fix: jinja2 syntax

.gitignore

@@ -0,0 +1,27 @@
+# Created by https://www.toptal.com/developers/gitignore/api/ansible,visualstudiocode
+# Edit at https://www.toptal.com/developers/gitignore?templates=ansible,visualstudiocode
+
+### Ansible ###
+*.retry
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+# End of https://www.toptal.com/developers/gitignore/api/ansible,visualstudiocode
+

ansible.cfg

@@ -1,5 +1,15 @@
 [defaults]
-inventory = hosts
+# hosts file path
+inventory = hosts 
+# number of hosts executed in parallel
+forks = 20 
+# show execution time
+callbacks_enabled = timer, profile_tasks, profile_roles 
+# reduce number of parallel ssh connections to one host
+pipelining = True 
+interpreter_python = auto_silent
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=40s
 # (boolean) By default Ansible will issue a warning when received from a task action (module or action plugin)
 # These warnings can be silenced by adjusting this setting to False.
 ;action_warnings=True

hosts

@@ -1,23 +1,27 @@
 [desktop]
+# dont put localhost here, ansible will attempt to connect via ssh
 
 [headless]
-server[1:7]_oracle
+server[1:4]
 
-[oracleServer]
-server[1:7]_oracle
+[oracle]
+server[1:4]
 
 [home]
 
-[ubuntu]
-server[1:7]_oracle
+[debian]
+server[1:4]
+jojo
 
 [arm64]
-server[2:6:2]_oracle
-server7_oracle
+server2
+server4
 
 [amd64]
-server[1:5:2]_oracle
+server1
+server3
+jojo
 
 [prod]
-server1_oracle
-server2_oracle
+jojo
+server4

install_dockerCompose.yml

@@ -8,6 +8,6 @@
       include_role:
         name: force_limitArg
 
-    - name: Reboot if required
+    - name: Install Docker Compose
       include_role:
         name: install_dockerCompose

install_dotfiles.yml

@@ -0,0 +1,8 @@
+---
+- name: Install dotfiles on target
+  hosts: 'kali'
+
+  tasks:
+    - name: Install dotfiles
+      include_role:
+        name: install_dotfiles

local.yml

@@ -1,12 +0,0 @@
----
-- hosts: localhost
-  tags: 
-  become: 
-  pre_tasks:
-
-
-
-- hosts:
-  tags:
-  become:
-  roles:

package_upgrade.yml

@@ -1,10 +1,9 @@
 ---
-- name: update apt-cache and upgrade
-  hosts: oracleServer
+- name: Update apt-cache and upgrade
+  hosts: all
   tasks:
-    - name: upgrade packages
+    - name: Upgrade packages
       become: true
-      package:
-          update_cache: yes
-          upgrade: 'yes'
-
+      ansible.builtin.package:
+        update_cache: true
+        upgrade: true

requirements.yml

@@ -0,0 +1,17 @@
+---
+roles:
+  - name: jan_matthis.git_dotfiles
+  - name: geerlingguy.docker
+    version: "6.1.0"
+  - name: geerlingguy.git
+    version: "3.1.0"
+  - name: geerlingguy.pip
+    version: "2.2.0"
+  - name: geerlingguy.nginx
+    version: "3.1.4"
+      
+collections:
+  - name: oracle.oci
+    version: "4.18.0"
+  - name: community.docker
+    version: "3.4.3"

roles/install_dockerCompose/tasks/main.yml

@@ -7,7 +7,7 @@
       - gnupg
       - lsb-release
     state: latest
-    update_cache: yes
+    update_cache: true
 
 - name: Add Docker GPG Key
   become: true
@@ -19,13 +19,13 @@
 - name: Add Docker Repository
   become: true
   apt_repository:
-    repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable"
+    repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ release_branch_docker }}"
     state: present
 
 - name: Install Docker packages
   become: true
   apt: 
-    update_cache: yes
+    update_cache: true
     pkg:
       - docker-ce
       - docker-ce-cli
@@ -39,9 +39,9 @@
     name: "{{ ansible_user_id }}"
     groups: 
       - docker
-    append: yes
+    append: true
 
 - name: Create docker folder in home directory
   file:
-    path: "{{ansible_user_dir}}/docker"
+    path: "{{ ansible_user_dir }}/docker"
     state: directory

roles/install_dotfiles/defaults/main.yml

@@ -0,0 +1,22 @@
+# The git source of your dotfiles. Will be cloned as a bare repository.
+# Make sure you have set up git correctly before using.
+dotfiles_repo_source: "https://github.com/eneller/.dotfiles.git"
+
+# can be branch name or commit hash, used for ansible.builtin.git version
+dotfiles_repo_version: "headless"
+
+# Will become the parent-directory of your dotfiles 
+dotfiles_dest: "{{ ansible_user_dir }}" 
+
+# The folder name to use for the bare repository
+dotfiles_git_dir: "{{ ansible_user_dir}}/.dotfiles"
+
+# Decide whether to back up already existing dotfiles that would conflict with your repo.
+# Will overwrite them if false
+dotfiles_do_backup: true
+
+# Uses a temporary directory to run git ls-files if {{ dotfiles_do_backup }} is true
+dotfiles_tmp_dir: "/tmp/dotfiles"
+
+# An alias to access the bare repo for internal use
+dotfiles_alias: "git --git-dir={{ dotfiles_git_dir }} --work-tree={{ dotfiles_dest }}"

