- this is going to be added to a new repo dedicated to more - deployment / ops things.master
parent
a966de33e7
commit
765f880dd5
@ -1,25 +0,0 @@
|
||||
- name: Deploy Arke
|
||||
hosts: dockerhosts
|
||||
remote_user: josiah
|
||||
tasks:
|
||||
- name: Get hostname for troubleshooting
|
||||
command: hostname
|
||||
register: hostname
|
||||
- debug: msg="{{ hostname.stdout }}"
|
||||
- name: Pull latest version from github
|
||||
shell: cd /home/josiah/arke/ && git pull
|
||||
- name: Build from the latest version
|
||||
shell: cd ~/arke/ && docker build -t arke -f dockerfile .
|
||||
|
||||
- name: Check if there are any existing arke containers running
|
||||
shell: docker ps | grep 'arke' | awk '{print $1}'
|
||||
register: result
|
||||
- name: and kill it
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill
|
||||
when: result.stdout != ""
|
||||
- name: Remove any existing containers using the arke name, its mine and i must have it
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker container rm arke
|
||||
- name: Run the newly built docker container
|
||||
command: docker run -d --name arke --mount source=towervol,target=/shared/ arke:latest
|
@ -1,16 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
dockerhosts:
|
||||
hosts:
|
||||
monitoring.awful.club:
|
||||
vars:
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"'
|
||||
macs:
|
||||
hosts:
|
||||
hydra-ling:
|
||||
windows:
|
||||
hosts:
|
||||
lurker-ling:
|
||||
linux:
|
||||
hosts:
|
||||
ling-bane:
|
@ -1,105 +0,0 @@
|
||||
- name: setup mojo repo
|
||||
hosts: prod
|
||||
tasks:
|
||||
- name: print hostname
|
||||
command: hostname
|
||||
register: hostname
|
||||
- debug: msg="{{ hostname.stdout }}"
|
||||
- name: try to update directory
|
||||
shell: cd /home/josiah/mojojojo-bot && git pull
|
||||
register: result
|
||||
ignore_errors: True
|
||||
- name: if the folder doesn't exist, clone from remote
|
||||
shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git
|
||||
when: result is failed
|
||||
|
||||
- name: Deploy mojo webclient
|
||||
hosts: prod
|
||||
vars_files:
|
||||
- mojo-vars-vault.yml
|
||||
tasks:
|
||||
- name: Build from the latest version
|
||||
shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile .
|
||||
- name: Check if there are any existing mojo-web containers running and kill them
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill
|
||||
ignore_errors: True
|
||||
- name: Run the newly built docker container
|
||||
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web
|
||||
|
||||
- name: Deploy mojo rtmclient
|
||||
hosts: prod
|
||||
vars_files:
|
||||
- mojo-vars-vault.yml
|
||||
tasks:
|
||||
- name: Build from the latest version
|
||||
shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile .
|
||||
- name: Check if there are any existing mojo-rtm containers running and kill them
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill
|
||||
ignore_errors: True
|
||||
- name: Run the newly built docker container
|
||||
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm
|
||||
|
||||
- name: deploy znc server
|
||||
hosts: dockerhosts
|
||||
remote_user: josiah
|
||||
tasks:
|
||||
- name: update or create the directory
|
||||
shell: cd /home/josiah/znc-docker/ && git pull
|
||||
register: result
|
||||
ignore_errors: True
|
||||
|
||||
# if the folder doesn't exist, clone source.
|
||||
- shell: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git
|
||||
when: result is failed
|
||||
- name: build from latest version
|
||||
shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile .
|
||||
- name: Check if there are any existing ZNC containers running and kill it
|
||||
shell: docker ps | grep 'znc' | awk '{print $1}'
|
||||
register: result
|
||||
- name: if there are running containers, remove them
|
||||
shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill
|
||||
when: result.stdout != ""
|
||||
- name: discover if any containers with ZNC in name
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker container ls | grep 'znc'
|
||||
register: result
|
||||
ignore_errors: True
|
||||
- name: remove any existing containers with ZNC in name
|
||||
shell: docker container rm znc
|
||||
when: result is succeeded
|
||||
- name: run the container (assumes the volume is already set up)
|
||||
command: docker run --restart "always" -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc
|
||||
|
||||
- name: Deploy Arke
|
||||
hosts: dockerhosts
|
||||
remote_user: josiah
|
||||
tasks:
|
||||
- name: Get hostname for troubleshooting
|
||||
command: hostname
|
||||
register: hostname
|
||||
- debug: msg="{{ hostname.stdout }}"
|
||||
- name: update the directory, or log to register if dir doesn't exist'
|
||||
shell: cd /home/josiah/arke/ && git pull
|
||||
register: result
|
||||
ignore_errors: True
|
||||
- name: If last step failed, clone the repo.
|
||||
shell: cd /home/josiah/ && git clone https://github.com/jowj/arke.git
|
||||
when: result is failed
|
||||
- name: Build from the latest version
|
||||
shell: cd ~/arke/ && docker build -t arke -f dockerfile .
