diff --git a/.ansible-lint b/.ansible-lint index 27a881a..21b4793 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -3,8 +3,6 @@ skip_list: - command-instead-of-shell - package-latest - git-latest - - experimental - - yaml - name[casing] exclude_paths: - .github/ diff --git a/.github/workflows/01_lint_me.yml b/.github/workflows/01_lint_me.yml index 65a36a8..a62a2f1 100644 --- a/.github/workflows/01_lint_me.yml +++ b/.github/workflows/01_lint_me.yml @@ -15,7 +15,7 @@ jobs: steps: # Checks out a copy of your repository on the ubuntu-latest machine - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 # Runs the Super-Linter action - name: Run Super-Linter diff --git a/.github/workflows/02_ansible_lint.yml b/.github/workflows/02_ansible_lint.yml index 8e42c26..09b3930 100644 --- a/.github/workflows/02_ansible_lint.yml +++ b/.github/workflows/02_ansible_lint.yml @@ -4,6 +4,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Lint Ansible Playbook uses: ansible/ansible-lint-action@main diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e31eb99..052b3b1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,16 +5,20 @@ ansible-lint: image: $PIPELINE_IMAGE:$PIPELINE_IMAGE_TAG retry: 2 services: - - docker:20.10-dind + - docker:25-dind before_script: - yamllint --version - ansible-lint --version script: - echo "Running on $PIPELINE_IMAGE:$PIPELINE_IMAGE_TAG" + - pip install --upgrade ansible-lint pip - yamllint -c ./.yamllint ./tasks/*.yml - yamllint -c ./.yamllint *.yaml - - ansible-lint -v ./tasks/*.yml - - ansible-lint -v linux_mint.yaml + - ansible-lint ./tasks/*.yml + - ansible-lint linux_mint.yaml + - echo "Run for ansible-lint production" + - ansible-lint --profile production ./tasks/*.yml + - ansible-lint --profile production linux_mint.yaml tags: - docker - ansible diff --git a/CHANGELOG.md b/CHANGELOG.md index 8033e42..56b67fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,184 @@ # Changelog "linux_mint" +## Version 2.8.0 [2024-03-18] + +* **BREAKING CHANGES** +This release tries to resolve long term problems with apt repositories and legacy GPG keys. For a long time ansible module `apt_repository` was used to manage repositories and a separate module `apt_key` to manage keys. +This approach was not perfect and caused problems with newer Linux Mint releases. This release introduces new approach to add repositories and keys. It uses `deb822` ansible module to add both: repositories and keys. However, this change is breaking and requires manual intervention. Please, read the documentation and follow the instructions to update your system. +You can expect removal of old repositories from `/etc/apt/sources.list.d\*.list` and replace them with *.sources in deb822 format. As this playbook's role is not to manage outside repositories, you still can have apt refresh failing with a warning - you have to clean these manually (or add them as your own repositories in `deb822` format) + +For `custom_repositories` variable now it accepts only deb822 format as in the example below + +```yaml + - name: google-cloud-sdk + types: deb + suites: cloud-sdk + components: main + uris: + - "https://packages.cloud.google.com/apt" + enabled: true + architectures: amd64 + signed_by: https://packages.cloud.google.com/apt/doc/apt-key.gpg +``` + +* **BREAKING_CHANGES** +With all possible packages available in FLATPAK, this release will try to remove all packages from `packages_optional` and `packages` and moves them to `flatpak`. This change is breaking and requires manual intervention. Please, read the documentation and follow the instructions to update your system. +You can expect in some cases, config for your application is missing (for example Remmina package). Do not panic, these files are already there, mostly in `~.config` or `~.local/share` directories. You can copy them manually to the new location (`~/.var/app/...`) +In future releases, I'll try to move all packages to FLATPAK and remove them `per repository` from the playbook. +This move also forces to remove classic 'repositories` which are no longer required. +Also, in future releases I'll separate FLATPAK packages to `mandatory` and `optional` to make it easier to manage. + +* [REPOSITORY] removal of nodesource16 repository +* [REPOSITORY] added nodesource20 repository +* [REPOSITORY] removal `brave-browser` repository (in favor of FLATPAK) +* [APPLICATION] removal `brave-browser` package in favor of FLATPAK +* [FLATPAK] added `brave` package +* [REPOSITORY] delete `kubernetes-stable` repository +* [REPOSITORY] added `kubernetes` repository with versioned packages +* [REPOSITORY] removed `remmina-next` repository in favor of FLATPAK +* [APPLICATION] removed `remmina-next` package in favor of FLATPAK +* [FLATPAK] added `remmina` package +* [PIP] added `sslyze` package +* [APPLICATION] removed `y-ppa-manager` +* [REPOSITORY] removed `y-ppa-manager` repository +* [REPOSITORY] removed `libreoffice` repository +* [APPLICATION] removed `libreoffice` package in favor of FLATPAK +* [FLATPAK] added `libreoffice` package +* [REPOSITORY] removed `enpass` repository +* [APPLICATION] removed `enpass` package in favor of FLATPAK +* [FLATPAK] added `enpass` package +* [REPOSITORY] removed `spotify` repository +* [APPLICATION] removed `spotify` package in favor of FLATPAK +* [FLATPAK] added `spotify` package +* [REPOSITORY] removed `sublime-text` repository +* [APPLICATION] removed `sublime-text` package in favor of FLATPAK +* [FLATPAK] added `sublime-text` package +* [REPOSITORY] removed `webupd8` repository [obsoleted] +* [REPOSITORY] removed `webupd8team` repository [obsoleted] +* [REPOSITORY] removed `linuxuprising` repository [obsoleted] +* [REPOSITORY] added `hashicorp` repository +* [PACKAGES] added `consul`, `nomad`, `packer`, `terraform`, `vagrant`, `vault` from `hashicorp` repository +* [APPLICATION] removed `thunderbird` package in favor `betterbird` from FLATPAK +* [FLATPAK] added `betterbird` package +* [FLATPAK] added `flatseal` package +* [FLATPAK] added `bleachbit` package +* [FLATPAK] added `krita` package +* [FLATPAK] added `firefox` package +* [FLATPAK] added `vivaldi` package +* [FLATPAK] added `kdenlive` package +* [FLATPAK] added `boxes` package +* [FLATPAK] added `freefilesync` package +* [FLATPAK] added `pinta` package +* [FLATPAK] added `freefilesync` package +* [APPLICATION] removed 'pinta` package in favor of FLATPAK +* [FLATPAK] added `tlpui` package +* [APPLICATION] removed `tlpui` package in favor of FLATPAK +* [APPLICATION] removed `vlc` package in favor of FLATPAK +* [FLATPAK] added `vlc` package +* [FLATPAK] added `hashes` package +* [APPLICATION] removed `kodi` package in favor of FLATPAK +* [FLATPAK] added `kodi` package +* [APPLICATION] removed 'wireshark` package in favor of FLATPAK +* [FLATPAK] added `wireshark` package +* [FLATPAK] added `missioncenter` package +* [PACKAGES] removal of 'gitkraken' in favor of FLATPAK +* [FLATPAK] added `gitkraken` package +* [PACKAGES] removed `wps-office` in favor of FLATPAK +* [FLATPAK] added `wps-office` package +* [PACKAGES] removed `rpi-imager` in favor of FLATPAK +* [FLATPAK] added `rpi-imager` package +* [PACKAGES] removed `zoom` package in favor of FLATPAK +* [APPLICATION] added `btop` package +* [PACKAGES] removed `bicep` package in favor of `azure-cli` internal actions (bicep is now part of azure-cli) +* [PACKAGES] upgraded `tabby` to version 1.0.207 +* [PACKAGES] upgraded `minikube` to version 1.32.0 +* [PACKAGES] upgraded `dive` to version 1.20.0 +* [PACKAGES] upgraded `etcher` to version 1.19.5 +* [PACKAGES] upgraded `dockle` to version 0.4.11 +* [PACKAGES] upgraded `keystore-explorer` to version 5.5.3 +* [PACKAGES] upgraded `kube-bench` to version 0.7.2 +* [PACKAGES] upgraded `syft` to version 1.0.1 +* [PACKAGES] upgraded `steampipe` to version 0.22.1 +* [PACKAGES] upgraded `rambox` to version 2.3.1 +* [APPLICATION] removed `gimp` package in favor of FLATPAK +* [FLATPAK] added `gimp` package +* [PACKAGES] removed `helm` package in favor of respository version +* [REPOSITORY] added `helm` repository +* [APPLICATION] add `helm` package +* [PACKAGES] upgraded `kubeconform` to version 0.6.4 +* [PACKAGES] upgraded `tflint` to version 0.50.3 +* [PACKAGES] upgraded `kubent` to version 0.7.2 +* [PACKAGES] upgraded `kubestr` to version 0.4.41 +* [PACKAGES] upgraded `krew` to version 0.4.4 +* [PACKAGES] upgraded `nerdctl` to version 1.7.5 +* [PACKAGES] upgraded `kustomize` to version 5.3.0 +* [PACKAGES] upgraded `k9s` to version 0.32.3 and moved to [APPLICATION] section as .deb package become available +* [PACKAGES] removed `datree` as it's no longer maintained +* [PACKAGES] removed `docker-compose` as its functionality is now part of `docker` package +* [PACKAGES] upgraded `ffuf` to version 2.1.0 +* [PACKAGES] upgrade `polaris` to version 9.0.1 +* [PACKAGES] upgraded `packetsender` to version 8.6.5 +* [PACKAGES] upgraded `k3s` to version 1.28.7 +* [PACKAGES] upgraded `k3d` to version 5.6.0 +* [PACKAGES] removed `tfsec` to version as it's now part of `trivy` package +* [PACKAGES] upgraded `k3sup` to version 0.13.5 +* [PACKAGES] upgraded `argocd` to version 2.10.3 +* [FLATPAK] added `torbrowser` package +* [FLATPAK] added `peazip` package +* [FLATPAK] added `calibre` package +* [APPLICATION] added `fio` package +* [VSCODE] removed or renamed extensions `AquaSecurityOfficial.trivy-vulnerability-scanner` +* [VSCODE] removed or renamed extensions `ms-azuretools.vscode-azureterraform` +* [VSCODE] removed or renamed extensions `ms-azuretools.vscode-bicep` +* [VSCODE] removed or renamed extensions `ms-azuretools.vscode-docker` +* [VSCODE] removed or renamed extensions `ms-dotnettools.vscode-dotnet-runtime` +* [VSCODE] removed or renamed extensions `ms-kubernetes-tools.vscode-kubernetes-tools` +* [VSCODE] removed or renamed extensions `ms-python.isort` +* [VSCODE] removed or renamed extensions `ms-python.python` +* [VSCODE] removed or renamed extensions `ms-python.vscode-pylance` +* [VSCODE] removed or renamed extensions `ms-vscode-remote.remote-containers` +* [VSCODE] removed or renamed extensions `ms-vscode-remote.remote-ssh` +* [VSCODE] removed or renamed extensions `ms-vscode.remote-server` +* [VSCODE] removed or renamed extensions `ms-vscode-remote.remote-ssh-edit` +* [VSCODE] removed or renamed extensions `ms-vscode-remote.remote-wsl` +* [VSCODE] removed or renamed extensions `ms-vscode-remote.vscode-remote-extensionpack` +* [VSCODE] removed or renamed extensions `ms-vscode.azure-account` +* [VSCODE] removed or renamed extensions `ms-vscode.azurecli` +* [VSCODE] removed or renamed extensions `ms-vscode.powershell` +* [VSCODE] removed or renamed extensions `ms-vscode.remote-explorer` +* [VSCODE] removed or renamed extensions `ms-vscode.wordcount` +* [VSCODE] removed or renamed extensions `ms-vsliveshare.vsliveshare` +* [VSCODE] added extension `aquasecurityofficial.trivy-vulnerability-scanner` +* [VSCODE] added extension `danielsanmedium.dscodegpt` +* [VSCODE] added extension `davidanson.vscode-markdownlint` +* [VSCODE] added extension `dogukanakkaya.chatgpt-code` +* [VSCODE] added extension `github.codespaces` +* [VSCODE] added extension `github.copilot` +* [VSCODE] added extension `github.copilot-chat` +* [VSCODE] added extension `henriiik.docker-linter` +* [VSCODE] added extension `humao.rest-client` +* [VSCODE] added extension `infracost.infracost` +* [VSCODE] added extension `ms-python.debugpy` +* [VSCODE] added extension `ms-toolsai.jupyter-keymap` +* [VSCODE] added extension `ms-vscode-remote.remote-wsl-recommender` +* [VSCODE] added extension `owenfarrell.vscode-vault` +* [VSCODE] added extension `pharndt.vscode-markdown-table` +* [VSCODE] added extension `pycom.pymakr` +* [VSCODE] added extension `redhat.vscode-xml` +* [VSCODE] added extension `rust-lang.rust-analyzer` +* [VSCODE] added extension `shopify.ruby-lsp` +* [VSCODE] added extension `slevesque.vscode-zipexplorer` +* [VSCODE] added extension `tfsec.tfsec` +* [VSCODE] added extension `visualstudioexptteam.intellicode-api-usage-examples` +* [VSCODE] added extension `visualstudioexptteam.vscodeintellicode` +* [VSCODE] added extension `vscjava.vscode-java-debug` +* [VSCODE] added extension `vscjava.vscode-java-dependency` +* [VSCODE] added