From 97855ccfc525076c58986f1991b4ec8fdb254ba5 Mon Sep 17 00:00:00 2001 From: jowj Date: Sat, 4 Jan 2020 18:12:50 -0600 Subject: [PATCH] Break everything out of 'deployments' into specific types. --- deployments/arke/arke.yml | 25 -- deployments/arke/hosts.yml | 16 - deployments/awful-1/deploy.yml | 105 ----- deployments/awful-1/hosts.yml | 14 - deployments/awful-1/mojo-vars-vault.yml | 9 - .../macDeploy/deploy-MacWorkstation.py | 39 -- deployments/mediaServer/docker-compose.yml | 106 ----- deployments/mojobot/hosts.yml | 11 - deployments/mojobot/mojo.yml | 42 -- deployments/mojobot/vault-vars-mojo.yml | 9 - deployments/nixDeploy/nix.py | 84 ---- deployments/serverBuild/hosts.yml | 14 - deployments/serverBuild/onprem.yml | 38 -- deployments/serverBuild/readme.md | 60 --- deployments/serverBuild/serverbuild.yml | 55 --- deployments/serverBuild/vpnBuild.yml | 130 ------ deployments/serverBuild/wg_vpn/README.md | 41 -- .../serverBuild/wg_vpn/defaults/main.yml | 2 - .../serverBuild/wg_vpn/handlers/main.yml | 2 - deployments/serverBuild/wg_vpn/meta/main.yml | 53 --- deployments/serverBuild/wg_vpn/tasks/main.yml | 73 ---- .../wg_vpn/tasks/posttasks_arch.yml | 19 - .../wg_vpn/tasks/posttasks_debian.yml | 19 - .../wg_vpn/tasks/posttasks_ios.yml | 11 - .../wg_vpn/tasks/posttasks_mac.yml | 15 - .../wg_vpn/tasks/pretasks_arch.yml | 36 -- .../wg_vpn/tasks/pretasks_debian.yml | 47 --- .../serverBuild/wg_vpn/tasks/pretasks_ios.yml | 15 - .../serverBuild/wg_vpn/tasks/pretasks_mac.yml | 21 - .../serverBuild/wg_vpn/tests/inventory | 2 - deployments/serverBuild/wg_vpn/tests/test.yml | 25 -- deployments/serverBuild/wg_vpn/vars/main.yml | 2 - .../deploy-SplunkModules.yml | 18 - .../hosts-SplunkModules.yml | 8 - .../winDeploy/deploy-WinWorkstation.ps1 | 53 --- .../winDeploy/deploy-WinWorkstation.psm1 | 373 ------------------ deployments/zncServer/hosts.yml | 16 - deployments/zncServer/znc.yml | 31 -- 38 files changed, 1639 deletions(-) delete mode 100644 deployments/arke/arke.yml delete mode 100644 deployments/arke/hosts.yml delete mode 100644 deployments/awful-1/deploy.yml delete mode 100644 deployments/awful-1/hosts.yml delete mode 100644 deployments/awful-1/mojo-vars-vault.yml delete mode 100644 deployments/macDeploy/deploy-MacWorkstation.py delete mode 100644 deployments/mediaServer/docker-compose.yml delete mode 100644 deployments/mojobot/hosts.yml delete mode 100644 deployments/mojobot/mojo.yml delete mode 100644 deployments/mojobot/vault-vars-mojo.yml delete mode 100644 deployments/nixDeploy/nix.py delete mode 100644 deployments/serverBuild/hosts.yml delete mode 100644 deployments/serverBuild/onprem.yml delete mode 100644 deployments/serverBuild/readme.md delete mode 100644 deployments/serverBuild/serverbuild.yml delete mode 100644 deployments/serverBuild/vpnBuild.yml delete mode 100644 deployments/serverBuild/wg_vpn/README.md delete mode 100644 deployments/serverBuild/wg_vpn/defaults/main.yml delete mode 100644 deployments/serverBuild/wg_vpn/handlers/main.yml delete mode 100644 deployments/serverBuild/wg_vpn/meta/main.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/main.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml delete mode 100644 deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml delete mode 100644 deployments/serverBuild/wg_vpn/tests/inventory delete mode 100644 deployments/serverBuild/wg_vpn/tests/test.yml delete mode 100644 deployments/serverBuild/wg_vpn/vars/main.yml delete mode 100644 deployments/splunkDeployServers/deploy-SplunkModules.yml delete mode 100644 deployments/splunkDeployServers/hosts-SplunkModules.yml delete mode 100644 deployments/winDeploy/deploy-WinWorkstation.ps1 delete mode 100644 deployments/winDeploy/deploy-WinWorkstation.psm1 delete mode 100644 deployments/zncServer/hosts.yml delete mode 100644 deployments/zncServer/znc.yml diff --git a/deployments/arke/arke.yml b/deployments/arke/arke.yml deleted file mode 100644 index 70fe7ec..0000000 --- a/deployments/arke/arke.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Deploy Arke - hosts: dockerhosts - remote_user: josiah - tasks: - - name: Get hostname for troubleshooting - command: hostname - register: hostname - - debug: msg="{{ hostname.stdout }}" - - name: Pull latest version from github - shell: cd /home/josiah/arke/ && git pull - - name: Build from the latest version - shell: cd ~/arke/ && docker build -t arke -f dockerfile . - - - name: Check if there are any existing arke containers running - shell: docker ps | grep 'arke' | awk '{print $1}' - register: result - - name: and kill it - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill - when: result.stdout != "" - - name: Remove any existing containers using the arke name, its mine and i must have it - # this has to be a shell because command: isn't interactive - shell: docker container rm arke - - name: Run the newly built docker container - command: docker run -d --name arke --mount source=towervol,target=/shared/ arke:latest diff --git a/deployments/arke/hosts.yml b/deployments/arke/hosts.yml deleted file mode 100644 index 5bb0ddf..0000000 --- a/deployments/arke/hosts.yml +++ /dev/null @@ -1,16 +0,0 @@ -all: - children: - dockerhosts: - hosts: - monitoring.awful.club: - vars: - ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"' - macs: - hosts: - hydra-ling: - windows: - hosts: - lurker-ling: - linux: - hosts: - ling-bane: \ No newline at end of file diff --git a/deployments/awful-1/deploy.yml b/deployments/awful-1/deploy.yml deleted file mode 100644 index 5bde5f5..0000000 --- a/deployments/awful-1/deploy.yml +++ /dev/null @@ -1,105 +0,0 @@ -- name: setup mojo repo - hosts: prod - tasks: - - name: print hostname - command: hostname - register: hostname - - debug: msg="{{ hostname.stdout }}" - - name: try to update directory - shell: cd /home/josiah/mojojojo-bot && git pull - register: result - ignore_errors: True - - name: if the folder doesn't exist, clone from remote - shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git - when: result is failed - -- name: Deploy mojo webclient - hosts: prod - vars_files: - - mojo-vars-vault.yml - tasks: - - name: Build from the latest version - shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile . - - name: Check if there are any existing mojo-web containers running and kill them - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill - ignore_errors: True - - name: Run the newly built docker container - command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web - -- name: Deploy mojo rtmclient - hosts: prod - vars_files: - - mojo-vars-vault.yml - tasks: - - name: Build from the latest version - shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile . - - name: Check if there are any existing mojo-rtm containers running and kill them - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill - ignore_errors: True - - name: Run the newly built docker container - command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm - -- name: deploy znc server - hosts: dockerhosts - remote_user: josiah - tasks: - - name: update or create the directory - shell: cd /home/josiah/znc-docker/ && git pull - register: result - ignore_errors: True - - # if the folder doesn't exist, clone source. - - shell: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git - when: result is failed - - name: build from latest version - shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile . - - name: Check if there are any existing ZNC containers running and kill it - shell: docker ps | grep 'znc' | awk '{print $1}' - register: result - - name: if there are running containers, remove them - shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill - when: result.stdout != "" - - name: discover if any containers with ZNC in name - # this has to be a shell because command: isn't interactive - shell: docker container ls | grep 'znc' - register: result - ignore_errors: True - - name: remove any existing containers with ZNC in name - shell: docker container rm znc - when: result is succeeded - - name: run the container (assumes the volume is already set up) - command: docker run --restart "always" -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc - -- name: Deploy Arke - hosts: dockerhosts - remote_user: josiah - tasks: - - name: Get hostname for troubleshooting - command: hostname - register: hostname - - debug: msg="{{ hostname.stdout }}" - - name: update the directory, or log to register if dir doesn't exist' - shell: cd /home/josiah/arke/ && git pull - register: result - ignore_errors: True - - name: If last step failed, clone the repo. - shell: cd /home/josiah/ && git clone https://github.com/jowj/arke.git - when: result is failed - - name: Build from the latest version - shell: cd ~/arke/ && docker build -t arke -f dockerfile . - - - name: Check if there are any existing arke containers running - shell: docker ps | grep 'arke' | awk '{print $1}' - register: result - - name: and kill it - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill - when: result.stdout != "" - - name: Remove any existing containers using the arke name, its mine and i must have it - # this has to be a shell because command: isn't interactive - shell: docker container rm arke - ignore_errors: True - - name: Run the newly built docker container - command: docker run -d --name arke --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ arke:latest diff --git a/deployments/awful-1/hosts.yml b/deployments/awful-1/hosts.yml deleted file mode 100644 index 514830e..0000000 --- a/deployments/awful-1/hosts.yml +++ /dev/null @@ -1,14 +0,0 @@ -all: - children: - dockerhosts: - hosts: - awful-1.awful.club: - macs: - hosts: - hydra-ling: - windows: - hosts: - lurker-ling: - linux: - hosts: - ling-bane: diff --git a/deployments/awful-1/mojo-vars-vault.yml b/deployments/awful-1/mojo-vars-vault.yml deleted file mode 100644 index c608b41..0000000 --- a/deployments/awful-1/mojo-vars-vault.yml +++ /dev/null @@ -1,9 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62306462666461356361643838636461396665633234363731396465643663373731343438363062 -6166323433353631366639663933653439333961353539610a343234383436666463326161613538 -32396161616537363261643965616439333637346535643136643732623939346538623534336236 -3339643664633834630a323464376464343832636265623362353337316139333164613237323964 -38616264346536623633623337613363646262313637313431323666393537623665626262643963 -30316162303330396663636537633766333065386435376462653661653666323734363564323466 -33303738363731376363663935383439616363383238346537326363343330386361613363623662 -65663634363636633937 diff --git a/deployments/macDeploy/deploy-MacWorkstation.py b/deployments/macDeploy/deploy-MacWorkstation.py deleted file mode 100644 index 4feae21..0000000 --- a/deployments/macDeploy/deploy-MacWorkstation.py +++ /dev/null @@ -1,39 +0,0 @@ -import os -import sys -import argparse -import subprocess -import pdb - -# brew cask install powershell -# Install brew if we don't have it - -installBrew = [ - """ if test ! $(which brew); then - echo "Installing homebrew..." - ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" - fi """ -] - -subprocess.run(installBrew) -subprocess.run('brew update') -subprocess.run('brew tap caskroom/cask') - -macPrograms = [ - "powershell", - "git", - "vscode", - "emacs64", - "python2", - "python3", - "docker", - "slack", - "discord", - "keybase", - "spotify", - "1password", - "firefox", - "dropbox", - "conemu", - "virtualbox" -] -subprocess.run('brew install ' + macPrograms) \ No newline at end of file diff --git a/deployments/mediaServer/docker-compose.yml b/deployments/mediaServer/docker-compose.yml deleted file mode 100644 index 9edac57..0000000 --- a/deployments/mediaServer/docker-compose.yml +++ /dev/null @@ -1,106 +0,0 @@ -version: '3' - -services: - sonarr: - image: "linuxserver/sonarr" - ports: - - "8989:8989" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/sonarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/tv/:/tv" - lidarr: - image: "linuxserver/lidarr" - ports: - - "8686:8686" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/lidarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/audio/:/music" - # headphones: - # image: "linuxserver/headphones" - # ports: - # - "8181:8181" - # restart: unless-stopped - # environment: - # PUID: 1000 - # PGID: 1000 - # TZ: America/Chicago - # volumes: - # - "/home/josiah/Documents/apps/headphones:/config" - # - "/home/josiah/Downloads/usenet-complete/:/downloads" - # - "/media/usenet/audio/:/music" - radarr: - image: "linuxserver/radarr" - ports: - - "7878:7878" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/radarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/movies/:/movies" - sabnzb: - image: "funkypenguin/sabnzbd" - ports: - - "8080:8080" - - "9090:9090" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/sabnzbd:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads" - - "/home/josiah/Downloads/usenet-watched/:/watched-folder" - - "/media/usenet/tv:/tv" - - "/media/usenet/audio/:/music" - - "/media/usenet/movies/:/movies" - - "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes" - - "/media/usenet/book-library/books/:/books" - lazylibrarian: - image: "thraxis/lazylibrarian-calibre" - ports: - - "5299:5299" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/lazylibrarian:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/book-library/calibre-library/:/calibre-library" - - "/media/usenet/book-library/books/:/books" - - "/media/usenet/book-library/audiobooks:/audiobooks" - # calibre: - # image: "linuxserver/calibre" - # container_name: calibre - # ports: - # - "8219:8080" - # - "8081:8081" - # restart: unless-stopped - # environment: - # PUID: 1000 - # PGID: 1000 - # TZ: America/Chicago - # volumes: - # - "/home/josiah/apps/calibre:/config" - # - "/home/josiah/Downloads/usenet-complete/:/downloads" - # - "/media/usenet/book-library/calibre-library/:/calibre-library" - # - "/media/usenet/book-library/temp/:/import" diff --git a/deployments/mojobot/hosts.yml b/deployments/mojobot/hosts.yml deleted file mode 100644 index f3ece91..0000000 --- a/deployments/mojobot/hosts.yml +++ /dev/null @@ -1,11 +0,0 @@ -all: - children: - prod: - hosts: - # 10.30.12.41 is the secops-utils ip - monitoring.awful.club: - ansible_user: josiah - ansible_timeout: 100 - dev: - hosts: - localhost: diff --git a/deployments/mojobot/mojo.yml b/deployments/mojobot/mojo.yml deleted file mode 100644 index 023430d..0000000 --- a/deployments/mojobot/mojo.yml +++ /dev/null @@ -1,42 +0,0 @@ -- name: setup mojo repo - hosts: prod - tasks: - - name: print hostname - command: hostname - register: hostname - - debug: msg="{{ hostname.stdout }}" - - name: try to update directory - shell: cd /home/josiah/mojojojo-bot && git pull - register: result - ignore_errors: True - - name: if the folder doesn't exist, clone from remote - shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git - when: result is failed - -- name: Deploy mojo webclient - hosts: prod - vars_files: - - vault-vars-mojo.yml - tasks: - - name: Build from the latest version - shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile . - - name: Check if there are any existing mojo-web containers running and kill them - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill - ignore_errors: True - - name: Run the newly built docker container - command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web - -- name: Deploy mojo rtmclient - hosts: prod - vars_files: - - vault-vars-mojo.yml - tasks: - - name: Build from the latest version - shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile . - - name: Check if there are any existing mojo-rtm containers running and kill them - # this has to be a shell because command: isn't interactive - shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill - ignore_errors: True - - name: Run the newly built docker container - command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm diff --git a/deployments/mojobot/vault-vars-mojo.yml b/deployments/mojobot/vault-vars-mojo.yml deleted file mode 100644 index c608b41..0000000 --- a/deployments/mojobot/vault-vars-mojo.yml +++ /dev/null @@ -1,9 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62306462666461356361643838636461396665633234363731396465643663373731343438363062 -6166323433353631366639663933653439333961353539610a343234383436666463326161613538 -32396161616537363261643965616439333637346535643136643732623939346538623534336236 -3339643664633834630a323464376464343832636265623362353337316139333164613237323964 -38616264346536623633623337613363646262313637313431323666393537623665626262643963 -30316162303330396663636537633766333065386435376462653661653666323734363564323466 -33303738363731376363663935383439616363383238346537326363343330386361613363623662 -65663634363636633937 diff --git a/deployments/nixDeploy/nix.py b/deployments/nixDeploy/nix.py deleted file mode 100644 index 6977a84..0000000 --- a/deployments/nixDeploy/nix.py +++ /dev/null @@ -1,84 +0,0 @@ -import os -import sys -import argparse -import subprocess -import pdb - -add_Repos_Args = [ - "sudo", - "add-apt-repository", - "ppa:nextcloud-devs/client" -] - -download_Powershell_Keys = [ - "wget", - "-q", - "https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb" -] - -add_Powershell_Keys = [ - "sudo", - "dpkg", - "-i", - "packages-microsoft-prod.deb" -] - -update_Apt_Repos = [ - "sudo", - "apt", - "update" -] - -add_Apt_Programs = [ - "sudo", - "apt-get", - "install", - "-y", - "powershell", - "emacs", - "python3.7", - "firefox", - "dropbox", - "docker", - "nextcloud-client" -] - -snapProgramsToAdd = [ - "slack", - "discord", -] - -print("adding repos") -subprocess.run(add_Repos_Args,shell=True) - -print("download powershell key") -subprocess.run(download_Powershell_Keys) - -print("add powershell key") -subprocess.run(add_Powershell_Keys) - -print("updating apt") -subprocess.run(update_Apt_Repos) - -print("installing apt packages") -subprocess.run(add_Apt_Programs) - -#print("installing snap packages") -#subprocess.run('sudo snap install ' + snapProgramsToAdd) - -# post processing for firefox userChrome.css -# cp userChrome.css to the profile directory > chrome > userChrome.css -create_Firefox_Chrome_Folder = [ - "mkdir", - "-p", - "~/.mozilla/firefox/*.default/chrome/" -] - -configure_Firefox = [ - "cp" - "~/Documents/projects/agares/applicationConfiguration/firefox/userChrome.css", - "~/.mozilla/firefox/*.default/chrome/userChrome.css" -] - -subprocess.run(create_Firefox_Chrome_Folder) -subprocess.run(configure_Firefox) diff --git a/deployments/serverBuild/hosts.yml b/deployments/serverBuild/hosts.yml deleted file mode 100644 index db07183..0000000 --- a/deployments/serverBuild/hosts.yml +++ /dev/null @@ -1,14 +0,0 @@ -all: - children: - dockerhosts: - hosts: - awful-1.awful.club: - vpn: - hosts: - vpn.awful.club: - dev: - hosts: - localhost: - onprem: - hosts: - hatchery: diff --git a/deployments/serverBuild/onprem.yml b/deployments/serverBuild/onprem.yml deleted file mode 100644 index fa81ee6..0000000 --- a/deployments/serverBuild/onprem.yml +++ /dev/null @@ -1,38 +0,0 @@ -- hosts: onprem - remote_user: josiah - gather_facts: false - become: yes - vars: - create_user: josiah - sys_packages: [ 'curl', 'vim', 'git', '', 'emacs', 'build-essential' ] - - tasks: - - name: Install aptitude using apt - apt: name=aptitude state=latest update_cache=yes force_apt_get=yes - - - name: Install required system packages for docker install - apt: name={{ item }} state=latest update_cache=yes - loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common' ] - - - name: Add Docker GPG apt Key - apt_key: - url: https://download.docker.com/linux/debian/gpg - state: present - - - name: Add Docker Repository - apt_repository: - repo: deb https://download.docker.com/linux/ubuntu bionic stable - state: present - - - name: Update apt - apt: update_cache=yes - - - name: Install required system packages - apt: name={{ sys_packages }} state=latest - - - name: add 'josiah' to docker group - user: - name='josiah' - groups=docker - append=yes - diff --git a/deployments/serverBuild/readme.md b/deployments/serverBuild/readme.md deleted file mode 100644 index 17638ed..0000000 --- a/deployments/serverBuild/readme.md +++ /dev/null @@ -1,60 +0,0 @@ -# serverbuild -this is a mess of a directory right now. sorry about that. - -## ipsec.conf -``` -config setup - charondebug="ike 1, knl 1, cfg 