|
||||
|
||||
- name: Check if there are any existing arke containers running
|
||||
shell: docker ps | grep 'arke' | awk '{print $1}'
|
||||
register: result
|
||||
- name: and kill it
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill
|
||||
when: result.stdout != ""
|
||||
- name: Remove any existing containers using the arke name, its mine and i must have it
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker container rm arke
|
||||
ignore_errors: True
|
||||
- name: Run the newly built docker container
|
||||
command: docker run -d --name arke --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ arke:latest
|
@ -1,14 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
dockerhosts:
|
||||
hosts:
|
||||
awful-1.awful.club:
|
||||
macs:
|
||||
hosts:
|
||||
hydra-ling:
|
||||
windows:
|
||||
hosts:
|
||||
lurker-ling:
|
||||
linux:
|
||||
hosts:
|
||||
ling-bane:
|
@ -1,9 +0,0 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62306462666461356361643838636461396665633234363731396465643663373731343438363062
|
||||
6166323433353631366639663933653439333961353539610a343234383436666463326161613538
|
||||
32396161616537363261643965616439333637346535643136643732623939346538623534336236
|
||||
3339643664633834630a323464376464343832636265623362353337316139333164613237323964
|
||||
38616264346536623633623337613363646262313637313431323666393537623665626262643963
|
||||
30316162303330396663636537633766333065386435376462653661653666323734363564323466
|
||||
33303738363731376363663935383439616363383238346537326363343330386361613363623662
|
||||
65663634363636633937
|
@ -1,39 +0,0 @@
|
||||
import os
|
||||
import sys
|
||||
import argparse
|
||||
import subprocess
|
||||
import pdb
|
||||
|
||||
# brew cask install powershell
|
||||
# Install brew if we don't have it
|
||||
|
||||
installBrew = [
|
||||
""" if test ! $(which brew); then
|
||||
echo "Installing homebrew..."
|
||||
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
|
||||
fi """
|
||||
]
|
||||
|
||||
subprocess.run(installBrew)
|
||||
subprocess.run('brew update')
|
||||
subprocess.run('brew tap caskroom/cask')
|
||||
|
||||
macPrograms = [
|
||||
"powershell",
|
||||
"git",
|
||||
"vscode",
|
||||
"emacs64",
|
||||
"python2",
|
||||
"python3",
|
||||
"docker",
|
||||
"slack",
|
||||
"discord",
|
||||
"keybase",
|
||||
"spotify",
|
||||
"1password",
|
||||
"firefox",
|
||||
"dropbox",
|
||||
"conemu",
|
||||
"virtualbox"
|
||||
]
|
||||
subprocess.run('brew install ' + macPrograms)
|
@ -1,106 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
sonarr:
|
||||
image: "linuxserver/sonarr"
|
||||
ports:
|
||||
- "8989:8989"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/sonarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/tv/:/tv"
|
||||
lidarr:
|
||||
image: "linuxserver/lidarr"
|
||||
ports:
|
||||
- "8686:8686"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/lidarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/audio/:/music"
|
||||
# headphones:
|
||||
# image: "linuxserver/headphones"
|
||||
# ports:
|
||||
# - "8181:8181"
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# PUID: 1000
|
||||
# PGID: 1000
|
||||
# TZ: America/Chicago
|
||||
# volumes:
|
||||
# - "/home/josiah/Documents/apps/headphones:/config"
|
||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
# - "/media/usenet/audio/:/music"
|
||||
radarr:
|
||||
image: "linuxserver/radarr"
|
||||
ports:
|
||||
- "7878:7878"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/radarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/movies/:/movies"
|
||||
sabnzb:
|
||||
image: "funkypenguin/sabnzbd"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
- "9090:9090"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/sabnzbd:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads"
|
||||
- "/home/josiah/Downloads/usenet-watched/:/watched-folder"
|
||||
- "/media/usenet/tv:/tv"
|
||||
- "/media/usenet/audio/:/music"
|
||||
- "/media/usenet/movies/:/movies"
|
||||
- "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes"
|
||||
- "/media/usenet/book-library/books/:/books"
|
||||
lazylibrarian:
|
||||
image: "thraxis/lazylibrarian-calibre"
|
||||
ports:
|
||||
- "5299:5299"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/lazylibrarian:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/book-library/calibre-library/:/calibre-library"
|
||||
- "/media/usenet/book-library/books/:/books"
|
||||
- "/media/usenet/book-library/audiobooks:/audiobooks"
|
||||
# calibre:
|
||||
# image: "linuxserver/calibre"
|
||||
# container_name: calibre
|
||||
# ports:
|
||||
# - "8219:8080"
|
||||
# - "8081:8081"
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# PUID: 1000
|
||||
# PGID: 1000
|
||||
# TZ: America/Chicago
|
||||
# volumes:
|
||||
# - "/home/josiah/apps/calibre:/config"
|
||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
# - "/media/usenet/book-library/calibre-library/:/calibre-library"
|
||||
# - "/media/usenet/book-library/temp/:/import"
|
@ -1,11 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
prod:
|
||||
hosts:
|
||||
# 10.30.12.41 is the secops-utils ip
|
||||
monitoring.awful.club:
|
||||
ansible_user: josiah
|
||||
ansible_timeout: 100
|
||||
dev:
|
||||
hosts:
|
||||
localhost:
|
@ -1,42 +0,0 @@
|
||||
- name: setup mojo repo
|
||||
hosts: prod
|
||||
tasks:
|
||||
- name: print hostname
|
||||
command: hostname
|
||||
register: hostname
|
||||
- debug: msg="{{ hostname.stdout }}"
|
||||
- name: try to update directory
|
||||
shell: cd /home/josiah/mojojojo-bot && git pull
|
||||
register: result
|
||||
ignore_errors: True
|
||||
- name: if the folder doesn't exist, clone from remote
|
||||
shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git
|
||||
when: result is failed
|
||||
|
||||
- name: Deploy mojo webclient
|
||||
hosts: prod
|
||||
vars_files:
|
||||
- vault-vars-mojo.yml
|
||||
tasks:
|
||||
- name: Build from the latest version
|
||||
shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile .
|
||||
- name: Check if there are any existing mojo-web containers running and kill them
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill
|
||||
ignore_errors: True
|
||||
- name: Run the newly built docker container
|
||||
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web
|
||||
|
||||
- name: Deploy mojo rtmclient
|
||||
hosts: prod
|
||||
vars_files:
|
||||
- vault-vars-mojo.yml
|
||||
tasks:
|
||||
- name: Build from the latest version
|
||||
shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile .
|
||||
- name: Check if there are any existing mojo-rtm containers running and kill them
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill
|
||||
ignore_errors: True
|
||||
- name: Run the newly built docker container
|
||||
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm
|
@ -1,9 +0,0 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62306462666461356361643838636461396665633234363731396465643663373731343438363062
|
||||
6166323433353631366639663933653439333961353539610a343234383436666463326161613538
|
||||
32396161616537363261643965616439333637346535643136643732623939346538623534336236
|
||||
3339643664633834630a323464376464343832636265623362353337316139333164613237323964
|
||||
38616264346536623633623337613363646262313637313431323666393537623665626262643963
|
||||
30316162303330396663636537633766333065386435376462653661653666323734363564323466
|
||||
33303738363731376363663935383439616363383238346537326363343330386361613363623662
|
||||
65663634363636633937
|
@ -1,84 +0,0 @@
|
||||
import os
|
||||
import sys
|
||||
import argparse
|
||||
import subprocess
|
||||
import pdb
|
||||
|
||||
add_Repos_Args = [
|
||||
"sudo",
|
||||
"add-apt-repository",
|
||||
"ppa:nextcloud-devs/client"
|
||||
]
|
||||
|
||||
download_Powershell_Keys = [
|
||||
"wget",
|
||||
"-q",
|
||||
"https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb"
|
||||
]
|
||||
|
||||
add_Powershell_Keys = [
|
||||
"sudo",
|
||||
"dpkg",
|
||||
"-i",
|
||||
"packages-microsoft-prod.deb"
|
||||
]
|
||||
|
||||
update_Apt_Repos = [
|
||||
"sudo",
|
||||
"apt",
|
||||
"update"
|
||||
]
|
||||
|
||||
add_Apt_Programs = [
|
||||
"sudo",
|
||||
"apt-get",
|
||||
"install",
|
||||
"-y",
|
||||
"powershell",
|
||||
"emacs",
|
||||
"python3.7",
|
||||
"firefox",
|
||||
"dropbox",
|
||||
"docker",
|
||||
"nextcloud-client"
|
||||
]
|
||||
|
||||
snapProgramsToAdd = [
|
||||
"slack",
|
||||
"discord",
|
||||
]
|
||||
|
||||
print("adding repos")
|
||||
subprocess.run(add_Repos_Args,shell=True)
|
||||
|
||||
print("download powershell key")
|
||||
subprocess.run(download_Powershell_Keys)
|
||||
|
||||
print("add powershell key")
|
||||
subprocess.run(add_Powershell_Keys)
|
||||
|
||||
print("updating apt")
|
||||
subprocess.run(update_Apt_Repos)
|
||||
|
||||
print("installing apt packages")
|
||||
subprocess.run(add_Apt_Programs)
|
||||
|
||||
#print("installing snap packages")
|
||||
#subprocess.run('sudo snap install ' + snapProgramsToAdd)
|
||||
|
||||
# post processing for firefox userChrome.css
|
||||
# cp userChrome.css to the profile directory > chrome > userChrome.css
|
||||
create_Firefox_Chrome_Folder = [
|
||||
"mkdir",
|
||||
"-p",
|
||||
"~/.mozilla/firefox/*.default/chrome/"
|
||||
]
|
||||
|
||||
configure_Firefox = [
|
||||
"cp"
|
||||
"~/Documents/projects/agares/applicationConfiguration/firefox/userChrome.css",
|
||||
"~/.mozilla/firefox/*.default/chrome/userChrome.css"
|
||||
]
|
||||
|
||||
subprocess.run(create_Firefox_Chrome_Folder)
|
||||
subprocess.run(configure_Firefox)
|
@ -1,14 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
dockerhosts:
|
||||
hosts:
|
||||
awful-1.awful.club:
|
||||
vpn:
|
||||
hosts:
|
||||
vpn.awful.club:
|
||||
dev:
|
||||
hosts:
|
||||
localhost:
|
||||
onprem:
|
||||
hosts:
|
||||
hatchery:
|
@ -1,38 +0,0 @@
|
||||
- hosts: onprem
|
||||
remote_user: josiah
|
||||
gather_facts: false
|
||||
become: yes
|
||||
vars:
|
||||
create_user: josiah
|
||||
sys_packages: [ 'curl', 'vim', 'git', '', 'emacs', 'build-essential' ]
|
||||
|
||||
tasks:
|
||||
- name: Install aptitude using apt
|
||||
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
|
||||
|
||||
- name: Install required system packages for docker install
|
||||
apt: name={{ item }} state=latest update_cache=yes
|
||||
loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common' ]
|
||||
|
||||
- name: Add Docker GPG apt Key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
state: present
|
||||
|
||||
- name: Add Docker Repository
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: add 'josiah' to docker group
|
||||
user:
|
||||
name='josiah'
|
||||
groups=docker
|
||||
append=yes
|
||||
|
@ -1,60 +0,0 @@
|
||||
# serverbuild
|
||||
this is a mess of a directory right now. sorry about that.
|
||||
|
||||
## ipsec.conf
|
||||
```
|
||||
config setup
|
||||
charondebug="ike 1, knl 1, cfg 0"
|
||||
uniqueids=no
|
||||
```
|
||||
This tells sswan to log daemon statuses for debugging and allow duplicate connections
|
||||
|
||||
```
|
||||
conn ikev2-vpn
|
||||
auto=add
|
||||
compress=no
|
||||
type=tunnel
|
||||
keyexchange=ikev2
|
||||
fragmentation=yes
|
||||
forceencaps=yes
|
||||
```
|
||||
This starts the VPN config stanza. Use IKEv2 VPN tunnels and load this config everytime we start up.
