jowj
/
chd
1
0
Fork 0
Code Pull Requests Releases Activity

Remove deployments folder.

Browse Source 
- this is going to be added to a new repo dedicated to more
- deployment / ops things.
master
jowj 4 years ago
parent a966de33e7
commit 765f880dd5
38 changed files with 0 additions and 1639 deletions
Show Stats Download Patch File Download Diff File

25
deployments/arke/arke.yml
Unescape View File

@ -1,25 +0,0 @@
- name: Deploy Arke
hosts: dockerhosts
remote_user: josiah
tasks:
- name: Get hostname for troubleshooting
command: hostname
register: hostname
- debug: msg="{{ hostname.stdout }}"
- name: Pull latest version from github
shell: cd /home/josiah/arke/ && git pull
- name: Build from the latest version
shell: cd ~/arke/ && docker build -t arke -f dockerfile .
- name: Check if there are any existing arke containers running
shell: docker ps | grep 'arke' | awk '{print $1}'
register: result
- name: and kill it
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill
when: result.stdout != ""
- name: Remove any existing containers using the arke name, its mine and i must have it
# this has to be a shell because command: isn't interactive
shell: docker container rm arke
- name: Run the newly built docker container
command: docker run -d --name arke --mount source=towervol,target=/shared/ arke:latest

16
deployments/arke/hosts.yml
Unescape View File

@ -1,16 +0,0 @@
all:
children:
dockerhosts:
hosts:
monitoring.awful.club:
vars:
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"'
macs:
hosts:
hydra-ling:
windows:
hosts:
lurker-ling:
linux:
hosts:
ling-bane:

105
deployments/awful-1/deploy.yml
Unescape View File

@ -1,105 +0,0 @@
- name: setup mojo repo
hosts: prod
tasks:
- name: print hostname
command: hostname
register: hostname
- debug: msg="{{ hostname.stdout }}"
- name: try to update directory
shell: cd /home/josiah/mojojojo-bot && git pull
register: result
ignore_errors: True
- name: if the folder doesn't exist, clone from remote
shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git
when: result is failed
- name: Deploy mojo webclient
hosts: prod
vars_files:
- mojo-vars-vault.yml
tasks:
- name: Build from the latest version
shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile .
- name: Check if there are any existing mojo-web containers running and kill them
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill
ignore_errors: True
- name: Run the newly built docker container
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web
- name: Deploy mojo rtmclient
hosts: prod
vars_files:
- mojo-vars-vault.yml
tasks:
- name: Build from the latest version
shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile .
- name: Check if there are any existing mojo-rtm containers running and kill them
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill
ignore_errors: True
- name: Run the newly built docker container
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm
- name: deploy znc server
hosts: dockerhosts
remote_user: josiah
tasks:
- name: update or create the directory
shell: cd /home/josiah/znc-docker/ && git pull
register: result
ignore_errors: True
# if the folder doesn't exist, clone source.
- shell: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git
when: result is failed
- name: build from latest version
shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile .
- name: Check if there are any existing ZNC containers running and kill it
shell: docker ps | grep 'znc' | awk '{print $1}'
register: result
- name: if there are running containers, remove them
shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill
when: result.stdout != ""
- name: discover if any containers with ZNC in name
# this has to be a shell because command: isn't interactive
shell: docker container ls | grep 'znc'
register: result
ignore_errors: True
- name: remove any existing containers with ZNC in name
shell: docker container rm znc
when: result is succeeded
- name: run the container (assumes the volume is already set up)
command: docker run --restart "always" -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc
- name: Deploy Arke
hosts: dockerhosts
remote_user: josiah
tasks:
- name: Get hostname for troubleshooting
command: hostname
register: hostname
- debug: msg="{{ hostname.stdout }}"
- name: update the directory, or log to register if dir doesn't exist'
shell: cd /home/josiah/arke/ && git pull
register: result
ignore_errors: True
- name: If last step failed, clone the repo.
shell: cd /home/josiah/ && git clone https://github.com/jowj/arke.git
when: result is failed
- name: Build from the latest version
shell: cd ~/arke/ && docker build -t arke -f dockerfile .
- name: Check if there are any existing arke containers running
shell: docker ps | grep 'arke' | awk '{print $1}'
register: result
- name: and kill it
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'arke' | awk '{print $1}' | xargs docker kill
when: result.stdout != ""
- name: Remove any existing containers using the arke name, its mine and i must have it
# this has to be a shell because command: isn't interactive
shell: docker container rm arke
ignore_errors: True
- name: Run the newly built docker container
command: docker run -d --name arke --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ arke:latest

14
deployments/awful-1/hosts.yml
Unescape View File

@ -1,14 +0,0 @@
all:
children:
dockerhosts:
hosts:
awful-1.awful.club:
macs:
hosts:
hydra-ling:
windows:
hosts:
lurker-ling:
linux:
hosts:
ling-bane:

9
deployments/awful-1/mojo-vars-vault.yml
Unescape View File

@ -1,9 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
62306462666461356361643838636461396665633234363731396465643663373731343438363062
6166323433353631366639663933653439333961353539610a343234383436666463326161613538
32396161616537363261643965616439333637346535643136643732623939346538623534336236
3339643664633834630a323464376464343832636265623362353337316139333164613237323964
38616264346536623633623337613363646262313637313431323666393537623665626262643963
30316162303330396663636537633766333065386435376462653661653666323734363564323466
33303738363731376363663935383439616363383238346537326363343330386361613363623662
65663634363636633937

39
deployments/macDeploy/deploy-MacWorkstation.py
Unescape View File

@ -1,39 +0,0 @@
import os
import sys
import argparse
import subprocess
import pdb
# brew cask install powershell
# Install brew if we don't have it
installBrew = [
""" if test ! $(which brew); then
echo "Installing homebrew..."
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
fi """
]
subprocess.run(installBrew)
subprocess.run('brew update')
subprocess.run('brew tap caskroom/cask')
macPrograms = [
"powershell",
"git",
"vscode",
"emacs64",
"python2",
"python3",
"docker",
"slack",
"discord",
"keybase",
"spotify",
"1password",
"firefox",
"dropbox",
"conemu",
"virtualbox"
]
subprocess.run('brew install ' + macPrograms)

106
deployments/mediaServer/docker-compose.yml
Unescape View File

@ -1,106 +0,0 @@
version: '3'
services:
sonarr:
image: "linuxserver/sonarr"
ports:
- "8989:8989"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/sonarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/tv/:/tv"
lidarr:
image: "linuxserver/lidarr"
ports:
- "8686:8686"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/lidarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/audio/:/music"
# headphones:
# image: "linuxserver/headphones"
# ports:
# - "8181:8181"
# restart: unless-stopped
# environment:
# PUID: 1000
# PGID: 1000
# TZ: America/Chicago
# volumes:
# - "/home/josiah/Documents/apps/headphones:/config"
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
# - "/media/usenet/audio/:/music"
radarr:
image: "linuxserver/radarr"
ports:
- "7878:7878"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/radarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/movies/:/movies"
sabnzb:
image: "funkypenguin/sabnzbd"
ports:
- "8080:8080"
- "9090:9090"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/sabnzbd:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads"
- "/home/josiah/Downloads/usenet-watched/:/watched-folder"
- "/media/usenet/tv:/tv"
- "/media/usenet/audio/:/music"
- "/media/usenet/movies/:/movies"
- "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes"
- "/media/usenet/book-library/books/:/books"
lazylibrarian:
image: "thraxis/lazylibrarian-calibre"
ports:
- "5299:5299"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/lazylibrarian:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/book-library/calibre-library/:/calibre-library"
- "/media/usenet/book-library/books/:/books"
- "/media/usenet/book-library/audiobooks:/audiobooks"
# calibre:
# image: "linuxserver/calibre"
# container_name: calibre
# ports:
# - "8219:8080"
# - "8081:8081"
# restart: unless-stopped
# environment:
# PUID: 1000
# PGID: 1000
# TZ: America/Chicago
# volumes:
# - "/home/josiah/apps/calibre:/config"
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
# - "/media/usenet/book-library/calibre-library/:/calibre-library"
# - "/media/usenet/book-library/temp/:/import"

11
deployments/mojobot/hosts.yml
Unescape View File

@ -1,11 +0,0 @@
all:
children:
prod:
hosts:
# 10.30.12.41 is the secops-utils ip
monitoring.awful.club:
ansible_user: josiah
ansible_timeout: 100
dev:
hosts:
localhost:

42
deployments/mojobot/mojo.yml
Unescape View File

@ -1,42 +0,0 @@
- name: setup mojo repo
hosts: prod
tasks:
- name: print hostname
command: hostname
register: hostname
- debug: msg="{{ hostname.stdout }}"
- name: try to update directory
shell: cd /home/josiah/mojojojo-bot && git pull
register: result
ignore_errors: True
- name: if the folder doesn't exist, clone from remote
shell: cd /home/josiah/ && git clone http://git.awful.club/hosted/mojojojo-bot.git
when: result is failed
- name: Deploy mojo webclient
hosts: prod
vars_files:
- vault-vars-mojo.yml
tasks:
- name: Build from the latest version
shell: cd /home/josiah/mojojojo-bot/mojo-web && docker build -t mojo-web -f dockerfile .
- name: Check if there are any existing mojo-web containers running and kill them
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'mojo-web' | awk '{print $1}' | xargs docker kill
ignore_errors: True
- name: Run the newly built docker container
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-web
- name: Deploy mojo rtmclient
hosts: prod
vars_files:
- vault-vars-mojo.yml
tasks:
- name: Build from the latest version
shell: cd /home/josiah/mojojojo-bot/mojo-rtm && docker build -t mojo-rtm -f dockerfile .
- name: Check if there are any existing mojo-rtm containers running and kill them
# this has to be a shell because command: isn't interactive
shell: docker ps | grep 'mojo-rtm' | awk '{print $1}' | xargs docker kill
ignore_errors: True
- name: Run the newly built docker container
command: docker container run -e "SLACK_BOT_TOKEN={{ VAULT_SLACK_BOT_TOKEN }}" --restart "always" -d --mount type="bind",source="/mnt/volume_sfo2_znc",target=/shared/ mojo-rtm

