From 1b968ccac8ba537a4f9d4eb62de7905fd61f6130 Mon Sep 17 00:00:00 2001
From: quackerd <d@quacker.org>
Date: Mon, 25 Jan 2021 03:17:08 -0500
Subject: [PATCH] +ansible update scripts

---
 ansible/check-reboot.yml | 29 ++++++++++++++
 ansible/dnf-update.yml   | 19 +++++++++
 ansible/reboot.yml       | 11 +++++
 centos/setup.sh          | 87 ----------------------------------------
 vps/centos7_setup.sh     | 66 ------------------------------
 5 files changed, 59 insertions(+), 153 deletions(-)
 create mode 100644 ansible/check-reboot.yml
 create mode 100644 ansible/dnf-update.yml
 create mode 100644 ansible/reboot.yml
 delete mode 100644 centos/setup.sh
 delete mode 100644 vps/centos7_setup.sh

diff --git a/ansible/check-reboot.yml b/ansible/check-reboot.yml
new file mode 100644
index 0000000..248e5f8
--- /dev/null
+++ b/ansible/check-reboot.yml
@@ -0,0 +1,29 @@
+- hosts: all
+  gather_facts: true
+  become: true
+  strategy: free
+    #any_errors_fatal: yes
+  tasks:
+  - name: dnf install needs-restarting
+    dnf:
+      name: "yum-utils"
+      state: latest
+    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts  ['distribution_major_version'] >= '8'
+
+  - name: yum install needs-restarting
+    yum:
+      name: "yum-utils"
+      state: latest
+    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] <= '7'
+
+  - name: check reboot
+    command: "/usr/bin/needs-restarting -r"
+    register: reboot_required
+    ignore_errors: True
+    changed_when: False
+    failed_when: reboot_required.rc == 1
+
+  - debug:
+      var: reboot_required.rc
+      verbosity: 2
+
diff --git a/ansible/dnf-update.yml b/ansible/dnf-update.yml
new file mode 100644
index 0000000..013d201
--- /dev/null
+++ b/ansible/dnf-update.yml
@@ -0,0 +1,19 @@
+- hosts: all
+  gather_facts: true
+  become: true
+  strategy: free
+    #any_errors_fatal: yes
+  tasks:
+  - name: dnf update
+    dnf:
+      name:  "*"
+      state: latest
+    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts  ['distribution_major_version'] >= '8'
+
+  - name: yum update
+    yum:
+      name: "*"
+      state: latest
+    when: ansible_facts['os_family'] == 'RedHat' and ansible_facts ['distribution_major_version'] <= '7'
+
+
diff --git a/ansible/reboot.yml b/ansible/reboot.yml
new file mode 100644
index 0000000..91d2272
--- /dev/null
+++ b/ansible/reboot.yml
@@ -0,0 +1,11 @@
+- hosts: physical
+  gather_facts: false
+  become: true
+  serial: 1
+  any_errors_fatal: true
+  tasks:
+  - name: reboot
+    reboot:
+
+
+
diff --git a/centos/setup.sh b/centos/setup.sh
deleted file mode 100644
index e2d3d66..0000000
--- a/centos/setup.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-# packages
-cp /etc/dnf/dnf.conf /etc/dnf/dnf.conf.backup
-cat /etc/dnf/dnf.conf.backup > sed -E "s/installonly_limit=.*/installonly_limit=2/g" > /etc/dnf/dnf.conf
-
-# remove useless packages
-dnf remove cockpit
-dnf autoremove
-
-dnf update -y
-dnf install -y vim git curl wget sudo epel-release policycoreutils
-
-# zsh