0" - uniqueids=no -``` -This tells sswan to log daemon statuses for debugging and allow duplicate connections - -``` -conn ikev2-vpn - auto=add - compress=no - type=tunnel - keyexchange=ikev2 - fragmentation=yes - forceencaps=yes -``` -This starts the VPN config stanza. Use IKEv2 VPN tunnels and load this config everytime we start up. - -``` - dpdaction=clear - dpddelay=300s - rekey=no -``` -This clears any weird connections (i.e. if a client gets unexpectedly dced) - -``` - left=%any - leftid=@vpn.awful.club - leftcert=awful-server-cert.pem - leftsendcert=always - leftsubnet=0.0.0.0/0 -``` -in strongswan grammer, "left" refers to serverside, apparently. this section is pretty selfexplanatory. The exception to that is `%any` i've got no fucking clue what that is. - -``` - right=%any - rightid=%any - rightauth=eap-mschapv2 - rightsourceip=10.10.10.0/24 - rightdns=1.1.1.1,1.0.0.1 - rightsendcert=never -``` -"right" side is client side. - -``` - eap_identity=%identity -``` -this tells sswan to always ask for un/pw on connect (eap.) -((also eeeep)) - - -## ipsec.secrets -this file contains: secrets, for the love of god change the values. - -`: RSA "server-key.pem"` declares wheere the private key lives and what algo was used -`your_username : EAP "your_password"` is very obvious. diff --git a/deployments/serverBuild/serverbuild.yml b/deployments/serverBuild/serverbuild.yml deleted file mode 100644 index 1f9615c..0000000 --- a/deployments/serverBuild/serverbuild.yml +++ /dev/null @@ -1,55 +0,0 @@ -- hosts: vpn - remote_user: root - gather_facts: false - vars: - create_user: josiah - copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}" - sys_packages: [ 'curl', 'vim', 'git', 'fail2ban' ] - - tasks: - - name: Make sure we have a 'sudo' group - group: - name: sudo - state: present - - - name: Allow sudo group to have passwordless sudo - lineinfile: - path: /etc/sudoers - state: present - regexp: '^%sudo' - line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: '/usr/sbin/visudo -cf %s' - - - name: Create a new regular user with sudo privileges - user: - name: "{{ create_user }}" - state: present - groups: sudo - append: true - create_home: true - shell: /bin/bash - - - name: Set authorized key for remote user - authorized_key: - user: "{{ create_user }}" - state: present - key: "{{ copy_local_key }}" - - - - name: Disable password authentication for root - lineinfile: - path: /etc/ssh/sshd_config - state: present - regexp: '^#?PermitRootLogin' - line: 'PermitRootLogin no' - - - name: Update apt - apt: update_cache=yes - - - name: Install required system packages - apt: name={{ sys_packages }} state=latest - - - name: Restart sshd - service: - name: sshd.service - state: restarted diff --git a/deployments/serverBuild/vpnBuild.yml b/deployments/serverBuild/vpnBuild.yml deleted file mode 100644 index 93b4c9a..0000000 --- a/deployments/serverBuild/vpnBuild.yml +++ /dev/null @@ -1,130 +0,0 @@ -# playbook to go from a "base configured" server to a wg vpn peer - -- hosts: vpn - remote_user: josiah - gather_facts: false - become: yes - - tasks: - - name: add unstable to repos - shell: | - echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list - printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable - - - name: Update aptitude - apt: update_cache=yes - - - name: install wireguard - apt: name=wireguard state=latest - - - name: install linux headers (necessary on older cloud kernels (fuck u digitalocean)) - # the kernel version is hard coded because this is what DO currently uses - # and that's what i use - apt: name=linux-headers-4.19.0-6-cloud-amd64 - - name: install misc other things the internet says i need - apt: name=build-essential - - name: install misc other things the internet says i need - apt: name=dkms - - name: install misc other things the internet says i need - apt: name=openresolv - - - name: enable kernel relay/forwarding - shell: | - echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf - echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf - sudo sysctl -p /etc/sysctl.conf - iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE - - - name: ensure /etc/wireguard/ exists - file: - path: /etc/wireguard/ - state: directory - - - name: Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf - wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey - vars: - umask: "077" - - - name: register publickey for later use - shell: cat /etc/wireguard/publickey - register: server_publickey - - # install wg, generate keys, files on local machine - - name: (local) install wg (i use) arch (btw) - pacman: - update_cache: yes - name: wireguard-tools, wireguard-arch - state: present - delegate_to: localhost - - - name: (local) ensure /etc/wireguard/ exists - file: - path: /etc/wireguard/ - state: directory - delegate_to: localhost - - - name: (local) Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf - wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey - vars: - umask: "077" - delegate_to: localhost - - - name: (local) register publickey for later use - shell: cat /etc/wireguard/publickey - register: arch_publickey - delegate_to: localhost - - - name: (local) fill out the rest of the wg0.conf file - blockinfile: - path: /etc/wireguard/wg0.conf - block: | - Address = 10.200.219.2/32, fd86:ea04:1115::2/128 - DNS = 1.1.1.1 - - [Peer] - PublicKey = {{ server_publickey.stdout }} - Endpoint = vpn.awful.club:51820 - AllowedIPs = 0.0.0.0/0 - delegate_to: localhost - - - name: fill out the rest of the wg0.conf file - blockinfile: - path: /etc/wireguard/wg0.conf - block: | - Address = 10.200.219.1/24 - Address = fd86:ea04:1115::1/64 - ListenPort = 51820 - SaveConfig = true - [Peer] - # name = luggable-laptop - PublicKey = {{ arch_publickey.stdout }} - AllowedIPs = 10.200.219.2/32, fd86:ea04:1115::2/128 - - - name: bring wg up on the relay node - shell: wg-quick up /etc/wireguard/wg0.conf - - - name: test if wg is up on relay - shell: ping -c1 10.200.219.1 - register: test_result - - - name: (local) bring wg up on local - shell: wg-quick up wg0 - delegate_to: localhost - - - name: (local) test if it worked on local - shell: ping -c1 10.200.219.2 - register: test_result_local - delegate_to: localhost - - - name: Test tunnel - shell: ping -c1 10.200.219.1 - register: test_tunnel_local - delegate_to: localhost - ignore_errors: yes diff --git a/deployments/serverBuild/wg_vpn/README.md b/deployments/serverBuild/wg_vpn/README.md deleted file mode 100644 index 1c08054..0000000 --- a/deployments/serverBuild/wg_vpn/README.md +++ /dev/null @@ -1,41 +0,0 @@ -Role Name -========= - -Playbook to bootstrap wg vpn for my personal use - -Requirements ------------- - -this playbook doesn't handle /creating the machines/. they have to be online and accessible either in my home network or in my cloud setup. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - - -shit i'm still fixing ----------------- -- its not actually working yet - - mobile device seems like it connects - - but i can't browse around. -- arch tasks suck because ansible + pacman is bad. - - -Example Playbook ----------------- - -I don't know what to put here because i don't understand how roles work lmao - `ansible-playbook -i ../hosts.yml tasks/main.yml -v` - -useful for generating mobile device configs: qrencode -t ansiutf8 < /etc/wireguard/mobile.conf - -License -------- - -BSD - -Author Information ------------------- - -email: me@jowj.net diff --git a/deployments/serverBuild/wg_vpn/defaults/main.yml b/deployments/serverBuild/wg_vpn/defaults/main.yml deleted file mode 100644 index 90d58e7..0000000 --- a/deployments/serverBuild/wg_vpn/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for wg_vpn \ No newline at end of file diff --git a/deployments/serverBuild/wg_vpn/handlers/main.yml b/deployments/serverBuild/wg_vpn/handlers/main.yml deleted file mode 100644 index c5cf63f..0000000 --- a/deployments/serverBuild/wg_vpn/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for wg_vpn \ No newline at end of file diff --git a/deployments/serverBuild/wg_vpn/meta/main.yml b/deployments/serverBuild/wg_vpn/meta/main.yml deleted file mode 100644 index 3a212a9..0000000 --- a/deployments/serverBuild/wg_vpn/meta/main.yml +++ /dev/null @@ -1,53 +0,0 @@ -galaxy_info: - author: your name - description: your description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.4 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. - \ No newline at end of file diff --git a/deployments/serverBuild/wg_vpn/tasks/main.yml b/deployments/serverBuild/wg_vpn/tasks/main.yml deleted file mode 100644 index 11c3c33..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/main.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# tasks file for wg_vpn -# playbook to go from a "base configured" server to a wg vpn peer -- hosts: onprem - remote_user: josiah - gather_facts: True - vars: - source_os: arch - - tasks: - - name: "generating config on relay server" - debug: - msg: "config on relay is starting" - verbosity: 1 - - name: generate config on relay server - include: pretasks_debian.yml - become: yes - - - name: "generating config on local mac" - debug: - msg: "config on mac is starting" - verbosity: 1 - when: source_os == 'macos' - - name: generate config on local mac - include: pretasks_mac.yml - delegate_to: localhost - when: source_os == 'macos' - - - name: "generating config on local arch" - debug: - msg: "config on arch is starting" - verbosity: 1 - when: source_os == 'arch' - - name: generate config on local arch - include: pretasks_arch.yml - delegate_to: localhost - when: source_os == 'arch' - - - name: generate config for IOS on local machine - include: pretasks_ios.yml - delegate_to: localhost - - - name: "completing config on server" - debug: - msg: "config on relay is resuming" - verbosity: 1 - - name: complete config, wg up on relay server - include: posttasks_debian.yml - become: yes - - - name: complete config, wg up on local mac - include: posttasks_mac.yml - delegate_to: localhost - when: source_os == 'macos' - - - name: "generating config on local arch" - debug: - msg: "config on arch is completing" - verbosity: 1 - when: source_os == 'arch' - - name: complete config on local arch - include: posttasks_arch.yml - delegate_to: localhost - when: source_os == 'arch' - - - name: "generating config for iOS" - debug: - msg: "config for IOS is completing" - verbosity: 1 - - name: complete config for IOS on local machine - include: posttasks_ios.yml - delegate_to: localhost - diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml deleted file mode 100644 index ef06df4..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: (local) fill out the rest of the wg0.conf file - blockinfile: - path: /etc/wireguard/wg0.conf - block: | - Address = 10.200.219.2/32, fd86:ea04:1115::2/128 - DNS = 1.1.1.1 - - [Peer] - PublicKey = {{ server_publickey.stdout }} - Endpoint = vpn.awful.club:51820 - AllowedIPs = 0.0.0.0/0 - delegate_to: localhost - become: yes - -- name: (local) bring wg up on local - shell: wg-quick up wg0 - delegate_to: localhost - become: yes - ignore_errors: True diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml deleted file mode 100644 index 11b82be..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: fill out the rest of the wg0.conf file - blockinfile: - path: /etc/wireguard/wg0.conf - block: | - Address = 10.200.219.1/24 - Address = fd86:ea04:1115::1/64 - ListenPort = 51820 - SaveConfig = true - [Peer] - # name = pvl - PublicKey = {{ client_publickey.stdout }} - AllowedIPs = 10.200.219.19/32, fd86:ea04:1115::19/128 - [Peer] - # name = matrix - PublicKey = {{ ios_publickey.stdout }} - AllowedIPs = 10.200.219.10/32, fd86:ea04:1115::10/128 - -- name: bring wg up on the relay node - shell: wg-quick up /etc/wireguard/wg0.conf diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml deleted file mode 100644 index 5e89c7f..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: (local) fill out the rest of the wg0.conf file - blockinfile: - path: ~/wireguard/ios.conf - block: | - Address = 10.200.219.10/32, fd86:ea04:1115::10/128 - DNS = 1.1.1.1 - - [Peer] - PublicKey = {{ server_publickey.stdout }} - Endpoint = vpn.awful.club:51820 - AllowedIPs = 0.0.0.0/0, ::/0 diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml deleted file mode 100644 index a17d7fb..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: (local) fill out the rest of the wg0.conf file - blockinfile: - path: ~/wireguard/wg0.conf - block: | - Address = 10.200.219.19/32, fd86:ea04:1115::19/128 - DNS = 1.1.1.1 - - [Peer] - PublicKey = {{ server_publickey.stdout }} - Endpoint = vpn.awful.club:51820 - AllowedIPs = 0.0.0.0/0, ::/0 - -# - name: (local) bring wg up on local -# shell: wg-quick up wg0 - diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml deleted file mode 100644 index 51b9936..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# tasks file for wg_vpn -# this is useful for running plays /from/ an arch machine that will join the wg net. - -# install wg, generate keys, files on local machine -- name: (local) install wg (i use) arch (btw) - pacman: - update_cache: yes - name: wireguard-tools, wireguard-arch, wireguard-dkms - state: present - delegate_to: localhost - become: yes - # ansible has a hard time parsing the pacman files - # ignore errors once you verify shit is installed / patched. - ignore_errors: True - -- name: (local) ensure /etc/wireguard/ exists - file: - path: /etc/wireguard/ - state: directory - delegate_to: localhost - -- name: (local) Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf - wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey - vars: - umask: "077" - delegate_to: localhost - become: yes - -- name: (local) register publickey for later use - shell: cat /etc/wireguard/publickey - register: client_publickey - delegate_to: localhost - become: yes diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml deleted file mode 100644 index e39dd9c..