roles/install_dotfiles/tasks/main.yml

@@ -0,0 +1,54 @@
+- name: Check for existing dotfiles repository
+  ansible.builtin.stat:
+    path: "{{ dotfiles_git_dir }}/HEAD"
+  register: dotfiles_repo_head
+  changed_when: false # this never applies changes
+  when: dotfiles_do_backup
+
+- name: Clone into /tmp
+  ansible.builtin.git:
+    dest: "{{ dotfiles_tmp_dir }}"
+    repo: "{{ dotfiles_repo_source }}"
+    version: "{{ dotfiles_repo_version }}"
+  when: not dotfiles_repo_head.stat.exists
+
+
+- name: Get list of dotfiles
+  ansible.builtin.command:
+    chdir: "{{ dotfiles_tmp_dir }}"
+    cmd: git ls-files
+  register: dotfiles_lsfiles # needs to be used with .stdout_lines for iteratio
+  when: not dotfiles_repo_head.stat.exists
+
+- name: Back up dotfiles that would be overwritten by checkout
+  ansible.builtin.command:
+    cmd: "mv {{ dotfiles_dest }}/{{ item }} {{ dotfiles_dest }}/{{ item }}.bak"
+  args:
+    creates: "{{ dotfiles_dest }}/{{ item }}.bak"
+    removes: "{{ dotfiles_dest }}/{{ item }}"
+  with_items: "{{ dotfiles_lsfiles.stdout_lines }}"
+  when: not dotfiles_repo_head.stat.exists
+
+- name: Initialize dotfiles repository in user home
+  ansible.builtin.git:
+    bare: true
+    update: true
+    force: true # this is okay here because we backed up already existing files
+    dest: "{{ dotfiles_git_dir }}"
+    repo: "{{ dotfiles_repo_source }}"
+    version: "{{ dotfiles_repo_version }}"
+
+# TODO improve these cmd tasks, i dont really know how though
+# i dont know why this checkout is necessary, was expecting the previous task to do this
+- name: Configure git repository
+  ansible.builtin.command:
+    cmd: |
+      {{ dotfiles_alias }}
+      checkout {{ dotfiles_repo_version }}
+      --force
+
+- name: Configure git repository
+  ansible.builtin.command:
+    cmd: |
+      {{ dotfiles_alias }}
+      config status.showUntrackedFiles no

ssh_addKey.yml

@@ -0,0 +1,21 @@
+---
+# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
+- name: add ssh key
+  strategy: free # dont wait for other hosts when executing
+  hosts: all
+  vars_prompt:
+    - name: ssh_key_path
+      prompt: enter the path to the ssh key to add
+      private: false
+  tasks:
+
+    - name: Add ssh key
+      become: true
+      async: 120 # Maximum execution time
+      poll: 05 # polling interval in seconds
+      ansible.posix.authorized_key:
+        user: "{{ ansible_user_id }}"
+        exclusive: false
+        state: present
+        key: "{{ lookup('file', ssh_key_path) }}"
+

ssh_updateKey.yml

@@ -1,13 +1,44 @@
 ---
 # https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
-- name: update apt-cache and upgrade
-  hosts: oracleServer
+- name: Update ssh key and login permissions
+  strategy: free # dont wait for other hosts when executing
+  hosts: all
+  vars_prompt:
+    - name: ssh_key_path
+      prompt: enter the path to the ssh key to add
+      private: false
+    - name: ssh_key_comment
+      prompt: enter the comment that should be saved in the authorized_keys file
+      private: false
   tasks:
-    - name: upgrade packages
+
+    - name: Add ssh key
       become: true
+      async: 120 # Maximum execution time
+      poll: 5 # polling interval in seconds
       ansible.posix.authorized_key:
         user: "{{ ansible_user_id }}"
-        exclusive: true
+        exclusive: false
         state: present
-        key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
+        key: "{{ lookup('file', ssh_key_path) }}"
+        comment: "{{ (ssh_key_comment | length > 0) | ternary(ssh_key_comment, omit) }}"
 
+    - name: Update sshd config
+      become: true
+      ansible.builtin.blockinfile:
+        path: /etc/ssh/sshd_config
+        insertbefore: BOF # Beginning of the file
+        marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
+        block: |
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        backup: true
+        validate: /usr/sbin/sshd -T -f %s
+
+    - name: Restart SSHD
+      become: true
+      ansible.builtin.service:
+        name: sshd
+        state: restarted