Tweaking:

- Ansible Playbooks refinement
- Add Ansible Bootstrapping
- Add some notes

PREVIEW.md

@@ -88,7 +88,7 @@ Choose a supported distro of your choice. It is recommended to use the minimum /
 | Distribution Name                              | x64                                                                                                                                   | arm64 
 |:-----------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:--------------
 | [AlmaLinux](https://almalinux.org)             | [download](https://mirrors.almalinux.org/isos/x86_64/9.2.html)                                                                        | [download](https://mirrors.almalinux.org/isos/aarch64/9.2.html)
-| [Debian](https://www.debian.org/index.en.html) | [download](http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/mini.iso)                            | [download](http://ftp.debian.org/debian/dists/stable/main/installer-arm64/current/images/netboot/mini.iso)
+| [Debian](https://www.debian.org/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.0.0-amd64-netinst.iso)                                 | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso)
 | [Fedora](https://fedoraproject.org)            | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/x86_64/iso/Fedora-Server-netinst-x86_64-38-1.6.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/aarch64/iso/Fedora-Server-netinst-aarch64-38-1.6.iso)
 | [OpenSuse](https://www.opensuse.org)           | [download](https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-NET-x86_64-Current.iso)                                   | [download](https://download.opensuse.org/ports/aarch64/tumbleweed/iso/openSUSE-Tumbleweed-NET-aarch64-Current.iso)
 | [Rocky Linux](https://rockylinux.org)          | [download](https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.2-x86_64-minimal.iso)                                      | [download](https://download.rockylinux.org/pub/rocky/9/isos/aarch64/Rocky-9.2-aarch64-minimal.iso)

install.sh

@@ -62,8 +62,7 @@ case ${myCURRENT_DISTRIBUTION} in
     echo
     echo ${myINSTALL_NOTIFICATION}
     echo
-    sudo dnf update -y
+    sudo dnf -y --refresh install ${myPACKAGES_FEDORA}
-    sudo dnf install -y ${myPACKAGES_FEDORA}
     ;;
   "Debian GNU/Linux"|"Ubuntu")
     echo
@@ -100,8 +99,7 @@ case ${myCURRENT_DISTRIBUTION} in
     echo
     echo ${myINSTALL_NOTIFICATION}
     echo
-    sudo dnf update -y
+    sudo dnf -y --refresh install ${myPACKAGES_ROCKY}
-    sudo dnf install -y ${myPACKAGES_ROCKY}
     ansible-galaxy collection install ansible.posix
     ;;
 esac

installer/install/inventory.yml

@@ -0,0 +1,8 @@
+tpotce:
+  hosts:
+    # Remote IP address, host name or alias:
+    192.168.100.100:
+      # Remote SSH port:
+      ansible_port: 22
+      # Remote SSH user:
+      ansible_user: tsec

installer/install/sudo.yml

@@ -1,30 +1,53 @@
 ---
-# Become needs to happen in the task or root will be added to the sudo group instead of the user
+#######################################
-- name: On Debian, check if sudo is installed
+# T-Pot - Debian Bootstrapping (sudo) #
+#######################################
+
+# Be sure to use root password as become password
+- name: T-Pot - Debian Bootstrapping (sudo)
   hosts: all
-  gather_facts: true
+  gather_facts: false
   become: false
 
-  pre_tasks:
+  tasks:
-    - name: Check for non-root user id
+    - name: Check if running as root
-      debug:
+      assert:
-        msg: "Detected user: '{{ ansible_user_id }}'"
+        that: ansible_user != 'root'
-      failed_when: ansible_user_id == "root"
+        fail_msg: "T-Pot playbook should not be run as root."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"
 
-    - name: Install sudo package if not present already
+    - name: Check if running as tpot
+      assert:
+        that: ansible_user != 'tpot'
+        fail_msg: "Reserved username `tpot` detected."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"
+
+    - name: Get distribution name
+      raw: awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"' | cut -d " " -f1
+      register: my_distribution
+      tags:
+        - "Debian"
+
+    - name: Check if sudo is installed
+      # Use echo, or task will fail if sudo not found
+      raw: echo -n $(command -v sudo)
+      register: my_sudo
+      tags:
+        - "Debian"
+
+    - name: Add sudo package and add ansible_user to sudo group (Debian)
       become: true
       become_method: su
-      apt:
+      raw: |
-        name: sudo
+        apt update
-        state: present
+        apt -y install sudo
-        update-cache: yes
+        /usr/sbin/usermod -aG sudo {{ ansible_user }}
-      when: ansible_distribution == "Debian"
+        echo '{{ ansible_user }} ALL=(ALL:ALL) ALL' | tee /etc/sudoers.d/{{ ansible_user }}
-
+        chmod 440 /etc/sudoers.d/{{ ansible_user }}
-    - name: Add current user to sudo group
+      when: my_distribution.stdout | trim in ["Debian"] and my_sudo.stdout | trim == ""
-      become: true
+      tags:
-      become_method: su
+        - "Debian"
-      user:
-        name: "{{ ansible_user_id }}"
-        groups: sudo
-        append: yes
-      when: ansible_distribution == "Debian"