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml +++ /dev/null @@ -1,47 +0,0 @@ -- name: add unstable to repos - shell: | - echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list - printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable -- name: Update aptitude - apt: update_cache=yes -- name: install wireguard - apt: name=wireguard state=latest -- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean)) - # the kernel version is hard coded because this is what DO currently uses - # and that's what i use - apt: name=linux-headers-4.19.0-6-cloud-amd64 -- name: install misc other things the internet says i need - apt: name=build-essential -- name: install misc other things the internet says i need - apt: name=dkms -- name: needed for handling dns requests - apt: name=openresolv -- name: enable kernel relay/forwarding - shell: | - echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf - echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf - sudo sysctl -p /etc/sysctl.conf - iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE -- name: ensure /etc/wireguard/ exists - file: - path: /etc/wireguard/ - state: directory - -- name: Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf - wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey - vars: - umask: "077" -- name: register publickey for later use - shell: cat /etc/wireguard/publickey - register: server_publickey - -# do this to avoid idiot "hey you can't start, u already started!!!" erros. -# fucker. -- name: register publickey for later use - shell: wg-quick down /etc/wireguard/wg0.conf - ignore_errors: True diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml deleted file mode 100644 index 8c6bcb8..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: make wg dir since macs are now weird about /etc/anything - file: - path: ~/wireguard/ - state: directory - -- name: Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > ~/wireguard/ios.conf - wg genkey | tee -a ~/wireguard/ios.conf | wg pubkey > ~/wireguard/ios_publickey - vars: - umask: "077" - -- name: register publickey for later use - shell: cat ~/wireguard/ios_publickey - register: ios_publickey diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml deleted file mode 100644 index 82d6ded..0000000 --- a/deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Update brew - homebrew: update_homebrew=yes - -- name: install wireguard - homebrew: name=wireguard-tools state=latest - -- name: make wg dir since macs are now weird about /etc/anything - file: - path: ~/wireguard/ - state: directory - -- name: Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > ~/wireguard/wg0.conf - wg genkey | tee -a ~/wireguard/wg0.conf | wg pubkey > ~/wireguard/publickey - vars: - umask: "077" - -- name: register publickey for later use - shell: cat ~/wireguard/publickey - register: client_publickey diff --git a/deployments/serverBuild/wg_vpn/tests/inventory b/deployments/serverBuild/wg_vpn/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/deployments/serverBuild/wg_vpn/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/deployments/serverBuild/wg_vpn/tests/test.yml b/deployments/serverBuild/wg_vpn/tests/test.yml deleted file mode 100644 index fe18efe..0000000 --- a/deployments/serverBuild/wg_vpn/tests/test.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- hosts: vpn - roles: - - wg_vpn - - tasks: - - name: Verify remote wg node has wg running - shell: ping -c1 10.200.219.1 - register: remote_result - - assert: - that: - - "'1 packets transmitted, 1 packets received' in remote_result.stdout" - - - name: Verify remote wg node has wg running - shell: ping -c1 10.200.219.2 - register: local_result - - assert: - that: - - "'1 packets transmitted, 1 packets received' in local_result.stdout" - - name: Verify that local node can talk to remote - shell: ping -c1 10.200.219.1 - register: tunnel_result - - assert: - that: - - "'1 packets transmitted, 1 packets received' in tunnel_result.stdout" diff --git a/deployments/serverBuild/wg_vpn/vars/main.yml b/deployments/serverBuild/wg_vpn/vars/main.yml deleted file mode 100644 index d9f42d1..0000000 --- a/deployments/serverBuild/wg_vpn/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for wg_vpn \ No newline at end of file diff --git a/deployments/splunkDeployServers/deploy-SplunkModules.yml b/deployments/splunkDeployServers/deploy-SplunkModules.yml deleted file mode 100644 index 4028948..0000000 --- a/deployments/splunkDeployServers/deploy-SplunkModules.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Copy splunk modules to corp deploy server - hosts: corp -# vars_files: -# - mojo-vars-vault.yml - remote_user: josiah_ledbetter - tasks: - - name: Copy item to remote server - copy: - # make sure the permissions of the file you are copying are readable by ansible user - src: /Users/josiah_ledbetter/Documents/projects/splunk/configs/filething/ - # src must not end in "/" or it will only copy files inside dir instead of entire dir - dest: /opt/splunk/temp/ - owner: splunk - group: splunk - # these below affect the entire task, and should not go under the command's indention level. This took WAY too longer to figure out. - become: "true" - become_method: sudo - become_user: root diff --git a/deployments/splunkDeployServers/hosts-SplunkModules.yml b/deployments/splunkDeployServers/hosts-SplunkModules.yml deleted file mode 100644 index 0e0e039..0000000 --- a/deployments/splunkDeployServers/hosts-SplunkModules.yml +++ /dev/null @@ -1,8 +0,0 @@ -all: - children: - corp: - hosts: - AUS01GMSPLUNK01: - vdc: - hosts: - v1-cs-sec-splunk01: \ No newline at end of file diff --git a/deployments/winDeploy/deploy-WinWorkstation.ps1 b/deployments/winDeploy/deploy-WinWorkstation.ps1 deleted file mode 100644 index d4ad0e1..0000000 --- a/deployments/winDeploy/deploy-WinWorkstation.ps1 +++ /dev/null @@ -1,53 +0,0 @@ -# handle mass install of programs needed for new windows workstations -Import-Module .