add new roles

playbooks/roles/arch/files/27.jsonc

@@ -0,0 +1,49 @@
+{
+    "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
+    "logo": {
+        "type": "small",
+        "padding": {
+            "top": 1
+        }
+    },
+    "display": {
+        "separator": "  "
+    },
+    "modules": [
+        "break",
+        "title",
+        {
+            "type": "os",
+            "key": "os    ",
+            "keyColor": "red"
+        },
+        {
+            "type": "kernel",
+            "key": "kernel",
+            "keyColor": "green"
+        },
+        {
+            "type": "host",
+            "format": "{vendor} {family}",
+            "key": "host  ",
+            "keyColor": "yellow"
+        },
+        {
+            "type": "packages",
+            "key": "pkgs  ",
+            "keyColor": "blue"
+        },
+        {
+            "type": "uptime",
+            "format": "{?days}{days}d {?}{hours}h {minutes}m",
+            "key": "uptime",
+            "keyColor": "magenta"
+        },
+        {
+            "type": "memory",
+            "key": "memory",
+            "keyColor": "cyan"
+        },
+        "break"
+    ]
+}

playbooks/roles/arch/files/checkmk_push.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/local/bin/check_mk_agent | ssh monitor 'cat > /omd/sites/monitoring/var/pushed_checks/pi2'

playbooks/roles/arch/tasks/main.yml

@@ -0,0 +1,79 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks to setup arch hosts
+
+
+# Pacman
+- name: Run full system upgrade
+  community.general.pacman:
+    update_cache: true
+    upgrade: true
+
+- name: Add cronjob for daily updates 
+  ansible.builtin.cron:
+    name: "daily full upgrade"
+    user: root
+    special_time: daily
+    job: "pacman -Syu --noconfirm"
+
+- name: Add pacman animation 
+  ansible.builtin.lineinfile:
+    path: /etc/pacman.conf
+    line: ILoveCandy
+
+# Fastfetch prompt
+- name: Install fastfetch
+  community.general.pacman:
+    name: fastfetch
+    state: present
+
+- name: Create .config directory
+  ansible.builtin.file:
+    path: /home/alarm/.config
+    state: directory
+    owner: alarm
+    group: alarm
+    mode: '0755'
+
+- name: Copy fastfetch config
+  ansible.builtin.copy:
+    src: 27.jsonc
+    dest: /home/alarm/.config/27.jsonc
+    owner: alarm
+    group: alarm
+    mode: '0744'
+
+- name: Add welcomeprompt to .bashrc
+  ansible.builtin.lineinfile:
+    path: /home/alarm/.bashrc
+    line: fastfetch -c /home/alarm/.config/27.jsonc
+
+# Setup checkmk agent
+- name: Copy checkmk agent
+  ansible.builtin.copy:
+    src: check_mk_agent 
+    dest: /usr/local/bin/check_mk_agent
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Copy checkmk push script
+  ansible.builtin.copy:
+    src: checkmk_push.sh
+    dest: /usr/local/bin/checkmk_push.sh
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Add checkmk cronjob
+  ansible.builtin.cron:
+    name: "checkmk push"
+    user: root
+    minute: "*/5"
+    job: "/usr/local/bin/checkmk_push.sh"
+
+
+
+
+
+