installer/install/tpot.yml

@@ -1,4 +1,63 @@
 ---
+################################
+# T-Pot - Bootstrapping Python #
+################################
+
+- name: T-Pot - Bootstrapping Python
+  hosts: all
+  gather_facts: false
+  become: true
+  become_method: sudo
+
+  tasks:
+    - name: Get distribution name (All)
+      raw: awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"' | cut -d " " -f1
+      register: my_distribution
+      tags:
+        - "AlmaLinux"
+        - "Debian"
+        - "Fedora"
+        - "openSUSE Tumbleweed"
+        - "Rocky"
+        - "Ubuntu"
+
+    - name: Check if python3 is installed (All)
+      raw: echo $(command -v python3)
+      register: my_python3
+      tags:
+        - "AlmaLinux"
+        - "Debian"
+        - "Fedora"
+        - "openSUSE Tumbleweed"
+        - "Rocky"
+        - "Ubuntu"
+
+    - name: Add python package (Debian, Ubuntu)
+      raw: |
+        apt update
+        apt -y install python3
+      when: my_distribution.stdout | trim in ["Debian", "Ubuntu"] and my_python3.stdout | trim == ""
+      tags:
+        - "Debian"
+        - "Ubuntu"
+
+    - name: Add python package (Alma, Fedora, Rocky)
+      raw: |
+        dnf -y --refresh install python3
+      when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == ""
+      tags:
+        - "AlmaLinux"
+        - "Fedora"
+        - "Rocky"
+
+    - name: Add python package (openSUSE Tumbleweed)
+      raw: |
+        zypper refresh
+        zypper -y install python3
+      when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == ""
+      tags:
+        - "openSUSE Tumbleweed"
+
 ################################
 # T-Pot - Abort if run as root #
 ################################
@@ -15,12 +74,19 @@
     - "Rocky"
     - "Ubuntu"
 
-  pre_tasks:
+  tasks:
     - name: Check if running as root (All)
       assert:
         that: ansible_user_id != 'root'
         fail_msg: "T-Pot playbook should not be run as root."
         success_msg: "Running as user: {{ ansible_user_id }}."
+
+    - name: Check if running as tpot (All)
+      assert:
+        that: ansible_user != 'tpot'
+        fail_msg: "Reserved username `tpot` detected."
+        success_msg: "Running as user: {{ ansible_user_id }}."
+
     - name: Check if supported distribution (All)
       assert:
         that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Rocky", "Ubuntu"]

installer/remove/inventory.yml

@@ -0,0 +1,8 @@
+tpotce:
+  hosts:
+    # Remote IP address, host name or alias:
+    192.168.100.100:
+      # Remote SSH port:
+      ansible_port: 22
+      # Remote SSH user:
+      ansible_user: tsec

installer/remove/sudo.yml

@@ -1,28 +1,55 @@
 ---
-# Become needs to happen in the task or root will be added to the sudo group instead of the user
+################################
-- name: On Debian, remove sudo
+# T-Pot - Debian Remove (sudo) #
+################################
+
+# Be sure to use root password as become password
+- name: T-Pot - Debian Remove (sudo)
   hosts: all
   gather_facts: true
   become: false
 
-  pre_tasks:
+  tasks:
-    - name: Check for non-root user id
+    - name: Check if running as root
-      debug:
+      assert:
-        msg: "Detected user: '{{ ansible_user_id }}'"
+        that: ansible_user != 'root'
-      failed_when: ansible_user_id == "root"
+        fail_msg: "T-Pot playbook should not be run as root."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"
+
+    - name: Check if running as tpot
+      assert:
+        that: ansible_user != 'tpot'
+        fail_msg: "Reserved username `tpot` detected."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"
 
     - name: Remove current user from sudo group
       become: true
       become_method: su
       command: gpasswd -d "{{ ansible_user_id  }}" sudo
       when: ansible_distribution == "Debian"
+      tags:
+        - "Debian"
 
     - name: Uninstall sudo package if present
       become: true
       become_method: su
-      apt:
+      package:
         name: sudo
         state: absent
         update-cache: no
       when: ansible_distribution == "Debian"
+      tags:
+        - "Debian"
 
+    - name: Remove sudoers file for ansible_user_id
+      become: true
+      become_method: su
+      file:
+        path: /etc/sudoers.d/{{ ansible_user_id }}
+        state: absent
+      tags:
+        - "Debian"