|
||||
|
||||
```
|
||||
dpdaction=clear
|
||||
dpddelay=300s
|
||||
rekey=no
|
||||
```
|
||||
This clears any weird connections (i.e. if a client gets unexpectedly dced)
|
||||
|
||||
```
|
||||
left=%any
|
||||
leftid=@vpn.awful.club
|
||||
leftcert=awful-server-cert.pem
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
```
|
||||
in strongswan grammer, "left" refers to serverside, apparently. this section is pretty selfexplanatory. The exception to that is `%any` i've got no fucking clue what that is.
|
||||
|
||||
```
|
||||
right=%any
|
||||
rightid=%any
|
||||
rightauth=eap-mschapv2
|
||||
rightsourceip=10.10.10.0/24
|
||||
rightdns=1.1.1.1,1.0.0.1
|
||||
rightsendcert=never
|
||||
```
|
||||
"right" side is client side.
|
||||
|
||||
```
|
||||
eap_identity=%identity
|
||||
```
|
||||
this tells sswan to always ask for un/pw on connect (eap.)
|
||||
((also eeeep))
|
||||
|
||||
|
||||
## ipsec.secrets
|
||||
this file contains: secrets, for the love of god change the values.
|
||||
|
||||
`: RSA "server-key.pem"` declares wheere the private key lives and what algo was used
|
||||
`your_username : EAP "your_password"` is very obvious.
|
@ -1,55 +0,0 @@
|
||||
- hosts: vpn
|
||||
remote_user: root
|
||||
gather_facts: false
|
||||
vars:
|
||||
create_user: josiah
|
||||
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'fail2ban' ]
|
||||
|
||||
tasks:
|
||||
- name: Make sure we have a 'sudo' group
|
||||
group:
|
||||
name: sudo
|
||||
state: present
|
||||
|
||||
- name: Allow sudo group to have passwordless sudo
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo'
|
||||
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
|
||||
- name: Create a new regular user with sudo privileges
|
||||
user:
|
||||
name: "{{ create_user }}"
|
||||
state: present
|
||||
groups: sudo
|
||||
append: true
|
||||
create_home: true
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Set authorized key for remote user
|
||||
authorized_key:
|
||||
user: "{{ create_user }}"
|
||||
state: present
|
||||
key: "{{ copy_local_key }}"
|
||||
|
||||
|
||||
- name: Disable password authentication for root
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
regexp: '^#?PermitRootLogin'
|
||||
line: 'PermitRootLogin no'
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: Restart sshd
|
||||
service:
|
||||
name: sshd.service
|
||||
state: restarted
|
@ -1,130 +0,0 @@
|
||||
# playbook to go from a "base configured" server to a wg vpn peer
|
||||
|
||||
- hosts: vpn
|
||||
remote_user: josiah
|
||||
gather_facts: false
|
||||
become: yes
|
||||
|
||||
tasks:
|
||||
- name: add unstable to repos
|
||||
shell: |
|
||||
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
|
||||
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
|
||||
|
||||
- name: Update aptitude
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: install wireguard
|
||||
apt: name=wireguard state=latest
|
||||
|
||||
- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean))
|
||||
# the kernel version is hard coded because this is what DO currently uses
|
||||
# and that's what i use
|
||||
apt: name=linux-headers-4.19.0-6-cloud-amd64
|
||||
- name: install misc other things the internet says i need
|
||||
apt: name=build-essential
|
||||
- name: install misc other things the internet says i need
|
||||
apt: name=dkms
|
||||
- name: install misc other things the internet says i need
|
||||
apt: name=openresolv
|
||||
|
||||
- name: enable kernel relay/forwarding
|
||||
shell: |
|
||||
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
|
||||
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE
|
||||
|
||||
- name: ensure /etc/wireguard/ exists
|
||||
file:
|
||||
path: /etc/wireguard/
|
||||
state: directory
|
||||
|
||||
- name: Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
|
||||
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
|
||||
- name: register publickey for later use
|
||||
shell: cat /etc/wireguard/publickey
|
||||
register: server_publickey
|
||||
|
||||
# install wg, generate keys, files on local machine
|
||||
- name: (local) install wg (i use) arch (btw)
|
||||
pacman:
|
||||
update_cache: yes
|
||||
name: wireguard-tools, wireguard-arch
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) ensure /etc/wireguard/ exists
|
||||
file:
|
||||
path: /etc/wireguard/
|
||||
state: directory
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
|
||||
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) register publickey for later use
|
||||
shell: cat /etc/wireguard/publickey
|
||||
register: arch_publickey
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: /etc/wireguard/wg0.conf
|
||||
block: |
|
||||
Address = 10.200.219.2/32, fd86:ea04:1115::2/128
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_publickey.stdout }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
delegate_to: localhost
|
||||
|
||||
- name: fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: /etc/wireguard/wg0.conf
|
||||
block: |
|
||||
Address = 10.200.219.1/24
|
||||
Address = fd86:ea04:1115::1/64
|
||||
ListenPort = 51820
|
||||
SaveConfig = true
|
||||
[Peer]
|
||||
# name = luggable-laptop
|
||||
PublicKey = {{ arch_publickey.stdout }}
|
||||
AllowedIPs = 10.200.219.2/32, fd86:ea04:1115::2/128
|
||||
|
||||
- name: bring wg up on the relay node
|
||||
shell: wg-quick up /etc/wireguard/wg0.conf
|
||||
|
||||
- name: test if wg is up on relay
|
||||
shell: ping -c1 10.200.219.1
|
||||
register: test_result
|
||||
|
||||
- name: (local) bring wg up on local
|
||||
shell: wg-quick up wg0
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) test if it worked on local
|
||||
shell: ping -c1 10.200.219.2
|
||||
register: test_result_local
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Test tunnel
|
||||
shell: ping -c1 10.200.219.1
|
||||
register: test_tunnel_local
|
||||
delegate_to: localhost
|
||||
ignore_errors: yes
|
@ -1,41 +0,0 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
Playbook to bootstrap wg vpn for my personal use
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
this playbook doesn't handle /creating the machines/. they have to be online and accessible either in my home network or in my cloud setup.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||
|
||||
|
||||
shit i'm still fixing
|
||||
----------------
|
||||
- its not actually working yet
|
||||
- mobile device seems like it connects
|
||||
- but i can't browse around.