\deploy-WinWorkstation.psm1 - -$chocoPrograms = @( - "pwsh", - "git", - "vscode", - "emacs64", - "python2", - "python3", - "docker", - "slack", - "discord", - "keybase", - "spotify", - "1password", - "firefox", - "dropbox", - "conemu", - "virtualbox" -) -choco install $chocoPrograms -y - -DisableAdvertisingID -DisableAppSuggestions -DisableBackgroundApps -DisableCortana -DisableDiagTrack -DisableFeedback -DisableLockScreenSpotlight -DisableMapUpdates -DisableOneDrive -DisableSmartScreen -DisableSMB1 -DisableTelemetry -DisableWebSearch -DisableXboxFeatures -EnableRemoteDesktop -HideTaskbarPeopleIcon -InstallHyperV -InstallLinuxSubsystem -SetExplorerThisPC -SetP2PUpdateLocal -SetPhotoViewerAssociation -ShowKnownExtensions -ShowSmallTaskbarIcons -ShowTaskManagerDetails -ShowTrayIcons -UninstallMsftBloat -UninstallOneDrive -UninstallThirdPartyBloat -UninstallWindowsStore -UnpinStartMenuTiles \ No newline at end of file diff --git a/deployments/winDeploy/deploy-WinWorkstation.psm1 b/deployments/winDeploy/deploy-WinWorkstation.psm1 deleted file mode 100644 index a000c0f..0000000 --- a/deployments/winDeploy/deploy-WinWorkstation.psm1 +++ /dev/null @@ -1,373 +0,0 @@ -# cribbed from https://gist.github.com/alirobe/7f3b34ad89a159e6daa1 - -Function DisableTelemetry { - Write-Host "Disabling Telemetry..." - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 - Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null -} - -Function DisableSmartScreen { - Write-Host "Disabling SmartScreen Filter..." - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off" - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0 - $edge = (Get-AppxPackage -AllUsers "Microsoft.MicrosoftEdge").PackageFamilyName - If (!(Test-Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter")) { - New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "PreventOverride" -Type DWord -Value 0 -} - -Function DisableWebSearch { - Write-Host "Disabling Bing Search in Start Menu..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1 -} - -Function DisableAppSuggestions { - Write-Host "Disabling Application suggestions..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1 -} - -Function DisableBackgroundApps { - Write-Host "Disabling Background application access..." - Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach { - Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1 - Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1 - } -} - -Function DisableLockScreenSpotlight { - Write-Host "Disabling Lock screen spotlight..." - Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0 -} - -Function DisableMapUpdates { - Write-Host "Disabling automatic Maps updates..." - Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0 -} - -Function DisableFeedback { - Write-Host "Disabling Feedback..." - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 - Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null - Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null -} - -Function DisableAdvertisingID { - Write-Host "Disabling Advertising ID..." - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0 -} - -Function DisableCortana { - Write-Host "Disabling Cortana..." - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0 -} - -Function EnableCortana { - Write-Host "Enabling Cortana..." - Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -ErrorAction SilentlyContinue - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0 - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0 - Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -ErrorAction SilentlyContinue -} - -Function SetP2PUpdateLocal { - Write-Host "Restricting Windows Update P2P only to local network..." - If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) { - New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3 -} - - -Function SetP2PUpdateInternet { - Write-Host "Unrestricting Windows Update P2P to internet..." - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -ErrorAction SilentlyContinue - Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -ErrorAction SilentlyContinue -} - -Function DisableDiagTrack { - Write-Host "Stopping and disabling Diagnostics Tracking Service..." - Stop-Service "DiagTrack" -WarningAction SilentlyContinue - Set-Service "DiagTrack" -StartupType Disabled -} - -Function DisableSMB1 { - Write-Host "Disabling SMB 1.0 protocol..." - Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force -} - -Function EnableRemoteDesktop { - Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 - Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 -} - -Function ShowTaskManagerDetails { - Write-Host "Showing task manager details..." - If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) { - New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null - } - $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue - If (!($preferences)) { - $taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru - While (!($preferences)) { - Start-Sleep -m 250 - $preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue - } - Stop-Process $taskmgr - } - $preferences.Preferences[28] = 0 - Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences -} - -# Show small icons in taskbar -Function ShowSmallTaskbarIcons { - Write-Host "Showing small icons in taskbar..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1 -} - -Function HideTaskbarPeopleIcon { - Write-Host "Hiding People icon..." - If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { - New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null - } - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 -} - -Function ShowTrayIcons { - Write-Host "Showing all tray icons..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 -} - -Function ShowKnownExtensions { - Write-Host "Showing known file extensions..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 -} - -Function SetExplorerThisPC { - Write-Host "Changing default Explorer view to This PC..." - Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 -} - -Function DisableOneDrive { - Write-Host "Disabling OneDrive..." - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1 -} - -Function UninstallOneDrive { - Write-Host "Uninstalling OneDrive..." - Stop-Process -Name OneDrive -ErrorAction SilentlyContinue - Start-Sleep -s 3 - $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe" - If (!(Test-Path $onedrive)) { - $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe" - } - Start-Process $onedrive "/uninstall" -NoNewWindow -Wait - Start-Sleep -s 3 - Stop-Process -Name explorer -ErrorAction SilentlyContinue - Start-Sleep -s 3 - Remove-Item -Path "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue - Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue - Remove-Item -Path "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue - Remove-Item -Path "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue - If (!