11-25 update

2025-11-28 17:26:03 -08:00
parent 2446f3c039
commit b2b9197dbc
22 changed files with 104 additions and 106 deletions
--- a/VCR-capture.yaml
+++ b/VCR-capture.yaml
@ -8,12 +8,6 @@

  tasks: 

-    - name: user security check
-      include_role:
-        name:  "cosmos_init"
-      vars:
-        security_check_only: true 
-
    - name: refresh special when kiosk update
      when: kiosk_refresh | bool
      set_fact: 
--- a/behemoth-containers.yaml
+++ b/behemoth-containers.yaml
@ -4,6 +4,7 @@
  become: yes
  
  tasks:
+  
    - name: Get Build File Listing
      shell: "ls -lR /opt/containers/*/build.sh | cut -b 41- | cut -d '/' -f 1-4"
      register: behemoth_container_output
--- a/cd-to-iso.yaml
+++ b/cd-to-iso.yaml
@ -2,8 +2,6 @@
 - name: CD to ISO
  hosts: all
  become: yes
-  vars:
-    security_check_only: true

 # Required Jenkins Vars
 # host_ip - string
@ -17,8 +15,6 @@

  roles:

-    - role: cosmos_init
-
    - role: cd_to_iso


--- a/cifs-mount.yaml
+++ b/cifs-mount.yaml
@ -2,16 +2,16 @@
 - name: CIFS Mount 
  hosts: all
  become: yes
-  vars:
-    security_check_only: true

  ###############################################
  # Permanently Mount a CIFS Share
  ###############################################

  roles:
-    - role: cosmos_init
    - role: cifs_mount
+      vars:
+        smb_username: "{{ CIFS_USERNAME }}"
+        smb_password: "{{ CIFS_PASSWORD }}"

 #  tasks:
 #
--- a/cosmos-kiosk.yaml
+++ b/cosmos-kiosk.yaml
@ -7,6 +7,11 @@
    - role: cosmos_init
      when: not refresh_special | bool

+    - role: cosmos_init
+      when: refresh_only | bool
+      vars:
+        security_check_only: true 
+
    - role: docker_workstation
      when: install_docker | bool and not refresh_special | bool

--- a/cosmos-nvidia.yaml
+++ b/cosmos-nvidia.yaml
@ -8,10 +8,11 @@


  roles:
-    - { role: cosmos_init,  vars: {"gather_only": "true" } }
-    - { role: nvidia_drivers, tags: ['nvidia_drivers'] }
-
-
+    
+    - role: cosmos_init
+    
+    - role: nvidia_drivers
+    

 ...

--- a/cosmos-server.yaml
+++ b/cosmos-server.yaml
@ -18,28 +18,16 @@
    - role: ldap_client
      when: install_LDAP | bool  and not refresh_special | bool

-#    - role: special_server
+#    - role: "{{ special_server }}"
+#      when: '"none" not in special_server'
+

  tasks:
-  
-    - name: display special_server
-      debug:
-        msg: "{{ special_server }}"
        
-    - name: Run the appropriate role based on server type
+    - name: "Run {{ special_server }} role"
      include_role:
        name: "{{ special_server }}"
      when: '"none" not in special_server'
      
-#      when: special_server | regex_search("{{ servers_item.name }}")
-#      loop: "{{ servers }}"
-#      loop_control:
-#        loop_var: servers_item
-#
-#    - { role: octoprint, when: special_server | regex_search("Octoprint") }
-#    - { role: kodi, when: special_server | regex_search("Kodi") }
-#    - { role: timelapse, when: special_server | regex_search("Timelapse") }
-
-
 ...