-dnf install -y zsh sqlite
-
-# sanoid
-dnf install -y perl-Data-Dumper lzop mbuffer mhash pv perl-CPAN
-
-cat << EOT >> /etc/sudoers
-#
-# configured by the script
-#
-Defaults rootpw
-EOT
-
-# SSH KEY
-mkdir /home/quackerd/.ssh
-cat << EOT >> /home/quackerd/.ssh/authorized_keys
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+IsyBTcVbcgk+zabvFEVOWPB3eGVDlJSyNikl3DTYScYPVYIKMTdQ9E9T2bDrGaTG3fTfATqiCcQmOGTOtKcpHGwiHxb9aMYmQ6fQFt3ry5zByX393/zYoH1oxVKNcnqkAPAmCuunsgjts5buY+Xes6paem/vIY4/qVXn/SgackroGh0dN1coNOZGqhTGKF84GcFir20TyFTunV2Yly86Z3RnbR4gJ5BPcyIGqB0IFT7OBsVwLFFCZ2cYrILUuFp4JCbkEUvBeT5IjXzyIVgGCszrA/gzk5rTMDiSZhH2CXbr2u6TZGoKT/UuRnkRuzmP36vhWMk7sn9dgiu+RhNof08Z1HUHh2875CY0BMekyAK7DZbCUT3hvZK5Chdx3A/+JFLwIPjVoeYJAQ2qzlCojFYXPaCJdxRVIBda13aHKE0WXELaxqoVQWzEPjv+v/p4ifEkeBdszo+mCLR71isuyyDSfSvCLC/PEq9xxWEh19SJR7RJOZOrBEeaH8Yip6+gALSB6jeKw/IRyH637wLDx3941R+4XKCCQlszydgIOTZuXwQ9yTM4/4S7tIMcAWajkSa2u0fBTvm+3jl3B0+b5Vr/7GHcDzbFFp2lpFSFF/wWQjZSvoJgV+/du6bDK24ZHdb6iS55k/D32V1KfH4LbyjNppPl13c8clgnKLkR+w==
-EOT
-chown quackerd:quackerd /home/quackerd/.ssh
-chown quackerd:quackerd /home/quackerd/.ssh/authorized_keys
-chmod 700  /home/quackerd/.ssh
-chmod 644  /home/quackerd/.ssh/authorized_keys
-
-# DOCKER
-echo "Setting up docker..."
-dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-dnf update
-dnf install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.1.el7.x86_64.rpm
-dnf install -y docker
-systemctl enable --now docker
-
-# DOCKER-COMPOSE
-curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-chmod +x /usr/local/bin/docker-compose
-ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
-
-# KVM
-dnf -y groupinstall 'Virtualization Host'
-dnf install -y virt-manager xauth
-systemctl start libvirtd
-systemctl enable libvirtd
-
-# zfs
-dnf install -y http://download.zfsonlinux.org/epel/zfs-release.el8_1.noarch.rpm
-dnf update
-
-# SSHD
-echo "Setting up sshd..."
-semanage port -a -t ssh_port_t -p tcp 77
-cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
-cat /etc/ssh/sshd_config.backup | \
-sed -E 's/#* *PermitRootLogin.*/PermitRootLogin no/g' | \
-sed -E 's/#* *PasswordAuthentication.*/PasswordAuthentication no/g' | \
-sed -E 's/#* *ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g' | \
-sed -E 's/#* *X11Forwarding.*/X11Forwarding yes/g' | \
-sed -E 's/#* *Port.*/Port 77/g' > /etc/ssh/sshd_config
-
-cat << EOT >> /etc/ssh/sshd_config
-Match address 129.97.75.0/24
-        PasswordAuthentication yes
-        PermitRootLogin without-password
-EOT
-systemctl restart sshd
-
-# firewall
-echo "Setting up firewall..."
-cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh.xml
-cat /usr/lib/firewalld/services/ssh.xml | sed -E 's/port=\".*\"(.*)/port=\"77\"\1/g' > /etc/firewalld/services/ssh.xml
-firewall-cmd --reload
-firewall-cmd --permanent --add-service=ssh
-firewall-cmd --permanent --remove-service=dhcpv6-client --remove-service=cockpit
-firewall-cmd --reload
-
-echo "Setup completed. Please install perl dependencies for sanoid and switch to zfs kmod repo."
