From 3462e96c1e42a74561665994fe5307db8982cb55 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 27 Jun 2022 09:37:52 -0400 Subject: [PATCH 1/4] Add tart to server list --- ansible/ansible_hosts.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/ansible_hosts.yaml b/ansible/ansible_hosts.yaml index 6994dc5..904e200 100644 --- a/ansible/ansible_hosts.yaml +++ b/ansible/ansible_hosts.yaml @@ -14,3 +14,5 @@ all: ansible_user: gliverma mini-watcher.local: ansible_user: gene + tart.local: + ansible_user: pi From 99d5e66a2596cff7d199502d5f7fc97c56be21f8 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 27 Jun 2022 09:38:46 -0400 Subject: [PATCH 2/4] Install ansible via pip, adjust PATH on Linux zsh Prior to this, Homebrew paths came before system ones and overrode access to system python on Linux. The DEB version of Ansible also has a bug preventing collections from being installed from Galaxy. --- ansible/carbonbean.yaml | 19 +++++++++++++++++-- link/nix/zshrc | 13 +++++++++---- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/ansible/carbonbean.yaml b/ansible/carbonbean.yaml index 457a809..bc871fb 100644 --- a/ansible/carbonbean.yaml +++ b/ansible/carbonbean.yaml @@ -99,7 +99,6 @@ state: latest pkg: - 1password - - ansible-lint - bat - boinc-manager - boinctui @@ -231,7 +230,10 @@ - name: Python packages via pip ansible.builtin.pip: + state: latest name: + - ansible + - ansible-lint - flake8 - name: Install packages from Homebrew @@ -273,8 +275,21 @@ dest: "{{ lookup('env', 'HOME') }}/.zshrc" state: link - - name: Set shell to zsh + - name: Set shell to zsh and add to groups become: true ansible.builtin.user: name: "{{ lookup('env', 'USER') }}" shell: /usr/bin/zsh + append: true + groups: + - dialout + + - name: Add passwordless sudo entries + become: true + jonellis.sudoers.sudoers: + name: "{{ lookup('env', 'USER') }}-no-password" + user: "{{ lookup('env', 'USER') }}" + nopassword: true + command: + - /usr/bin/systemctl restart pcscd + - /usr/bin/pkill -9 gpg-agent diff --git a/link/nix/zshrc b/link/nix/zshrc index 806a4c5..2b8bbea 100644 --- a/link/nix/zshrc +++ b/link/nix/zshrc @@ -24,7 +24,14 @@ if [[ $(uname) == 'Darwin' ]]; then fi elif [[ $(uname) == 'Linux' ]]; then if [[ -e /home/linuxbrew/.linuxbrew/bin/brew ]]; then - eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + # Don't use the eval so that it doesn't override system python + # eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + export HOMEBREW_PREFIX="/home/linuxbrew/.linuxbrew" + export HOMEBREW_CELLAR="/home/linuxbrew/.linuxbrew/Cellar" + export HOMEBREW_REPOSITORY="/home/linuxbrew/.linuxbrew/Homebrew" + export PATH="${PATH}:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" + export MANPATH="/home/linuxbrew/.linuxbrew/share/man${MANPATH+:$MANPATH}:" + export INFOPATH="/home/linuxbrew/.linuxbrew/share/info:${INFOPATH:-}" fi fi @@ -237,9 +244,7 @@ if [[ `uname` == 'Darwin' ]]; then export RUBYOPT='-W:no-deprecated -W:no-experimental' fi elif [[ `uname` == 'Linux' ]]; then - if [ -d "$HOME/.local/bin" ] ; then - PATH="$HOME/.local/bin:$PATH" - fi + PATH="$HOME/.local/bin:$PATH" if [ -d "$HOME/.local/share/gem/ruby/3.0.0/bin" ] ; then PATH="$HOME/.local/share/gem/ruby/3.0.0/bin:$PATH" From ba1fcf62a52c22ae25b628b5302137d6fc9a7b03 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 27 Jun 2022 16:45:03 -0400 Subject: [PATCH 3/4] Setup git-credential-manager --- ansible/carbonbean.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/carbonbean.yaml b/ansible/carbonbean.yaml index bc871fb..c53ca98 100644 --- a/ansible/carbonbean.yaml +++ b/ansible/carbonbean.yaml @@ -121,6 +121,7 @@ - libssl-dev - neofetch - packer + - pass - pcsc-tools - pcscd - pdk @@ -145,6 +146,12 @@ - yubikey-manager - zsh + - name: Install git-credential-manager deb package + become: true + ansible.builtin.apt: + state: present + deb: https://github.com/GitCredentialManager/git-credential-manager/releases/download/v2.0.696/gcmcore-linux_amd64.2.0.696.deb + - name: Install Profile Switcher for Firefox deb package become: true ansible.builtin.apt: From 166a2716cc6ae8e6b95525bcd60738f1d89a6c00 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 27 Jun 2022 17:02:07 -0400 Subject: [PATCH 4/4] Install gcloud cli via apt repo instead --- ansible/carbonbean.yaml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/ansible/carbonbean.yaml b/ansible/carbonbean.yaml index c53ca98..6e4f168 100644 --- a/ansible/carbonbean.yaml +++ b/ansible/carbonbean.yaml @@ -6,7 +6,7 @@ tasks: - name: Add 1Password apt signing key - include_role: + ansible.builtin.include_role: name: jack1142.apt_signing_key vars: url: https://downloads.1password.com/linux/keys/1password.asc @@ -21,8 +21,23 @@ filename: 1password update_cache: false + - name: Add Google Cloud apt key + become: true + ansible.builtin.apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + keyring: /usr/share/keyrings/cloud.google.gpg + state: present + + - name: Add Google apt repo + become: true + ansible.builtin.apt_repository: + repo: deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main + state: present + filename: google-cloud-sdk + update_cache: false + - name: Add Okta ASA client apt signing key - include_role: + ansible.builtin.include_role: name: jack1142.apt_signing_key vars: url: https://dist.scaleft.com/pki/scaleft_deb_key.asc @@ -52,7 +67,7 @@ update_cache: false - name: Add Tailscale apt signing key - include_role: + ansible.builtin.include_role: name: jack1142.apt_signing_key vars: url: https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg @@ -112,6 +127,8 @@ - git - git-lfs - gnupg + - google-cloud-cli + - google-cloud-cli-gke-gcloud-auth-plugin - htop - httpie - hub @@ -217,7 +234,6 @@ classic: true name: - gitkraken # official version - - google-cloud-cli # official version - name: Cider from Snapcraft become: true