Colm/student media

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*.yml]
+indent_size = 2
+indent_style = space
+
+[*.sh]
+indent_size = 4
+indent_style = tab

.gitattributes

@@ -0,0 +1 @@
+vars/secrets.yml diff=ansible-vault merge=ansible-vault

.gitignore

@@ -1,3 +1,11 @@
+keys/*
+keys*
+include
+bin/
+lib/
 *.retry
 keys/
 production
+_vault_pass
+_secrets.yml
+share/

.gitmodules

@@ -0,0 +1 @@
+

.nojekyll

@@ -0,0 +1 @@
+

.prettierrc.yml

@@ -0,0 +1,4 @@
+trailingComma: "es5"
+tabWidth: 2
+semi: true
+singleQuote: true

README.md

@@ -1,42 +1,46 @@
-Netsoc Ansible
-=========
+<img src="https://github.com/UCCNetsoc/wiki/raw/master/assets/logo-service-nac.svg" width="360"/>
 
-## Local Development
+## I'm a new SysAdmin, what the heck do I do?
 
-### Prerequisites
+* `ssh` into the Ansible control server (currently `control.netsoc.co:2222`)
+  * `ssh <username>@control.netsoc.co -p 2222 -i <path to ssh key>`
+  * If you have not supplied an SSH key to the Head SysAdmin already:
+    * Open a PR adding your username and key to `setup-control-host.yml`
 
-1. Hashicorp Packer
-2. LXD up and running
+* Clone this repo
 
-### How 2
+* Run `./start-dev.sh` inside the cloned folder (or `./start-dev.sh fish` to use fish instead of bash)
+  * You will need to run `./start-dev.sh` to setup the correct Python packages and environment variables. You must do this before beginning any development/deployment
+  * You will be able to tell you have done this when your terminal prompt looks like this:
+    * `(NaC) <user>@feynman:~/NaC#`
 
-1. Run `./simulation.sh` and wait for everything to startup.
-2. Go ham and run some playbooks!
+* You will need a `keys/` folder which contains SSH keys to target all physical and virtual machines. Ask the Head SysAdmin for this.
+  * Do **NOT** commit them or remove the `keys/` clause from `.gitignore`.
+  * Do **NOT** share them with people who are not SysAdmins
+  * Do **NOT** leave them sitting on a random server somewhere
 
-The simulation may need to be torn down and brought back up after PC restarts.
+* You can peek and edit the vault using `./vault-peek.sh` and `./vault-edit.sh`
 
-SSH Keys are generated and placed into the correct directories. You can SSH to each container/host using username `netsoc` and password `borger`
+* You can list *.vm.netsoc.co by using `./vm-list.sh`
+* You can ssh into *.vm.netsoc.co by running `./vm-ssh.sh <hostname>`, i.e `./vm-ssh.sh web.infra.netsoc.co`
 
-Make sure not to commit the host_vars with changed IPs.
+* The Proxmox Web UI is available at [`proxmox.netsoc.co`](https://proxmox.netsoc.co). You may need to type `thisisunsafe` (if using Chrome) to get past the SSL warning 
 
-## Misc Info
+* For your development, you can use `sshfs` / VSCode Remote / `vim` on the control server / a git branch.
+  * You _will_ need to run your playbooks on the control server
 
-ssh priv key structure:
-`/keys/<host>/id_rsa`
 
-i.e for feynman
-`/keys/feynman/id_rsa`
+## I want to contribute but I'm not a SysAdmin?
 
-`/vars/cloudflare.yml` format:
+* Consider making an issue or contact us in `#servers` in our [Discord](https://discord.netsoc.co)
+  * We'll welcome any help!
 
-```yaml
-cf_api_email: <cloudflare email>
-cf_api_key: <cloudflare api key>
-```
+## I like this repo and want to learn more about UCC Netsoc
 
-`/vars/freeipa.yml` format:
+* Check out our [wiki](https://wiki.netsoc.co)
 
-```yaml
-ipa_ds_password: <directory server pass>
-ipa_admin_password: <admin pass>
-```
+## **Important**
+
+This repo currently contains both playbooks for managing 2019/2020 bare-metal infra and 2020/2021 Proxmox infra. Do not get them confused, have a look at `./hosts` to see what's going on.
+
+### **Read [wiki.netsoc.co](wiki.netsoc.co)**

ansible.cfg

@@ -1,3 +1,9 @@
 [defaults]
 inventory = ./hosts
-nocows = 1
+nocows = 1
+
+# Use the YAML callback plugin.
+stdout_callback = debug
+
+# Use the stdout_callback when running ad-hoc commands.
+bin_ansible_callbacks = True

bass.fish

@@ -0,0 +1,34 @@
+# MIT License
+# 
+# Copyright (c) 2017 Eddie Cao
+# https://github.com/edc/bass
+
+function bass
+  set -l bash_args $argv
+  set -l bass_debug
+  if test "$bash_args[1]_" = '-d_'
+    set bass_debug true
+    set -e bash_args[1]
+  end
+
+  set -l script_file (mktemp)
+  if command -v python3 >/dev/null 2>&1
+    command python3 -sS (dirname (status -f))/bass.py $bash_args 3>$script_file
+  else
+    command python -sS (dirname (status -f))/bass.py $bash_args 3>$script_file
+  end
+  set -l bass_status $status
+  if test $bass_status -ne 0
+    return $bass_status
+  end
+
+  if test -n "$bass_debug"
+    cat $script_file
+  end
+  source $script_file
+  command rm $script_file
+end
+
+function __bass_usage
+  echo "Usage: bass [-d] <bash-command>"
+end