|
||||
- arch tasks suck because ansible + pacman is bad.
|
||||
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
I don't know what to put here because i don't understand how roles work lmao
|
||||
`ansible-playbook -i ../hosts.yml tasks/main.yml -v`
|
||||
|
||||
useful for generating mobile device configs: qrencode -t ansiutf8 < /etc/wireguard/mobile.conf
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
email: me@jowj.net
|
@ -1,2 +0,0 @@
|
||||
---
|
||||
# defaults file for wg_vpn
|
@ -1,2 +0,0 @@
|
||||
---
|
||||
# handlers file for wg_vpn
|
@ -1,53 +0,0 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.4
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
@ -1,73 +0,0 @@
|
||||
---
|
||||
# tasks file for wg_vpn
|
||||
# playbook to go from a "base configured" server to a wg vpn peer
|
||||
- hosts: onprem
|
||||
remote_user: josiah
|
||||
gather_facts: True
|
||||
vars:
|
||||
source_os: arch
|
||||
|
||||
tasks:
|
||||
- name: "generating config on relay server"
|
||||
debug:
|
||||
msg: "config on relay is starting"
|
||||
verbosity: 1
|
||||
- name: generate config on relay server
|
||||
include: pretasks_debian.yml
|
||||
become: yes
|
||||
|
||||
- name: "generating config on local mac"
|
||||
debug:
|
||||
msg: "config on mac is starting"
|
||||
verbosity: 1
|
||||
when: source_os == 'macos'
|
||||
- name: generate config on local mac
|
||||
include: pretasks_mac.yml
|
||||
delegate_to: localhost
|
||||
when: source_os == 'macos'
|
||||
|
||||
- name: "generating config on local arch"
|
||||
debug:
|
||||
msg: "config on arch is starting"
|
||||
verbosity: 1
|
||||
when: source_os == 'arch'
|
||||
- name: generate config on local arch
|
||||
include: pretasks_arch.yml
|
||||
delegate_to: localhost
|
||||
when: source_os == 'arch'
|
||||
|
||||
- name: generate config for IOS on local machine
|
||||
include: pretasks_ios.yml
|
||||
delegate_to: localhost
|
||||
|
||||
- name: "completing config on server"
|
||||
debug:
|
||||
msg: "config on relay is resuming"
|
||||
verbosity: 1
|
||||
- name: complete config, wg up on relay server
|
||||
include: posttasks_debian.yml
|
||||
become: yes
|
||||
|
||||
- name: complete config, wg up on local mac
|
||||
include: posttasks_mac.yml
|
||||
delegate_to: localhost
|
||||
when: source_os == 'macos'
|
||||
|
||||
- name: "generating config on local arch"
|
||||
debug:
|
||||
msg: "config on arch is completing"
|
||||
verbosity: 1
|
||||
when: source_os == 'arch'
|
||||
- name: complete config on local arch
|
||||
include: posttasks_arch.yml
|
||||
delegate_to: localhost
|
||||
when: source_os == 'arch'
|
||||
|
||||
- name: "generating config for iOS"
|
||||
debug:
|
||||
msg: "config for IOS is completing"
|
||||
verbosity: 1
|
||||
- name: complete config for IOS on local machine
|
||||
include: posttasks_ios.yml
|
||||
delegate_to: localhost
|
||||
|
@ -1,19 +0,0 @@
|
||||
- name: (local) fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: /etc/wireguard/wg0.conf
|
||||
block: |
|
||||
Address = 10.200.219.2/32, fd86:ea04:1115::2/128
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_publickey.stdout }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
|
||||
- name: (local) bring wg up on local
|
||||
shell: wg-quick up wg0
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
ignore_errors: True
|
@ -1,19 +0,0 @@
|
||||
- name: fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: /etc/wireguard/wg0.conf
|
||||
block: |
|
||||
Address = 10.200.219.1/24
|
||||
Address = fd86:ea04:1115::1/64
|
||||
ListenPort = 51820
|
||||
SaveConfig = true
|
||||
[Peer]
|
||||
# name = pvl
|
||||
PublicKey = {{ client_publickey.stdout }}
|
||||
AllowedIPs = 10.200.219.19/32, fd86:ea04:1115::19/128
|
||||
[Peer]
|
||||
# name = matrix
|
||||
PublicKey = {{ ios_publickey.stdout }}
|
||||
AllowedIPs = 10.200.219.10/32, fd86:ea04:1115::10/128
|
||||
|
||||
- name: bring wg up on the relay node
|
||||
shell: wg-quick up /etc/wireguard/wg0.conf
|
@ -1,11 +0,0 @@
|
||||
- name: (local) fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: ~/wireguard/ios.conf
|
||||
block: |
|
||||
Address = 10.200.219.10/32, fd86:ea04:1115::10/128
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_publickey.stdout }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
@ -1,15 +0,0 @@
|
||||
- name: (local) fill out the rest of the wg0.conf file
|
||||
blockinfile:
|
||||
path: ~/wireguard/wg0.conf
|
||||
block: |
|
||||
Address = 10.200.219.19/32, fd86:ea04:1115::19/128
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_publickey.stdout }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
