From c5cd8bf6cc86adab68c1362b6d35a3929e212472 Mon Sep 17 00:00:00 2001
From: Opnxng <opnxng@tuta.io>
Date: Tue, 14 Nov 2023 00:06:09 +0800
Subject: [PATCH] Added systemd-resolved + neovim role

---
 .gitignore                               |   3 +-
 README.md                                |  15 ++--
 roles/docker/tasks/main.yaml             |   2 +-
 roles/neovim/files/init.vim              | 110 +++++++++++++++++++++++
 roles/neovim/tasks/main.yaml             |  58 ++++++++++++
 roles/sources-list/tasks/main.yaml       |   2 +-
 roles/systemd-resolved/files/oracle.conf |   2 +
 roles/systemd-resolved/tasks/main.yaml   |  32 +++++++
 set-up.yaml                              |   8 +-
 9 files changed, 221 insertions(+), 11 deletions(-)
 create mode 100644 roles/neovim/files/init.vim
 create mode 100644 roles/neovim/tasks/main.yaml
 create mode 100644 roles/systemd-resolved/files/oracle.conf
 create mode 100644 roles/systemd-resolved/tasks/main.yaml

diff --git a/.gitignore b/.gitignore
index ef0110e..ded84e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 vars/secrets.yaml
 production
 .hidden
-.vscode
\ No newline at end of file
+.vscode
+*.swp
diff --git a/README.md b/README.md
index fe676fa..c5fa3c3 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,9 @@ On a fresh Debian system, replace the default `debian` user:
 sudo passwd root
 
 # Configurate SSHD to temporarily allow root login with password
-sudo nano /etc/ssh/sshd_config.d/sshd.conf
+sudo nano /etc/ssh/sshd_config
+sudo systemctl restart sshd
+cp /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys
 
 # Login as root, add new user and delete debian user
 su root
@@ -21,15 +23,14 @@ sudo groupmod -n [user] debian
 sudo usermod -l [user] debian
 sudo usermod -d /home/[user] -m [user]
 sudo passwd [user]
-sudo userdel debian
-sudo rm -r /home/debian
+cp /root/.ssh/authorized_keys /home/[user]/.ssh/authorized_keys 
 
-# Switched [user] 
-su [user]
+# SSH to [user]
+sudo rm /root/.ssh/authorized_keys
 sudo passwd -dl root
 