9
deployments/mojobot/vault-vars-mojo.yml
Unescape View File

@ -1,9 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
62306462666461356361643838636461396665633234363731396465643663373731343438363062
6166323433353631366639663933653439333961353539610a343234383436666463326161613538
32396161616537363261643965616439333637346535643136643732623939346538623534336236
3339643664633834630a323464376464343832636265623362353337316139333164613237323964
38616264346536623633623337613363646262313637313431323666393537623665626262643963
30316162303330396663636537633766333065386435376462653661653666323734363564323466
33303738363731376363663935383439616363383238346537326363343330386361613363623662
65663634363636633937

84
deployments/nixDeploy/nix.py
Unescape View File

@ -1,84 +0,0 @@
import os
import sys
import argparse
import subprocess
import pdb
add_Repos_Args = [
"sudo",
"add-apt-repository",
"ppa:nextcloud-devs/client"
]
download_Powershell_Keys = [
"wget",
"-q",
"https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb"
]
add_Powershell_Keys = [
"sudo",
"dpkg",
"-i",
"packages-microsoft-prod.deb"
]
update_Apt_Repos = [
"sudo",
"apt",
"update"
]
add_Apt_Programs = [
"sudo",
"apt-get",
"install",
"-y",
"powershell",
"emacs",
"python3.7",
"firefox",
"dropbox",
"docker",
"nextcloud-client"
]
snapProgramsToAdd = [
"slack",
"discord",
]
print("adding repos")
subprocess.run(add_Repos_Args,shell=True)
print("download powershell key")
subprocess.run(download_Powershell_Keys)
print("add powershell key")
subprocess.run(add_Powershell_Keys)
print("updating apt")
subprocess.run(update_Apt_Repos)
print("installing apt packages")
subprocess.run(add_Apt_Programs)
#print("installing snap packages")
#subprocess.run('sudo snap install ' + snapProgramsToAdd)
# post processing for firefox userChrome.css
# cp userChrome.css to the profile directory > chrome > userChrome.css
create_Firefox_Chrome_Folder = [
"mkdir",
"-p",
"~/.mozilla/firefox/*.default/chrome/"
]
configure_Firefox = [
"cp"
"~/Documents/projects/agares/applicationConfiguration/firefox/userChrome.css",
"~/.mozilla/firefox/*.default/chrome/userChrome.css"
]
subprocess.run(create_Firefox_Chrome_Folder)
subprocess.run(configure_Firefox)

14
deployments/serverBuild/hosts.yml
Unescape View File

@ -1,14 +0,0 @@
all:
children:
dockerhosts:
hosts:
awful-1.awful.club:
vpn:
hosts:
vpn.awful.club:
dev:
hosts:
localhost:
onprem:
hosts:
hatchery:

38
deployments/serverBuild/onprem.yml
Unescape View File

@ -1,38 +0,0 @@
- hosts: onprem
remote_user: josiah
gather_facts: false
become: yes
vars:
create_user: josiah
sys_packages: [ 'curl', 'vim', 'git', '', 'emacs', 'build-essential' ]
tasks:
- name: Install aptitude using apt
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
- name: Install required system packages for docker install
apt: name={{ item }} state=latest update_cache=yes
loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common' ]
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu bionic stable
state: present
- name: Update apt
apt: update_cache=yes
- name: Install required system packages
apt: name={{ sys_packages }} state=latest
- name: add 'josiah' to docker group
user:
name='josiah'
groups=docker
append=yes

60
deployments/serverBuild/readme.md
Unescape View File

@ -1,60 +0,0 @@
# serverbuild
this is a mess of a directory right now. sorry about that.
## ipsec.conf
```
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
```
This tells sswan to log daemon statuses for debugging and allow duplicate connections
```
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
```
This starts the VPN config stanza. Use IKEv2 VPN tunnels and load this config everytime we start up.
```
dpdaction=clear
dpddelay=300s
rekey=no
```
This clears any weird connections (i.e. if a client gets unexpectedly dced)
```
left=%any
leftid=@vpn.awful.club
leftcert=awful-server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
```
in strongswan grammer, "left" refers to serverside, apparently. this section is pretty selfexplanatory. The exception to that is `%any` i've got no fucking clue what that is.
```
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=1.1.1.1,1.0.0.1
rightsendcert=never
```
"right" side is client side.
```
eap_identity=%identity
```
this tells sswan to always ask for un/pw on connect (eap.)
((also eeeep))
## ipsec.secrets
this file contains: secrets, for the love of god change the values.
`: RSA "server-key.pem"` declares wheere the private key lives and what algo was used
`your_username : EAP "your_password"` is very obvious.