(Test-Path "HKCR:")) { - New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null - } - Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue - Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue -} - -Function UninstallMsftBloat { - Write-Host "Uninstalling default Microsoft applications..." - Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage - Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage - Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage - Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage - Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage - Get-AppxPackage "Microsoft.People" | Remove-AppxPackage - Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage - Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage - Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage - Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage - Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage - Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage - Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage - Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage - Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage - Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage - Get-AppxPackage "Microsoft.RemoteDesktop" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage -} - -function UninstallThirdPartyBloat { - Write-Host "Uninstalling default third party applications..." - Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage - Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage - Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage - Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage - Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage - Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage - Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage - Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage - Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage - Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage - Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage - Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage - Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage - Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage - Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage - Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage - Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage - Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage - Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage - Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage - Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage - Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage - Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage - Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage - Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage -} - -Function UninstallWindowsStore { - Write-Host "Uninstalling Windows Store..." - Get-AppxPackage "Microsoft.DesktopAppInstaller" | Remove-AppxPackage - Get-AppxPackage "Microsoft.WindowsStore" | Remove-AppxPackage -} - -Function InstallWindowsStore { - Write-Host "Installing Windows Store..." - Get-AppxPackage -AllUsers "Microsoft.DesktopAppInstaller" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} - Get-AppxPackage -AllUsers "Microsoft.WindowsStore" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} -} - -Function DisableXboxFeatures { - Write-Host "Disabling Xbox features..." - Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage - Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage - Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage - Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage - Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage - Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0 - If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null - } - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0 -} - -Function InstallLinuxSubsystem { - Write-Host "Installing Linux Subsystem..." - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1 - Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1 - Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null -} - -Function InstallHyperV { - Write-Host "Installing Hyper-V..." - If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") { - Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null - } Else { - Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null - } -} - -Function SetPhotoViewerAssociation { - Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..." - If (!(Test-Path "HKCR:")) { - New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null - } - ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { - New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null - New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null - Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" - Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" - } -} - -# Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually. -Function UnpinStartMenuTiles { - Write-Host "Unpinning all Start Menu tiles..." - Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object { - $data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join "," - $data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0" - Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",") - } -} \ No newline at end of file diff --git a/deployments/zncServer/hosts.yml b/deployments/zncServer/hosts.yml deleted file mode 100644 index 5bb0ddf..0000000 --- a/deployments/zncServer/hosts.yml +++ /dev/null @@ -1,16 +0,0 @@ -all: - children: - dockerhosts: - hosts: - monitoring.awful.club: - vars: - ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"' - macs: - hosts: - hydra-ling: - windows: - hosts: - lurker-ling: - linux: - hosts: - ling-bane: \ No newline at end of file diff --git a/deployments/zncServer/znc.yml b/deployments/zncServer/znc.yml deleted file mode 100644 index cbbc3ca..0000000 --- a/deployments/zncServer/znc.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: deploy znc server - hosts: dockerhosts - remote_user: josiah - tasks: - - name: update or create the directory - shell: cd /home/josiah/znc-docker/ && git pull - register: result - ignore_errors: True - - # if the folder doesn't exist, clone source. - - command: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git - when: result is failed - - name: build from latest version - shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile . - - name: Check if there are any existing ZNC containers running and kill it - shell: docker ps | grep 'znc' | awk '{print $1}' - register: result - - name: if there are running containers, remove them - shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill - when: result.stdout != "" - - name: discover if any containers with ZNC in name - # this has to be a shell because command: isn't interactive - shell: docker container ls | grep 'znc' - register: result - ignore_errors: True - - name: remove any existing containers with ZNC in name - shell: docker container rm znc - when: result is succeeded - - name: run the container (assumes the volume is already set up) - command: docker run -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc -