diff --git a/roles/VP-63774/meta/main.yml b/roles/VP-63774/meta/main.yml index 7f2ec2b..a9a0892 100644 --- a/roles/VP-63774/meta/main.yml +++ b/roles/VP-63774/meta/main.yml @@ -2,3 +2,8 @@ # matevz.pesek@fri.uni-lj.si dependencies: - c_development + - docker + - pwntools + - netcat + - ropr + - pwndbg diff --git a/roles/ad_joined/tasks/main_lin.yml b/roles/ad_joined/tasks/main_lin.yml index a7f7e68..cfb19ef 100644 --- a/roles/ad_joined/tasks/main_lin.yml +++ b/roles/ad_joined/tasks/main_lin.yml @@ -47,6 +47,11 @@ owner: root mode: 0600 +- name: Fix apparmor HOMEDIRS + template: + src: apparmor_cifs_homes + dest: "/etc/apparmor.d/tunables/home.d/cifs_homes" + #- name: Configure libpam-mount # copy: # src: pam_mount.conf.xml @@ -60,7 +65,13 @@ command: pam-auth-update --disable mkhomedir become: true -- name: Create kstart service +- name: Use sssd for cifs idmap + file: + state: link + src: /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so + path: /etc/alternatives/idmap-plugin + +- name: Create service to get and renew machine kerberos tickets copy: src: kstart.service dest: /etc/systemd/system/kstart.service @@ -70,14 +81,19 @@ src: kstart.service dest: /etc/systemd/system/kstart.service +- name: Create profiles directory + file: + path: /home/profiles + state: directory + - name: Add mount - cifs_home mount: boot: true fstype: cifs src: "//ucilnicesmb.fri1.uni-lj.si/ucilnice_d" - path: /mnt/cifs_home + path: /remote_home state: mounted - opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,nostrictsync,cache=loose,mfsymlinks,dir_mode=0700,file_mode=0700,fsc,multiuser,x-systemd.requires=kstart.service" + opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,cifsacl,setuids,fsc,multiuser,actimeo=65536,nostrictsync,cache=loose,resilienthandles,noatime,x-systemd.requires=kstart.service" - name: Restart sssd service: diff --git a/roles/netcat/tasks/main.yml b/roles/netcat/tasks/main.yml new file mode 100644 index 0000000..3077b7e --- /dev/null +++ b/roles/netcat/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: main_win.yml + when: ansible_os_family == 'Windows' +- import_tasks: main_lin.yml + when: ansible_os_family == 'Debian' diff --git a/roles/netcat/tasks/main_lin.yml b/roles/netcat/tasks/main_lin.yml new file mode 100644 index 0000000..5a02200 --- /dev/null +++ b/roles/netcat/tasks/main_lin.yml @@ -0,0 +1,4 @@ +- name: Install netcat + apt: + name: netcat-openbsd + state: latest diff --git a/roles/netcat/tasks/main_win.yml b/roles/netcat/tasks/main_win.yml new file mode 100644 index 0000000..834f5bd --- /dev/null +++ b/roles/netcat/tasks/main_win.yml @@ -0,0 +1,4 @@ +- name: Install netcat + win_chocolatey: + name: netcat + state: latest diff --git a/roles/pwndbg/meta/main.yml b/roles/pwndbg/meta/main.yml new file mode 100644 index 0000000..93ee277 --- /dev/null +++ b/roles/pwndbg/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - c_development diff --git a/roles/pwndbg/tasks/main.yml b/roles/pwndbg/tasks/main.yml new file mode 100644 index 0000000..3077b7e --- /dev/null +++ b/roles/pwndbg/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: main_win.yml + when: ansible_os_family == 'Windows' +- import_tasks: main_lin.yml + when: ansible_os_family == 'Debian' diff --git a/roles/pwndbg/tasks/main_lin.yml b/roles/pwndbg/tasks/main_lin.yml new file mode 100644 index 0000000..ae97948 --- /dev/null +++ b/roles/pwndbg/tasks/main_lin.yml @@ -0,0 +1,25 @@ +- name: Install dependencies + apt: + name: + - git + +- name: Download pwndbg + command: + cmd: git clone https://github.com/pwndbg/pwndbg + creates: /opt/pwndbg + chdir: /opt + +- name: Pull latest pwndbg + command: + cmd: git pull + chdir: /opt/pwndbg + +- name: Install pwndbg + command: + cmd: ./setup.sh + chdir: /opt/pwndbg + +- name: Update folder permissions (to allow lock files) + file: + mode: '0777' + path: /opt/pwndbg/.venv diff --git a/roles/pwndbg/tasks/main_win.yml b/roles/pwndbg/tasks/main_win.yml new file mode 100644 index 0000000..b530adb --- /dev/null +++ b/roles/pwndbg/tasks/main_win.yml @@ -0,0 +1,3 @@ +- name: pwndbg uninstallable + debug: + msg: "This task is not installable on Windows. Skipping." diff --git a/roles/ropr/meta/main.yml b/roles/ropr/meta/main.yml new file mode 100644 index 0000000..ad01fbb --- /dev/null +++ b/roles/ropr/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - rust diff --git a/roles/ropr/tasks/main.yml b/roles/ropr/tasks/main.yml new file mode 100644 index 0000000..3077b7e --- /dev/null +++ b/roles/ropr/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: main_win.yml + when: ansible_os_family == 'Windows' +- import_tasks: main_lin.yml + when: ansible_os_family == 'Debian' diff --git a/roles/ropr/tasks/main_lin.yml b/roles/ropr/tasks/main_lin.yml new file mode 100644 index 0000000..7c42795 --- /dev/null +++ b/roles/ropr/tasks/main_lin.yml @@ -0,0 +1,4 @@ +- name: Install ropr + ansible.builtin.command: + cmd: cargo install ropr --root /usr/local + creates: /usr/local/bin/ropr diff --git a/roles/ropr/tasks/main_win.yml b/roles/ropr/tasks/main_win.yml new file mode 100644 index 0000000..2a379d0 --- /dev/null +++ b/roles/ropr/tasks/main_win.yml @@ -0,0 +1,3 @@ +- name: Uninstallable + debug: + msg: "This task is not installable on Windows. Skipping." diff --git a/roles/rust/tasks/main.yml b/roles/rust/tasks/main.yml new file mode 100644 index 0000000..3077b7e --- /dev/null +++ b/roles/rust/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: main_win.yml + when: ansible_os_family == 'Windows' +- import_tasks: main_lin.yml + when: ansible_os_family == 'Debian' diff --git a/roles/rust/tasks/main_lin.yml b/roles/rust/tasks/main_lin.yml new file mode 100644 index 0000000..b3eb406 --- /dev/null +++ b/roles/rust/tasks/main_lin.yml @@ -0,0 +1,7 @@ +- name: Install rust tools + apt: + name: + - rustc + - cargo + - rustfmt + state: latest diff --git a/roles/rust/tasks/main_win.yml b/roles/rust/tasks/main_win.yml new file mode 100644 index 0000000..3cbe0ef --- /dev/null +++ b/roles/rust/tasks/main_win.yml @@ -0,0 +1,4 @@ +- name: Install rust + win_chocolatey: + name: rust + state: latest