55
deployments/serverBuild/serverbuild.yml
Unescape View File

@ -1,55 +0,0 @@
- hosts: vpn
remote_user: root
gather_facts: false
vars:
create_user: josiah
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
sys_packages: [ 'curl', 'vim', 'git', 'fail2ban' ]
tasks:
- name: Make sure we have a 'sudo' group
group:
name: sudo
state: present
- name: Allow sudo group to have passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
- name: Create a new regular user with sudo privileges
user:
name: "{{ create_user }}"
state: present
groups: sudo
append: true
create_home: true
shell: /bin/bash
- name: Set authorized key for remote user
authorized_key:
user: "{{ create_user }}"
state: present
key: "{{ copy_local_key }}"
- name: Disable password authentication for root
lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin no'
- name: Update apt
apt: update_cache=yes
- name: Install required system packages
apt: name={{ sys_packages }} state=latest
- name: Restart sshd
service:
name: sshd.service
state: restarted

130
deployments/serverBuild/vpnBuild.yml
Unescape View File

@ -1,130 +0,0 @@
# playbook to go from a "base configured" server to a wg vpn peer
- hosts: vpn
remote_user: josiah
gather_facts: false
become: yes
tasks:
- name: add unstable to repos
shell: |
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
- name: Update aptitude
apt: update_cache=yes
- name: install wireguard
apt: name=wireguard state=latest
- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean))
# the kernel version is hard coded because this is what DO currently uses
# and that's what i use
apt: name=linux-headers-4.19.0-6-cloud-amd64
- name: install misc other things the internet says i need
apt: name=build-essential
- name: install misc other things the internet says i need
apt: name=dkms
- name: install misc other things the internet says i need
apt: name=openresolv
- name: enable kernel relay/forwarding
shell: |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE
- name: ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat /etc/wireguard/publickey
register: server_publickey
# install wg, generate keys, files on local machine
- name: (local) install wg (i use) arch (btw)
pacman:
update_cache: yes
name: wireguard-tools, wireguard-arch
state: present
delegate_to: localhost
- name: (local) ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
delegate_to: localhost
- name: (local) Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
delegate_to: localhost
- name: (local) register publickey for later use
shell: cat /etc/wireguard/publickey
register: arch_publickey
delegate_to: localhost
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.2/32, fd86:ea04:1115::2/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0
delegate_to: localhost
- name: fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.1/24
Address = fd86:ea04:1115::1/64
ListenPort = 51820
SaveConfig = true
[Peer]
# name = luggable-laptop
PublicKey = {{ arch_publickey.stdout }}
AllowedIPs = 10.200.219.2/32, fd86:ea04:1115::2/128
- name: bring wg up on the relay node
shell: wg-quick up /etc/wireguard/wg0.conf
- name: test if wg is up on relay
shell: ping -c1 10.200.219.1
register: test_result
- name: (local) bring wg up on local
shell: wg-quick up wg0
delegate_to: localhost
- name: (local) test if it worked on local
shell: ping -c1 10.200.219.2
register: test_result_local
delegate_to: localhost
- name: Test tunnel
shell: ping -c1 10.200.219.1
register: test_tunnel_local
delegate_to: localhost
ignore_errors: yes

41
deployments/serverBuild/wg_vpn/README.md
Unescape View File

@ -1,41 +0,0 @@
Role Name
=========
Playbook to bootstrap wg vpn for my personal use
Requirements
------------
this playbook doesn't handle /creating the machines/. they have to be online and accessible either in my home network or in my cloud setup.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
shit i'm still fixing
----------------
- its not actually working yet
- mobile device seems like it connects
- but i can't browse around.
- arch tasks suck because ansible + pacman is bad.
Example Playbook
----------------
I don't know what to put here because i don't understand how roles work lmao
`ansible-playbook -i ../hosts.yml tasks/main.yml -v`
useful for generating mobile device configs: qrencode -t ansiutf8 < /etc/wireguard/mobile.conf
License
-------
BSD
Author Information
------------------
email: me@jowj.net

2
deployments/serverBuild/wg_vpn/defaults/main.yml
Unescape View File

@ -1,2 +0,0 @@
---
# defaults file for wg_vpn

2
deployments/serverBuild/wg_vpn/handlers/main.yml
Unescape View File

@ -1,2 +0,0 @@
---
# handlers file for wg_vpn

53
deployments/serverBuild/wg_vpn/meta/main.yml
Unescape View File

@ -1,53 +0,0 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

73
deployments/serverBuild/wg_vpn/tasks/main.yml
Unescape View File

@ -1,73 +0,0 @@
---
# tasks file for wg_vpn
# playbook to go from a "base configured" server to a wg vpn peer
- hosts: onprem
remote_user: josiah
gather_facts: True
vars:
source_os: arch
tasks:
- name: "generating config on relay server"
debug:
msg: "config on relay is starting"
verbosity: 1
- name: generate config on relay server
include: pretasks_debian.yml
become: yes
- name: "generating config on local mac"
debug:
msg: "config on mac is starting"
verbosity: 1
when: source_os == 'macos'
- name: generate config on local mac
include: pretasks_mac.yml
delegate_to: localhost
when: source_os == 'macos'
- name: "generating config on local arch"
debug:
msg: "config on arch is starting"
verbosity: 1
when: source_os == 'arch'
- name: generate config on local arch
include: pretasks_arch.yml
delegate_to: localhost
when: source_os == 'arch'
- name: generate config for IOS on local machine
include: pretasks_ios.yml
delegate_to: localhost
- name: "completing config on server"
debug:
msg: "config on relay is resuming"
verbosity: 1
- name: complete config, wg up on relay server
include: posttasks_debian.yml
become: yes
- name: complete config, wg up on local mac
include: posttasks_mac.yml
delegate_to: localhost
when: source_os == 'macos'
- name: "generating config on local arch"
debug:
msg: "config on arch is completing"
verbosity: 1
when: source_os == 'arch'
- name: complete config on local arch
include: posttasks_arch.yml
delegate_to: localhost
when: source_os == 'arch'
- name: "generating config for iOS"
debug:
msg: "config for IOS is completing"
verbosity: 1
- name: complete config for IOS on local machine
include: posttasks_ios.yml
delegate_to: localhost