|
||||
# - name: (local) bring wg up on local
|
||||
# shell: wg-quick up wg0
|
||||
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
# tasks file for wg_vpn
|
||||
# this is useful for running plays /from/ an arch machine that will join the wg net.
|
||||
|
||||
# install wg, generate keys, files on local machine
|
||||
- name: (local) install wg (i use) arch (btw)
|
||||
pacman:
|
||||
update_cache: yes
|
||||
name: wireguard-tools, wireguard-arch, wireguard-dkms
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
# ansible has a hard time parsing the pacman files
|
||||
# ignore errors once you verify shit is installed / patched.
|
||||
ignore_errors: True
|
||||
|
||||
- name: (local) ensure /etc/wireguard/ exists
|
||||
file:
|
||||
path: /etc/wireguard/
|
||||
state: directory
|
||||
delegate_to: localhost
|
||||
|
||||
- name: (local) Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
|
||||
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
|
||||
- name: (local) register publickey for later use
|
||||
shell: cat /etc/wireguard/publickey
|
||||
register: client_publickey
|
||||
delegate_to: localhost
|
||||
become: yes
|
@ -1,47 +0,0 @@
|
||||
- name: add unstable to repos
|
||||
shell: |
|
||||
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
|
||||
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
|
||||
- name: Update aptitude
|
||||
apt: update_cache=yes
|
||||
- name: install wireguard
|
||||
apt: name=wireguard state=latest
|
||||
- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean))
|
||||
# the kernel version is hard coded because this is what DO currently uses
|
||||
# and that's what i use
|
||||
apt: name=linux-headers-4.19.0-6-cloud-amd64
|
||||
- name: install misc other things the internet says i need
|
||||
apt: name=build-essential
|
||||
- name: install misc other things the internet says i need
|
||||
apt: name=dkms
|
||||
- name: needed for handling dns requests
|
||||
apt: name=openresolv
|
||||
- name: enable kernel relay/forwarding
|
||||
shell: |
|
||||
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
|
||||
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE
|
||||
- name: ensure /etc/wireguard/ exists
|
||||
file:
|
||||
path: /etc/wireguard/
|
||||
state: directory
|
||||
|
||||
- name: Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
|
||||
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
- name: register publickey for later use
|
||||
shell: cat /etc/wireguard/publickey
|
||||
register: server_publickey
|
||||
|
||||
# do this to avoid idiot "hey you can't start, u already started!!!" erros.
|
||||
# fucker.
|
||||
- name: register publickey for later use
|
||||
shell: wg-quick down /etc/wireguard/wg0.conf
|
||||
ignore_errors: True
|
@ -1,15 +0,0 @@
|
||||
- name: make wg dir since macs are now weird about /etc/anything
|
||||
file:
|
||||
path: ~/wireguard/
|
||||
state: directory
|
||||
|
||||
- name: Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > ~/wireguard/ios.conf
|
||||
wg genkey | tee -a ~/wireguard/ios.conf | wg pubkey > ~/wireguard/ios_publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
|
||||
- name: register publickey for later use
|
||||
shell: cat ~/wireguard/ios_publickey
|
||||
register: ios_publickey
|
@ -1,21 +0,0 @@
|
||||
- name: Update brew
|
||||
homebrew: update_homebrew=yes
|
||||
|
||||
- name: install wireguard
|
||||
homebrew: name=wireguard-tools state=latest
|
||||
|
||||
- name: make wg dir since macs are now weird about /etc/anything
|
||||
file:
|
||||
path: ~/wireguard/
|
||||
state: directory
|
||||
|
||||
- name: Generate keys
|
||||
shell: |
|
||||
printf "[Interface]\nPrivateKey = " > ~/wireguard/wg0.conf
|
||||
wg genkey | tee -a ~/wireguard/wg0.conf | wg pubkey > ~/wireguard/publickey
|
||||
vars:
|
||||
umask: "077"
|
||||
|
||||
- name: register publickey for later use
|
||||
shell: cat ~/wireguard/publickey
|
||||
register: client_publickey
|
@ -1,2 +0,0 @@
|
||||
localhost
|
||||
|
@ -1,25 +0,0 @@
|
||||
---
|
||||
- hosts: vpn
|
||||
roles:
|
||||
- wg_vpn
|
||||
|
||||
tasks:
|
||||
- name: Verify remote wg node has wg running
|
||||
shell: ping -c1 10.200.219.1
|
||||
register: remote_result
|
||||
- assert:
|
||||
that:
|
||||
- "'1 packets transmitted, 1 packets received' in remote_result.stdout"
|
||||
|
||||
- name: Verify remote wg node has wg running
|
||||
shell: ping -c1 10.200.219.2
|
||||
register: local_result
|
||||
- assert:
|
||||
that:
|
||||
- "'1 packets transmitted, 1 packets received' in local_result.stdout"
|
||||
- name: Verify that local node can talk to remote
|
||||
shell: ping -c1 10.200.219.1
|
||||
register: tunnel_result
|
||||
- assert:
|
||||
that:
|
||||
- "'1 packets transmitted, 1 packets received' in tunnel_result.stdout"
|
@ -1,2 +0,0 @@
|
||||
---
|
||||
# vars file for wg_vpn
|
@ -1,18 +0,0 @@
|
||||
- name: Copy splunk modules to corp deploy server
|
||||
hosts: corp
|
||||
# vars_files:
|
||||
# - mojo-vars-vault.yml
|
||||
remote_user: josiah_ledbetter
|
||||
tasks:
|
||||
- name: Copy item to remote server
|
||||
copy:
|
||||
# make sure the permissions of the file you are copying are readable by ansible user
|
||||
src: /Users/josiah_ledbetter/Documents/projects/splunk/configs/filething/
|
||||
# src must not end in "/" or it will only copy files inside dir instead of entire dir
|
||||
dest: /opt/splunk/temp/
|
||||
owner: splunk
|
||||
group: splunk
|
||||
# these below affect the entire task, and should not go under the command's indention level. This took WAY too longer to figure out.
