClientAliveInterval 300' }
11 | - { regexp: '^ClientAliveCountMax', line: 'ClientAliveCountMax 0' }
12 | notify:
13 | - restart sshd
14 | tags:
15 | - config
16 | - security
17 | - ssh
18 |
19 | - name: sshd | disable root login
20 | lineinfile:
21 | dest: /etc/ssh/sshd_config
22 | regexp: "{{ item.regexp }}"
23 | line: "{{ item.line }}"
24 | backup: yes
25 | with_items:
26 | - { regexp: '^PermitRootLogin', line: 'PermitRootLogin no' }
27 | notify:
28 | - restart sshd
29 | when: not permit_root_login
30 | tags:
31 | - config
32 | - security
33 | - ssh
34 |
35 |
36 | - name: sshd | enable the ssh port through firewalld
37 | firewalld:
38 | port: 22/tcp
39 | permanent: true
40 | state: enabled
41 | tags:
42 | - security
43 | - ssh
44 |
45 |
46 | - name: sshd | Enable sshd and ensure it's started
47 | service:
48 | name: sshd
49 | state: started
50 | enabled: yes
51 | tags:
52 | - security
53 | - ssh
54 |
--------------------------------------------------------------------------------
/roles/security/tasks/sudo.yml:
--------------------------------------------------------------------------------
1 | - name: sudo | ensure that we are a member of the wheel group
2 | user:
3 | name: "{{ username }}"
4 | groups: wheel
5 | append: yes
6 | tags:
7 | - security
8 | - sudo
9 |
10 |
11 | - name: sudo | allow wheel with a password
12 | lineinfile:
13 | dest: /etc/sudoers
14 | state: present
15 | regexp: '^%wheel'
16 | line: '%wheel ALL=(ALL) ALL'
17 | tags:
18 | - security
19 | - sudo
20 |
21 |
22 | - name: Copy /etc/sudoers.d/ssh_auth_sock into place
23 | copy:
24 | content: 'Defaults env_keep += "SSH_AUTH_SOCK"\n'
25 | dest: '/etc/sudoers.d/ssh_auth_sock'
26 | #validate: 'visudo -cf %s'
27 | owner: root
28 | group: root
29 | mode: 0440
30 | tags:
31 | - security
32 | - sudo
33 |
34 | - name: sudo | disable the need for a tty to enable ansible ssh pipelining
35 | copy:
36 | content: 'Defaults !requiretty\n'
37 | dest: '/etc/sudoers.d/norequiretty'
38 | #validate: 'visudo -cf %s'
39 | owner: root
40 | group: root
41 | mode: 0440
42 | tags:
43 | - security
44 | - sudo
45 |
--------------------------------------------------------------------------------
/roles/security/tasks/yum.yml:
--------------------------------------------------------------------------------
1 | - name: yum | install yum-cron
2 | dnf:
3 | state: present
4 | name: yum-cron
5 | tags:
6 | - packages
7 | - security
8 |
9 | - name: yum | make yum-cron automatically apply security updates
10 | lineinfile:
11 | dest: /etc/yum/yum-cron.conf
12 | regexp: "{{ item.regexp }}"
13 | line: "{{ item.line }}"
14 | with_items:
15 | - { regexp: '^update_cmd', line: 'update_cmd = security' }
16 | - { regexp: '^apply_updates', line: 'apply_updates = yes' }
17 | tags:
18 | - packages
19 | - security
20 |
21 | - name: yum | enable the yum-cron service
22 | service:
23 | name: yum-cron
24 | enabled: yes
25 | state: started
26 | tags:
27 | - packages
28 | - security
29 |
--------------------------------------------------------------------------------
/roles/server/handlers/firewalld.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/roles/server/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - include: firewalld.yml
2 |
--------------------------------------------------------------------------------
/roles/server/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Server | install server packages
2 | dnf:
3 | state: present
4 | name: "{{ item }}"
5 | with_items:
6 | - mosh
7 | - firewalld
8 | tags:
9 | - packages
10 |
11 | - name: Server | open some ports for mosh
12 | firewalld:
13 | port: "{{ item }}/udp"
14 | state: enabled
15 | permanent: true
16 | zone: public
17 | with_items:
18 | - 60000
19 | - 60001
20 | - 60002
21 | - 60003
22 | - 60004
23 | notify:
24 | - restart firewalld
25 |
26 | - name: Server | users | give {{ username }} an ssh key
27 | authorized_key:
28 | user: "{{ username }}"
29 | key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
30 |
--------------------------------------------------------------------------------
/roles/synergy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install synergy
3 | dnf:
4 | name: synergy