-# Configurate SSHD again to allow [user] login and to set a custom port
-sudo nano /etc/ssh/sshd_config.d/sshd.conf
+# Disable root in SSHD
+sudo nano /etc/ssh/sshd_config
 ```
 
 ## Configurations
diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml
index 83d04ce..e49c28b 100644
--- a/roles/docker/tasks/main.yaml
+++ b/roles/docker/tasks/main.yaml
@@ -37,7 +37,7 @@
     dest: "/etc/docker/daemon.json"
     owner: 0
     group: 0
-    mode: 0600
+    mode: 0644
 
 - name: Restart docker
   service:
diff --git a/roles/neovim/files/init.vim b/roles/neovim/files/init.vim
new file mode 100644
index 0000000..b287234
--- /dev/null
+++ b/roles/neovim/files/init.vim
@@ -0,0 +1,110 @@
+" Basic configurations
+set clipboard=unnamedplus
+set nocompatible
+syntax on
+set encoding=utf-8
+set number
+set textwidth=100
+set novisualbell
+
+let mapleader =","
+set guicursor=v-c-sm:block,n-i-ci-ve:ver25,r-cr-o:hor20
+
+" Spell-check set to <leader>o, 'o' for 'orthography':
+map <leader>o :setlocal spell! spelllang=en_us<CR>
+
+" Splits open at the bottom and right, which is non-retarded, unlike vim defaults.
+set splitbelow splitright
+
+" Enable autocompletion:
+set wildmode=longest,list,full
+
+" Disables automatic commenting on newline:
+autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o
+
+" Indentations
+" set smartindent
+" set smarttab
+set softtabstop=2
+set shiftwidth=2
+set expandtab
+filetype plugin indent on
+
+" Search and Replace
+set ignorecase
+set smartcase
+set nohlsearch
+" set hlsearch
+set incsearch
+
+" Splits open at the bottom and right, which is non-retarded, unlike vim defaults.
+set splitbelow splitright
+
+nnoremap <C-j> :bprevious<CR>
+nnoremap <C-k> :bnext<CR>
+nnoremap <leader>b :Buffer<CR>
+
+" Toggle line numbers
+nmap <C-N><C-N> :set invnumber<CR>
+
+" Other remaps
+nnoremap F :Files<CR>
+imap jj <Esc>
+set backspace=indent,eol,start
+nnoremap S :%s///g<Left><Left><Left>
+noremap <Up> <Nop>
+noremap <Down> <Nop>
+noremap <Left> <Nop>
+noremap <Right> <Nop>
+
+" Edit .j2 as yaml files
+au BufNewFile,BufReadPost *.yaml.j2 set filetype=yaml
+
+" Remove trailing whitespace
+autocmd BufWritePre * %s/\s\+$//e
+
+" Whitespace as shown as dots
+set list
+set listchars=lead:·,trail:·,tab:»\ ,extends:»,precedes:«,nbsp:·
+
+" Plugins
+call plug#begin()
+Plug 'junegunn/goyo.vim'
+Plug 'junegunn/fzf', { 'do': { -> fzf#install() } }
+Plug 'junegunn/fzf.vim'
+Plug 'marklcrns/vim-smartq'
+call plug#end()
+
+" Smartq
+let g:smartq_default_mappings = 0
+nnoremap ZZ :w<CR>:SmartQ<CR>
+nnoremap ZQ <Plug>(smartq_this)
+
+" Goyo
+autocmd vimenter * Goyo 100
+function! s:goyo_enter()
+  set linebreak
+  set wrap
+  let b:quitting = 0
+  let b:quitting_bang = 0
+  autocmd QuitPre <buffer> let b:quitting = 1
+  cabbrev <buffer> q! let b:quitting_bang = 1 <bar> q!
+endfunction
+function! s:goyo_leave()
+  " Quit Vim if this is the only remaining buffer
+  if b:quitting && len(filter(range(1, bufnr('$')), 'buflisted(v:val)')) == 1
+    if b:quitting_bang
+      qa!
+    else
+      qa
+    endif
+  endif
+endfunction
+autocmd! User GoyoEnter call <SID>goyo_enter()
+autocmd! User GoyoLeave call <SID>goyo_leave()
+
+" Colours
+highlight NonText ctermfg=DarkGrey
+highlight SpecialKey ctermfg=DarkGrey
+highlight StatusLine ctermbg=White ctermfg=DarkGrey
+highlight LineNr ctermfg=DarkGrey
diff --git a/roles/neovim/tasks/main.yaml b/roles/neovim/tasks/main.yaml
new file mode 100644
index 0000000..5e80c07
--- /dev/null
+++ b/roles/neovim/tasks/main.yaml
@@ -0,0 +1,58 @@
+- name: Purge Vim
+  apt:
+    name: vim
+    state: absent
+
+- name: Install Neovim
+  apt:
+    name:
+      - neovim
+    state: latest
+    install_recommends: false
+
+- name: Create .config folder
+  file:
+    path: "/home/{{ user }}/.config"
+    state: directory
+    owner: 1000
+    group: 1000
+    mode: "0755"
+
+- name: Create nvim folder
+  file:
+    path: "/home/{{ user }}/.config/nvim"
+    state: directory
+    owner: 1000
+    group: 1000
+    mode: "0755"
+  become: yes
+  become_method: sudo
+  become_user: "{{ user }}"
+
+- name: Copy init.vim
+  copy:
+    src: "init.vim"
+    dest: "/home/{{ user }}/.config/nvim/init.vim"
+    owner: 1000
+    group: 1000
+    mode: "0755"
+  become: yes
+  become_method: sudo
+  become_user: "{{ user }}"
+
+- name: Download Vim Plug
+  command: >
+    sh -c 'curl -fLo "/home/{{ user }}/.local/share/nvim/site/autoload/plug.vim"
+    --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
+  become: yes
+  become_method: sudo
+  become_user: "{{ user }}"
+
+- name: Install Vim Plug
+  command: >
+    vim -u /home/{{ user }}/.config/nvim/init.vim +'PlugInstall --sync' +qa
+  args:
+    creates: "/home/{{ user }}/.config/nvim/plugged"
+  become: yes
+  become_method: sudo
+  become_user: "{{ user }}"
diff --git a/roles/sources-list/tasks/main.yaml b/roles/sources-list/tasks/main.yaml
index c9d53c5..bcc8496 100644
--- a/roles/sources-list/tasks/main.yaml
+++ b/roles/sources-list/tasks/main.yaml
@@ -1,4 +1,4 @@
-- name: Set up source list
+- name: Copy source list
   copy:
     src: "sources.list"
     dest: "/etc/apt/sources.list"
diff --git a/roles/systemd-resolved/files/oracle.conf b/roles/systemd-resolved/files/oracle.conf
new file mode 100644
index 0000000..0f00092
--- /dev/null
+++ b/roles/systemd-resolved/files/oracle.conf
@@ -0,0 +1,2 @@
+DNS=169.254.169.254
+Domains=.
diff --git a/roles/systemd-resolved/tasks/main.yaml b/roles/systemd-resolved/tasks/main.yaml
new file mode 100644
index 0000000..a4091fa
--- /dev/null
+++ b/roles/systemd-resolved/tasks/main.yaml
@@ -0,0 +1,32 @@
+- name: Install systemd-resolved
+  apt:
+    name:
+      - systemd-resolved
+    state: latest
+    install_recommends: false
+  when: inventory_hostname in groups["oracle"]
+
+- name: Create resolved.conf.d directory
+  ansible.builtin.file:
+    path: /etc/systemd/resolved.conf.d
+    state: directory
+    owner: 0
+    group: 0
+    mode: '0755'
+  when: inventory_hostname in groups["oracle"]
+
+- name: Set up /etc/systemd/resolved.conf.d/oracle.conf
+  copy:
+    src: "oracle.conf"
+    dest: "/etc/systemd/resolved.conf.d/oracle.conf"
+    owner: 0
+    group: 0
+    mode: "0644"
+  when: inventory_hostname in groups["oracle"]
+
+- name: Restart systemd-resolved
+  service:
+    name: systemd-resolved
+    enabled: true
+    state: restarted
+  when: inventory_hostname in groups["oracle"]
diff --git a/set-up.yaml b/set-up.yaml
index f18d3f3..84593b5 100644
--- a/set-up.yaml
+++ b/set-up.yaml
@@ -12,9 +12,9 @@
     - name: Install packages
       apt:
         name:
-          - neovim
           - iputils-ping
           - cron
+          - fzf
           - git
           - curl
           - zip
@@ -26,13 +26,19 @@
         autoclean: true
         autoremove: true
 
+    - name: Touch .hushlogin
+      file:
+        path: "/home/{{ user }}/.hushlogin"
+        state: touch
 # ----------------------------------------------------------------------------------------------------
 
   roles:
+    - neovim
     - disable-root
     - timezone
     - chrony
     - hostname
+    - systemd-resolved
     - sources-list
     - ssh
     - ufw-opnxng