-echo "cpan - install Capture::Tiny - install Config::IniFiles"
diff --git a/vps/centos7_setup.sh b/vps/centos7_setup.sh
deleted file mode 100644
index 2e2ba92..0000000
--- a/vps/centos7_setup.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-# packages
-USER=$1
-
-if [ -z "$USER" ]
-then
-    echo "Must specify a user!"
-    exit
-fi
-
-yum update -y
-yum install -y yum-utils vim git zsh curl wget sudo policycoreutils-python python3 epel-release
-
-cat << EOT >> /etc/sudoers
-#
-# configured by the script
-#
-Defaults rootpw
-EOT
-
-adduser $USER
-usermod -aG wheel $USER
-mkdir -p /home/$USER/.ssh
-cat << EOT >> /home/$USER/.ssh/authorized_keys
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+IsyBTcVbcgk+zabvFEVOWPB3eGVDlJSyNikl3DTYScYPVYIKMTdQ9E9T2bDrGaTG3fTfATqiCcQmOGTOtKcpHGwiHxb9aMYmQ6fQFt3ry5zByX393/zYoH1oxVKNcnqkAPAmCuunsgjts5buY+Xes6paem/vIY4/qVXn/SgackroGh0dN1coNOZGqhTGKF84GcFir20TyFTunV2Yly86Z3RnbR4gJ5BPcyIGqB0IFT7OBsVwLFFCZ2cYrILUuFp4JCbkEUvBeT5IjXzyIVgGCszrA/gzk5rTMDiSZhH2CXbr2u6TZGoKT/UuRnkRuzmP36vhWMk7sn9dgiu+RhNof08Z1HUHh2875CY0BMekyAK7DZbCUT3hvZK5Chdx3A/+JFLwIPjVoeYJAQ2qzlCojFYXPaCJdxRVIBda13aHKE0WXELaxqoVQWzEPjv+v/p4ifEkeBdszo+mCLR71isuyyDSfSvCLC/PEq9xxWEh19SJR7RJOZOrBEeaH8Yip6+gALSB6jeKw/IRyH637wLDx3941R+4XKCCQlszydgIOTZuXwQ9yTM4/4S7tIMcAWajkSa2u0fBTvm+3jl3B0+b5Vr/7GHcDzbFFp2lpFSFF/wWQjZSvoJgV+/du6bDK24ZHdb6iS55k/D32V1KfH4LbyjNppPl13c8clgnKLkR+w==
-EOT
-chown $USER:$USER /home/$USER/.ssh
-chown $USER:$USER /home/$USER/.ssh/authorized_keys
-chmod 700  /home/$USER/.ssh
-chmod 644  /home/$USER/.ssh/authorized_keys
-
-# DOCKER
-echo "Setting up docker..."
-yum-config-manager \
-    --add-repo \
-    https://download.docker.com/linux/centos/docker-ce.repo
-yum update
-yum install -y docker-ce
-systemctl enable --now docker
-systemctl start docker
-
-curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-chmod +x /usr/local/bin/docker-compose
-ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
-
-# kernel-ml, bbr
-yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
-yum --enablerepo=elrepo-kernel install -y kernel-ml
-grub2-set-default 0
-echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf
-echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf
-
-# SSHD
-echo "Setting up sshd..."
-semanage port -a -t ssh_port_t -p tcp 77
-cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
-cat /etc/ssh/sshd_config.backup | \
-sed -E 's/#* *PermitRootLogin.*/PermitRootLogin no/g' | \
-sed -E 's/#* *PasswordAuthentication.*/PasswordAuthentication no/g' | \
-sed -E 's/#* *Port.*/Port 77/g' > /etc/ssh/sshd_config
-
-firewall-cmd --remove-service=ssh --permanent
-firewall-cmd --add-port=77/tcp --permanent
-firewall-cmd --reload
-
-systemctl restart sshd