--- a/jenkins_vpn.yaml
+++ b/jenkins_vpn.yaml
@ -6,13 +6,8 @@
  hosts: all
  become: yes
  
-  vars:
-    security_check_only: true
-    

  roles:
-    - role: cosmos_init
-#    - { role: cosmos_init, tags: ['cosmos_init'], vars: {"terse_packages": "true"}, when: not refresh_only | bool }
    - role: jenkins_vpn

 ...
--- a/lldp-scan.yaml
+++ b/lldp-scan.yaml
@ -25,6 +25,11 @@
    - role: cosmos_init
      when: not refresh_only | bool

+    - role: cosmos_init
+      when: refresh_only | bool
+      vars:
+        security_check_only: true 
+
    - role: lldp_scan

    - role: chrome_kiosk
--- a/mattgpt-capture.yaml
+++ b/mattgpt-capture.yaml
@ -16,12 +16,6 @@
    
  tasks: 
    
-    - name: user security check
-      include_role:
-        name:  "cosmos_init"
-      vars:
-        security_check_only: true 
-
    ###############################################
    # Mount remote archive folder
    ###############################################
--- a/pi-init.yaml
+++ b/pi-init.yaml
@ -6,13 +6,7 @@
  # this is meant just as a tiny playbook to run after the public key is injected with jenkins
  
  tasks: 
-
-  - name: user security check
-    include_role:
-      name:  "cosmos_init"
-    vars:
-      security_check_only: true 
-
+  
  # Check System Architecture
  - name: Check CPU Arch
    shell: "dpkg --print-architecture"
--- a/pi-top.yaml
+++ b/pi-top.yaml
@ -3,11 +3,8 @@
  hosts: all
  become: yes

-  vars:
-    security_check_only: true
-
  roles:
-    - role: cosmos_init
+  
    - role: pi-top

 # I discovered that the user projects only work when lightdm is running
--- a/public-capture.yaml
+++ b/public-capture.yaml
@ -10,12 +10,6 @@
    
  tasks: 

-    - name: user security check
-      include_role:
-        name:  "cosmos_init"
-      vars:
-        security_check_only: true 
-        
    ###############################################
    # Check System Architecture
    ###############################################
--- a/puck_routing.yaml
+++ b/puck_routing.yaml
@ -10,13 +10,12 @@
    terse_packages: true
    init_light: true
    vpn_init: false
-    security_check_only: true

  tasks:
        

  roles:
-    - role: cosmos_init
+  
    - role: puck_vpn

 ...
--- a/pxe-server.yaml
+++ b/pxe-server.yaml
@ -13,13 +13,11 @@
 # config_matt - bool
 # kde_full - bool
 # 
-  vars:
-    terse_packages: true

  roles:
    - role: cosmos_init
      when: not refresh_only | bool
-      
+     
    - role: pxe_server

 ...
--- a/rename-endpoint.yaml
+++ b/rename-endpoint.yaml
@ -5,12 +5,6 @@

  tasks:

-  - name: user security check
-    include_role:
-      name:  "cosmos_init"
-    vars:
-      security_check_only: true 
-      
  - name: Rename Endpoint
    include_tasks: /var/jenkins_home/ansible/roles/cosmos_init/tasks/set_hostname.yaml

--- a/rip-cd.yaml
+++ b/rip-cd.yaml
@ -3,9 +3,6 @@
  hosts: all
  become: yes

-  vars:
-    security_check_only: true
-
 # Required Jenkins Vars
 # host_ip - string
 # new_hostname - string
@ -16,8 +13,6 @@

  roles:
    