5 | state: present
6 | tags:
7 | - synergy
8 |
9 | - name: See if synergys is running
10 | shell: "/bin/ps -ef | grep synergys | grep -v grep"
11 | register: synergys
12 | when: "not {{ hostvars[inventory_hostname].group_names | intersect(['synergyc']) }}"
13 | ignore_errors: True
14 | changed_when: False
15 | tags:
16 | - synergy
17 |
18 | - name: Run synergys if it isn't running
19 | when: "synergys|failed and not {{ hostvars[inventory_hostname].group_names | intersect(['synergyc']) }}"
20 | command: /usr/bin/synergys
21 | sudo: no
22 | tags:
23 | - synergy
24 |
25 | - name: See if the synergy ssh tunnel is running
26 | shell: "/bin/ps -ef | grep 24800 | grep -v grep"
27 | register: synergy_tunnel
28 | when: "not {{ hostvars[inventory_hostname].group_names | intersect(['synergys']) }}"
29 | ignore_errors: True
30 | changed_when: False
31 | tags:
32 | - synergy
33 |
34 | - name: Run the ssh tunnel if it isn't running
35 | shell: ssh -f -N -n -L localhost:24800:{{ ip }}:24800 {{ ip }}
36 | when: "synergy_tunnel|failed and not {{ hostvars[inventory_hostname].group_names | intersect(['synergys']) }}"
37 | sudo: no
38 | tags:
39 | - synergy
40 |
41 | - name: See if synergyc is running
42 | shell: "/bin/ps -ef | grep synergyc | grep -v grep"
43 | register: synergyc
44 | when: "not {{ hostvars[inventory_hostname].group_names | intersect(['synergys']) }}"
45 | ignore_errors: True
46 | changed_when: False
47 | tags:
48 | - synergy
49 |
50 | - name: Run synergyc if it isn't running
51 | when: "synergyc|failed and not {{ hostvars[inventory_hostname].group_names | intersect(['synergys']) }}"
52 | command: /usr/bin/synergyc localhost
53 | sudo: no
54 | tags:
55 | - synergy
56 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/get_next_task:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(
4 | task limit:1 |
5 | perl -pe 's/\e\[?.*?[\@-~]//g' |
6 | sed -n '3p' |
7 | awk '{ print $1 }')
8 | echo $NEXT
9 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/make-report.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | today=$(date +%Y-%m-%d)
4 | /usr/local/bin/timesheet.sh | ~/.virtualenvs/ansi2html/bin/ansi2html --linkify > /tmp/timesheet.html
5 | cp /tmp/timesheet.html ~/scratch/threebean.org/timesheets/$today.html
6 | cp /tmp/timesheet.html ~/scratch/threebean.org/timesheets/latest.html
7 | rm /tmp/timesheet.html
8 |
9 | /usr/local/bin/timesheet.sh proj:bodhi | ~/.virtualenvs/ansi2html/bin/ansi2html --linkify > /tmp/timesheet.html
10 | cp /tmp/timesheet.html ~/scratch/threebean.org/timesheets/bodhi/$today.html
11 | cp /tmp/timesheet.html ~/scratch/threebean.org/timesheets/bodhi/latest.html
12 | rm /tmp/timesheet.html
13 |
14 | source ~/.virtualenvs/awscli/bin/activate
15 | aws s3 sync ~/scratch/threebean.org s3://threebean.org
16 |
17 | echo "http://threebean.org/timesheets/$today.html"
18 | echo "http://threebean.org/timesheets/bodhi/$today.html"
19 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/next:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # This is nicer for task-2.3
4 | #NEXT=$(/usr/local/bin/get_next_task)
5 | #task $NEXT
6 |
7 | # This is nicer for task-2.4
8 | task next limit:1
9 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tanno:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT annotate $*
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/task-backup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | pushd ~/.task/
4 | git commit -a -m 'Auto commit (cron)'
5 | git push origin master
6 | popd
7 |
8 | # With inthe.am
9 | /usr/bin/task sync
10 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tdel:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 |
5 | task $NEXT del
6 |
7 | /usr/local/bin/next
8 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tdone:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 |
5 | task $NEXT done
6 |
7 | /usr/local/bin/next
8 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/timesheet.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | source /home/threebean/.bashrc
4 |
5 | phrase="1-weeks-ago"
6 | fmt="%Y-%m-%d"
7 | start=$(date +$fmt -d $phrase)
8 | end=$(date +$fmt)
9 | # when I started my new job.