playbooks/roles/backup/files/backup_script.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Exit on error
+set -euo pipefail
+
+## Variables
+LOGFILE="/home/alarm/backup/backup.log"
+MACHINE_IP="192.168.178.67"
+
+BKP_PATH="/home/alarm/backup/dump/"
+MACHINE_PATH="${BKP_PATH}machine/"
+HOME_PATH="${MACHINE_PATH}home/"
+
+
+## Check if backup already ran today
+SEC_SINCE_BKP=$(($(date +%s) - $(date +%s -r $LOGFILE)))
+HOURS_SINCE_BKP=$((SEC_SINCE_BKP/3600))
+if [ "$HOURS_SINCE_BKP" -le 24 ]; then
+  exit 0
+fi
+
+## Check if machine is up
+if ! ping -c 1 -W 3 "$MACHINE_IP" &>/dev/null; then
+  exit 0
+fi
+  
+
+## Backup machine
+# Home Dir
+echo "[INFO] $(date --rfc-3339 s) - Syncing machine:/home/vashqlf/..."
+HOME_TARGETS=(
+  "Code"
+  ".config"
+  "Documents"
+  "Pictures"
+  ".profile"
+  ".ssh"
+  ".xprofile"
+  ".Xresources"
+  ".zshenv"
+  ".zshrc"
+  )
+
+for i in "${HOME_TARGETS[@]}"; do
+  rsync -avP "machine:/home/vashqlf/${i}" "${HOME_PATH}${i}"
+done
+echo "[INFO] $(date --rfc-3339 s) - Done!"
+
+## Backup cloud hosts
+# Strato1: vaultwarden
+echo "[INFO] $(date --rfc-3339 s) - Syncing strato1:/home/pw-manager/vaultwarden..."
+rsync -avP "strato1:/home/pw-manager/vaultwarden" "${BKP_PATH}vaultwarden"
+echo "[INFO] $(date --rfc-3339 s) - Done!"
+
+# Strato3: Checkmk
+echo "[INFO] $(date --rfc-3339 s) - Syncing strato3:/usr/local/share/cmk-bkp..."
+rsync -avP "strato3:/usr/local/share/cmk-bkp" "${BKP_PATH}cmk-bkp"
+echo "[INFO] $(date --rfc-3339 s) - Done!"
+
+echo "[INFO] $(date --rfc-3339 s) - Syncing completed, nothing more to do."
+
+
+
+
+

playbooks/roles/backup/tasks/main.yml

@@ -0,0 +1,37 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks to make the host a backup-node
+
+- name: Create directory for backup utilities
+  ansible.builtin.file:
+    path: /home/alarm/backup/dump/machine/home
+    state: directory
+    owner: alarm
+    group: alarm
+    mode: '0744'
+
+- name: Create empty log file
+  ansible.builtin.file:
+    path: /home/alarm/backup/backup.log
+    state: touch
+    mode: '0644'
+
+- name: Set modification date to 1 week ago
+  ansible.builtin.command:
+    cmd: touch -d "1 week ago" /home/alarm/backup/backup.log
+
+- name: Copy backup script
+  ansible.builtin.copy:
+    src: backup_script.sh
+    dest: /home/alarm/backup/backup_script.sh
+    owner: alarm
+    group: alarm
+    mode: '0755'
+
+- name: Add cronjob for daily backups
+  ansible.builtin.cron:
+    name: "daily backup"
+    user: alarm
+    minute: "33"
+    hour: "3"
+    job: "/home/alarm/backup/backup_script.sh > /home/alarm/backup/backup.log 2>&1"

playbooks/roles/firewall/tasks/main.yml

@@ -2,12 +2,20 @@
 ---
 # tasks file for firewall
 #
-- name: Ensure ufw is installed
+- name: Ensure ufw is installed on Debian
   ansible.builtin.apt:
     name: ufw
     state: present
     update_cache: true
   become: true
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: Ensure ufw is installed on Arch
+  community.general.pacman:
+    name: ufw
+    state: present
+    update_cache: true
+  become: true
 
 - name: Enable ufw
   community.general.ufw:
@@ -28,16 +36,12 @@
     port: 161
     proto: udp
   become: true
+  when: ansible_facts["os_family"]
+
 - name: Allow port 6556 for check_mk
   community.general.ufw:
     rule: allow
     port: 6556
     proto: tcp
   become: true
-
-# Set default policy
-- name: Set default incoming policy to deny
-  community.general.ufw:
-    default: deny
-    direction: incoming
-  become: true
+  when: ansible_facts["os_family"]

playbooks/update.yml

@@ -27,23 +27,6 @@
         - debian_update is defined
         - debian_update.changed
 
-    ##################################################
-    # FreeBSD
-    ##################################################
-    - name: Upgrade all packages and refresh repo cache (FreeBSD)
-      community.general.pkgng:
-        name: "*"
-        state: latest
-      register: freebsd_update
-      when: ansible_facts['os_family'] == "FreeBSD"
-
-    - name: Reboot FreeBSD only if packages changed
-      reboot:
-      when:
-        - ansible_facts['os_family'] == "FreeBSD"
-        - freebsd_update is defined
-        - freebsd_update.changed
-
     ##################################################
     # Arch Linux
     ##################################################