19
deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml
Unescape View File

@ -1,19 +0,0 @@
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.2/32, fd86:ea04:1115::2/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0
delegate_to: localhost
become: yes
- name: (local) bring wg up on local
shell: wg-quick up wg0
delegate_to: localhost
become: yes
ignore_errors: True

19
deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml
Unescape View File

@ -1,19 +0,0 @@
- name: fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.1/24
Address = fd86:ea04:1115::1/64
ListenPort = 51820
SaveConfig = true
[Peer]
# name = pvl
PublicKey = {{ client_publickey.stdout }}
AllowedIPs = 10.200.219.19/32, fd86:ea04:1115::19/128
[Peer]
# name = matrix
PublicKey = {{ ios_publickey.stdout }}
AllowedIPs = 10.200.219.10/32, fd86:ea04:1115::10/128
- name: bring wg up on the relay node
shell: wg-quick up /etc/wireguard/wg0.conf

11
deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml
Unescape View File

@ -1,11 +0,0 @@
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: ~/wireguard/ios.conf
block: |
Address = 10.200.219.10/32, fd86:ea04:1115::10/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0, ::/0

15
deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml
Unescape View File

@ -1,15 +0,0 @@
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: ~/wireguard/wg0.conf
block: |
Address = 10.200.219.19/32, fd86:ea04:1115::19/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0, ::/0
# - name: (local) bring wg up on local
# shell: wg-quick up wg0

36
deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml
Unescape View File

@ -1,36 +0,0 @@
---
# tasks file for wg_vpn
# this is useful for running plays /from/ an arch machine that will join the wg net.
# install wg, generate keys, files on local machine
- name: (local) install wg (i use) arch (btw)
pacman:
update_cache: yes
name: wireguard-tools, wireguard-arch, wireguard-dkms
state: present
delegate_to: localhost
become: yes
# ansible has a hard time parsing the pacman files
# ignore errors once you verify shit is installed / patched.
ignore_errors: True
- name: (local) ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
delegate_to: localhost
- name: (local) Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
delegate_to: localhost
become: yes
- name: (local) register publickey for later use
shell: cat /etc/wireguard/publickey
register: client_publickey
delegate_to: localhost
become: yes

47
deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml
Unescape View File

@ -1,47 +0,0 @@
- name: add unstable to repos
shell: |
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
- name: Update aptitude
apt: update_cache=yes
- name: install wireguard
apt: name=wireguard state=latest
- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean))
# the kernel version is hard coded because this is what DO currently uses
# and that's what i use
apt: name=linux-headers-4.19.0-6-cloud-amd64
- name: install misc other things the internet says i need
apt: name=build-essential
- name: install misc other things the internet says i need
apt: name=dkms
- name: needed for handling dns requests
apt: name=openresolv
- name: enable kernel relay/forwarding
shell: |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE
- name: ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat /etc/wireguard/publickey
register: server_publickey
# do this to avoid idiot "hey you can't start, u already started!!!" erros.
# fucker.
- name: register publickey for later use
shell: wg-quick down /etc/wireguard/wg0.conf
ignore_errors: True

15
deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml
Unescape View File

@ -1,15 +0,0 @@
- name: make wg dir since macs are now weird about /etc/anything
file:
path: ~/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > ~/wireguard/ios.conf
wg genkey | tee -a ~/wireguard/ios.conf | wg pubkey > ~/wireguard/ios_publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat ~/wireguard/ios_publickey
register: ios_publickey

21
deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml
Unescape View File

@ -1,21 +0,0 @@
- name: Update brew
homebrew: update_homebrew=yes
- name: install wireguard
homebrew: name=wireguard-tools state=latest
- name: make wg dir since macs are now weird about /etc/anything
file:
path: ~/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > ~/wireguard/wg0.conf
wg genkey | tee -a ~/wireguard/wg0.conf | wg pubkey > ~/wireguard/publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat ~/wireguard/publickey
register: client_publickey

2
deployments/serverBuild/wg_vpn/tests/inventory
Unescape View File

@ -1,2 +0,0 @@
localhost

25
deployments/serverBuild/wg_vpn/tests/test.yml
Unescape View File

@ -1,25 +0,0 @@
---
- hosts: vpn
roles:
- wg_vpn
tasks:
- name: Verify remote wg node has wg running
shell: ping -c1 10.200.219.1
register: remote_result
- assert:
that:
- "'1 packets transmitted, 1 packets received' in remote_result.stdout"
- name: Verify remote wg node has wg running
shell: ping -c1 10.200.219.2
register: local_result
- assert:
that:
- "'1 packets transmitted, 1 packets received' in local_result.stdout"
- name: Verify that local node can talk to remote
shell: ping -c1 10.200.219.1
register: tunnel_result
- assert:
that:
- "'1 packets transmitted, 1 packets received' in tunnel_result.stdout"

2
deployments/serverBuild/wg_vpn/vars/main.yml
Unescape View File

@ -1,2 +0,0 @@
---
# vars file for wg_vpn

18
deployments/splunkDeployServers/deploy-SplunkModules.yml
Unescape View File

@ -1,18 +0,0 @@
- name: Copy splunk modules to corp deploy server
hosts: corp
# vars_files:
# - mojo-vars-vault.yml
remote_user: josiah_ledbetter
tasks:
- name: Copy item to remote server
copy:
# make sure the permissions of the file you are copying are readable by ansible user
src: /Users/josiah_ledbetter/Documents/projects/splunk/configs/filething/
# src must not end in "/" or it will only copy files inside dir instead of entire dir
dest: /opt/splunk/temp/
owner: splunk
group: splunk
# these below affect the entire task, and should not go under the command's indention level. This took WAY too longer to figure out.
become: "true"
become_method: sudo
become_user: root

8
deployments/splunkDeployServers/hosts-SplunkModules.yml
Unescape View File

@ -1,8 +0,0 @@
all:
children:
corp:
hosts:
AUS01GMSPLUNK01:
vdc:
hosts:
v1-cs-sec-splunk01:

53
deployments/winDeploy/deploy-WinWorkstation.ps1
Unescape View File

@ -1,53 +0,0 @@
# handle mass install of programs needed for new windows workstations
Import-Module .\deploy-WinWorkstation.psm1
$chocoPrograms = @(
"pwsh",
"git",
"vscode",
"emacs64",
"python2",
"python3",
"docker",
"slack",
"discord",
"keybase",
"spotify",
"1password",
"firefox",
"dropbox",
"conemu",
"virtualbox"
)
choco install $chocoPrograms -y
DisableAdvertisingID
DisableAppSuggestions
DisableBackgroundApps
DisableCortana
DisableDiagTrack
DisableFeedback
DisableLockScreenSpotlight
DisableMapUpdates
DisableOneDrive
DisableSmartScreen
DisableSMB1
DisableTelemetry
DisableWebSearch
DisableXboxFeatures
EnableRemoteDesktop
HideTaskbarPeopleIcon
InstallHyperV
InstallLinuxSubsystem
SetExplorerThisPC
SetP2PUpdateLocal
SetPhotoViewerAssociation
ShowKnownExtensions
ShowSmallTaskbarIcons
ShowTaskManagerDetails
ShowTrayIcons
UninstallMsftBloat
UninstallOneDrive
UninstallThirdPartyBloat
UninstallWindowsStore
UnpinStartMenuTiles

373
deployments/winDeploy/deploy-WinWorkstation.psm1
Unescape View File

@ -1,373 +0,0 @@
# cribbed from https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
Function DisableTelemetry {
Write-Host "Disabling Telemetry..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Application Experience\ProgramDataUpdater" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Autochk\Proxy" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" | Out-Null
}
Function DisableSmartScreen {
Write-Host "Disabling SmartScreen Filter..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off"
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0
$edge = (Get-AppxPackage -AllUsers "Microsoft.MicrosoftEdge").PackageFamilyName
If (!(Test-Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter")) {
New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$edge\MicrosoftEdge\PhishingFilter" -Name "PreventOverride" -Type DWord -Value 0
}
Function DisableWebSearch {
Write-Host "Disabling Bing Search in Start Menu..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "DisableWebSearch" -Type DWord -Value 1
}
Function DisableAppSuggestions {
Write-Host "Disabling Application suggestions..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "ContentDeliveryAllowed" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "OemPreInstalledAppsEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "PreInstalledAppsEverEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SilentInstalledAppsEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338389Enabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338388Enabled" -Type DWord -Value 0
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Type DWord -Value 1
}
Function DisableBackgroundApps {
Write-Host "Disabling Background application access..."
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" -Exclude "Microsoft.Windows.Cortana*" | ForEach {
Set-ItemProperty -Path $_.PsPath -Name "Disabled" -Type DWord -Value 1
Set-ItemProperty -Path $_.PsPath -Name "DisabledByUser" -Type DWord -Value 1
}
}
Function DisableLockScreenSpotlight {
Write-Host "Disabling Lock screen spotlight..."
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "RotatingLockScreenOverlayEnabled" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SubscribedContent-338387Enabled" -Type DWord -Value 0
}
Function DisableMapUpdates {
Write-Host "Disabling automatic Maps updates..."
Set-ItemProperty -Path "HKLM:\SYSTEM\Maps" -Name "AutoUpdateEnabled" -Type DWord -Value 0
}
Function DisableFeedback {
Write-Host "Disabling Feedback..."
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClient" -ErrorAction SilentlyContinue | Out-Null
Disable-ScheduledTask -TaskName "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" -ErrorAction SilentlyContinue | Out-Null
}
Function DisableAdvertisingID {
Write-Host "Disabling Advertising ID..."
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" -Name "TailoredExperiencesWithDiagnosticDataEnabled" -Type DWord -Value 0
}
Function DisableCortana {
Write-Host "Disabling Cortana..."
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -Type DWord -Value 0
}
Function EnableCortana {
Write-Host "Enabling Cortana..."
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -ErrorAction SilentlyContinue
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" -Name "AllowCortana" -ErrorAction SilentlyContinue
}
Function SetP2PUpdateLocal {
Write-Host "Restricting Windows Update P2P only to local network..."
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) {
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3
}
Function SetP2PUpdateInternet {
Write-Host "Unrestricting Windows Update P2P to internet..."
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -ErrorAction SilentlyContinue
}
Function DisableDiagTrack {
Write-Host "Stopping and disabling Diagnostics Tracking Service..."
Stop-Service "DiagTrack" -WarningAction SilentlyContinue
Set-Service "DiagTrack" -StartupType Disabled
}
Function DisableSMB1 {
Write-Host "Disabling SMB 1.0 protocol..."
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
}
Function EnableRemoteDesktop {
Write-Host "Enabling Remote Desktop w/o Network Level Authentication..."
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
}
Function ShowTaskManagerDetails {
Write-Host "Showing task manager details..."
If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager")) {
New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Force | Out-Null
}
$preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
If (!($preferences)) {
$taskmgr = Start-Process -WindowStyle Hidden -FilePath taskmgr.exe -PassThru
While (!($preferences)) {
Start-Sleep -m 250
$preferences = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -ErrorAction SilentlyContinue
}
Stop-Process $taskmgr
}
$preferences.Preferences[28] = 0
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\TaskManager" -Name "Preferences" -Type Binary -Value $preferences.Preferences
}
# Show small icons in taskbar
Function ShowSmallTaskbarIcons {
Write-Host "Showing small icons in taskbar..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1
}
Function HideTaskbarPeopleIcon {
Write-Host "Hiding People icon..."
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
}
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
}
Function ShowTrayIcons {
Write-Host "Showing all tray icons..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0
}
Function ShowKnownExtensions {
Write-Host "Showing known file extensions..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0
}
Function SetExplorerThisPC {
Write-Host "Changing default Explorer view to This PC..."
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1
}
Function DisableOneDrive {
Write-Host "Disabling OneDrive..."
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1
}
Function UninstallOneDrive {
Write-Host "Uninstalling OneDrive..."
Stop-Process -Name OneDrive -ErrorAction SilentlyContinue
Start-Sleep -s 3
$onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe"
If (!(Test-Path $onedrive)) {
$onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe"
}
Start-Process $onedrive "/uninstall" -NoNewWindow -Wait
Start-Sleep -s 3
Stop-Process -Name explorer -ErrorAction SilentlyContinue
Start-Sleep -s 3
Remove-Item -Path "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
Remove-Item -Path "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue
Remove-Item -Path "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue
If (!(Test-Path "HKCR:")) {
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
}
Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue
}
Function UninstallMsftBloat {
Write-Host "Uninstalling default Microsoft applications..."
Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage
Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage
Get-AppxPackage "Microsoft.People" | Remove-AppxPackage
Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage
Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage
Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage
Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage
Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage
Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage
Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage
Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MinecraftUWP" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MicrosoftPowerBIForWindows" | Remove-AppxPackage
Get-AppxPackage "Microsoft.NetworkSpeedTest" | Remove-AppxPackage
Get-AppxPackage "Microsoft.MSPaint" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Microsoft3DViewer" | Remove-AppxPackage
Get-AppxPackage "Microsoft.RemoteDesktop" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Print3D" | Remove-AppxPackage
}
function UninstallThirdPartyBloat {
Write-Host "Uninstalling default third party applications..."
Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage
Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage
Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage
Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage
Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage
Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage
Get-AppxPackage "flaregamesGmbH.RoyalRevolt2" | Remove-AppxPackage
Get-AppxPackage "AdobeSystemsIncorporated.AdobePhotoshopExpress" | Remove-AppxPackage
Get-AppxPackage "ActiproSoftwareLLC.562882FEEB491" | Remove-AppxPackage
Get-AppxPackage "D5EA27B7.Duolingo-LearnLanguagesforFree" | Remove-AppxPackage
Get-AppxPackage "Facebook.Facebook" | Remove-AppxPackage
Get-AppxPackage "46928bounde.EclipseManager" | Remove-AppxPackage
Get-AppxPackage "A278AB0D.MarchofEmpires" | Remove-AppxPackage
Get-AppxPackage "KeeperSecurityInc.Keeper" | Remove-AppxPackage
Get-AppxPackage "king.com.BubbleWitch3Saga" | Remove-AppxPackage
Get-AppxPackage "89006A2E.AutodeskSketchBook" | Remove-AppxPackage
Get-AppxPackage "CAF9E577.Plex" | Remove-AppxPackage
Get-AppxPackage "A278AB0D.DisneyMagicKingdoms" | Remove-AppxPackage
Get-AppxPackage "828B5831.HiddenCityMysteryofShadows" | Remove-AppxPackage
Get-AppxPackage "WinZipComputing.WinZipUniversal" | Remove-AppxPackage
Get-AppxPackage "SpotifyAB.SpotifyMusic" | Remove-AppxPackage
Get-AppxPackage "PandoraMediaInc.29680B314EFC2" | Remove-AppxPackage
Get-AppxPackage "2414FC7A.Viber" | Remove-AppxPackage
Get-AppxPackage "64885BlueEdge.OneCalendar" | Remove-AppxPackage
Get-AppxPackage "41038Axilesoft.ACGMediaPlayer" | Remove-AppxPackage
}
Function UninstallWindowsStore {
Write-Host "Uninstalling Windows Store..."
Get-AppxPackage "Microsoft.DesktopAppInstaller" | Remove-AppxPackage
Get-AppxPackage "Microsoft.WindowsStore" | Remove-AppxPackage
}
Function InstallWindowsStore {
Write-Host "Installing Windows Store..."
Get-AppxPackage -AllUsers "Microsoft.DesktopAppInstaller" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Get-AppxPackage -AllUsers "Microsoft.WindowsStore" | ForEach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
}
Function DisableXboxFeatures {
Write-Host "Disabling Xbox features..."
Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxIdentityProvider" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxSpeechToTextOverlay" | Remove-AppxPackage
Get-AppxPackage "Microsoft.XboxGameOverlay" | Remove-AppxPackage
Get-AppxPackage "Microsoft.Xbox.TCUI" | Remove-AppxPackage
Set-ItemProperty -Path "HKCU:\System\GameConfigStore" -Name "GameDVR_Enabled" -Type DWord -Value 0
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0
}
Function InstallLinuxSubsystem {
Write-Host "Installing Linux Subsystem..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowDevelopmentWithoutDevLicense" -Type DWord -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name "AllowAllTrustedApps" -Type DWord -Value 1
Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart -WarningAction SilentlyContinue | Out-Null
}
Function InstallHyperV {
Write-Host "Installing Hyper-V..."
If ((Get-WmiObject -Class "Win32_OperatingSystem").Caption -like "*Server*") {
Install-WindowsFeature -Name "Hyper-V" -IncludeManagementTools -WarningAction SilentlyContinue | Out-Null
} Else {
Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V-All" -NoRestart -WarningAction SilentlyContinue | Out-Null
}
}
Function SetPhotoViewerAssociation {
Write-Host "Setting Photo Viewer association for bmp, gif, jpg, png and tif..."
If (!(Test-Path "HKCR:")) {
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
}
ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) {
New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null
New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null
Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043"
Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1"
}
}
# Unpin all Start Menu tiles - Not applicable to Server - Note: This function has no counterpart. You have to pin the tiles back manually.
Function UnpinStartMenuTiles {
Write-Host "Unpinning all Start Menu tiles..."
Get-ChildItem -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount" -Include "*.group" -Recurse | ForEach-Object {
$data = (Get-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data").Data -Join ","
$data = $data.Substring(0, $data.IndexOf(",0,202,30") + 9) + ",0,202,80,0,0"
Set-ItemProperty -Path "$($_.PsPath)\Current" -Name "Data" -Type Binary -Value $data.Split(",")
}
}