-    - role: cosmos_init
-
    - role: rip_cd


--- a/ssd_health.yaml
+++ b/ssd_health.yaml
@ -0,0 +1,37 @@
+---
+- name: SSD Health Checker
+  hosts: all
+  become: yes
+
+  roles:
+
+    - role: cosmos_init
+      when: not quick_refresh | bool
+      vars:
+        intall_cockpit: true
+        install_python: true
+        init_light: true 
+        no_vpn: true
+        new_hostname: "ssd-health"
+        public_deploy: true
+
+    - role: docker_workstation
+      when: not quick_refresh | bool
+      vars:
+        docker_full: false
+    
+    - role: ssd_check
+
+    #- role: chrome_kiosk
+    #  when: install_kiosk | bool and not service_only | bool
+    #  vars:
+    #    refresh_special: "{{ quick_refresh }}"
+    #    kiosk_service_templates:
+    #      - chrome_website: "http://0.0.0.0:8088"
+    #        service_name: ssh_dashboard
+    #        service_description: "SSH Health History Dashboard"
+    #        user_data_dir: ""
+    #        extra_service_configs: ""
+    #        extra_chrome_configs: ""
+
+...
--- a/test.yaml
+++ b/test.yaml
@ -1,9 +1,10 @@
 ---
-# https://us.fanntik.top/product/fanttik-e1-max-precision-electric-screwdriver-5/
+# https://www.newyorker.com/culture/the-new-yorker-documentary/the-shutdown-of-usaid-has-already-killed-hundreds-of-thousands
 - name: Ansible Test
  hosts: all
  become: yes
  vars:
+    docker_full: false
    v4l2_id_string: 
      - "earlytest"
      - "AV TO USB2.0"
@ -12,6 +13,7 @@
      - "beholdmybutthole"
    video_ID_0: ""
    ip_check_folder: "/opt/cosmos/ip_check"
+
    #vpn_endpoint: "172.30.2.1"
    #gather_only: true
    #cpu_architecture: "amd64"
@ -54,24 +56,39 @@
    #                --window-position="480,0" \


-#  roles:
-#    - chrome_kiosk
+  roles:
+    - docker_workstation


-  tasks: 
-  
-  - name: user security check
-    include_role:
-      name:  "cosmos_init"
-    vars:
-      security_check_only: true 
-        
-  - name: get debian version info
-    shell: 'cat /etc/os-release | grep VERSION_ID | cut -d\" -f2'
-    register: os_version_id_output
-  - debug:
-      msg: |
-        {{ os_version_id_output.stdout_lines[0] }}
+#  tasks: 
+#  - name: show user vars
+#    debug:
+#      msg: 
+#        - "User email:"
+#        - "{{ jenkins_user}}"
+#        - "Jenkins Group:"
+#        - "{{ jenkins_group}}"
+#        - "SERVER_SUBNET_GROUP:"
+#        - "{{ SERVER_SUBNET_GROUP }}"
+#        - "subnet_group_check:"
+#        - "{{ subnet_group_check }}"
+#        - "Host IP:"
+#        - "{{ ansible_ssh_host }}"
+
+
+#  - name: test tempate
+#    template:
+#      src: test.j2
+#      dest: "/opt/cosmos/test-template.conf"
+#      mode: 0644
+
+
+#  - name: get debian version info
+#    shell: 'cat /etc/os-release | grep VERSION_ID | cut -d\" -f2'
+#    register: os_version_id_output
+#  - debug:
+#      msg: |
+#        {{ os_version_id_output.stdout_lines[0] }}



--- a/trixie_upgrade.yaml
+++ b/trixie_upgrade.yaml
@ -8,12 +8,7 @@
  become: yes

  tasks:
-  - name: user security check
-    include_role:
-      name:  "cosmos_init"
-    vars:
-      security_check_only: true 
-
+  
  - name: Get distribution version
    setup:
      filter: ansible_distribution*
--- a/update-endpoint.yaml
+++ b/update-endpoint.yaml
@ -2,13 +2,9 @@
 - name: Cosmos Workstation Update
  hosts: all
  become: yes
-
-  vars:
-    security_check_only: true
-
+  
  roles:
  
-    - role: cosmos_init

    - role: update_endpoint
 ...
--- a/vm_party.yaml
+++ b/vm_party.yaml
@ -14,9 +14,9 @@
    public_deploy: true
    rename_host: true
    configure_smb: true
-    no_vpn: true
    add_domain: false
    no_vpn: true
+    docker_full: false
    # bridge interface name
    bridge_name: "vmpbr0"
    
@ -24,6 +24,9 @@
    - role: cosmos_init
      when: not run_stage_two | bool and not (update_party | bool) and not (service_only | bool)

+    - role: docker_workstation
+      when: not run_stage_two | bool and not (update_party | bool) and not (service_only | bool)
+
    - role: net_bridge
      when: not (run_stage_two | bool) and not (update_party | bool) and not (service_only | bool)