bass.py

@@ -0,0 +1,141 @@
+"""
+MIT License
+
+Copyright (c) 2017 Eddie Cao
+https://github.com/edc/bass
+
+To be used with a companion fish function like this:
+        function refish
+            set -l _x (python /tmp/bass.py source ~/.nvm/nvim.sh ';' nvm use iojs); source $_x; and rm -f $_x
+        end
+"""
+
+from __future__ import print_function
+
+import json
+import os
+import signal
+import subprocess
+import sys
+import traceback
+
+
+BASH = 'bash'
+
+FISH_READONLY = [
+    'PWD', 'SHLVL', 'history', 'pipestatus', 'status', 'version',
+    'FISH_VERSION', 'fish_pid', 'hostname', '_', 'fish_private_mode'
+]
+
+IGNORED = [
+ 'PS1', 'XPC_SERVICE_NAME'
+]
+
+def ignored(name):
+    if name == 'PWD':  # this is read only, but has special handling
+        return False
+    # ignore other read only variables
+    if name in FISH_READONLY:
+        return True
+    if name in IGNORED or name.startswith("BASH_FUNC"):
+        return True
+    return False
+
+def escape(string):
+    # use json.dumps to reliably escape quotes and backslashes
+    return json.dumps(string).replace(r'$', r'\$')
+
+def escape_identifier(word):
+    return escape(word.replace('?', '\\?'))
+
+def comment(string):
+    return '\n'.join(['# ' + line for line in string.split('\n')])
+
+def gen_script():
+    # Use the following instead of /usr/bin/env to read environment so we can
+    # deal with multi-line environment variables (and other odd cases).
+    env_reader = "%s -c 'import os,json; print(json.dumps({k:v for k,v in os.environ.items()}))'" % (sys.executable)
+    args = [BASH, '-c', env_reader]
+    output = subprocess.check_output(args, universal_newlines=True)
+    old_env = output.strip()
+
+    pipe_r, pipe_w = os.pipe()
+    if sys.version_info >= (3, 4):
+      os.set_inheritable(pipe_w, True)
+    command = 'eval $1 && ({}; alias) >&{}'.format(
+        env_reader,
+        pipe_w
+    )
+    args = [BASH, '-c', command, 'bass', ' '.join(sys.argv[1:])]
+    p = subprocess.Popen(args, universal_newlines=True, close_fds=False)
+    os.close(pipe_w)
+    with os.fdopen(pipe_r) as f:
+        new_env = f.readline()
+        alias_str = f.read()
+    if p.wait() != 0:
+        raise subprocess.CalledProcessError(
+            returncode=p.returncode,
+            cmd=' '.join(sys.argv[1:]),
+            output=new_env + alias_str
+        )
+    new_env = new_env.strip()
+
+    old_env = json.loads(old_env)
+    new_env = json.loads(new_env)
+
+    script_lines = []
+
+    for k, v in new_env.items():
+        if ignored(k):
+            continue
+        v1 = old_env.get(k)
+        if not v1:
+            script_lines.append(comment('adding %s=%s' % (k, v)))
+        elif v1 != v:
+            script_lines.append(comment('updating %s=%s -> %s' % (k, v1, v)))
+            # process special variables
+            if k == 'PWD':
+                script_lines.append('cd %s' % escape(v))
+                continue
+        else:
+            continue
+        if k == 'PATH':
+            value = ' '.join([escape(directory)
+                              for directory in v.split(':')])
+        else:
+            value = escape(v)
+        script_lines.append('set -g -x %s %s' % (k, value))
+
+    for var in set(old_env.keys()) - set(new_env.keys()):
+        script_lines.append(comment('removing %s' % var))
+        script_lines.append('set -e %s' % var)
+
+    script = '\n'.join(script_lines)
+
+    alias_lines = []
+    for line in alias_str.splitlines():
+        _, rest = line.split(None, 1)
+        k, v = rest.split("=", 1)
+        alias_lines.append("alias " + escape_identifier(k) + "=" + v)
+    alias = '\n'.join(alias_lines)
+
+    return script + '\n' + alias
+
+script_file = os.fdopen(3, 'w')
+
+if not sys.argv[1:]:
+    print('__bass_usage', file=script_file, end='')
+    sys.exit(0)
+
+try:
+    script = gen_script()
+except subprocess.CalledProcessError as e:
+    sys.exit(e.returncode)
+except Exception:
+    print('Bass internal error!', file=sys.stderr)
+    raise # traceback will output to stderr
+except KeyboardInterrupt:
+    signal.signal(signal.SIGINT, signal.SIG_DFL)
+    os.kill(os.getpid(), signal.SIGINT)
+else:
+    script_file.write(script)