|
||||
become: "true"
|
||||
become_method: sudo
|
||||
become_user: root
|
@ -1,8 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
corp:
|
||||
hosts:
|
||||
AUS01GMSPLUNK01:
|
||||
vdc:
|
||||
hosts:
|
||||
v1-cs-sec-splunk01:
|
@ -1,53 +0,0 @@
|
||||
# handle mass install of programs needed for new windows workstations
|
||||
Import-Module .\deploy-WinWorkstation.psm1
|
||||
|
||||
$chocoPrograms = @(
|
||||
"pwsh",
|
||||
"git",
|
||||
"vscode",
|
||||
"emacs64",
|
||||
"python2",
|
||||
"python3",
|
||||
"docker",
|
||||
"slack",
|
||||
"discord",
|
||||
"keybase",
|
||||
"spotify",
|
||||
"1password",
|
||||
"firefox",
|
||||
"dropbox",
|
||||
"conemu",
|
||||
"virtualbox"
|
||||
)
|
||||
choco install $chocoPrograms -y
|
||||
|
||||
DisableAdvertisingID
|
||||
DisableAppSuggestions
|
||||
DisableBackgroundApps
|
||||
DisableCortana
|
||||
DisableDiagTrack
|
||||
DisableFeedback
|
||||
DisableLockScreenSpotlight
|
||||
DisableMapUpdates
|
||||
DisableOneDrive
|
||||
DisableSmartScreen
|
||||
DisableSMB1
|
||||
DisableTelemetry
|
||||
DisableWebSearch
|
||||
DisableXboxFeatures
|
||||
EnableRemoteDesktop
|
||||
HideTaskbarPeopleIcon
|
||||
InstallHyperV
|
||||
InstallLinuxSubsystem
|
||||
SetExplorerThisPC
|
||||
SetP2PUpdateLocal
|
||||
SetPhotoViewerAssociation
|
||||
ShowKnownExtensions
|
||||
ShowSmallTaskbarIcons
|
||||
ShowTaskManagerDetails
|
||||
ShowTrayIcons
|
||||
UninstallMsftBloat
|
||||
UninstallOneDrive
|
||||
UninstallThirdPartyBloat
|
||||
UninstallWindowsStore
|
||||
UnpinStartMenuTiles
|
@ -1,373 +0,0 @@
|
||||
# cribbed from https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
|
||||
|
||||
Function DisableTelemetry {
|
||||
Write-Host "Disabling Telemetry..."
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null
|
||||
}
|
||||
|
||||
Function DisableSmartScreen {
|
||||
Write-Host "Disabling SmartScreen Filter..."
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off"
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0
|
||||
$edge = (Get-AppxPackage -AllUsers "Microsoft.MicrosoftEdge").PackageFamilyName
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "PreventOverride" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function DisableWebSearch {
|
||||
Write-Host "Disabling Bing Search in Start Menu..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1
|
||||
}
|
||||
|
||||
Function DisableAppSuggestions {
|
||||
Write-Host "Disabling Application suggestions..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
|
||||
}
|
||||
|
||||
Function DisableBackgroundApps {
|
||||
Write-Host "Disabling Background application access..."
|
||||
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach {
|
||||
Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1
|
||||
Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1
|
||||
}
|
||||
}
|
||||
|
||||
Function DisableLockScreenSpotlight {
|
||||
Write-Host "Disabling Lock screen spotlight..."
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function DisableMapUpdates {
|
||||
Write-Host "Disabling automatic Maps updates..."
|
||||
Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function DisableFeedback {
|
||||
Write-Host "Disabling Feedback..."
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null
|
||||
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null
|
||||
}
|
||||
|
||||
Function DisableAdvertisingID {
|
||||
Write-Host "Disabling Advertising ID..."
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function DisableCortana {
|
||||
Write-Host "Disabling Cortana..."
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function EnableCortana {
|
||||
Write-Host "Enabling Cortana..."
|
||||
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -ErrorAction SilentlyContinue
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0
|
||||
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -ErrorAction SilentlyContinue
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Function SetP2PUpdateLocal {
|
||||
Write-Host "Restricting Windows Update P2P only to local network..."
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3
|
||||
}
|
||||
|
||||
|
||||
Function SetP2PUpdateInternet {
|
||||
Write-Host "Unrestricting Windows Update P2P to internet..."
|
||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -ErrorAction SilentlyContinue
|
||||
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Function DisableDiagTrack {
|
||||
Write-Host "Stopping and disabling Diagnostics Tracking Service..."
|
||||
Stop-Service "DiagTrack" -WarningAction SilentlyContinue
|
||||
Set-Service "DiagTrack" -StartupType Disabled
|
||||
}
|
||||
|
||||
Function DisableSMB1 {
|
||||
Write-Host "Disabling SMB 1.0 protocol..."
|
||||
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
|
||||
}
|
||||
|
||||
Function EnableRemoteDesktop {
|
||||
Write-Host "Enabling Remote Desktop w/o Network Level Authentication..."
|
||||
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
|
||||
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function ShowTaskManagerDetails {
|
||||
Write-Host "Showing task manager details..."
|
||||
If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) {
|
||||
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null
|
||||
}
|
||||
$preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
|
||||
If (!($preferences)) {
|
||||
$taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru
|
||||
While (!($preferences)) {
|
||||
Start-Sleep -m 250
|
||||
$preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
|
||||
}
|
||||
Stop-Process $taskmgr
|
||||
}
|
||||
$preferences.Preferences[28] = 0
|
||||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences
|
||||
}
|
||||
|
||||
# Show small icons in taskbar
|
||||
Function ShowSmallTaskbarIcons {
|
||||
Write-Host "Showing small icons in taskbar..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1
|
||||
}
|
||||
|
||||
Function HideTaskbarPeopleIcon {
|
||||
Write-Host "Hiding People icon..."
|
||||
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
|
||||
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function ShowTrayIcons {
|
||||
Write-Host "Showing all tray icons..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function ShowKnownExtensions {
|
||||
Write-Host "Showing known file extensions..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function SetExplorerThisPC {
|
||||
Write-Host "Changing default Explorer view to This PC..."
|
||||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1
|
||||
}
|
||||
|
||||
Function DisableOneDrive {
|
||||
Write-Host "Disabling OneDrive..."