10 | epoch="2016-04-11"
11 | filter="project.isnt:family project.isnt:xmas project.isnt:cersc project.isnt:iso project.isnt:house project.isnt:wrns $1"
12 | config="rc.defaultwidth=180 rc.defaultheight=75 rc._forcecolor=yes"
13 |
14 | echo " (generated at $(date))"
15 | echo
16 | echo " -- Tasks completed from $start to $end (back $phrase) -- "
17 | /usr/bin/task $config $filter end.after:$start work_report
18 |
19 | echo
20 | echo
21 | echo " -- Upcoming tasks -- "
22 | /usr/bin/task $config $filter next
23 |
24 | echo
25 | echo
26 | echo " -- Summary -- "
27 | /usr/bin/task $config $filter summary
28 |
29 | echo
30 | echo
31 | echo " -- History -- "
32 | /usr/bin/task $config entry.after:$epoch $filter history
33 | /usr/bin/task $config entry.after:$epoch $filter ghistory
34 | /usr/bin/task $config entry.after:$epoch $1 burndown.monthly
35 | /usr/bin/task $config entry.after:$epoch $1 burndown
36 | /usr/bin/task $config entry.after:$epoch $1 burndown.daily
37 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tlow:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod prior:L
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tstart:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 |
5 | task $NEXT start
6 |
7 | /usr/local/bin/next
8 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tstop:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 |
5 | task $NEXT stop
6 |
7 | /usr/local/bin/next
8 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/tsync:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | task synchronize
4 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-due:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:due
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-hour:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:1hour
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-later:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:5hours
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-month:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:1month
5 | next
6 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-soon:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:5minutes
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-tomorrow:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:tomorrow
5 | next
6 |
--------------------------------------------------------------------------------
/roles/task/client/files/bin/twait-week:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | NEXT=$(/usr/local/bin/get_next_task)
4 | task $NEXT mod wait:1week
5 |
6 | next
7 |
--------------------------------------------------------------------------------
/roles/task/client/files/bugwarriorrc-decause:
--------------------------------------------------------------------------------
1 | # ~/.bugwarriorrc
2 | #
3 |
4 | # Here you define a comma separated list of targets. Each of them must have a
5 | # section below determining their properties, how to query them, etc. The name
6 | # is just a symbol, and doesn't have any functional importance.
7 | [general]
8 | targets = github, hhroc, osw, rocpy, rocpythonistas, posserit, roccivicappchallenge, bz.redhat, council, council-private, fosco
9 |
10 | shorten = True
11 | inline_links = False
12 | annotation_links = True
13 |
14 | log.level = DEBUG
15 | log.file = /home/decause/bugwarrior.log
16 |
17 | multiprocessing = True
18 | legacy_matching = False
19 |
20 | [github]
21 | service = github
22 | github.username = decause
23 | github.default_priority = H
24 | github.login = decause
25 | github.password = @oracle:eval:pass sites/github
26 | github.exclude_repos = mmodoku,pep808bot
27 |
28 | [fossrit]
29 | service = github
30 | github.username = FOSSRIT
31 | github.default_priority = L
32 | github.login = decause
33 | github.password = @oracle:eval:pass sites/github
34 |
35 | [hhroc]
36 | service = github
37 | github.username = hhroc
38 | github.default_priority = M
39 | github.login = decause
40 | github.password = @oracle:eval:pass sites/github
41 |
42 | github.include_repos = traffairious
43 |
44 | [osw]
45 | service = github
46 | github.username = opensourceway
47 | github.default_priority = H
48 | github.login = decause
49 | github.password = @oracle:eval:pass sites/github
50 |
51 | [rocpy]
52 | service = github
53 | github.username = RP
54 | github.default_priority = M
55 | github.login = decause
56 | github.password = @oracle:eval:pass sites/github
57 |
58 | [rocpythonistas]
59 | service = github
60 | github.username = Rochester-Pythonistas
61 | github.default_priority = M
62 | github.login = decause
63 | github.password = @oracle:eval:pass sites/github
64 |
65 | [posserit]
66 | service = github
67 | github.username = POSSEatRIT
68 | github.default_priority = M
69 | github.login = decause
70 | github.password = @oracle:eval:pass sites/github
71 |
72 | [civx]
73 | service = github
74 | github.username = civx
75 | github.default_priority = M
76 | github.login = decause
77 | github.password = @oracle:eval:pass sites/github
78 |
79 | [roccivicappchallenge]
80 | service = github
81 | github.username = rochestercivicappchallenge
82 | github.default_priority = M
83 | github.login = decause
84 | github.password = @oracle:eval:pass sites/github
85 |
86 | [council-private]
87 | service = trac
88 | trac.base_uri = fedorahosted.org/council-private
89 | trac.username = decause
90 | trac.password = @oracle:eval:pass sys/fas
91 |
92 | [council]
93 | service = trac
94 | trac.base_uri = fedorahosted.org/council
95 | trac.username = decause
96 | trac.password = @oracle:eval:pass sys/fas
97 |
98 | [fosco]
99 | service = trac
100 | trac.base_uri = fedorahosted.org/fosco
101 | trac.username = decause
102 | trac.password = @oracle:eval:pass sys/fas
103 |
104 | [bz.redhat]
105 | service = bugzilla
106 | bugzilla.base_uri = bugzilla.redhat.com
107 | bugzilla.username = decause@redhat.com
108 | bugzilla.password = @oracle:eval:pass sites/rhbz
109 |
--------------------------------------------------------------------------------
/roles/task/client/files/bugwarriorrc-root:
--------------------------------------------------------------------------------
1 | # Nothing here yet...