extension `vscjava.vscode-java-pack` +* [VSCODE] added extension `vscjava.vscode-maven` +* [VSCODE] added extension `wakatime.vscode-wakatime` +* [VSCODE] added extension `xyz.plsql-language` +* [VSCODE] added extension `znck.grammarly` + ## Version 2.7.0 [2023-07-09] * [BREAKING_CHANGE] - removal of Linux Mint 20.x support - last version supporting it will be 2.6.1 diff --git a/README.md b/README.md index b39c502..e7d513e 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![Super-Linter](https://github.com/marcinbojko/linux_mint/actions/workflows/01_lint_me.yml/badge.svg)](https://github.com/marcinbojko/linux_mint/actions/workflows/01_lint_me.yml) [![Ansible Lint](https://github.com/marcinbojko/linux_mint/actions/workflows/02_ansible_lint.yml/badge.svg)](https://github.com/marcinbojko/linux_mint/actions/workflows/02_ansible_lint.yml) +[![wakatime](https://wakatime.com/badge/github/marcinbojko/linux_mint.svg)](https://wakatime.com/badge/github/marcinbojko/linux_mint) - [Ansible playbook for your DevOps/SysOps Linux Mint 21.x based workstation](#ansible-playbook-for-your-devopssysops-linux-mint-21x-based-workstation) @@ -36,7 +37,7 @@ ## Prerequisites -- installed `Linux Mint` 21.0/21.1 - all 64-bit, standard options with extra codecs (available as selection during install) +- installed `Linux Mint` 21.0/21.1/21.2/21.3 - all 64-bit, standard options with extra codecs (available as selection during install) - for previous versions of Mint (20.x) - last release supporting `Linux Mint 20` was 2.6.1 - access to internet - `openssh-server` installed and running @@ -55,7 +56,7 @@ ## Assumptions -- 20 GB free space on OS drive +- 10 GB free space on OS drive (recommended 20-30 due to Flatpak) - ssh private key or password method - user specified in `group_vars` or passed in variable `ansible_ssh_user` - by default, extra binaries (outside packages) will be installed in `/usr/local/bin` (adjustable by `bin_path` variable) If you prefer to keep them in cloud (sync between computers), down below I'll attach info how to replace binaries with proper -ymlinks (work in progress) @@ -148,17 +149,17 @@ Most variables are stored in `mint19|20.yaml` file. If you need extra settings, |bin_path|/usr/local/bin|Where to put all downloaded execs| |reboot_required|false|force reboot even if apt upgrade won't change anything| |unpack_folder|/tmp/linux_mint|Which folder to use when downloading and unarchiving| -||| +|||| ### variables for tasks -Are stored in `mint20_tasks.yaml` +Are stored in `mint21_tasks.yaml` ## Custom variables, custom variable files If you don't want to track changes or change main variable file content with every pull, create your own custom variable files. By default playbook will look for files: `mint[ansible_distribution_major_version]*.yaml` -This means - if your distro is `Linux Mint 19`, place a file in a playbook folder witha name: `mint19_custom.yaml` -If your distro is `Linux Mint 20`, place a file in a playbook folder with a name: `mint20_custom.yaml` +This means - if your distro is `Linux Mint 20`, place a file in a playbook folder witha name: `mint20_custom.yaml` +If your distro is `Linux Mint 21`, place a file in a playbook folder with a name: `mint21_custom.yaml` These filters are added to .gitignore to not override your changes Be careful not to add multiple matching files with corresponding names @@ -176,8 +177,16 @@ custom_packages: [] ```yaml custom_repositories: -- repo: ppa:videolan/master-daily - filename: videolan + # Example + # - name: google-cloud-sdk + # types: deb + # suites: cloud-sdk + # components: main + # uris: + # - "https://packages.cloud.google.com/apt" + # enabled: true + # architectures: amd64 + # signed_by: https://packages.cloud.google.com/apt/doc/apt-key.gpg custom_keys: - https://somekeyfile/key.pgp custom_packages: @@ -189,45 +198,35 @@ custom_packages: ### Repositories: Basic - `alexx2000` - Double Commander -- `ansible` - Ansible - **removed in Linux Mint 20** +- `ansible` - Ansible - `azure-cli` - Azure CLI SDK -- `docker` - Docker-CE +- `docker-stable` - Docker-CE - `gcsfuse` - Google Storage gcsfuse - Mount a GCS bucket locally` -- `gezakovacs` - UNetbootin -- `git-lfs` - Git Large File System - **removed in Linux Mint 20** -- `googlechrome` - Google Chrome Browser - `google-cloud-sdk` - Google Cloud Tools SDK -- `kubernetes` - Google Kubernetes kubeadm & kubectl -- `microsoft-prod` - Microsoft .Net Core +- `googlechrome` - Google Chrome Browser +- `hashicorp` - Hashicorp tools +- `helm-stable-debian` - Helm for Kubernetes +- `kubernetes-129` - Google Kubernetes kubeadm & kubectl for 1.29 +- `microsoft-prod-deb` - Microsoft .Net Core - `mozilla-team` - Stable Firefox and Mozilla Software +- `nodesource20` - Node.js LTS - `palemoon` - Chromium based Java+Flash browser -- `remmina` - Connection manager - RDP/SSH/VNC -- `shutter` - screenshoot, manipulate, publish -- `synapse-core` - Synaptic Launcher - `ubuntu-mozilla-security` - Firefox and Thunderbird Security - `virtualbox` - Virtualization Software - `vscode` - Microsoft Visual Studio Code -- `y-ppa-manager` - Manage your PPA as human being ### Repositories: Optional -- `brave browser` - Chromium-based secure browsing alternative - `dockbarx` - DockBarX is a lightweight taskbar -- `enpass` - Password Manager - `grub-customizer` - customize black screen to something useful +- `noobslab-icons` - Noobslab icons - `insync` - Googledrive & Onedrive Linux Client -- `linuxuprising` - Extra Ubuntu / Linux Mint Applications -- `neofetch` - A command-line system information tool written in bash 3.2+ -- `noobslab/icons` - Extra icons pack -- `noobslab/themes` - Extra themes pack -- `puppet5` - Puppet5 and PDK for easy module writing -- `skype` - Microsoft's communicator -- `spotify` - Music streaming service -- `sublime text 3` - Alternative text editor - `trivy` - Container security scanner -- `veeam` - Veeam Agent for Linux +- `veeam-agent` - Veeam Agent for Linux - `veracrypt` - Device encryption utility -- `wepupd8` - packages from webupd8 team +- `rancher-desktop` - Rancher Desktop +- `lens` - Kubernetes IDE +- `ngrok` - Secure tunnels to localhost ## Packages @@ -239,15 +238,11 @@ custom_packages: |------------------|--------|---------------------| | Amass| In-depth Attack Surface Mapping and Asset Discovery|[https://github.com/OWASP/Amass](https://github.com/OWASP/Amass)| | AngryIP Scanner |Network Scanner |[https://angryip.org/](https://angryip.org/)| -| Asbru Manager |Connection Manager|[https://www.asbru-cm.net/](https://www.asbru-cm.net/)| | Azure CLI |Command-line tools for Azure|[https://github.com/Azure/azure-cli](https://github.com/Azure/azure-cli)| | Balena-etcher |Image Writer| [https://www.balena.io/etcher/](https://www.balena.io/etcher/)| -| Boostnote | Notes for developers |[https://boostnote.io](https://boostnote.io)| | Ctop| Container process monitor | [https://github.com/bcicen/ctop](https://github.com/bcicen/ctop)| -| Datree|Kubernetes validator |[https://github.com/datreeio/datree](https://github.com/datreeio/datree)| | Diodon | Clipboard Manager | [https://launchpad.net/diodon](https://launchpad.net/diodon)| | Dive| Docker image explorer | [https://github.com/wagoodman/dive](https://github.com/wagoodman/dive)| -| Docker/Docker Compose |Docker manager | [https://docs.docker.com/compose/](https://docs.docker.com/compose/) | Dockle|Container Image Linter for Security|[https://github.com/goodwithtech/dockle](https://github.com/goodwithtech/dockle)| | Double Commander|File Manager|[https://doublecmd.sourceforge.io/](https://doublecmd.sourceforge.io/)| | Dropbox/Nemo Integration | Tool | [https://github.com/linuxmint/nemo-extensions/tree/master/nemo-dropbox](https://github.com/linuxmint/nemo-extensions/tree/master/nemo-dropbox)| @@ -271,26 +266,24 @@ custom_packages: | Minikube | Run Kubernetes locally |[https://github.com/kubernetes/minikube](https://github.com/kubernetes/minikube)| | Packer | Image creator |[https://www.packer.io/](https://www.packer.io/)| | Packetsender|Packet Sender can send and receive UDP, TCP, and SSL on the ports of your choosing|[https://packetsender.com/](https://packetsender.com/)| -| Palemoon | Browser alternative (Java_+Flash)| [https://www.palemoon.org/](https://www.palemoon.org/) +| Palemoon | Browser alternative (Java_+Flash)| [https://www.palemoon.org/](https://www.palemoon.org/)| | Polaris|Validation of best practices in your Kubernetes clusters|[https://www.fairwinds.com/polaris](https://www.fairwinds.com/polaris)| | RamboxOS |Multi IM|[https://github.com/TheGoddessInari/hamsket](https://github.com/TheGoddessInari/hamsket)| | Rancher Desktop|Rancher Desktop runs Kubernetes and container management on your desktop| [https://rancherdesktop.io/](https://rancherdesktop.io/)| | Redshift | Monitor temperature changer| [http://jonls.dk/redshift/](http://jonls.dk/redshift/)| -| Remmina | Remote Connection Manager |[https://remmina.org/](https://remmina.org/) +| Remmina | Remote Connection Manager |[https://remmina.org/](https://remmina.org/)| | RKE| Rancher Kubernetes Engine | [https://github.com/rancher/rke](https://github.com/rancher/rke) | | Shutter | Screenshot Manipulation| [http://shutter-project.org/](http://shutter-project.org/)| | Synapse | Symantic Launcher|[https://launchpad.net/synapse-project](https://launchpad.net/synapse-project)| -| Team Viewer | Remote desktop | [https://www.teamviewer.com](https://www.teamviewer.com) | -| Terminus Alpha | Modern Terminal|[https://github.com/Eugeny/terminus](https://github.com/Eugeny/terminus)| +| Tabby | Modern Terminal|[https://github.com/Eugeny/terminus](https://github.com/Eugeny/terminus)| | Terraform|Infrastructure as Code|[https://www.terraform.io/](https://www.terraform.io/)| -| Tflint|TFLint is a Terraform linter focused on possible errors, best practices, etc|[https://github.com/terraform-linters/tflint](https://github.com/terraform-linters/tflint)| -| Vagrant | Unified Workflow|[https://www.vagrantup.com/](https://www.vagrantup.com/) -| Vault | Secrets Manager |[https://www.vaultproject.io/](https://www.vaultproject.io/) +| Vagrant | Unified Workflow|[https://www.vagrantup.com/](https://www.vagrantup.com/)| +| Vault | Secrets Manager |[https://www.vaultproject.io/](https://www.vaultproject.io/)| | VirtualBox|Virtualization|[https://www.virtualbox.org/](https://www.virtualbox.org/)| | Visual Studio Code|Code editor|[https://code.visualstudio.com/](https://code.visualstudio.com/)| -| WPS Office for Linux | Productivity Tools | [https://www.wps.com/wps-office-for-linux/](https://www.wps.com/wps-office-for-linux/) +| WPS Office for Linux | Productivity Tools | [https://www.wps.com/wps-office-for-linux/](https://www.wps.com/wps-office-for-linux/)| | XCA | Certificate Manager|[https://hohnstaedt.de/xca/](https://hohnstaedt.de/xca/)| -||| +|||| ### Packages: Optional (not complete list) @@ -303,33 +296,55 @@ custom_packages: | Insync|Googledrive & Onedrive linux client|[https://www.insynchq.com/](https://www.insynchq.com/)| | Kodi | Open Source Home Theater| [https://kodi.tv/](https://kodi.tv/)| | Neofetch |A command-line system information tool written in bash 3.2+| [https://github.com/dylanaraps/neofetch](https://github.com/dylanaraps/neofetch)| -| PDK/Puppet Agent | Puppet Development Kit | [https://puppet.com/docs/pdk/1.x/pdk.html](https://puppet.com/docs/pdk/1.x/pdk.html)| | Pinta | Drawing/Image Editing| [https://pinta-project.com/pintaproject/pinta/](https://pinta-project.com/pintaproject/pinta/)| -| Skype for Linux | Communicator | [https://www.skype.com](https://www.skype.com)| | Spotify | Music Player| [https://www.spotify.com/pl/download/linux/](https://www.spotify.com/pl/download/linux/)| | Steampipe| select * from cloud| [https://steampipe.io/](https://steampipe.io/)| -| Sublime Text 3 | Text Editor | [https://www.sublimetext.com/3](https://www.sublimetext.com/3) -| Thunderbird | Email client | [https://www.thunderbird.net](https://www.thunderbird.net)| -| Trivy |A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI|[https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) +| Sublime Text 3 | Text Editor | [https://www.sublimetext.com/3](https://www.sublimetext.com/3)| +| Betterbird | Email client | [https://www.betterbird.eu/](https://www.betterbird.eu/)| +| Trivy |A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI|[https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy)| | Veeam Agent for Linux | Backup tool| [https://www.veeam.com](https://www.veeam.com)| | Veracrypt | Source disk encryption | [https://www.veracrypt.fr/en/Home.html](https://www.veracrypt.fr/en/Home.html)| -| WoeUSB | USB Image writer | [https://github.com/slacka/WoeUSB](https://github.com/slacka/WoeUSB)| -||| + +|||| ### Packages: Flatpak |Software|Type|Link| -|------------------|--------|---------------------| -|Postman|The Collaboration Platform for API Development|[https://www.getpostman.com/](https://www.getpostman.com/)| -|Obsidian|Knowledge base and note seystem|[https://obsidian.md/](https://obsidian.md/)| -||| +|---|---|---| +|Bitwarden|Password Manager|[Bitwarden](https://bitwarden.com/%29)| +|Boxes|Virtualization|[Boxes](https://wiki.gnome.org/Apps/Boxes%29)| +|Brave|Web Browser|[Brave](https://brave.com/%29)| +|EasyEffects|Audio Effects Tool|[EasyEffects](https://github.com/wwmm/easyeffects%29)| +|Enpass|Password Manager|[Enpass](https://www.enpass.io/%29)| +|Firefox|Web Browser|[Firefox](https://www.mozilla.org/en-US/firefox/new/%29)| +|Flatseal|Permissions Manager|[Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal%29)| +|FreeFileSync|File Synchronization|[FreeFileSync](https://freefilesync.org/%29)| +|GIMP|Image Editor|GIMP| +|GitKraken|Git Client|GitKraken| +|Headlamp|Kubernetes Dashboard|[Headlamp](https://kinvolk.io/headlamp/%29)| +|Kdenlive|Video Editor|[Kdenlive](https://kdenlive.org/%29)| +|Kodi|Media Center|[Kodi](https://kodi.tv/%29)| +|Krita|Digital Painting|[Krita](https://krita.org/%29)| +|LibreOffice|Office Suite|[LibreOffice](https://www.libreoffice.org/%29)| +|MissionCenter|Project Management|[MissionCenter](https://missioncenter.io/%29)| +|Obsidian|Note-taking App|[Obsidian](https://obsidian.md/%29)| +|Pinta|Image Editor|[Pinta](https://pinta-project.com/%29)| +|Raspberry Pi Imager|Raspberry Pi Image Writer|[Raspberry Pi Imager](https://www.raspberrypi.org/software/%29)| +|Remmina|Remote Desktop Client|[Remmina](https://remmina.org/%29)| +|Spotify|Music Streaming|[Spotify](https://www.spotify.com/%29)| +|Sublime Text|Text Editor|[Sublime Text](https://www.sublimetext.com/%29)| +|VLC|Media Player|[VLC](https://www.videolan.org/vlc/%29)| +|Vivaldi|Web Browser|[Vivaldi](https://vivaldi.com/%29)| +|WPS Office|Office Suite|[WPS Office](https://www.wps.com/%29)| +|Zenmap|Network Scanner|[Zenmap](https://nmap.org/zenmap/%29)| +|Zoom|Video Conferencing|[Zoom](https://zoom.us/%29)| ### Packages: npm |Software|Type|Link| |------------------|--------|---------------------| |Dockerfilelint|Dockerfile linter|[https://github.com/replicatedhq/dockerfilelint](https://github.com/replicatedhq/dockerfilelint)| -||| +|||| ## Tasks @@ -338,7 +353,7 @@ custom_packages: |install_yubico_software|Install keys, repositories, packages and dekstop files for Yubico infrastructure|[https://yubico.com](https://yubico.com)| |configure_zsh|Installs files required by zsh, `oh-my-zsh` and `powerlevel10k`|[https://github.com/ohmyzsh/ohmyzsh](https://github.com/ohmyzsh/ohmyzsh) [https://github.com/romkatv/powerlevel10k](https://github.com/romkatv/powerlevel10k)| |steampipe_plugins.yaml|Install steampipe plugins | [https://steampipe.io/](https://steampipe.io/)| -||| +|||| ## Startup applications @@ -354,9 +369,7 @@ Some applications are copied to `autostart` folder ### OS Tweaks -- handle *.local domain with avahi - changes timezone and ntpd settings -- handle mDNS with .local domains - modifies `sysctl` settings to start use `tcp_congestion_control` set to `bbr` - modifies `sysctl` settings to decrease default swappiness - changes `alternatives` for EDITOR @@ -427,4 +440,3 @@ Some applications are copied to `autostart` folder - Step `reset_dconf_values` can fail in Linux Mint 20.x due to python-psutil package being too new. - `Insync` package strange behavior. Installing packages can fail as `Insync` ignores entries in it's own insync.list file and adds new ones. This can lead to mutliple sources being added, thus apt is doomed to fail. In rare cases Insync also tries to add new repos codenames before they exist on their side. Currently there is no workaround for this. - diff --git a/linux_mint.yaml b/linux_mint.yaml index 8ed39d6..d27c56b 100644 --- a/linux_mint.yaml +++ b/linux_mint.yaml @@ -18,8 +18,8 @@ config_dconf: true # do changes in dconf editor config_sysctl: true # do changes in sysctl active_user: "{{ ansible_ssh_user }}" # user for which you're setting folders. By default taken from group_vars - retries_count: 3 # how many retries - delay_time: 3 # delay time in seconds between retries + retries_count: 1 # how many retries + delay_time: 1 # delay time in seconds between retries bin_path: /usr/local/bin # Where to put all downloaded execs. reboot_required: false # force reboot even if apt upgrade won't change anything unpack_folder: /tmp/linux_mint # folder to which we're going to unpack and download files @@ -37,7 +37,7 @@ # setup module - we need these facts - name: run_initial_setup_instead_of_gather_facts ansible.builtin.setup: - gather_timeout: 30 + gather_timeout: 60 retries: "{{ retries_count }}" delay: "{{ delay_time }}" register: r_setup_status @@ -45,8 +45,8 @@ tags: - assert # free space for stuff - - name: assert_root_partition_is_15_GB_of_free_space - ansible.builtin.assert: { that: item.size_available > 13622320128 } # 20 GB free + - name: assert_root_partition_is_10_GB_of_free_space + ansible.builtin.assert: { that: item.size_available > 10737418240 } # 10 GB free loop: '{{ ansible_mounts }}' ignore_errors: false when: item.mount == '/' @@ -86,27 +86,28 @@ - name: display_basic_information ansible.builtin.debug: msg: - - "Install optional packages : {{ install_optional | bool }}" - - "Install deb packages : {{ install_deb | bool }}" - - "Install_flatpak packages : {{ install_flatpak | bool }}" - - "Install_npm packages : {{ install_npm | bool }}" - - "Install vscode extensions : {{ install_vscode_extensions | bool }} " - - "Install steampipe plugins : {{ install_steampipe_plugins | bool }} " - - "Install zsh : {{ install_zsh | bool }}" - - "Install Yubico : {{ install_yubico | bool }}" + - "Linux Mint major version : {{ ansible_distribution_major_version }}" + - "Linux Mint version : {{ ansible_distribution_version }}" + - "Linux Mint release codename : {{ ansible_distribution_release }}" + - "Ansible version : {{ ansible_version.full }}" + - "Install optional packages : {{ install_optional | bool | lower }}" + - "Install deb packages : {{ install_deb | bool | lower }}" + - "Install_flatpak packages : {{ install_flatpak | bool | lower }}" + - "Install_npm packages : {{ install_npm | bool | lower }}" + - "Install vscode extensions : {{ install_vscode_extensions | bool | lower }} " + - "Install steampipe plugins : {{ install_steampipe_plugins | bool | lower }} " + - "Install zsh : {{ install_zsh | bool | lower }}" + - "Install Yubico : {{ install_yubico | bool | lower }}" - "Config for Ansible : {{ config_ansible }}" - "Config dconf : {{ config_dconf }}" - "Config sysctl : {{ config_sysctl }}" - "Bin Path to put files into : {{ bin_path }}" - "Active user : {{ active_user | string }}" - - "Linux Mint major version : {{ ansible_distribution_major_version }}" - - "Linux Mint version : {{ ansible_distribution_version }}" - - "Linux Mint release codename : {{ ansible_distribution_release }}" - - "Ansible version : {{ ansible_version.full }}" - - name: wait_15_seconds + - name: wait_10_seconds ansible.builtin.pause: - seconds: 15 + seconds: 10 prompt: "Check variables - last chance to abort in 15 seconds" + # we need proper time to refresh repositories - name: make_sure_timesyncd_is_installed ansible.builtin.apt: @@ -172,6 +173,23 @@ - files - base - obsolete +# remove obsolete files from 'bin_path' + - name: Remove_obsolete_files_bin_path_from_variables_file + ansible.builtin.file: + path: "{{ bin_path }}/{{ item.name }}" + state: absent + loop: "{{ files_remove_bin_path }}" + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" + register: r_files_remove_bin_path + until: r_files_remove_bin_path is success + any_errors_fatal: false + ignore_errors: true + tags: + - files + - base + - obsolete + - bin_path # remove obsolete keys - name: remove_obsolete_apt_keys ansible.builtin.apt_key: @@ -200,6 +218,7 @@ until: r_remove_packages is success when: packages_remove is defined any_errors_fatal: false + ignore_errors: true tags: - packages - base @@ -219,7 +238,7 @@ tags: - packages - base -# install base apt files in case of clean system + # install base apt files in case of clean system - name: install_packages_in_case_of_clean_system ansible.builtin.apt: name: "{{ item }}" @@ -234,7 +253,7 @@ - packages - base - clean_system -# Install apt pgp keys (files) + # Install apt pgp keys (files) - name: install_apt_keys ansible.builtin.apt_key: url: "{{ item }}" @@ -248,6 +267,7 @@ tags: - keys - base + # Install apt pgp keys (keyserver) - name: install_apt_keys_keyserver ansible.builtin.apt_key: keyserver: "{{ item.keyserver }}" @@ -277,61 +297,65 @@ - keys - base - custom -# Add basic repositories - - name: add_basic_repositories_from_variables_file - ansible.builtin.apt_repository: - repo: "{{ item.repo }}" - state: present - codename: "{{ codename }}" - filename: "{{ item.filename }}" - mode: "0644" - update_cache: false - loop: "{{ repositories }}" - retries: "{{ retries_count }}" - delay: 3 + # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html + - name: Add_basic_repositories_as_deb822_repository + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{ item.types | default('deb') }}" + suites: "{{ item.suites | default('/') }}" + components: "{{ item.components | default(' ') }}" + uris: "{{ item.uris }}" + enabled: "{{ item.enabled | default('true') }}" + signed_by: "{{ item.signed_by | default('null') }}" + architectures: "{{ item.architectures | default('') }}" + loop: "{{ deb822_repositories }}" register: r_repositories until: r_repositories is success - any_errors_fatal: false + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" tags: - repositories - base - - name: add_custom_basic_repositories_from_variables_file - ansible.builtin.apt_repository: - repo: "{{ item.repo }}" - state: present - codename: "{{ codename }}" - filename: "{{ item.filename }}" - mode: "0644" - update_cache: false - loop: "{{ custom_repositories }}" - retries: "{{ retries_count }}" - delay: 3 + - deb822 + - name: Add_custom_repositories_as_deb822_repository + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{ item.types | default('deb') }}" + suites: "{{ item.suites | default('/') }}" + components: "{{ item.components | default(' ') }}" + uris: "{{ item.uris }}" + enabled: "{{ item.enabled | default('true') }}" + signed_by: "{{ item.signed_by | default('null') }}" + architectures: "{{ item.architectures | default('') }}" register: r_custom_repositories until: r_custom_repositories is success + loop: "{{ custom_repositories }}" when: custom_repositories is defined and custom_repositories | length > 0 - any_errors_fatal: false + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" tags: - repositories - base + - deb822 - custom -# Add optional repositories - - name: add_optional_repositories_from_variables_file - ansible.builtin.apt_repository: - repo: "{{ item.repo }}" - state: present - codename: "{{ item.codename }}" - filename: "{{ item.filename }}" - mode: "0644" - update_cache: false - loop: "{{ repositories_optional }}" - retries: "{{ retries_count }}" - delay: "{{ delay_time }}" - register: repositories - until: repositories is success - any_errors_fatal: false + - name: Add_optional_repositories_as_deb822_repository + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{ item.types | default('deb') }}" + suites: "{{ item.suites | default('/') }}" + components: "{{ item.components | default(' ') }}" + uris: "{{ item.uris }}" + enabled: "{{ item.enabled | default('true') }}" + signed_by: "{{ item.signed_by | default('null') }}" + architectures: "{{ item.architectures | default('') }}" + loop: "{{ deb822_repositories_optional }}" + register: r_optional_repositories + until: r_optional_repositories is success + when: deb822_repositories_optional is defined and deb822_repositories_optional | length > 0 tags: - repositories - base + - deb822 # restart apt cache - name: apt_after_repos_refresh ansible.builtin.apt: @@ -418,6 +442,35 @@ - packages - base - custom +# Install flatpak packages + - name: install_flatpak_apps + community.general.flatpak: + name: "{{ item.name | string }}" + state: present + method: system + loop: "{{ flatpak }}" + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" + register: r_install_flatpak + until: r_install_flatpak is success + any_errors_fatal: false + when: install_flatpak is defined and install_flatpak + tags: + - packages + - flatpak +# Upgrade flatpak apps + - name: upgrade_flatpak_apps + ansible.builtin.command: flatpak update -y + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" + register: r_update_flatpak + until: r_update_flatpak is success + changed_when: r_update_flatpak.rc != 0 + ignore_errors: true + when: install_flatpak is defined and install_flatpak + tags: + - packages + - flatpak # Install optional packages - if variable `install_optional` is set to true - name: install_optional_packages ansible.builtin.apt: @@ -469,33 +522,7 @@ - packages - base - python - - name: install_flatpak_apps - community.general.flatpak: - name: "{{ item.name | string }}" - state: present - method: system - loop: "{{ flatpak }}" - retries: "{{ retries_count }}" - delay: "{{ delay_time }}" - register: r_install_flatpak - until: r_install_flatpak is success - any_errors_fatal: false - when: install_flatpak - tags: - - packages - - flatpak - - name: upgrade_flatpak_apps - ansible.builtin.command: flatpak update -y - retries: "{{ retries_count }}" - delay: "{{ delay_time }}" - register: r_update_flatpak - until: r_update_flatpak is success - changed_when: r_update_flatpak.rc != 0 - ignore_errors: true - when: install_flatpak - tags: - - packages - - flatpak + - name: install_npm_packages community.general.npm: name: "{{ item.name | string }}" @@ -681,7 +708,6 @@ - base - user - yubico - # start ansible block - name: start ansible block tags: - ansible @@ -739,6 +765,17 @@ - tasks tags: - always + - name: update_steampipe_plugins + ansible.builtin.shell: + cmd: "set -o pipefail|steampipe plugin update --all" + register: r_install_steampipe_plugins + become: true + become_user: "{{ active_user }}" + any_errors_fatal: true + failed_when: r_install_steampipe_plugins.rc != 0 and r_install_steampipe_plugins.stderr != "" + changed_when: false + when: "steampipe.update_plugins" + # start vscode extensions block - name: install_vscode_extensions tags: @@ -794,34 +831,6 @@ path: /etc/bash.bashrc line: neofetch any_errors_fatal: false - - name: set_avahi_config - community.general.ini_file: - path: /etc/avahi/avahi-daemon.conf - section: server - option: domain-name - value: alocal - no_extra_spaces: yes - mode: 0644 - any_errors_fatal: false - ignore_errors: true - register: r_set_avahi_config - - name: nsswitch_config - ansible.builtin.lineinfile: - dest: /etc/nsswitch.conf - regexp: '^hosts:' - line: 'hosts: files dns' - backrefs: yes - any_errors_fatal: false - register: r_nsswitch_config - retries: "{{ retries_count }}" - delay: "{{ delay_time }}" - until: r_nsswitch_config is success - - name: restart_avahi_after_changes - ansible.builtin.systemd: - name: avahi-daemon - state: restarted - enabled: true - when: r_set_avahi_config is changed and r_set_avahi_config is defined - name: enable_timeshift_in_rsync_mode ansible.builtin.shell: timeshift --rsync --yes args: diff --git a/mint21.yaml b/mint21.yaml index 42e1dab..38ae0fd 100644 --- a/mint21.yaml +++ b/mint21.yaml @@ -3,754 +3,1018 @@ ansible_python_interpreter: /usr/bin/python3 codename: jammy # repositories we'd like to add - mandatory -repositories: -- repo: deb http://download.opensuse.org/repositories/home:/Alexx2000/xUbuntu_22.04/ / - filename: alexx2000 -- repo: deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ jammy main - filename: azure-cli -- repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable - filename: docker-stable -- repo: deb https://packages.cloud.google.com/apt gcsfuse-jammy main - filename: gcsfuse -- repo: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main - filename: google-chrome -- repo: deb https://packages.cloud.google.com/apt cloud-sdk main - filename: google-cloud-sdk -- repo: deb https://apt.kubernetes.io/ kubernetes-xenial main - filename: kubernetes-stable -- repo: deb [arch=amd64] https://packages.microsoft.com/ubuntu/22.04/prod jammy main - filename: microsoft-prod-deb -- repo: ppa:mozillateam/ppa - filename: mozillateam -- repo: deb http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04 / - filename: palemoon -- repo: ppa:remmina-ppa-team/remmina-next - filename: remmina-next -- repo: deb https://ppa.launchpadcontent.net/shutter/ppa/ubuntu impish main - filename: shutter-next -- repo: ppa:ansible/ansible - filename: ansible -# codename: jammy -- repo: ppa:ubuntu-mozilla-security/ppa - filename: ubuntu-mozilla-security -- repo: deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian jammy contrib - filename: virtualbox -- repo: deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main - filename: vscode -- repo: deb https://ppa.launchpadcontent.net/webupd8team/y-ppa-manager/ubuntu impish main - filename: y-ppa-manager -- repo: ppa:libreoffice/ppa - filename: libreoffice -- repo: deb https://deb.nodesource.com/node_16.x impish main - filename: nodesource -repositories_optional: - # brave browser -- repo: deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main - filename: brave-browser-release-jammy - codename: stable -- repo: ppa:xuzhen666/dockbarx - codename: jammy - filename: dockbarx -- repo: deb http://repo.sinew.in/ stable main - codename: stable - filename: enpass -- repo: ppa:danielrichter2007/grub-customizer - codename: jammy - filename: grub-customizer -- repo: ppa:noobslab/icons - filename: noobslab-icons - codename: eoan -- repo: ppa:noobslab/themes - filename: noobslab-themes - codename: xenial -- repo: deb http://apt.puppetlabs.com jammy puppet7 - filename: puppet7 - codename: jammy -- repo: deb http://repository.spotify.com stable non-free - codename: stable - filename: spotify -- repo: deb https://download.sublimetext.com/ apt/stable/ - codename: stable - filename: sublime-text -- repo: deb https://aquasecurity.github.io/trivy-repo/deb jammy main - filename: trivy - codename: jammy -- repo: deb [arch=amd64] https://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable veeam - codename: stable - filename: veeam-agent -- repo: ppa:unit193/encryption - filename: veracrypt - codename: jammy -- repo: deb https://ppa.launchpadcontent.net/nilarimogard/webupd8/ubuntu hirsute main - filename: webupdt - codename: jammy -- repo: deb https://ppa.launchpadcontent.net/linuxuprising/apps/ubuntu impish main - filename: linuxuprising - codename: impish -# - repo: deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main -# filename: teams -# codename: jammy -- repo: deb https://apt.insync.io/mint vanessa non-free contrib - filename: insync - codename: vanessa -- repo: deb https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/ ./ - filename: rancher-desktop - codename: stable -- repo: deb [arch=amd64] https://downloads.k8slens.dev/apt/debian stable main - filename: lens - codename: stable +repositories: [] +deb822_repositories: + - name: alexx2000 + types: deb + suites: "/" + components: [] + uris: + - "http://download.opensuse.org/repositories/home:/Alexx2000/xUbuntu_22.04/" + enabled: true + signed_by: https://download.opensuse.org/repositories/home:/Alexx2000/xUbuntu_22.04/Release.key + - name: palemoon + types: deb + suites: "/" + components: [] + uris: + - "http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04/" + enabled: true + signed_by: https://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04/Release.key + - name: azure-cli + types: deb + suites: "{{ codename }}" + components: main + uris: + - "https://packages.microsoft.com/repos/azure-cli/" + enabled: true + architectures: amd64 + signed_by: https://packages.microsoft.com/keys/microsoft.asc + - name: docker-stable + types: deb + suites: "{{ codename }}" + components: stable + uris: + - "https://download.docker.com/linux/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://download.docker.com/linux/ubuntu/gpg + - name: gcsfuse + types: deb + suites: gcsfuse-jammy + components: main + uris: + - "https://packages.cloud.google.com/apt" + enabled: true + architectures: amd64 + signed_by: https://packages.cloud.google.com/apt/doc/apt-key.gpg + - name: google-chrome + types: deb + suites: stable + components: main + uris: + - "https://dl.google.com/linux/chrome/deb/" + enabled: true + architectures: amd64 + signed_by: https://dl-ssl.google.com/linux/linux_signing_key.pub + - name: google-cloud-sdk + types: deb + suites: cloud-sdk + components: main + uris: + - "https://packages.cloud.google.com/apt" + enabled: true + architectures: amd64 + signed_by: https://packages.cloud.google.com/apt/doc/apt-key.gpg + - name: kubernetes-129 + types: deb + suites: / + components: [] + uris: + - "https://pkgs.k8s.io/core:/stable:/v1.29/deb/" + enabled: true + architectures: amd64 + signed_by: https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key + - name: microsoft-prod-deb + types: deb + suites: "{{ codename }}" + components: main + uris: + - "https://packages.microsoft.com/ubuntu/22.04/prod" + enabled: true + architectures: amd64 + signed_by: https://packages.microsoft.com/keys/microsoft.asc + - name: virtualbox + types: deb + suites: "{{ codename }}" + components: contrib + uris: + - "https://download.virtualbox.org/virtualbox/debian" + enabled: true + architectures: amd64 + signed_by: https://www.virtualbox.org/download/oracle_vbox_2016.asc + - name: vscode + types: deb + suites: stable + components: main + uris: + - "https://packages.microsoft.com/repos/vscode" + enabled: true + architectures: amd64 + signed_by: https://packages.microsoft.com/keys/microsoft.asc + - name: nodesource20 + types: deb + suites: nodistro + components: main + uris: + - "https://deb.nodesource.com/node_20.x" + enabled: true + architectures: amd64 + signed_by: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key + - name: ansible + types: deb + suites: "{{ codename }}" + components: main + uris: + - "http://ppa.launchpad.net/ansible/ansible/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x93C4A3FD7BB9C367 + - name: ubuntu-mozilla-security + types: deb + suites: "{{ codename }}" + components: main + uris: + - "http://ppa.launchpad.net/ubuntu-mozilla-security/ppa/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA6DCF7707EBC211F + - name: mozillateam + types: deb + suites: "{{ codename }}" + components: main + uris: + - "http://ppa.launchpad.net/mozillateam/ppa/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9BDB3D89CE49EC21 + - name: hashicorp + types: deb + suites: jammy + components: main + uris: + - "https://apt.releases.hashicorp.com" + enabled: true + architectures: amd64 + signed_by: https://apt.releases.hashicorp.com/gpg + - name: helm-stable-debian + types: deb + suites: all + components: main + uris: + - "https://baltocdn.com/helm/stable/debian/" + enabled: true + architectures: amd64 + signed_by: https://baltocdn.com/helm/signing.asc +deb822_repositories_optional: + - name: dockbarx + types: deb + suites: jammy + components: main + uris: + - "http://ppa.launchpad.net/xuzhen666/dockbarx/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x77D026E2EEAD66BD + - name: grub-customizer + types: deb + suites: jammy + components: main + uris: + - "http://ppa.launchpad.net/danielrichter2007/grub-customizer/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0xA8AA1FAA3F055C03 + - name: noobslab-icons + types: deb + suites: eoan + components: main + uris: + - "http://ppa.launchpad.net/noobslab/icons/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD530E028F59EAE4D + - name: trivy + types: deb + suites: jammy + components: main + uris: + - "https://aquasecurity.github.io/trivy-repo/deb" + enabled: true + architectures: amd64 + signed_by: https://aquasecurity.github.io/trivy-repo/deb/public.key + - name: veeam-agent + types: deb + suites: stable + components: veeam + uris: + - "https://repository.veeam.com/backup/linux/agent/dpkg/debian/public" + enabled: true + architectures: amd64 + signed_by: https://repository.veeam.com/keys/veeam.gpg + - name: veracrypt + types: deb + suites: jammy + components: main + uris: + - "http://ppa.launchpad.net/unit193/encryption/ubuntu" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x03647209B58A653A + - name: insync + types: deb + suites: "{{ ansible_distribution_release }}" + components: non-free contrib + uris: + - "https://apt.insync.io/mint" + enabled: true + architectures: amd64 + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xACCAF35C + - name: rancher-desktop + types: deb + suites: "./" + components: [] + uris: + - "https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/" + enabled: true + signed_by: https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/Release.key + - name: lens + types: deb + suites: stable + components: main + uris: + - "https://downloads.k8slens.dev/apt/debian" + enabled: true + architectures: amd64 + signed_by: https://downloads.k8slens.dev/keys/gpg + - name: ngrok + types: deb + suites: buster + components: main + uris: + - "https://ngrok-agent.s3.amazonaws.com" + enabled: true + architectures: amd64 + signed_by: https://ngrok-agent.s3.amazonaws.com/ngrok.asc + +repositories_optional: [] repositories_remove: -- repo: ppa:alexx2000/doublecmd - filename: alexx2000-doublecmd -- repo: deb https://knqyf263.github.io/trivy-repo/deb jammy main - filename: trivy -- repo: ppa:ehoover/compholio - filename: compholio -- repo: deb [arch=amd64] http://repo.fortinet.com/repo/ubuntu/ /xenial multiverse - filename: forticlient - codename: xenial -- repo: deb https://packagecloud.io/github/git-lfs/linuxmint/ ulyana main - filename: github_git-lfs -- repo: ppa:synapse-core/testing - filename: synapse-core -- repo: deb http://apt.puppetlabs.com bionic puppet5 - filename: puppet5 - codename: bionic -- repo: deb [arch=amd64] https://repo.skype.com/deb stable main - codename: stable - filename: skype-stable -- repo: ppa:dawidd0811/neofetch - codename: jammy - filename: neofetch -- repo: deb https://dl.k6.io/deb stable main - filename: k6 - codename: stable -- repo: deb http://apt.puppetlabs.com bionic puppet6 - filename: puppet6 - codename: bionic -- repo: deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main - filename: teams - codename: jammy + - repo: ppa:alexx2000/doublecmd + filename: alexx2000-doublecmd + - repo: deb http://download.opensuse.org/repositories/home:/Alexx2000/xUbuntu_22.04/ / + filename: alexx2000 + - repo: deb https://knqyf263.github.io/trivy-repo/deb jammy main + filename: trivy + - repo: ppa:ehoover/compholio + filename: compholio + - repo: deb [arch=amd64] http://repo.fortinet.com/repo/ubuntu/ /xenial multiverse + filename: forticlient + codename: xenial + - repo: deb https://packagecloud.io/github/git-lfs/linuxmint/ ulyana main + filename: github_git-lfs + - repo: ppa:synapse-core/testing + filename: synapse-core + - repo: deb http://apt.puppetlabs.com bionic puppet5 + filename: puppet5 + codename: bionic + - repo: deb [arch=amd64] https://repo.skype.com/deb stable main + codename: stable + filename: skype-stable + - repo: ppa:dawidd0811/neofetch + codename: jammy + filename: neofetch + - repo: deb https://dl.k6.io/deb stable main + filename: k6 + codename: stable + - repo: deb http://apt.puppetlabs.com bionic puppet6 + filename: puppet6 + codename: bionic + - repo: deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main + filename: teams + codename: jammy + - repo: deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main + filename: brave-browser-release-jammy + codename: stable + - repo: ppa:remmina-ppa-team/remmina-next + filename: remmina-next + - repo: deb https://ppa.launchpadcontent.net/webupd8team/y-ppa-manager/ubuntu impish main + filename: y-ppa-manager + codename: impish + - repo: ppa:libreoffice/ppa + filename: libreoffice + - repo: deb [arch=amd64] https://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04/ / + filename: palemoon + - repo: deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ jammy main + filename: azure-cli + - repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable + filename: docker-stable + - repo: deb https://packages.cloud.google.com/apt gcsfuse-jammy main + filename: gcsfuse + - repo: deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main + filename: google-chrome + - repo: deb https://packages.cloud.google.com/apt cloud-sdk main + filename: google-cloud-sdk + - repo: deb https://ppa.launchpadcontent.net/shutter/ppa/ubuntu impish main + filename: shutter-next + - repo: deb https://deb.nodesource.com/node_16.x impish main + filename: nodesource + - repo: ppa:ansible/ansible + filename: ansible + - repo: ppa:ubuntu-mozilla-security/ppa + filename: ubuntu-mozilla-security + - repo: deb http://repo.sinew.in/ stable main + filename: enpass + - repo: deb http://apt.puppetlabs.com jammy puppet7 + filename: puppet7 + - repo: deb http://repository.spotify.com stable non-free + filename: spotify + - repo: deb https://download.sublimetext.com/ apt/stable/ + filename: sublime-text + - repo: ppa:xuzhen666/dockbarx + filename: dockbarx + - repo: ppa:danielrichter2007/grub-customizer + filename: grub-customizer + - repo: ppa:noobslab/icons + filename: noobslab-icons + - repo: ppa:noobslab/themes + filename: noobslab-themes + - repo: deb https://aquasecurity.github.io/trivy-repo/deb jammy main + filename: trivy + - repo: deb [arch=amd64] https://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable veeam + filename: veeam-agent + - repo: ppa:unit193/encryption + filename: veracrypt + - repo: deb https://ppa.launchpadcontent.net/nilarimogard/webupd8/ubuntu hirsute main + filename: webupdt + - repo: deb https://ppa.launchpadcontent.net/linuxuprising/apps/ubuntu impish main + filename: linuxuprising + - repo: deb https://apt.insync.io/mint vanessa non-free contrib + filename: insync + - repo: deb https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/ ./ + filename: rancher-desktop + - repo: deb https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/ ./ + filename: rancher-desktop + - repo: deb [arch=amd64] https://downloads.k8slens.dev/apt/debian stable main + filename: lens + files_remove: -- path: /etc/apt/sources.list.d/shutter.list -- path: /etc/apt/sources.list.d/veeam.list -- path: /etc/apt/sources.list.d/neofetch.list -- path: /etc/apt/sources.list.d/yubico-stable-foca.list -- path: /etc/apt/sources.list.d/teams.list -keys: -- https://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04/Release.key -- https://download.opensuse.org/repositories/home:/Alexx2000/xUbuntu_22.04/Release.key -- https://packages.microsoft.com/keys/microsoft.asc -- https://dl-ssl.google.com/linux/linux_signing_key.pub -- https://packages.cloud.google.com/apt/doc/apt-key.gpg -- https://dl.sinew.in/keys/enpass-linux.key -- https://www.virtualbox.org/download/oracle_vbox_2016.asc -- https://download.sublimetext.com/sublimehq-pub.gpg -- https://download.docker.com/linux/ubuntu/gpg -- http://repository.veeam.com/keys/veeam.gpg -- https://packagecloud.io/github/git-lfs/gpgkey -- https://apt.puppetlabs.com/pubkey.gpg -- https://aquasecurity.github.io/trivy-repo/deb/public.key -- https://brave-browser-apt-release.s3.brave.com/brave-core.asc -- https://download.spotify.com/debian/pubkey_7A3A762FAFD4A51F.gpg -- https://d2t3ff60b2tol4.cloudfront.net/repomd.xml.key -- https://deb.nodesource.com/gpgkey/nodesource.gpg.key -- https://zoom.us/linux/download/pubkey -- https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/Release.key -- https://downloads.k8slens.dev/keys/gpg -keys_keyserver: -- keyserver: keyserver.ubuntu.com - id: ACCAF35C - # k6 repo -- keyserver: keyserver.ubuntu.com - id: C5AD17C747E3415A3642D57D77C6C491D6AC1D69 -# # forticlient -# - keyserver: keyserver.ubuntu.com -# id: 18AC26395E54716D - # linux uprising -- keyserver: keyserver.ubuntu.com - id: EA8CACC073C3DB2A - # Shutter PPA -- keyserver: keyserver.ubuntu.com - id: FC6D7D9D009ED615 - # Webupdt8 PPA -- keyserver: keyserver.ubuntu.com - id: 531EE72F4C9D234C - # Webupdt8 y-ppa-manager -- keyserver: keyserver.ubuntu.com - id: C2518248EEA14886 - # lens -- keyserver: keyserver.ubuntu.com - id: 666A7D882011D3CE + - path: /etc/apt/sources.list.d/shutter.list + - path: /etc/apt/sources.list.d/veeam.list + - path: /etc/apt/sources.list.d/neofetch.list + - path: /etc/apt/sources.list.d/yubico-stable-foca.list + - path: /etc/apt/sources.list.d/teams.list + - path: /etc/apt/sources.list.d/nodesource.list + - path: /etc/apt/sources.list.d/kubernetes-stable.list + - path: /etc/apt/sources.list.d/brave-browser-release-jammy.list + - path: /etc/apt/sources.list.d/remmina-next.list + - path: /etc/apt/sources.list.d/y-ppa-manager.list + - path: /etc/apt/sources.list.d/libreoffice.list + - path: /etc/apt/sources.list.d/alexx2000.list + - path: /etc/apt/sources.list.d/palemoon.list + - path: /etc/apt/sources.list.d/azure-cli.list + - path: /etc/apt/sources.list.d/docker-stable.list + - path: /etc/apt/sources.list.d/gcsfuse.list + - path: /etc/apt/sources.list.d/google-chrome.list + - path: /etc/apt/sources.list.d/google-cloud-sdk.list + - path: /etc/apt/sources.list.d/shutter-next.list + - path: /etc/apt/sources.list.d/virtualbox.list + - path: /etc/apt/sources.list.d/vscode.list + - path: /etc/apt/sources.list.d/nodesource.list + - path: /etc/apt/sources.list.d/ansible.list + - path: /etc/apt/sources.list.d/microsoft-prod-deb.list + - path: /etc/apt/sources.list.d/ubuntu-mozilla-security.list + - path: /etc/apt/sources.list.d/enpass.list + - path: /etc/apt/sources.list.d/mozillateam.list + - path: /etc/apt/sources.list.d/puppet5.list + - path: /etc/apt/sources.list.d/puppet6.list + - path: /etc/apt/sources.list.d/puppet7.list + - path: /etc/apt/sources.list.d/spotify.list + - path: /etc/apt/sources.list.d/sublime-text.list + - path: /etc/apt/sources.list.d/dockbarx.list + - path: /etc/apt/sources.list.d/grub-customizer.list + - path: /etc/apt/sources.list.d/noobslab-icons.list + - path: /etc/apt/sources.list.d/noobslab-themes.list + - path: /etc/apt/sources.list.d/trivy.list + - path: /etc/apt/sources.list.d/veeam-agent.list + - path: /etc/apt/sources.list.d/veracrypt.list + - path: /etc/apt/sources.list.d/webupdt.list + - path: /etc/apt/sources.list.d/linuxuprising.list + - path: /etc/apt/sources.list.d/insync.list + - path: /etc/apt/sources.list.d/rancher-desktop.list + - path: /etc/apt/sources.list.d/lens.list + - path: /etc/apt/sources.list.d/hashicorp.list +# remove obsoleted binary files from {{ bin_path }}/name +files_remove_bin_path: + - name: packer + - name: terraform + - name: vault + - name: consul + - name: helm + - name: ngrok + - name: k9s + - name: docker-compose + - name: ffluf + - name: tfsec +keys: [] +keys_keyserver: [] keys_remove: -- 5E54716D -- 5E3C45D7B312C643 -- 264E114C6911D08D3BA6CE6C18AC26395E54716D + - 5E54716D packages_remove: -- ansible-base -- kontena-lens -- skypeforlinux -- openjdk-8-jdk -- openjdk-8-jre -- openjdk-8-headless -- openjdk-11-jdk -- openjdk-11-jre -- openjdk-11-headless -- openjdk-13-jdk -- openjdk-13-jre -- openjdk-13-headless -- openjdk-17-jdk -- openjdk-17-jre -- openjdk-17-headless -- openjdk-18-jdk -- openjdk-18-jre -- openjdk-18-headless -- zenmap -- balena-etcher-electron -- teams + - ansible-base + - kontena-lens + - skypeforlinux + - openjdk-8-jdk + - openjdk-8-jre + - openjdk-8-headless + - openjdk-11-jdk + - openjdk-11-jre + - openjdk-11-headless + - openjdk-13-jdk + - openjdk-13-jre + - openjdk-13-headless + - openjdk-17-jdk + - openjdk-17-jre + - openjdk-17-headless + - openjdk-18-jdk + - openjdk-18-jre + - openjdk-18-headless + - zenmap + - balena-etcher-electron + - teams + - brave-browser + - remmina + - remmina-plugin-rdp + - remmina-plugin-vnc + - remmina-plugin-secret + - remmina-plugin-spice + - remmina-plugin-secret + - y-ppa-manager + - libreoffice-base-core + - libreoffice-calc + - libreoffice-common + - libreoffice-core + - libreoffice-gtk3 + - libreoffice-math + - libreoffice-writer + - enpass + - spotify + - sublime-text + - betterbird + - krita + - kdenlive + - firefox + - boxes + - freefilesync + - pinta + - tlpui + - vlc + - hashes + - kodi + - wireshark + - wireshark-qt + - wireshark-gtk + - wireshark-doc + - gitkraken + - wps-office + - rpi-imager + - zoom packages_clean_system: -- apt-transport-https -- ca-certificates + - apt-transport-https + - ca-certificates packages_essential: -- build-essential -- dkms -- dotnet-runtime-7.0 -- dotnet-sdk-7.0 -- gcc -- libvte-dev -- mc -- mint-meta-codecs -- pv -- xz-utils + - build-essential + - dkms + - dotnet-runtime-7.0 + - dotnet-sdk-7.0 + - gcc + - libvte-dev + - mc + - mint-meta-codecs + - pv + - xz-utils packages: -- synaptic -- ansible -- ansible-core -- azure-cli -- google-cloud-sdk -- gcsfuse -- awscli -- palemoon -- code -- dbus-user-session -- powershell -- google-chrome-stable -- virtualbox-6.1 -- dropbox -- krb5-config -- krb5-locales -- krb5-user -- krb5-multidev -- libkrb5-dev -- python3-dev -- python3-pip -- python3-dbus -- python3-all-dev -- python3-wheel -- python3-gpg -- python3-psutil -- diodon -- doublecmd-gtk -- htop -- iotop -- atop -- iftop -- nmap -- remmina -- remmina-plugin-rdp -- remmina-plugin-vnc -- remmina-plugin-secret -- mpv -- rabbitvcs-core -- liblinear-tools -- liblinear-dev -- p7zip-rar -- hwinfo -- ndiff -- extlinux -- syslinux -- va-driver-all -- p7zip-rar -- chromium-codecs-ffmpeg-extra -- wireshark -- xca -- viewnior -- tlp -- ncurses-term -- ssh-import-id -- screen -- tmux -- arj -- terminator -- ncdu -- keepass2 -- smartmontools -- libqt5multimedia5-plugins -- openjdk-19-jre -- openjdk-19-jdk -- openjdk-19-jre-headless -- gsmartcontrol -- nmon -- sysstat -- stress -- nodejs -- unzip -- docker-ce -- shutter -- synapse -- git -- gparted -- filezilla -- git-lfs -- network-manager-fortisslvpn -- openfortivpn -- network-manager-vpnc -- network-manager-openconnect -- redshift-gtk -- iperf3 -- traceroute -- nfs-common -- rdesktop -- gddrescue -- testdisk -- partclone -- clonezilla -- httpie -- ngrep -- tshark -- hping3 -- siege -- trivy -- sshfs -- whois -- dos2unix -- ioping -- dstat -- rclone -- multitail -- shellcheck -- dconf-cli -- dconf-editor -- freerdp2-x11 -- zsh -- netcat -- clusterssh -- moreutils + - ansible + - ansible-core + - arj + - atop + - awscli + - azure-cli + - btop + - chromium-codecs-ffmpeg-extra + - clonezilla + - clusterssh + - code + - consul + - dbus-user-session + - dconf-cli + - dconf-editor + - diodon + - docker-ce + - dos2unix + - doublecmd-gtk + - dropbox + - dstat + - extlinux + - filezilla + - fio + - freerdp2-x11 + - gcsfuse + - gddrescue + - gimp + - git + - git-lfs + - google-chrome-stable + - google-cloud-sdk + - gparted + - gsmartcontrol + - helm + - hping3 + - htop + - httpie + - hwinfo + - iftop + - ioping + - iotop + - iperf3 + - keepass2 + - krb5-config + - krb5-locales + - krb5-multidev + - krb5-user + - libkrb5-dev + - liblinear-dev + - liblinear-tools + - libqt5multimedia5-plugins + - moreutils + - mpv + - multitail + - ncdu + - ncurses-term + - ndiff + - netcat + - network-manager-fortisslvpn + - network-manager-openconnect + - network-manager-vpnc + - nfs-common + - ngrep + - nmap + - nmon + - nodejs + - openfortivpn + - openjdk-19-jdk + - openjdk-19-jre + - openjdk-19-jre-headless + - p7zip-rar + - p7zip-rar + - packer + - palemoon + - partclone + - powershell + - python3-all-dev + - python3-dbus + - python3-dev + - python3-gpg + - python3-pip + - python3-psutil + - python3-wheel + - rabbitvcs-core + - rclone + - rdesktop + - redshift-gtk + - screen + - shellcheck + - shutter + - siege + - smartmontools + - ssh-import-id + - sshfs + - stress + - synapse + - synaptic + - syslinux + - sysstat + - terminator + - terraform + - testdisk + - tlp + - tmux + - traceroute + - trivy + - tshark + - unzip + - va-driver-all + - vault + - viewnior + - virtualbox-7.0 + - whois + - xca + - zsh packages_optional: -- enpass -# missing 2023-01 -#- pdk -- puppet-agent -- kodi -- dockbarx -- grub-customizer -#- adobe-flashplugin -#- adobe-flash-properties-gtk -- gimp -- vlc -- kazam -- sublime-text -- javascript-common -- geoip-database -- geoip-bin -- geoipupdate -- thunderbird -- neofetch -- veeam -- veeamsnap -- pinta -- veracrypt -- spotify-client -- isomaster -- brave-browser -- tlpui -- goaccess -- hashcat -- y-ppa-manager -- insync -- rancher-desktop -- lens + - dockbarx + - geoip-bin + - geoip-database + - geoipupdate + - goaccess + - grub-customizer + - hashcat + - insync + - isomaster + - javascript-common + - kazam + - lens + - neofetch + - ngrok + - rancher-desktop + - veeam + - veeamsnap + - veracrypt deb: -- https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan_3.9.1_amd64.deb -- https://release.axocdn.com/linux/gitkraken-amd64.deb -- https://releases.hashicorp.com/vagrant/2.3.7/vagrant_2.3.7-1_i686.deb -- https://github.com/Eugeny/tabby/releases/download/v1.0.197/tabby-1.0.197-linux-x64.deb -- https://github.com/kubernetes/minikube/releases/download/v1.30.1/minikube_1.30.1-0_amd64.deb -- https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/download/linux/11664/wps-office_11.1.0.11664.XA_amd64.deb -- https://github.com/wagoodman/dive/releases/download/v0.11.0/dive_0.11.0_linux_amd64.deb -- https://github.com/balena-io/etcher/releases/download/v1.18.8/balena-etcher_1.18.8_amd64.deb -- https://github.com/goodwithtech/dockle/releases/download/v0.4.11/dockle_0.4.11_Linux-64bit.deb -- https://github.com/kaikramer/keystore-explorer/releases/download/v5.5.2/kse_5.5.2_all.deb -- https://downloads.raspberrypi.org/imager/imager_1.7.5_amd64.deb -- https://github.com/aquasecurity/kube-bench/releases/download/v0.6.15/kube-bench_0.6.15_linux_amd64.deb -- https://github.com/anchore/syft/releases/download/v0.84.1/syft_0.84.1_linux_amd64.deb -- https://cdn.zoom.us/prod/5.15.2.4260/zoom_amd64.deb -- https://github.com/turbot/steampipe/releases/download/v0.20.8/steampipe_linux_amd64.deb -- https://github.com/ramboxapp/download/releases/download/v2.1.4/Rambox-2.1.4-linux-x64.deb + - https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan_3.9.1_amd64.deb + - https://github.com/Eugeny/tabby/releases/download/v1.0.207/tabby-1.0.207-linux-x64.deb + - https://github.com/kubernetes/minikube/releases/download/v1.32.0/minikube_1.32.0-0_amd64.deb + - https://github.com/wagoodman/dive/releases/download/v0.12.0/dive_0.12.0_linux_amd64.deb + - https://github.com/balena-io/etcher/releases/download/v1.19.5/balena-etcher_1.19.5_amd64.deb + - https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.deb + - https://github.com/kaikramer/keystore-explorer/releases/download/v5.5.3/kse_5.5.3_all.deb + - https://github.com/aquasecurity/kube-bench/releases/download/v0.7.2/kube-bench_0.7.2_linux_amd64.deb + - https://github.com/anchore/syft/releases/download/v1.0.1/syft_1.0.1_linux_amd64.deb + - https://github.com/turbot/steampipe/releases/download/v0.22.1/steampipe_linux_amd64.deb + - https://github.com/ramboxapp/download/releases/download/v2.3.1/Rambox-2.3.1-linux-x64.deb + - https://github.com/derailed/k9s/releases/download/v0.32.3/k9s_linux_amd64.deb flatpak: -- name: https://flathub.org/repo/appstream/com.getpostman.Postman.flatpakref -- name: https://dl.flathub.org/repo/appstream/md.obsidian.Obsidian.flatpakref -- name: https://dl.flathub.org/repo/appstream/com.github.wwmm.easyeffects.flatpakref -- name: zenmap -- name: com.bitwarden.desktop + - name: com.axosoft.GitKraken + - name: com.bitwarden.desktop + - name: com.brave.Browser + - name: com.calibre_ebook.calibre + - name: com.getpostman.Postman + - name: com.github.d4nj1.tlpui + - name: com.github.PintaProject.Pinta + - name: com.github.tchx84.Flatseal + - name: com.github.wwmm.easyeffects + - name: com.spotify.Client + - name: com.sublimetext.three + - name: com.vivaldi.Vivaldi + - name: com.wps.Office + - name: eu.betterbird.Betterbird + - name: io.enpass.Enpass + - name: io.github.peazip.PeaZip + - name: io.github.zefr0x.hashes + - name: io.kinvolk.Headlamp + - name: io.missioncenter.MissionCenter + - name: md.obsidian.Obsidian + - name: org.bleachbit.BleachBit + - name: org.freefilesync.FreeFileSync + - name: org.gimp.GIMP + - name: org.gnome.Boxes + - name: org.kde.kdenlive + - name: org.kde.krita + - name: org.libreoffice.LibreOffice + - name: org.mozilla.firefox + - name: org.raspberrypi.rpi-imager + - name: org.remmina.Remmina + - name: org.torproject.torbrowser-launcher + - name: org.videolan.VLC + - name: org.wireshark.Wireshark + - name: tv.kodi.Kodi + - name: us.zoom.Zoom + - name: zenmap npm: -- name: agentkeepalive - state: latest -- name: npm - state: latest -- name: dockerfilelint - state: latest + - name: agentkeepalive + state: latest + - name: npm + state: latest + - name: dockerfilelint + state: latest pip_executable: pip3 pip: -- pip -#- psutil -- s-tui -- pywinrm[kerberos] -- requests-kerberos -- requests-ntlm -- pywinrm[credssp] -- requests-credssp -- pypsrp -- yamllint -- ansible-lint -- jmespath -- jsonlint -- gittyleaks -- kube-hunter -- pipdeptree -- oci-cli -- terraform-compliance + - pip + - s-tui + - pywinrm[kerberos] + - requests-kerberos + - requests-ntlm + - pywinrm[credssp] + - requests-credssp + - pypsrp + - yamllint + - ansible-lint + - jmespath + - jsonlint + - gittyleaks + - kube-hunter + - pipdeptree + - oci-cli + - terraform-compliance + - sslyze unpack: -- url: https://get.helm.sh/helm-v3.12.1-linux-amd64.tar.gz - destination: helm - source: helm - destination_file: helm3.tar.gz - folder: linux-amd64 -- url: https://github.com/OWASP/Amass/releases/download/v3.23.2/amass_linux_amd64.zip - destination: amass - source: amass - folder: amass_Linux_amd64 - destination_file: amass.zip -- url: https://github.com/yannh/kubeconform/releases/download/v0.6.2/kubeconform-linux-amd64.tar.gz - destination: kubeconform - source: kubeconform - folder: - destination_file: kubeconform-linux-amd64.tar.gz -- url: https://releases.hashicorp.com/packer/1.9.1/packer_1.9.1_linux_amd64.zip - destination: packer - source: packer - destination_file: packer.zip - folder: -- url: https://releases.hashicorp.com/terraform/1.5.2/terraform_1.5.2_linux_amd64.zip - destination: terraform - source: terraform - destination_file: terraform.zip - folder: -- url: https://releases.hashicorp.com/vault/1.14.0/vault_1.14.0_linux_amd64.zip - destination: vault - source: vault - destination_file: vault.zip - folder: -- url: https://github.com/terraform-linters/tflint/releases/download/v0.47.0/tflint_linux_amd64.zip - destination: tflint - source: tflint - destination_file: tflint.zip - folder: -- url: https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip - destination: ngrok - source: ngrok - destination_file: ngrok-stable-linux-amd64.zip - folder: -- url: https://github.com/kastenhq/kubestr/releases/download/v0.4.37/kubestr_0.4.37_Linux_amd64.tar.gz - destination: kubestr - source: kubestr - destination_file: kubestr.tar.gz - folder: -- url: https://github.com/kubernetes-sigs/krew/releases/download/v0.4.3/krew-linux_amd64.tar.gz - destination: krew - source: krew-linux_amd64 - destination_file: krew-linux_amd64.tar.gz - folder: -- url: https://github.com/containerd/nerdctl/releases/download/v1.4.0/nerdctl-1.4.0-linux-amd64.tar.gz - destination: nerdctl - source: nerdctl - destination_file: nerdctl-linux-amd64.tar.gz - folder: -- url: https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.1.0/kustomize_v5.1.0_linux_amd64.tar.gz - destination: kustomize - source: kustomize - destination_file: kustomize.tar.gz - folder: -- url: https://github.com/derailed/k9s/releases/download/v0.27.4/k9s_Linux_amd64.tar.gz - destination: k9s - source: k9s - destination_file: k9s.tar.gz - folder: -- url: https://github.com/doitintl/kube-no-trouble/releases/download/nightly-0.7.0-33-gdf9a017/kubent-nightly-0.7.0-33-gdf9a017-linux-amd64.tar.gz - destination: kubent - source: kubent - destination_file: kubent.tar.gz - folder: -- url: https://github.com/datreeio/datree/releases/download/1.9.10/datree-cli_1.9.10_Linux_x86_64.zip - destination: datree - source: datree - destination_file: datree.zip - folder: + - url: https://github.com/OWASP/Amass/releases/download/v3.23.2/amass_linux_amd64.zip + destination: amass + source: amass + folder: amass_Linux_amd64 + destination_file: amass.zip + - url: https://github.com/yannh/kubeconform/releases/download/v0.6.4/kubeconform-linux-amd64.tar.gz + destination: kubeconform + source: kubeconform + folder: + destination_file: kubeconform-linux-amd64.tar.gz + - url: https://github.com/terraform-linters/tflint/releases/download/v0.50.3/tflint_linux_amd64.zip + destination: tflint + source: tflint + destination_file: tflint.zip + folder: + - url: https://github.com/kastenhq/kubestr/releases/download/v0.4.41/kubestr_0.4.41_Linux_amd64.tar.gz + destination: kubestr + source: kubestr + destination_file: kubestr.tar.gz + folder: + - url: https://github.com/kubernetes-sigs/krew/releases/download/v0.4.4/krew-linux_amd64.tar.gz + destination: krew + source: krew-linux_amd64 + destination_file: krew-linux_amd64.tar.gz + folder: + - url: https://github.com/containerd/nerdctl/releases/download/v1.7.5/nerdctl-1.7.5-linux-amd64.tar.gz + destination: nerdctl + source: nerdctl + destination_file: nerdctl-linux-amd64.tar.gz + folder: + - url: https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz + destination: kustomize + source: kustomize + destination_file: kustomize.tar.gz + folder: + - url: https://github.com/doitintl/kube-no-trouble/releases/download/0.7.2/kubent-0.7.2-linux-amd64.tar.gz + destination: kubent + source: kubent + destination_file: kubent.tar.gz + folder: downloads: -- url: https://github.com/ffuf/ffuf/releases/download/v1.0.2/ffuf_1.0.2_linux_amd64.tar.gz - destination: ffluf - skip_tree: false -- url: https://github.com/FairwindsOps/polaris/releases/download/8.3.0/polaris_linux_amd64.tar.gz - destination: polaris - skip_tree: false -- url: https://github.com/orf/gping/releases/download/gping-v1.13.1/gping-Linux-x86_64.tar.gz - destination: gping - skip_tree: false + - url: https://github.com/ffuf/ffuf/releases/download/v2.1.0/ffuf_2.1.0_linux_amd64.tar.gz + destination: ffuf + skip_tree: false + - url: https://github.com/FairwindsOps/polaris/releases/download/9.0.1/polaris_linux_amd64.tar.gz + destination: polaris + skip_tree: false + - url: https://github.com/orf/gping/releases/download/gping-v1.13.1/gping-Linux-x86_64.tar.gz + destination: gping + skip_tree: false files: -- url: https://github.com/docker/compose/releases/download/v2.19.1/docker-compose-linux-x86_64 - destination: docker-compose -- url: https://github.com/bcicen/ctop/releases/download/v0.7.7/ctop-0.7.7-linux-amd64 - destination: ctop -- url: https://github.com/rancher/rke/releases/download/v1.4.7/rke_linux-amd64 - destination: rke -- url: https://github.com/dannagle/PacketSender/releases/download/v7.2.3/Packet_Sender-v7.2.4.AppImage - destination: packetsender - desktop_file: ./files/apps/packetsender/packetsender.desktop -- url: https://github.com/k3s-io/k3s/releases/download/v1.25.11%2Bk3s1/k3s - destination: k3s -- url: https://github.com/k3d-io/k3d/releases/download/v5.5.1/k3d-linux-amd64 - destination: k3d -- url: https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 - destination: hadolint -- url: https://github.com/gruntwork-io/terragrunt/releases/download/v0.42.5/terragrunt_linux_amd64 - destination: terragrunt -- url: https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 - destination: bicep -- url: https://github.com/aquasecurity/tfsec/releases/download/v1.28.1/tfsec-linux-amd64 - destination: tfsec -- url: https://github.com/alexellis/k3sup/releases/download/0.12.13/k3sup - destination: k3sup -- url: https://github.com/argoproj/argo-cd/releases/download/v2.7.7/argocd-linux-amd64 - destination: argocd + - url: https://github.com/bcicen/ctop/releases/download/v0.7.7/ctop-0.7.7-linux-amd64 + destination: ctop + - url: https://github.com/rancher/rke/releases/download/v1.4.7/rke_linux-amd64 + destination: rke + - url: https://github.com/dannagle/PacketSender/releases/download/v8.6.5/Packet_Sender_v8.6.5-x86_64.AppImage + destination: packetsender + desktop_file: ./files/apps/packetsender/packetsender.desktop + - url: https://github.com/k3s-io/k3s/releases/download/v1.28.7%2Bk3s1/k3s + destination: k3s + - url: https://github.com/k3d-io/k3d/releases/download/v5.6.0/k3d-linux-amd64 + destination: k3d + - url: https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 + destination: hadolint + - url: https://github.com/alexellis/k3sup/releases/download/0.13.5/k3sup + destination: k3sup + - url: https://github.com/argoproj/argo-cd/releases/download/v2.10.3/argocd-linux-amd64 + destination: argocd ansible: cfg: /etc/ansible/ansible.cfg config: - - section: defaults - option: callbacks_whitelist - value: timer,mail,profile_tasks - state: absent - - section: defaults - option: host_key_checking - value: false - state: present - - section: defaults - option: retry_file_enable - value: false - state: present - - section: defaults - option: callbacks_enabled - value: timer,mail,profile_tasks - state: present + - section: defaults + option: host_key_checking + value: false + state: present + - section: defaults + option: retry_file_enable + value: false + state: present + - section: defaults + option: callbacks_enabled + value: timer,profile_tasks + state: present + - section: defaults + option: log_path + value: /var/log/ansible.log + state: present + - section: defaults + option: forks + value: 10 + state: present + - section: ssh_connection + option: pipelining + value: true + state: present + - section: ssh_connection + option: compression_level + value: 9 + state: present startup: -- filename: redshift-gtk.desktop - source: ./files/apps/redshift-gtk/redshift-gtk.desktop -- filename: shutter.desktop - source: ./files/apps/shutter/shutter.desktop -- filename: dropbox.desktop - source: ./files/apps/dropbox/dropbox.desktop -- filename: synapse.desktop - source: ./files/apps/synapse/synapse.desktop -- filename: DockX.desktop - source: ./files/apps/dockbarx/DockX.desktop -- filename: remmina-applet.desktop - source: ./files/apps/remmina/remmina-applet.desktop -- filename: diodon.desktop - source: ./files/apps/diodon/diodon.desktop -- filename: easyeffects.desktop - source: ./files/apps/easyeffects/easyeffects.desktop - + - filename: redshift-gtk.desktop + source: ./files/apps/redshift-gtk/redshift-gtk.desktop + - filename: shutter.desktop + source: ./files/apps/shutter/shutter.desktop + - filename: dropbox.desktop + source: ./files/apps/dropbox/dropbox.desktop + - filename: synapse.desktop + source: ./files/apps/synapse/synapse.desktop + - filename: DockX.desktop + source: ./files/apps/dockbarx/DockX.desktop + - filename: remmina-applet.desktop + source: ./files/apps/remmina/remmina-applet.desktop + - filename: diodon.desktop + source: ./files/apps/diodon/diodon.desktop services: -- ssh -- docker + - ssh + - docker dconf: # remove alt+f7 move window shortcut -- key: "/org/cinnamon/muffin/keybindings/begin-move" - state: present - value: "['']" -- key: "/org/cinnamon/desktop/keybindings/wm/begin-move" - state: present - value: "['']" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings" - state: absent -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/binding" - state: present - value: "['space']" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/command" - state: present - value: "'/usr/bin/synapse'" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/name" - state: present - value: "'Synapse'" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/binding" - state: present - value: "['h']" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/command" - state: present - value: "'/usr/bin/diodon'" -- key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/name" - state: present - value: "'Diodon'" + - key: "/org/cinnamon/muffin/keybindings/begin-move" + state: present + value: "['']" + - key: "/org/cinnamon/desktop/keybindings/wm/begin-move" + state: present + value: "['']" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings" + state: absent + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/binding" + state: present + value: "['space']" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/command" + state: present + value: "'/usr/bin/synapse'" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom0/name" + state: present + value: "'Synapse'" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/binding" + state: present + value: "['h']" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/command" + state: present + value: "'/usr/bin/diodon'" + - key: "/org/cinnamon/desktop/keybindings/custom-keybindings/custom1/name" + state: present + value: "'Diodon'" timezone: Europe/Warsaw vscode_obsolete: -- ms-vscode.go -- ms-vsliveshare.vsliveshare-pack -- ms-vsliveshare.vsliveshare-audio -- hypnoes.word-count -- vscoss.vscode-ansible -- wholroyd.HCL + - ms-vscode.go + - ms-vsliveshare.vsliveshare-pack + - ms-vsliveshare.vsliveshare-audio + - hypnoes.word-count + - vscoss.vscode-ansible + - wholroyd.HCL vscode: -- alefragnani.project-manager -- AquaSecurityOfficial.trivy-vulnerability-scanner -- bierner.markdown-mermaid -- DavidAnson.vscode-markdownlint -- donjayamanne.githistory -- DotJoshJohnson.xml -- eamodio.gitlens -- ecmel.vscode-html-css -- emmanuelbeziat.vscode-great-icons -- eriklynd.json-tools -- exiasr.hadolint -- florianloch.text-transform -- formulahendry.docker-explorer -- gep13.chocolatey-vscode -- github.vscode-github-actions -- GitLab.gitlab-workflow -- golang.go -- hashicorp.hcl -- hashicorp.terraform -- huntertran.auto-markdown-toc -- Kelvin.vscode-sshfs -- marcostazi.VS-code-vagrantfile -- medo64.render-crlf -- mohsen1.prettify-json -- ms-azuretools.vscode-azureterraform -- ms-azuretools.vscode-bicep -- ms-azuretools.vscode-docker -- ms-dotnettools.vscode-dotnet-runtime -- ms-kubernetes-tools.vscode-kubernetes-tools -- ms-python.isort -- ms-python.python -- ms-python.vscode-pylance -- ms-vscode-remote.remote-containers -- ms-vscode-remote.remote-ssh -- ms-vscode.remote-server -- ms-vscode-remote.remote-ssh-edit -- ms-vscode-remote.remote-wsl -- ms-vscode-remote.vscode-remote-extensionpack -- ms-vscode.azure-account -- ms-vscode.azurecli -- ms-vscode.powershell -- ms-vscode.remote-explorer -- ms-vscode.wordcount -- ms-vsliveshare.vsliveshare -- nhoizey.gremlins -- p1c2u.docker-compose -- PascalReitermann93.vscode-yaml-sort -- piotrpalarz.vscode-gitignore-generator -- puppet.puppet-vscode -- rebornix.ruby -- redhat.java -- redhat.vscode-commons -- redhat.vscode-yaml -- rogalmic.bash-debug -- shardulm94.trailing-spaces -- tht13.html-preview-vscode -- Tim-Koehler.helm-intellisense -- timonwong.shellcheck -- wholroyd.jinja -- yzane.markdown-pdf + - alefragnani.project-manager + - aquasecurityofficial.trivy-vulnerability-scanner + - bierner.markdown-mermaid + - danielsanmedium.dscodegpt + - davidanson.vscode-markdownlint + - dogukanakkaya.chatgpt-code + - donjayamanne.githistory + - dotjoshjohnson.xml + - eamodio.gitlens + - ecmel.vscode-html-css + - emmanuelbeziat.vscode-great-icons + - exiasr.hadolint + - florianloch.text-transform + - formulahendry.docker-explorer + - gep13.chocolatey-vscode + - github.codespaces + - github.copilot + - github.copilot-chat + - github.vscode-github-actions + - gitlab.gitlab-workflow + - golang.go + - hashicorp.hcl + - hashicorp.terraform + - henriiik.docker-linter + - humao.rest-client + - huntertran.auto-markdown-toc + - infracost.infracost + - kelvin.vscode-sshfs + - marcostazi.vs-code-vagrantfile + - medo64.render-crlf + - mohsen1.prettify-json + - ms-azuretools.vscode-azureterraform + - ms-azuretools.vscode-bicep + - ms-azuretools.vscode-docker + - ms-dotnettools.vscode-dotnet-runtime + - ms-kubernetes-tools.vscode-kubernetes-tools + - ms-python.debugpy + - ms-python.isort + - ms-python.python + - ms-python.vscode-pylance + - ms-toolsai.jupyter-keymap + - ms-vscode.azure-account + - ms-vscode.azurecli + - ms-vscode.powershell + - ms-vscode.remote-explorer + - ms-vscode-remote.remote-containers + - ms-vscode-remote.remote-ssh + - ms-vscode-remote.remote-ssh-edit + - ms-vscode-remote.remote-wsl + - ms-vscode-remote.remote-wsl-recommender + - ms-vscode.remote-server + - ms-vscode-remote.vscode-remote-extensionpack + - ms-vscode.wordcount + - ms-vsliveshare.vsliveshare + - nhoizey.gremlins + - owenfarrell.vscode-vault + - p1c2u.docker-compose + - pascalreitermann93.vscode-yaml-sort + - pharndt.vscode-markdown-table + - piotrpalarz.vscode-gitignore-generator + - pycom.pymakr + - redhat.java + - redhat.vscode-commons + - redhat.vscode-xml + - redhat.vscode-yaml + - rogalmic.bash-debug + - rust-lang.rust-analyzer + - shardulm94.trailing-spaces + - shopify.ruby-lsp + - slevesque.vscode-zipexplorer + - tfsec.tfsec + - tim-koehler.helm-intellisense + - timonwong.shellcheck + - visualstudioexptteam.intellicode-api-usage-examples + - visualstudioexptteam.vscodeintellicode + - vscjava.vscode-java-debug + - vscjava.vscode-java-dependency + - vscjava.vscode-java-pack + - vscjava.vscode-maven + - wakatime.vscode-wakatime + - wholroyd.jinja + - xyz.plsql-language + - yzane.markdown-pdf + - znck.grammarly sysctl: -# enable bbr congestion for tcp -- name: net.core.default_qdisc - value: fq - state: present -- name: net.ipv4.tcp_congestion_control - value: bbr - state: present -# decrease swappiness when you have plenty of RAM -- name: vm.swappiness - value: 1 - state: present -# cache settings for more mem -- name: vm.vfs_cache_pressure - value: 30 - state: present -- name: vm.dirty_ratio - value: 50 - state: present -- name: vm.dirty_background_ratio - value: 5 - state: present -# better network settings -- name: net.core.netdev_max_backlog - value: 100000 - state: present -- name: net.core.netdev_budget - value: 50000 - state: present -- name: net.core.netdev_budget_usecs - value: 5000 - state: present -- name: net.core.somaxconn - value: 1024 - state: present -- name: net.core.rmem_default - value: 1048576 - state: present -- name: net.core.rmem_max - value: 16777216 - state: present -- name: net.core.wmem_default - value: 1048576 - state: present -- name: net.core.wmem_max - value: 16777216 - state: present -- name: net.core.optmem_max - value: 65536 - state: present -- name: net.ipv4.tcp_rmem - value: "4096 1048576 2097152" - state: present -- name: net.ipv4.tcp_wmem - value: "4096 65536 16777216" - state: present -- name: net.ipv4.udp_rmem_min - value: 8192 - state: present -- name: net.ipv4.udp_wmem_min - value: 8192 - state: present -- name: net.ipv4.tcp_max_syn_backlog - value: 8192 - state: present -- name: net.ipv4.tcp_max_tw_buckets - value: 2000000 - state: present -- name: net.ipv4.tcp_fastopen - value: 3 - state: present -- name: net.ipv4.tcp_slow_start_after_idle - value: 0 - state: present -- name: net.ipv4.tcp_tw_reuse - value: 1 - state: present + # enable bbr congestion for tcp + - name: net.core.default_qdisc + value: fq + state: present + - name: net.ipv4.tcp_congestion_control + value: bbr + state: present + # decrease swappiness when you have plenty of RAM + - name: vm.swappiness + value: 1 + state: present + # cache settings for more mem + - name: vm.vfs_cache_pressure + value: 30 + state: present + - name: vm.dirty_ratio + value: 20 + state: present + - name: vm.dirty_background_ratio + value: 5 + state: present + # better network settings + - name: net.core.netdev_max_backlog + value: 100000 + state: present + - name: net.core.netdev_budget + value: 50000 + state: present + - name: net.core.netdev_budget_usecs + value: 5000 + state: present + - name: net.core.somaxconn + value: 1024 + state: present + - name: net.core.rmem_default + value: 1048576 + state: present + - name: net.core.rmem_max + value: 16777216 + state: present + - name: net.core.wmem_default + value: 1048576 + state: present + - name: net.core.wmem_max + value: 16777216 + state: present + - name: net.core.optmem_max + value: 65536 + state: present + - name: net.ipv4.tcp_rmem + value: "4096 1048576 2097152" + state: present + - name: net.ipv4.tcp_wmem + value: "4096 65536 16777216" + state: present + - name: net.ipv4.udp_rmem_min + value: 8192 + state: present + - name: net.ipv4.udp_wmem_min + value: 8192 + state: present + - name: net.ipv4.tcp_max_syn_backlog + value: 8192 + state: present + - name: net.ipv4.tcp_max_tw_buckets + value: 2000000 + state: present + - name: net.ipv4.tcp_fastopen + value: 3 + state: present + - name: net.ipv4.tcp_slow_start_after_idle + value: 0 + state: present + - name: net.ipv4.tcp_tw_reuse + value: 1 + state: present alternatives: -- name: editor - path: /usr/bin/mcedit - variable: EDITOR + - name: editor + path: /usr/bin/mcedit + variable: EDITOR global_env: -- name: EDITOR - value: mcedit - # end + - name: EDITOR + value: mcedit diff --git a/mint21_tasks.yaml b/mint21_tasks.yaml index eddbb56..0006fbc 100644 --- a/mint21_tasks.yaml +++ b/mint21_tasks.yaml @@ -5,54 +5,44 @@ yubico_repo_key: yubico_repositories: - repo: ppa:yubico/stable filename: yubico-stable-jammy + name: yubico-stable + uris: + - https://ppa.launchpadcontent.net/yubico/stable/ubuntu + signed_by: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x43D5C49532CBA1A9 + types: deb + suites: jammy + components: main yubico_packages: - yubikey-manager - yubikey-personalization-gui - libpam-yubico - libpam-u2f -yubico_appimage: - - url: https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-latest-linux.AppImage - destination: yubioath - desktop_file: ./files/apps/yubico/yubioath.desktop - - url: https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-linux.AppImage - destination: yubikey-manager - desktop_file: ./files/apps/yubico/yubikey-manager.desktop +yubico_flatpak: + - name: com.yubico.yubioath + remote: flathub + ref: present steampipe: update_plugins: true plugins: - name: oci - version: latest - name: cloudflare - version: latest - name: steampipe - version: latest - name: github - version: latest - name: kubernetes - version: latest - name: net - version: latest - name: azure - version: latest - name: aws - version: latest - - name: gcloud - version: latest + - name: gcp - name: trivy - version: latest - name: config - version: latest - - name: crt - version: latest + - name: crtsh - name: csv - version: latest - name: docker - version: latest - - name: gcp - version: latest - - name: gitlab - version: latest - - name: vault - version: latest + - name: theapsgroup/gitlab + - name: theapsgroup/vault - name: ldap - version: latest + - name: whois + - name: ansible + - name: dockerhub + - name: grafana + - name: prometheus diff --git a/tasks/install_yubico_software.yml b/tasks/install_yubico_software.yml index 1ad45ad..b9250ea 100644 --- a/tasks/install_yubico_software.yml +++ b/tasks/install_yubico_software.yml @@ -1,36 +1,54 @@ -- name: add_yubico_repo_key - ansible.builtin.apt_key: - keyserver: "{{ item.keyserver }}" - state: present - id: "{{ item.id }}" - loop: "{{ yubico_repo_key }}" - register: r_keys_yubico_repo_key +- name: remove old repository + ansible.builtin.apt_repository: + repo: "{{ item.repo }}" + state: absent + update_cache: false + loop: "{{ yubico_repositories }}" retries: "{{ retries_count }}" delay: "{{ delay_time }}" - until: r_keys_yubico_repo_key is success - any_errors_fatal: true + register: r_remove_yubico_repositories + until: r_remove_yubico_repositories is success + any_errors_fatal: false tags: - - keys - - task - - yubico -- name: add_yubico_repositories - ansible.builtin.apt_repository: - repo: "{{ item.repo }}" - state: present - codename: "{{ codename }}" - filename: "{{ item.filename }}" - mode: "0644" + - repositories + - task + - yubico + - obsoleted +- name: Remove repository file if exists + ansible.builtin.file: + path: "/etc/apt/sources.list.d/{{ item.filename }}.list" + state: absent + loop: "{{ yubico_repositories }}" + retries: "{{ retries_count }}" + delay: "{{ delay_time }}" + register: r_remove_yubico_repository_files + until: r_remove_yubico_repository_files is success + any_errors_fatal: false + tags: + - repositories + - task + - yubico + - obsoleted +- name: Add Yubico repository in deb822 format + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{ item.types | default('deb') }}" + suites: "{{ item.suites | default('/') }}" + components: "{{ item.components | default(' ') }}" + uris: "{{ item.uris }}" + enabled: "{{ item.enabled | default('true') }}" + signed_by: "{{ item.signed_by | default('null') }}" + architectures: "{{ item.architectures | default('') }}" loop: "{{ yubico_repositories }}" retries: "{{ retries_count }}" - delay: 3 + delay: "{{ delay_time }}" register: r_yubico_repositories until: r_yubico_repositories is success - when: r_keys_yubico_repo_key is success any_errors_fatal: false tags: - - repositories - - task - - yubico + - repositories + - task + - yubico - name: install_yubico_packages ansible.builtin.apt: name: "{{ item }}" @@ -44,53 +62,21 @@ when: r_yubico_repositories is success any_errors_fatal: false tags: - - packages - - task - - yubico -# appimages -- name: download_yubico_files - ansible.builtin.get_url: - url: "{{ item.url }}" - dest: "{{ bin_path }}/{{ item.destination }}" - mode: 0755 - force: yes - loop: "{{ yubico_appimage }}" + - packages + - task + - yubico +- name: Install Yubico Authenticator as Flatpak + community.general.flatpak: + name: "{{ item.name }}" + state: "{{ item.ref }}" + loop: "{{ yubico_flatpak }}" retries: "{{ retries_count }}" delay: "{{ delay_time }}" - register: r_download_yubico_files - until: r_download_yubico_files is success - tags: - - task - - downloads - - apps - - yubico -- name: put_desktop_files_for_yubico - ansible.builtin.copy: - dest: /usr/share/applications - src: "{{ item.desktop_file }}" - owner: root - group: root - mode: 0644 - loop: "{{ yubico_appimage }}" - when: item.desktop_file is defined and item.desktop_file | length >0 - any_errors_fatal: false - register: r_put_yubico_desktop_files - retries: "{{ retries_count }}" - delay: "{{ delay_time }}" - until: r_put_yubico_desktop_files is success - tags: - - task - - downloads - - apps - - yubico -- name: refresh_desktop_database - ansible.builtin.shell: update-desktop-database + register: r_yubico_flatpak + until: r_yubico_flatpak is success + when: r_yubico_repositories is success any_errors_fatal: false - register: r_refresh_desktop_database - failed_when: r_refresh_desktop_database.rc != 0 and r_refresh_desktop_database.stderr != "" - changed_when: false tags: - - task - - downloads - - apps - - yubico + - flatpak + - task + - yubico diff --git a/tasks/steampipe_plugins.yml b/tasks/steampipe_plugins.yml index cf61d04..96b995f 100644 --- a/tasks/steampipe_plugins.yml +++ b/tasks/steampipe_plugins.yml @@ -1,24 +1,20 @@ # add steampipe plugins -- name: inform_about_plugin_name - ansible.builtin.debug: - msg: "Installing plugin: {{ item.name }}" - failed_when: false - any_errors_fatal: false - when: "'steampipe' in ansible_facts.packages" -- name: install_steampipe_plugins - ansible.builtin.shell: - cmd: "steampipe plugin install {{ item.name }}@{{ item.version }}" - register: r_install_steampipe_plugins - become_user: "{{ active_user }}" - failed_when: r_install_steampipe_plugins.rc != 0 and r_install_steampipe_plugins.stderr != "" - changed_when: false - when: "'steampipe' in ansible_facts.packages" -- name: update_steampipe_plugins - ansible.builtin.shell: - cmd: "steampipe plugin update --all" - register: r_install_steampipe_plugins - become_user: "{{ active_user }}" - any_errors_fatal: true - failed_when: r_install_steampipe_plugins.rc != 0 and r_install_steampipe_plugins.stderr != "" - changed_when: false - when: "steampipe.update_plugins" +- name: Install steampipe plugins +# when: steampipe.plugins is defined and 'steampipe' in ansible_facts.packages + block: + - name: inform_about_plugin_name + ansible.builtin.debug: + msg: "Installing plugin: {{ item.name }}" + failed_when: false + any_errors_fatal: false + # when: "'steampipe' in ansible_facts.packages" + - name: install_steampipe_plugins + ansible.builtin.shell: + cmd: "set -o pipefail|steampipe plugin install {{ item.name }}@{{ item.version | default('latest') }}" + register: r_install_steampipe_plugins + become: true + become_user: "{{ active_user }}" + failed_when: r_install_steampipe_plugins.rc != 0 and r_install_steampipe_plugins.stderr != "" + changed_when: false + any_errors_fatal: false + when: "'steampipe' in ansible_facts.packages"