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1
|
||||
}
|
||||
|
||||
Function UninstallOneDrive {
|
||||
Write-Host "Uninstalling OneDrive..."
|
||||
Stop-Process -Name OneDrive -ErrorAction SilentlyContinue
|
||||
Start-Sleep -s 3
|
||||
$onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
|
||||
If (!(Test-Path $onedrive)) {
|
||||
$onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
|
||||
}
|
||||
Start-Process $onedrive "/uninstall" -NoNewWindow -Wait
|
||||
Start-Sleep -s 3
|
||||
Stop-Process -Name explorer -ErrorAction SilentlyContinue
|
||||
Start-Sleep -s 3
|
||||
Remove-Item -Path "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
||||
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
||||
Remove-Item -Path "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
|
||||
Remove-Item -Path "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
|
||||
If (!(Test-Path "HKCR:")) {
|
||||
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
|
||||
}
|
||||
Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
|
||||
Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Function UninstallMsftBloat {
|
||||
Write-Host "Uninstalling default Microsoft applications..."
|
||||
Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.People" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage
|
||||
Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.RemoteDesktop" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage
|
||||
}
|
||||
|
||||
function UninstallThirdPartyBloat {
|
||||
Write-Host "Uninstalling default third party applications..."
|
||||
Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage
|
||||
Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage
|
||||
Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage
|
||||
Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage
|
||||
Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage
|
||||
Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage
|
||||
Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage
|
||||
Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage
|
||||
Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage
|
||||
Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage
|
||||
Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage
|
||||
Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage
|
||||
Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage
|
||||
Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage
|
||||
Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage
|
||||
Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage
|
||||
Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage
|
||||
Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage
|
||||
Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage
|
||||
Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage
|
||||
Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage
|
||||
Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage
|
||||
Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage
|
||||
Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage
|
||||
Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage
|
||||
}
|
||||
|
||||
Function UninstallWindowsStore {
|
||||
Write-Host "Uninstalling Windows Store..."
|
||||
Get-AppxPackage "Microsoft.DesktopAppInstaller" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.WindowsStore" | Remove-AppxPackage
|
||||
}
|
||||
|
||||
Function InstallWindowsStore {
|
||||
Write-Host "Installing Windows Store..."
|
||||
Get-AppxPackage -AllUsers "Microsoft.DesktopAppInstaller" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
||||
Get-AppxPackage -AllUsers "Microsoft.WindowsStore" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
|
||||
}
|
||||
|
||||
Function DisableXboxFeatures {
|
||||
Write-Host "Disabling Xbox features..."
|
||||
Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage
|
||||
Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage
|
||||
Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0
|
||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) {
|
||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0
|
||||
}
|
||||
|
||||
Function InstallLinuxSubsystem {
|
||||
Write-Host "Installing Linux Subsystem..."
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1
|
||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null
|
||||
}
|
||||
|
||||
Function InstallHyperV {
|
||||
Write-Host "Installing Hyper-V..."
|
||||
If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") {
|
||||
Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null
|
||||
} Else {
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null
|
||||
}
|
||||
}
|
||||
|
||||
Function SetPhotoViewerAssociation {
|
||||
Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..."
|
||||
If (!(Test-Path "HKCR:")) {
|
||||
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
|
||||
}
|
||||
ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
|
||||
New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
|
||||
New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
|
||||
Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
|
||||
Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
|
||||
}
|
||||
}
|
||||
|
||||
# Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually.
|
||||
Function UnpinStartMenuTiles {
|
||||
Write-Host "Unpinning all Start Menu tiles..."
|
||||
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object {
|
||||
$data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join ","
|
||||
$data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0"
|
||||
Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",")
|
||||
}
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
all:
|
||||
children:
|
||||
dockerhosts:
|
||||
hosts:
|
||||
monitoring.awful.club:
|
||||
vars:
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"'
|
||||
macs:
|
||||
hosts:
|
||||
hydra-ling:
|
||||
windows:
|
||||
hosts:
|
||||
lurker-ling:
|
||||
linux:
|
||||
hosts:
|
||||
ling-bane:
|
@ -1,31 +0,0 @@
|
||||
- name: deploy znc server
|
||||
hosts: dockerhosts
|
||||
remote_user: josiah
|
||||
tasks:
|
||||
- name: update or create the directory
|
||||
shell: cd /home/josiah/znc-docker/ && git pull
|
||||
register: result
|
||||
ignore_errors: True
|
||||
|
||||
# if the folder doesn't exist, clone source.
|
||||
- command: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git
|
||||
when: result is failed
|
||||
- name: build from latest version
|
||||
shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile .
|
||||
- name: Check if there are any existing ZNC containers running and kill it
|
||||
shell: docker ps | grep 'znc' | awk '{print $1}'
|
||||
register: result
|
||||
- name: if there are running containers, remove them
|
||||
shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill
|
||||
when: result.stdout != ""
|
||||
- name: discover if any containers with ZNC in name
|
||||
# this has to be a shell because command: isn't interactive
|
||||
shell: docker container ls | grep 'znc'
|
||||
register: result
|
||||
ignore_errors: True
|
||||
- name: remove any existing containers with ZNC in name
|
||||
shell: docker container rm znc
|
||||
when: result is succeeded
|
||||
- name: run the container (assumes the volume is already set up)
|
||||
command: docker run -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc
|
||||
|
Loading…
Reference in new issue