2 |
--------------------------------------------------------------------------------
/roles/task/client/files/bugwarriorrc-threebean:
--------------------------------------------------------------------------------
1 | # ~/.bugwarriorrc
2 | #
3 |
4 | [general]
5 | targets = github, bz.redhat, pagure-ralph, jira.redhat, taiga, gerrit
6 |
7 | shorten = True
8 | inline_links = False
9 | annotation_links = True
10 |
11 | log.level = DEBUG
12 | log.file = /home/threebean/bugwarrior.log
13 |
14 | multiprocessing = True
15 | legacy_matching = False
16 |
17 | [gerrit]
18 | service = gerrit
19 | gerrit.base_uri = https://code.engineering.redhat.com/gerrit/
20 | gerrit.username = rbean
21 | gerrit.password = @oracle:eval:pass sys/gerrit
22 | gerrit.ssl_ca_path: ~/.mbsync.redhat.crt
23 |
24 | [taiga]
25 | service = taiga
26 | taiga.base_uri = http://taiga.fedorainfracloud.org
27 | taiga.auth_token = @oracle:eval:pass sys/taiga-bearer
28 |
29 | [jira.redhat]
30 | service = jira
31 | jira.base_uri = https://projects.engineering.redhat.com
32 | jira.username = rbean
33 | jira.password = @oracle:eval:pass mail/redhat/krb5
34 |
35 | jira.verify_ssl = False
36 | jira.import_labels_as_tags = True
37 | jira.import_sprints_as_tags = True
38 | jira.default_priority = H
39 |
40 | [github]
41 | service = github
42 | github.username = ralphbean
43 | github.default_priority = L
44 |
45 | github.login = ralphbean
46 | github.password = @oracle:eval:pass sites/github
47 |
48 | github.exclude_repos = pep8bot
49 |
50 | github.import_labels_as_tags = True
51 |
52 | [bz.redhat]
53 | service = bugzilla
54 |
55 | bugzilla.base_uri = bugzilla.redhat.com
56 | bugzilla.username = rbean@redhat.com
57 | bugzilla.password = @oracle:eval:pass sites/rhbz
58 |
59 | [pagure-ralph]
60 | service = pagure
61 | pagure.base_url = https://pagure.io
62 | pagure.tag = ralph
63 | pagure.import_tags = True
64 | #pagure.exclude_repos = pagure,ipsilon
65 |
--------------------------------------------------------------------------------
/roles/task/client/files/taskrc-decause:
--------------------------------------------------------------------------------
1 | # [Created by task 2.0.0 5/10/2012 18:42:02]
2 | # Taskwarrior program configuration file.
3 | # For more documentation, see http://taskwarrior.org or try 'man task', 'man task-faq',
4 | # 'man task-tutorial', 'man task-color', 'man task-sync' or 'man taskrc'
5 |
6 | # Here is an example of entries that use the default, override and blank values
7 | # variable=foo -- By specifying a value, this overrides the default
8 | # variable= -- By specifying no value, this means no default
9 | # #variable=foo -- By commenting out the line, or deleting it, this uses the default
10 |
11 | # Use the command 'task show' to see all defaults and overrides
12 |
13 | #defaultwidth=175
14 | _forcecolor=yes
15 |
16 | default.project=unsorted
17 | default.priority=H
18 |
19 | #taskd.certificate=/home/decause/.task/client.cert.pem
20 | #taskd.key=/home/decause/.task/client.key.pem
21 | #taskd.trust=yes
22 | #taskd.server=taskwarrior.inthe.am:53589
23 | #taskd.credentials=inthe_am/webmaster/80ea189c-ffe1-490b-bf36-0474b84228c1
24 |
25 | taskd.certificate=/home/decause/.task/private.certificate.pem
26 | taskd.key=/home/decause/.task/private.key.pem
27 | taskd.ca=/home/decause/.task/ca.cert.pem
28 | taskd.server=taskwarrior.inthe.am:53589
29 | taskd.credentials=inthe_am/decause/2b76828d-8e5b-4819-a765-dcac9a213a5e
30 | taskd.trust=ignore hostname
31 |
32 | report.work_report.description=now
33 | report.work_report.columns=priority,project,description,end,entry,entry.age
34 | report.work_report.labels=priority,project,description,completed,entered on,age
35 | report.work_report.sort=project+,end-
36 | report.work_report.filter=status:completed
37 |
38 | report.next.columns=id,entry.age,due.remaining,priority,project,description,urgency
39 | report.next.labels=id,age,due,,project,description,urg
40 |
41 | #dateformat=M/D
42 |
43 | # Files
44 | data.location=/home/decause/.task
45 |
46 | # Color theme (uncomment one to use)
47 | #include /usr/share/doc/task/rc/light-16.theme
48 | #include /usr/share/doc/task/rc/light-256.theme
49 | #include /usr/share/doc/task/rc/dark-16.theme
50 | #include /usr/share/doc/task/rc/dark-256.theme
51 | #include /usr/share/doc/task/rc/dark-red-256.theme
52 | #include /usr/share/doc/task/rc/dark-green-256.theme
53 | #include /usr/share/doc/task/rc/dark-blue-256.theme
54 | #include /usr/share/doc/task/rc/dark-violets-256.theme
55 | include /usr/share/doc/task/rc/dark-yellow-green.theme
56 | #include /usr/share/doc/task/rc/dark-gray-256.theme
57 | #include /usr/share/doc/task/rc/solarized-dark-256.theme
58 |
59 | # Bugwarrior UDAs
60 | uda.bitbucketid.label=Bitbucket Issue ID
61 | uda.bitbucketid.type=string
62 | uda.bitbuckettitle.label=Bitbucket Title
63 | uda.bitbuckettitle.type=string
64 | uda.bitbucketurl.label=Bitbucket URL
65 | uda.bitbucketurl.type=string
66 | uda.bugzillasummary.label=Bugzilla Summary
67 | uda.bugzillasummary.type=string
68 | uda.bugzillaurl.label=Bugzilla URL
69 | uda.bugzillaurl.type=string
70 | uda.githubnumber.label=Github Issue/PR \#
71 | uda.githubnumber.type=numeric
72 | uda.githubtitle.label=Github Title
73 | uda.githubtitle.type=string
74 | uda.githubtype.label=Github Type
75 | uda.githubtype.type=string
76 | uda.githuburl.label=Github URL
77 | uda.githuburl.type=string
78 | uda.tracnumber.label=Trac Number
79 | uda.tracnumber.type=numeric
80 | uda.tracsummary.label=Trac Summary
81 | uda.tracsummary.type=string
82 | uda.tracurl.label=Trac URL
83 | uda.tracurl.type=string
84 |
--------------------------------------------------------------------------------
/roles/task/client/files/taskrc-root:
--------------------------------------------------------------------------------
1 | # Nothing here yet...
2 |
--------------------------------------------------------------------------------
/roles/task/client/files/taskrc-threebean:
--------------------------------------------------------------------------------
1 | # [Created by task 2.0.0 5/10/2012 18:42:02]
2 | # Taskwarrior program configuration file.
3 | # For more documentation, see http://taskwarrior.org or try 'man task', 'man task-faq',
4 | # 'man task-tutorial', 'man task-color', 'man task-sync' or 'man taskrc'
5 |
6 | # Here is an example of entries that use the default, override and blank values
7 | # variable=foo -- By specifying a value, this overrides the default
8 | # variable= -- By specifying no value, this means no default
9 | # #variable=foo -- By commenting out the line, or deleting it, this uses the default
10 |
11 | # Use the command 'task show' to see all defaults and overrides
12 |
13 | #defaultwidth=175
14 | _forcecolor=yes
15 |
16 | default.project=unsorted
17 | uda.priority.default=H
18 |
19 | #taskd.certificate=/home/threebean/.task/client.cert.pem
20 | #taskd.key=/home/threebean/.task/client.key.pem
21 | #taskd.trust=yes
22 | #taskd.server=taskwarrior.inthe.am:53589
23 | #taskd.credentials=inthe_am/webmaster/80ea189c-ffe1-490b-bf36-0474b84228c1
24 |
25 | report.work_report.description=now
26 | report.work_report.columns=priority,project,description,end,entry,entry.age
27 | report.work_report.labels=priority,project,description,completed,entered on,age
28 | report.work_report.sort=project+,end-
29 | report.work_report.filter=status:completed
30 |
31 | report.next.columns=id,entry.age,due.remaining,priority,project,description,urgency
32 | report.next.labels=id,age,due,,project,description,urg
33 |
34 | #dateformat=M/D
35 |
36 | # Files
37 | data.location=/home/threebean/.task
38 |
39 | # Color theme (uncomment one to use)
40 | #include /usr/share/doc/task/rc/light-16.theme
41 | #include /usr/share/doc/task/rc/light-256.theme
42 | #include /usr/share/doc/task/rc/dark-16.theme
43 | #include /usr/share/doc/task/rc/dark-256.theme
44 | #include /usr/share/doc/task/rc/dark-red-256.theme
45 | #include /usr/share/doc/task/rc/dark-green-256.theme
46 | #include /usr/share/doc/task/rc/dark-blue-256.theme
47 | #include /usr/share/doc/task/rc/dark-violets-256.theme
48 | include /usr/share/doc/task/rc/dark-yellow-green.theme
49 | #include /usr/share/doc/task/rc/dark-gray-256.theme
50 | #include /usr/share/doc/task/rc/solarized-dark-256.theme
51 |
52 | # Bugwarrior UDAs
53 | uda.bitbucketid.label=Bitbucket Issue ID
54 | uda.bitbucketid.type=string
55 | uda.bitbuckettitle.label=Bitbucket Title
56 | uda.bitbuckettitle.type=string
57 | uda.bitbucketurl.label=Bitbucket URL
58 | uda.bitbucketurl.type=string
59 | uda.bugzillasummary.label=Bugzilla Summary
60 | uda.bugzillasummary.type=string
61 | uda.bugzillaurl.label=Bugzilla URL
62 | uda.bugzillaurl.type=string
63 | uda.githubnumber.label=Github Issue/PR \#
64 | uda.githubnumber.type=numeric
65 | uda.githubtitle.label=Github Title
66 | uda.githubtitle.type=string
67 | uda.githubtype.label=Github Type
68 | uda.githubtype.type=string
69 | uda.githuburl.label=Github URL
70 | uda.githuburl.type=string
71 | uda.tracnumber.label=Trac Number
72 | uda.tracnumber.type=numeric
73 | uda.tracsummary.label=Trac Summary
74 | uda.tracsummary.type=string
75 | uda.tracurl.label=Trac URL
76 | uda.tracurl.type=string
77 |
--------------------------------------------------------------------------------
/roles/task/client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install taskwarrior and others
2 | dnf:
3 | name: "{{item}}"
4 | state: present
5 | with_items:
6 | - task
7 | - python-ansi2html
8 | tags:
9 | - task/client
10 |
11 | - name: Copy over user-specific .taskrc
12 | copy:
13 | src: "taskrc-{{item.user}}"
14 | dest: "{{item.homedir}}/.taskrc"
15 | owner: "{{item.user}}"
16 | group: "{{item.user}}"
17 | with_items: "{{ all_users }}"
18 | tags:
19 | - task/client
20 |
21 | - name: Synchronize common task scripts to /usr/local/bin
22 | synchronize:
23 | src: bin/
24 | dest: /usr/local/bin/
25 | tags:
26 | - task/client
27 |
28 | - name: Copy over user-specific .bugwarriorrc
29 | copy:
30 | src: "bugwarriorrc-{{item.user}}"
31 | dest: "{{item.homedir}}/.bugwarriorrc"
32 | owner: "{{item.user}}"
33 | group: "{{item.user}}"
34 | with_items: "{{ all_users }}"
35 | tags:
36 | - task/client
37 |
--------------------------------------------------------------------------------
/roles/task/server/files/config:
--------------------------------------------------------------------------------
1 | confirmation=1