16
deployments/zncServer/hosts.yml
Unescape View File

@ -1,16 +0,0 @@
all:
children:
dockerhosts:
hosts:
monitoring.awful.club:
vars:
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q ansible@ssh.awful.club"'
macs:
hosts:
hydra-ling:
windows:
hosts:
lurker-ling:
linux:
hosts:
ling-bane:

31
deployments/zncServer/znc.yml
Unescape View File

@ -1,31 +0,0 @@
- name: deploy znc server
hosts: dockerhosts
remote_user: josiah
tasks:
- name: update or create the directory
shell: cd /home/josiah/znc-docker/ && git pull
register: result
ignore_errors: True
# if the folder doesn't exist, clone source.
- command: cd /home/josiah && git clone https://github.com/jowj/znc-docker.git
when: result is failed
- name: build from latest version
shell: cd ~/znc-docker/full && docker build -t znc -f Dockerfile .
- name: Check if there are any existing ZNC containers running and kill it
shell: docker ps | grep 'znc' | awk '{print $1}'
register: result
- name: if there are running containers, remove them
shell: docker ps | grep 'znc' | awk '{print $1}' | xargs docker kill
when: result.stdout != ""
- name: discover if any containers with ZNC in name
# this has to be a shell because command: isn't interactive
shell: docker container ls | grep 'znc'
register: result
ignore_errors: True
- name: remove any existing containers with ZNC in name
shell: docker container rm znc
when: result is succeeded
- name: run the container (assumes the volume is already set up)
command: docker run -d -p 5000:5000 --mount type="bind",source="/mnt/volume_sfo2_znc/",target=/znc-data znc
Write Preview
Loading…
Cancel
Save