From fc5568515103f923d862a5a530a25c6a5eedecff Mon Sep 17 00:00:00 2001 From: ATAO Date: Thu, 1 Feb 2024 21:45:05 +0100 Subject: [PATCH] improve playbook --- README.md | 24 ++++++++++------ ansible.cfg.sample => ansible.cfg | 2 -- playbook.yml | 9 +++--- roles/container/tasks/main.yml | 12 ++++++-- roles/display/tasks/main.yml | 8 ++---- roles/docker/tasks/main.yml | 47 +++++++++++++++++-------------- roles/docker/vars/main.yml | 7 ----- roles/jackit/tasks/main.yml | 11 ++------ roles/multitor/tasks/main.yml | 36 ++++++++--------------- roles/multitor/vars/main.yml | 4 +-- roles/rfid/tasks/main.yml | 31 ++++++++++---------- roles/standard/tasks/main.yml | 8 ++---- roles/standard/vars/main.yml | 5 +--- roles/web/tasks/main.yml | 19 +++++++++++++ roles/web/vars/main.yml | 3 ++ roles/wifi/tasks/main.yml | 1 + 16 files changed, 116 insertions(+), 111 deletions(-) rename ansible.cfg.sample => ansible.cfg (95%) create mode 100644 roles/web/tasks/main.yml create mode 100644 roles/web/vars/main.yml diff --git a/README.md b/README.md index 6a9be39..d0ebbda 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Before run command you must setup your Pi with [Raspberry Pi Imager](https://www Next run command : ``` - curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- all +curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- all ``` ## Ansible @@ -23,27 +23,33 @@ To setup run the following command : ``` git clone https://github.com/atao/raspberrypi-setup.git cd raspberrypi-setup -ansible-playbook playbook.yml -i hosts --ask-become-pass --tags all +ansible-playbook playbook.yml -i hosts --tags all --ask-become-pass ``` ## Roles You can choose what you want to install with tags : -- **setup** install standard packages +- **standard** install [standard packages](roles/standard/vars/main.yml) - **jackit** install [jackit](https://github.com/insecurityofthings/jackit) for exploit code for Mousejack -- **multitor** install a proxy with multiple TOR instances with load-balancing ([trimstray/multitor](https://github.com/trimstray/multitor)) -- [Know issues](https://github.com/atao/raspberrypi-setup/blob/main/roles/multitor/README.md) +- **multitor** install a proxy with multiple TOR instances with load-balancing ([trimstray/multitor](https://github.com/trimstray/multitor)) -- [Known issues](https://github.com/atao/raspberrypi-setup/blob/main/roles/multitor/README.md) - **rfid** install RFID tools ([libnfc](https://github.com/nfc-tools/libnfc), [mfoc](https://github.com/nfc-tools/mfoc), [mfcuk](https://github.com/nfc-tools/mfcuk)) and keys from [MifareClassicTool](https://github.com/ikarus23/MifareClassicTool/tree/master/Mifare%20Classic%20Tool/app/src/main/assets/key-files) - **wifi** install Wifi and GPS tools for wardriving -- **display** configure my display with [LCD-show](https://github.com/goodtft/LCD-show) - **docker** install Docker -- **container** some containers ([portainer/portainer-ce](https://hub.docker.com/r/portainer/portainer-ce), [jlesage/jdownloader-2](https://github.com/jlesage/docker-jdownloader-2)) +- **web** install nginx and certbot +- **display** configure my display with [LCD-show](https://github.com/goodtft/LCD-show) _You will need to modify [this file](roles/display/tasks/main.yml) to configure the correct display._ -For Examples you can install only : +Containers : +- **jd2** docker container for JDownloader 2 [jlesage/jdownloader-2](https://github.com/jlesage/docker-jdownloader-2) +- **portainer** Portainer CE - a lightweight service delivery platform for containerized applications [portainer/portainer-ce](https://hub.docker.com/r/portainer/portainer-ce) + + +## Examples +Install only standard, multitor, rfid, docker, web : ``` - curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- setup,multitor,rfid,docker +curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- standard,multitor,rfid,docker,web ``` ## Debug @@ -61,4 +67,4 @@ sudo apt install curl ``` -- -Inspired from [nico2che / mac-setup](https://github.com/nico2che/mac-setup) +Inspired from [geerlingguy / mac-dev-playbook](https://github.com/geerlingguy/mac-dev-playbook) and [nico2che / mac-setup](https://github.com/nico2che/mac-setup) diff --git a/ansible.cfg.sample b/ansible.cfg similarity index 95% rename from ansible.cfg.sample rename to ansible.cfg index 3f0c12b..547f77d 100644 --- a/ansible.cfg.sample +++ b/ansible.cfg @@ -2,8 +2,6 @@ [defaults] -remote_user = pi - # path to install and search for roles in : roles_path = ./ansible_galaxy_roles diff --git a/playbook.yml b/playbook.yml index e4e3b16..1e3d521 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,11 +1,11 @@ - name: RaspberryPi-Setup hosts: RaspberryPi - gather_facts: false + gather_facts: true become: true - become_user: root + become_user: atao roles: - role: standard - tags: ['setup'] + tags: ['standard'] - role: docker tags: ['docker'] - role: multitor @@ -19,4 +19,5 @@ - role: display tags: ['display', 'never'] - role: container - tags: ['docker', 'container'] + - role: web + tags: ['web'] diff --git a/roles/container/tasks/main.yml b/roles/container/tasks/main.yml index 8493dad..1e70abb 100644 --- a/roles/container/tasks/main.yml +++ b/roles/container/tasks/main.yml @@ -1,10 +1,12 @@ - name: Container portainer/portainer-ce:latest + become: true + become_user: root block: - - name: Create a volume + - name: Create a volume portainer_data become: true community.docker.docker_volume: name: portainer_data - - name: Create container + - name: Create container portainer-ce community.docker.docker_container: name: portainer image: portainer/portainer-ce @@ -19,8 +21,11 @@ volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data + tags: portainer - name: Container jlesage/jdownloader-2 + become: true + become_user: root community.docker.docker_container: name: jdownloader-2 image: jlesage/jdownloader-2 @@ -32,7 +37,8 @@ ports: - "5800:5800" volumes: - - /home/{{ lookup('env', 'USER') }}/jdownloader:/config + - "{{ ansible_facts['env']['HOME'] }}/jdownloader:/config" - /mnt:/output env: "JDOWNLOADER_HEADLESS": "1" + tags: jd2 \ No newline at end of file diff --git a/roles/display/tasks/main.yml b/roles/display/tasks/main.yml index c15e4ac..ba54310 100644 --- a/roles/display/tasks/main.yml +++ b/roles/display/tasks/main.yml @@ -1,15 +1,13 @@ - name: Git clone LCD-show - become: true - become_user: root ansible.builtin.git: repo: https://github.com/goodtft/LCD-show.git - dest: /home/{{ lookup('env', 'USER') }}/LCD-show + dest: "{{{ ansible_facts['env']['HOME'] }}}/LCD-show" clone: true - name: Change rights on LCD-show ansible.builtin.command: chmod -R 755 LCD-show args: - chdir: /home/{{ lookup('env', 'USER') }}/ + chdir: "{{ ansible_facts['env']['HOME'] }}" - name: Run script to configure screen ansible.builtin.command: sudo ./LCD7B-show args: - chdir: /home/{{ lookup('env', 'USER') }}/LCD-show + chdir: "{{ ansible_facts['env']['HOME'] }}/LCD-show" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e681651..456a885 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -3,33 +3,38 @@ name: "{{ old_packages }}" state: absent -- name: Install the Docker packages +- name: Install Docker packages become: true + become_user: root ansible.builtin.apt: name: "{{ apt_packages }}" update_cache: true -- name: Add folder keyrings - ansible.builtin.command: sudo install -m 0755 -d /etc/apt/keyrings +- name: check install script exists + ansible.builtin.stat: + path: get-docker.sh + register: stat_result -- name: Add gpg key for Docker repository - ansible.builtin.command: >- - curl -fsSL https://download.docker.com/linux/debian/gpg | - sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg +- name: Download docker install script + ansible.builtin.get_url: + url: https://get.docker.com + dest: get-docker.sh + when: stat_result.stat.exists -- name: Set rights key file - ansible.builtin.command: sudo chmod a+r /etc/apt/keyrings/docker.gpg +- name: Run install script + ansible.builtin.command: + argv: + - sh + - get-docker.sh + when: stat_result.stat.exists -- name: Add Docker repository - ansible.builtin.command: >- - echo "deb [arch="$(dpkg --print-architecture)" - signed-by=/etc/apt/keyrings/docker.gpg] - https://download.docker.com/linux/debian - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +- name: Verify docker installation + command: docker -v + register: docker_version +- debug: + var: docker_version.stdout_lines -- name: Install the Docker packages - become: true - ansible.builtin.apt: - name: "{{ docker_packages }}" - update_cache: true +- name: Remove script + file: + path: get-docker.sh + state: absent \ No newline at end of file diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 25328dd..728b126 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -3,13 +3,6 @@ apt_packages: - curl - gnupg -docker_packages: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - old_packages: - docker.io - docker-doc diff --git a/roles/jackit/tasks/main.yml b/roles/jackit/tasks/main.yml index b8e2801..513a6d5 100644 --- a/roles/jackit/tasks/main.yml +++ b/roles/jackit/tasks/main.yml @@ -1,21 +1,16 @@ - name: Git clone jackit - become: true - become_user: root ansible.builtin.git: repo: https://github.com/insecurityofthings/jackit.git - dest: /home/{{ lookup('env', 'USER') }}/jackit + dest: "{{ ansible_facts['env']['HOME'] }}/jackit" clone: true - name: Install requirements become: true become_user: root ansible.builtin.pip: - requirements: /home/{{ lookup('env', 'USER') }}/jackit/requirements.txt - executable: pip3 + requirements: "{{ ansible_facts['env']['HOME'] }}/jackit/requirements.txt" - name: Install jackit - become: true - become_user: root ansible.builtin.command: python3 setup.py install args: - chdir: /home/{{ lookup('env', 'USER') }}/jackit/ + chdir: "{{ ansible_facts['env']['HOME'] }}/jackit" \ No newline at end of file diff --git a/roles/multitor/tasks/main.yml b/roles/multitor/tasks/main.yml index a5ced2d..23c7e97 100644 --- a/roles/multitor/tasks/main.yml +++ b/roles/multitor/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: Installation requirements become: true + become_user: root ansible.builtin.apt: name: "{{ apt_packages }}" update_cache: true @@ -8,61 +9,48 @@ - name: Git clone Polipo ansible.builtin.git: repo: https://github.com/jech/polipo.git - dest: "{{ repo_polipo }}" + dest: "{{ ansible_facts['env']['HOME'] }}/polipo" clone: true - name: Build Polipo ansible.builtin.command: make args: - chdir: "{{ repo_polipo }}" - -- name: Add Polipo to PATH - ansible.builtin.copy: - src: "{{ repo_polipo }}/polipo" - dest: /usr/bin/polipo - mode: '755' - force: true - remote_src: true + chdir: "{{ ansible_facts['env']['HOME'] }}/polipo" - name: Remove Polipo Git folder file: - path: "{{ repo_polipo }}" + path: "{{ ansible_facts['env']['HOME'] }}/polipo" state: absent - name: Install hpts from npm - become: true community.general.npm: name: http-proxy-to-socks global: true - name: Git clone multitor - become: true ansible.builtin.git: repo: https://github.com/trimstray/multitor.git - dest: "/home/{{ lookup('env', 'USER') }}/multitor" + dest: "{{ ansible_facts['env']['HOME'] }}/multitor" clone: true - name: Setup multitor - become: true ansible.builtin.command: >- - /home/{{ lookup('env', 'USER') }}/multitor/setup.sh install + {{ ansible_facts['env']['HOME'] }}/multitor/setup.sh install - name: Send file - check_multitor.py - become: true ansible.builtin.copy: src: scripts/check_multitor.py - dest: /home/{{ lookup('env', 'USER') }}/check_multitor.py + dest: "{{ ansible_facts['env']['HOME'] }}/check_multitor.py" mode: '755' force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" - name: Send file - run_multitor.sh - become: true ansible.builtin.copy: src: scripts/run_multitor.sh - dest: /home/{{ lookup('env', 'USER') }}/run_multitor.sh + dest: "{{ ansible_facts['env']['HOME'] }}/run_multitor.sh" mode: '755' force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" diff --git a/roles/multitor/vars/main.yml b/roles/multitor/vars/main.yml index 74397d2..0b6c0bf 100644 --- a/roles/multitor/vars/main.yml +++ b/roles/multitor/vars/main.yml @@ -5,6 +5,4 @@ apt_packages: - tor - privoxy - haproxy - - netcat - -repo_polipo: "$PWD/polipo" + - netcat-openbsd diff --git a/roles/rfid/tasks/main.yml b/roles/rfid/tasks/main.yml index e10c299..944cae9 100644 --- a/roles/rfid/tasks/main.yml +++ b/roles/rfid/tasks/main.yml @@ -1,5 +1,6 @@ - name: Packages installation become: true + become_user: root ansible.builtin.apt: name: "{{ apt_packages }}" update_cache: true @@ -8,48 +9,48 @@ ansible.builtin.get_url: url: "https://raw.githubusercontent.com/ikarus23/MifareClassicTool/master/\ Mifare%20Classic%20Tool/app/src/main/assets/key-files/std.keys" - dest: /home/{{ lookup('env', 'USER') }}/std.keys + dest: "{{ ansible_facts['env']['HOME'] }}/std.keys" force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" mode: '644' - name: Download extended-std.keys from MifareClassicTool ansible.builtin.get_url: url: "https://raw.githubusercontent.com/ikarus23/MifareClassicTool/master/\ Mifare%20Classic%20Tool/app/src/main/assets/key-files/extended-std.keys" - dest: /home/{{ lookup('env', 'USER') }}/extended-std.keys + dest: "{{ ansible_facts['env']['HOME'] }}/extended-std.keys" force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" mode: '644' - name: Download mct2dmp from bm-mifare-classic ansible.builtin.get_url: url: "https://github.com/blogmotion/bm-mifare-classic/raw/master/\ conversion/mct2dmp%20-%20bash%20version/mct2dmp.sh" - dest: /home/{{ lookup('env', 'USER') }}/mct2dmp.sh + dest: "{{ ansible_facts['env']['HOME'] }}/mct2dmp.sh" force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" mode: '644' - name: Download 4B_Converter from ClassicConverter ansible.builtin.get_url: url: "https://raw.githubusercontent.com/equipter/ClassicConverter/\ main/4B_Converter.py" - dest: /home/{{ lookup('env', 'USER') }}/4B_Converter.py + dest: "{{ ansible_facts['env']['HOME'] }}/4B_Converter.py" force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" mode: '644' - name: Download 7B_Converter from ClassicConverter ansible.builtin.get_url: url: "https://raw.githubusercontent.com/equipter/ClassicConverter/\ main/7B_Converter.py" - dest: /home/{{ lookup('env', 'USER') }}/7B_Converter.py + dest: "{{ ansible_facts['env']['HOME'] }}/7B_Converter.py" force: true - owner: "{{ lookup('env', 'USER') }}" - group: "{{ lookup('env', 'USER') }}" + owner: "{{ ansible_facts['env']['LOGNAME'] }}" + group: "{{ ansible_facts['env']['LOGNAME'] }}" mode: '644' diff --git a/roles/standard/tasks/main.yml b/roles/standard/tasks/main.yml index b9f2c89..c1ed890 100644 --- a/roles/standard/tasks/main.yml +++ b/roles/standard/tasks/main.yml @@ -1,18 +1,14 @@ - name: Packages installation become: true + become_user: root ansible.builtin.apt: name: "{{ apt_packages }}" update_cache: true autoremove: true -- name: Install python 3 packages - ansible.builtin.pip: - name: "{{ pip_packages }}" - executable: pip3 - - name: Vim config file ansible.builtin.copy: - dest: "/home/{{ lookup('env', 'USER') }}/.vimrc" + dest: "{{ ansible_facts['env']['HOME'] }}/.vimrc" content: | set mouse-=a set paste diff --git a/roles/standard/vars/main.yml b/roles/standard/vars/main.yml index 013456a..1b906d1 100644 --- a/roles/standard/vars/main.yml +++ b/roles/standard/vars/main.yml @@ -16,7 +16,4 @@ apt_packages: - youtube-dl - dnsutils - traceroute - -pip_packages: - - requests - - lxml + - ansible-lint diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml new file mode 100644 index 0000000..05c6119 --- /dev/null +++ b/roles/web/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Packages installation + become: true + become_user: root + ansible.builtin.apt: + name: "{{ apt_packages }}" + update_cache: true + autoremove: true + +- name: Install certbot + community.general.snap: + name: certbot + classic: true + +- name: Link certbot + ansible.builtin.file: + src: /snap/bin/certbot + dest: /usr/bin/certbot + state: link + force: true diff --git a/roles/web/vars/main.yml b/roles/web/vars/main.yml new file mode 100644 index 0000000..734c378 --- /dev/null +++ b/roles/web/vars/main.yml @@ -0,0 +1,3 @@ +apt_packages: + - nginx + - snapd diff --git a/roles/wifi/tasks/main.yml b/roles/wifi/tasks/main.yml index eb40777..89a3e8d 100644 --- a/roles/wifi/tasks/main.yml +++ b/roles/wifi/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: Packages installation become: true + become_user: root ansible.builtin.apt: name: "{{ apt_packages }}" update_cache: true