2 | extensions=/usr/libexec/taskd
3 | ip.log=on
4 | log=/var/log/taskd/taskd.log
5 | pid.file=/var/run/taskd.pid
6 | queue.size=10
7 | request.limit=0
8 | root=/var/lib/taskd
9 | server=localhost:6544
10 | client.allow=^task [2-9],^taskd,^libtaskd,^Mirakel [1-9]
11 | verbose=1
12 |
13 | # Generate these using /etc/pki/taskd/generate
14 | ca.cert=/etc/pki/taskd/ca.cert.pem
15 | server.cert=/etc/pki/taskd/server.cert.pem
16 | server.key=/etc/pki/taskd/server.key.pem
17 | server.crl=/etc/pki/taskd/server.crl.pem
18 |
--------------------------------------------------------------------------------
/roles/task/server/files/ralph-taskd.repo:
--------------------------------------------------------------------------------
1 | [ralph-taskd]
2 | name=Copr repo for taskd owned by ralph
3 | baseurl=http://copr-be.cloud.fedoraproject.org/results/ralph/taskd/fedora-$releasever-$basearch/
4 | skip_if_unavailable=True
5 | gpgcheck=0
6 | enabled=1
7 |
--------------------------------------------------------------------------------
/roles/task/server/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart firewalld
2 | service:
3 | name: firewalld
4 | state: restarted
5 |
6 | - name: restart taskd
7 | service:
8 | name: taskd
9 | state: restarted
10 |
--------------------------------------------------------------------------------
/roles/task/server/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: copy a copr repo file into place
2 | copy:
3 | src: ralph-taskd.repo
4 | dest: /etc/yum.repos.d/ralph-taskd.repo
5 |
6 | - name: task-server | install required packages
7 | dnf:
8 | state: present
9 | name: "{{ item }}"
10 | with_items:
11 | - wget
12 | - tree
13 | - gnutls-utils
14 | - taskd
15 | tags:
16 | - packages
17 |
18 | - name: task-server | copy config
19 | copy:
20 | src: config
21 | dest: /var/lib/taskd/config
22 | owner: taskd
23 | group: taskd
24 | notify:
25 | - restart taskd
26 |
27 | # TODO -- run the generate script here but only if necessary.
28 |
29 | - name: task-server | start the service
30 | service:
31 | name: taskd
32 | state: started
33 |
34 | - name: task-server | Open a port
35 | firewalld:
36 | port: "{{ item }}/tcp"
37 | state: enabled
38 | permanent: true
39 | zone: public
40 | with_items:
41 | - 6544
42 | notify:
43 | - restart firewalld
44 |
--------------------------------------------------------------------------------
/roles/task/server/vars/main.yml:
--------------------------------------------------------------------------------
1 | taskd_data: /srv/taskd-data
2 |
--------------------------------------------------------------------------------
/roles/tw2-demos/files/requirements.txt:
--------------------------------------------------------------------------------
1 | tw2.core
2 | tw2.forms
3 | tw2.sqla
4 | tw2.dynforms
5 | tw2.devtools
6 | tw2.qrcode
7 | tw2.jqplugins.ui
8 | tw2.jqplugins.fg
9 | tw2.jqplugins.jqgrid
10 | tw2.jqplugins.jqplot
11 | tw2.jqplugins.cookies
12 | tw2.jqplugins.chosen
13 | tw2.jqplugins.select2
14 | tw2.jqplugins.portlets
15 | tw2.jqplugins.flot
16 | tw2.jqplugins.dynatree
17 | tw2.jqplugins.fullcalendar
18 | tw2.etc
19 | tw2.slideymenu
20 | tw2.jit
21 | tw2.tipster
22 | tw2.polymaps
23 | tw2.rrd
24 | tw2.d3
25 | tw2.util.html5shim
26 | tw2.dyntext
27 | tw2.tinymce
28 | tw2.wysihtml5
29 | # tw2.bootstrap
30 | # tw2.captcha
31 | # tw2.lesscss
32 |
--------------------------------------------------------------------------------
/roles/tw2-demos/files/tw2-demos.conf:
--------------------------------------------------------------------------------
1 |
2 | WSGIDaemonProcess tw2-demos maximum-requests=1000 display-name=tw2-demos processes=1 threads=1
3 | WSGISocketPrefix run/wsgi
4 | WSGIRestrictStdout On
5 | WSGIRestrictSignal Off
6 | WSGIPythonOptimize 1
7 |
8 |
9 | ServerName tw2-demos.threebean.org
10 | ErrorLog /var/log/httpd/tw2-demos.threebean.org-error_log
11 | CustomLog /var/log/httpd/tw2-demos.threebean.org-access_log common
12 |
13 | WSGIScriptAlias / /var/lib/tw2-demos-venv/tw2-demos.wsgi
14 |
15 |
16 | WSGIProcessGroup tw2-demos
17 | Require all granted
18 |
19 |
20 |
--------------------------------------------------------------------------------
/roles/tw2-demos/files/tw2-demos.wsgi:
--------------------------------------------------------------------------------
