diff --git a/README.md b/README.md index 9d5c1fb..8507eeb 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ thoroughly reviewed it, especially the system hardening and security tweaks that - ***gaming***: gaming on linux, e.g. Steam and Heroic Games Launcher. - ***security***: security-related softwares and tweaks, e.g. applying custom system limits, installing an antivirus. - ***server***: common tooling for servers, e.g. monitoring, altering, firewall rules. +- ***workstation***: tooling and configuration for an X11 graphical workstation. # Usage ## Prerequisites @@ -84,8 +85,6 @@ Execute a command using the Python wrapper that activates the virtualenv, e.g. ` #### docker *build*: build all docker images available in `/images`, e.g. `task docker:build` -*push*: push built images to docker hub, e.g. `task docker:push` - #### module: Directly execute a Python module located in `collections/ansible_collections/nullified/infrastructure/plugins/modules` with its default configuration (typically the path to a test YAML file). Used only for debugging purpose. @@ -98,6 +97,9 @@ Useful to ensure playbooks behave as expected using a Docker container. #### test:modules Run Ansible's sanity tests on each collections declared in `collections/ansible_collections`. +#### nosey +Run `noseyparker`, a tool that aims to find potential data leak such as passwords and security token. + ### Examples ```shell # encrypt vault @@ -119,70 +121,16 @@ cd nullified/infrastructure/roles task venv -- ansible-galaxy collection init tooling ``` ---- +## Advanced Configuration +### Global variables +Global variables are defined in `inventory/group_vars/all/vars.yml` and are used in multiple roles and playbooks. +`dns.type`: what type of DNS configuration should be performed; also works as a selector for type related parameters; +`dns.default`: default type of DNS configuration to setup; will use the corresponding `dns.` dictionary retrieve corresponding data; +`dns.udp`: IP addresses for basic DNS configuration; +`dns.dot`: IP addresses for DNS-over-TLS configuration; +`dns.doh`: IP addresses and HTTPS addresses for DNS-over-HTTPS configuration; -## Cheatsheet -### Ansible usage -```shell -# validate files -ansible-playbook --syntax-check - -# gather facts of a docker container -ansible -m setup -``` - -```yaml -# handlers -# invoked by a task through `notify`, executed only if caller triggered a state change; runs at the end of the play in the order they are declared; - -# -> force handlers to run: -- name: execute all handlers - meta: flush_handlers -``` - -***runtime grouping*** -```yaml -name: coin -hosts: all -gather_facts: true -tasks: - - name: group by OS - group_by: - key: "{{ ansible_facts.distribution }}" -``` - -***builtin vars*** -- hostvars: {hostname => kvp_vars, ...}, -- inventory_hostname(_short)?: name of current host, -- group_names: list of groups assigned to current host, -- groups: {groupname => [hostX, ...], ...}, -- ansible_check_mode: isRunningInCheckMode ?, -- ansible_play_batch: list inventory hostnames active in current batch, -- ansibble_play_hosts: ist inventory hostnames active in current play, - -### Python modules -***argument options*** -> *NOTE* -> Ansible Up and Running, page 503 - -- *default*: default value if arg is required, -- *choices*: list of possible values for an array arg, -- *deprecated_aliases*: deprecate aliases; `dict(name, version, date, collection_name)`, -- *aliases*: aliases for given argument, -- *type*: arg type, -- *elements*: set type of list elements if arg is array, -- *fallback*: tuple of a lookup function and a list to pass to it, -- *no_log*: mask arg value in logs for sensitive data, -- *options*: complex args; create list of suboptions, -- *mutually_exclusive*: list of mutually exclusive suboptions, -- *required_together*: list of names of sub options, -- *required_one_of*: list of required mutually exclusive suboptions, -- *required_if*: sequence of sequences, -- *required_by*: dic mapping option names to seqs of option names - ---- - -### Notes / Todo +## Notes ***dir layout*** - collections: ansible root dir for all collections to reside in; - images: docker images, mostly used for ansible-test / molecule;