1 | import sys
2 | sys.stdout = sys.stderr
3 |
4 | activate_this = '/var/lib/tw2-demos-venv/bin/activate_this.py'
5 | execfile(activate_this, dict(__file__=activate_this))
6 |
7 | import logging
8 | logging.basicConfig()
9 |
10 | import tw2.core
11 | import tw2.devtools
12 | import tw2.devtools.browser
13 | application = tw2.core.make_middleware(None, controller_prefix='/')
14 |
--------------------------------------------------------------------------------
/roles/tw2-demos/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: install needed packages
4 | dnf:
5 | pkg: "{{ item }}"
6 | state: installed
7 | with_items:
8 | - python-pip
9 | - python-virtualenv
10 | tags: tw2-demos
11 |
12 | - file: dest=/var/lib/tw2-demos-venv/ state=directory
13 | tags: tw2-demos
14 | notify: restart httpd
15 |
16 | - copy: src=requirements.txt dest=/var/lib/tw2-demos-venv/requirements.txt
17 | tags: tw2-demos
18 | notify: restart httpd
19 |
20 | - copy: src=tw2-demos.wsgi dest=/var/lib/tw2-demos-venv/tw2-demos.wsgi
21 | tags: tw2-demos
22 | notify: restart httpd
23 |
24 | - pip:
25 | requirements=/var/lib/tw2-demos-venv/requirements.txt
26 | virtualenv=/var/lib/tw2-demos-venv
27 | tags: tw2-demos
28 | notify: restart httpd
29 |
30 | - name: copy tw2-demos reverse proxy httpd configuration
31 | copy:
32 | src: tw2-demos.conf
33 | dest: /etc/httpd/conf.d/tw2-demos.conf
34 | owner: apache
35 | group: apache
36 | mode: 0644
37 | notify: restart httpd
38 | tags: tw2-demos
39 |
--------------------------------------------------------------------------------
/tasks/provision.yml:
--------------------------------------------------------------------------------
1 | # Use the digital ocean module to spin up cloud nodes.
2 | # TODO -- use host_vars, group_vars and looping over 'dynamic' to automate this
3 | - name: playbook | provision | Provision buttermilk if necessary
4 | digital_ocean:
5 | state: active
6 | name: buttermilk
7 | ssh_key_ids: 36649
8 | size_id: 66
9 | region_id: 8
10 | image_id: 12065782
11 | #image_id: 9640922
12 | wait_timeout: 500
13 | client_id: "{{ do_client_id }}"
14 | api_key: "{{ do_api_key }}"
15 | unique_name: true
16 |
17 | - name: playbook | provision | Provision computer01 if necessary
18 | digital_ocean:
19 | state: active
20 | name: computer01
21 | ssh_key_ids: 36649
22 | size_id: 66
23 | region_id: 8
24 | image_id: 12065782
25 | #image_id: 9640922
26 | wait_timeout: 500
27 | client_id: "{{ do_client_id }}"
28 | api_key: "{{ do_api_key }}"
29 | unique_name: true
30 |
--------------------------------------------------------------------------------
/tasks/reboot.yml:
--------------------------------------------------------------------------------
1 | - name: reboot the host one minute from now.
2 | command: shutdown -r +1 "Ansible restarting this beast"
3 | async: 0
4 | poll: 0
5 | ignore_errors: True
6 |
7 | - name: wait for the host to go down
8 | wait_for:
9 | host: "{{inventory_hostname}}"
10 | port: 22
11 | state: stopped
12 | delegate_to: localhost
13 | sudo: false
14 |
15 | - name: wait for the host to come back up
16 | wait_for:
17 | host: "{{inventory_hostname}}"
18 | port: 22
19 | state: started
20 | delegate_to: localhost
21 | sudo: false
22 |
--------------------------------------------------------------------------------
/tasks/record_hosts.yml:
--------------------------------------------------------------------------------
1 | - name: setup a local etc/hosts
2 | template:
3 | src: "{{ templates }}/hosts-localhost"
4 | dest: /etc/hosts
5 |
--------------------------------------------------------------------------------
/templates/hosts-localhost:
--------------------------------------------------------------------------------
1 | # {{ ansible_managed }}
2 | 127.0.0.1 localhost.localdomain localhost
3 | ::1 localhost6.localdomain6 localhost6
4 |
5 | # List of dynamic hosts from ansible
6 | {% for host in groups['dynamic'] %}
7 | {{ hostvars[host]['ansible_ssh_host'] }} {{host}}
8 | {% endfor %}
9 |
--------------------------------------------------------------------------------
/vault_pass:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | pass sys/ansible/vault
3 |
--------------------------------------------------------------------------------