From 7c1f1f8bf2a43e66884da3e793266aa7aad889c5 Mon Sep 17 00:00:00 2001 From: MorganGeek Date: Mon, 29 Jun 2020 13:34:06 +0200 Subject: [PATCH] jenkins pre-commit-hooks + aliases for git+brew --- .pre-commit-config.yaml | 8 ++++ dot_git-template/.pre-commit-config.yaml | 8 ++++ dot_profile | 6 +-- dot_scripts/ansible/macinsecure_playbook.yaml | 38 +++++++++++++++++++ dot_zsh_aliases | 1 - dot_zsh_functions | 15 ++++++++ dot_zshrc | 6 +-- 7 files changed, 75 insertions(+), 7 deletions(-) create mode 100644 dot_scripts/ansible/macinsecure_playbook.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7e0619b..29cd102 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -42,6 +42,14 @@ repos: pass_filenames: false args: [-l=infra] #NOTE: that this is the directory you created earlier to host your terraform verbose: true +- repo: https://github.com/askulkarni2/pre-commit-docker-jenkinslint + rev: master + hooks: + - id: docker-jenkinslint + language: docker_image + entry: --entrypoint /usr/local/bin/run-jflint.sh askulkarni2/jenkinslint + files: Jenkinsfile + #- repo: https://github.com/ansible/ansible-lint.git # rev: v4.1.0 # hooks: diff --git a/dot_git-template/.pre-commit-config.yaml b/dot_git-template/.pre-commit-config.yaml index 7e0619b..29cd102 100644 --- a/dot_git-template/.pre-commit-config.yaml +++ b/dot_git-template/.pre-commit-config.yaml @@ -42,6 +42,14 @@ repos: pass_filenames: false args: [-l=infra] #NOTE: that this is the directory you created earlier to host your terraform verbose: true +- repo: https://github.com/askulkarni2/pre-commit-docker-jenkinslint + rev: master + hooks: + - id: docker-jenkinslint + language: docker_image + entry: --entrypoint /usr/local/bin/run-jflint.sh askulkarni2/jenkinslint + files: Jenkinsfile + #- repo: https://github.com/ansible/ansible-lint.git # rev: v4.1.0 # hooks: diff --git a/dot_profile b/dot_profile index ac6927f..a7915b2 100644 --- a/dot_profile +++ b/dot_profile @@ -7,9 +7,9 @@ export PATH="$PATH:$HOME/.rvm/bin" export PROXY_HOST="" export JETBRAINS_LICENSE_SERVER="" -if test -f "$HOME/.secrets"; then - chmod +x "$HOME/.secrets" - source "$HOME/.secrets" +if test -f "$HOME/.scripts/secrets.sh"; then + chmod +x "$HOME/.scripts/secrets.sh" + source "$HOME/.scripts/secrets.sh" alias proxy='ssh -D 8000 -N $(whoami)@$PROXY_HOST -i ~/.ssh/id_ed25519' fi diff --git a/dot_scripts/ansible/macinsecure_playbook.yaml b/dot_scripts/ansible/macinsecure_playbook.yaml new file mode 100644 index 0000000..4720685 --- /dev/null +++ b/dot_scripts/ansible/macinsecure_playbook.yaml @@ -0,0 +1,38 @@ +--- +- hosts: localhost + connection: local + become_method: sudo + become: yes + + tasks: + - name: Check yubikey binaries are installed + stat: + path: "{{ item }}" + with_items: + - /usr/local/bin/ykpamcfg + - "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman" + + - name: Check Yubico is recognized + shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'" + register: yubicoChallenge + failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''" + + - name: Get current user + become: false + local_action: command whoami + register: username_on_host + + - name: Check yubico challenge exists + stat: + path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}" + + - name: Ensure yubikey is needed for authentication at login screen + lineinfile: + path: "{{ item }}" + regexp: '^auth.*pam_yubico.so.*' + line: "auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response" + insertbefore: "^account required pam_opendirectory.so" + state: absent + with_items: + - /etc/pam.d/screensaver + - /etc/pam.d/authorization diff --git a/dot_zsh_aliases b/dot_zsh_aliases index a178ef1..2091547 100644 --- a/dot_zsh_aliases +++ b/dot_zsh_aliases @@ -10,7 +10,6 @@ alias grep='rg' alias npmlist='npm list -g --depth 0' alias lg='lazygit' alias lzd='lazydocker' -alias setorigin='grset origin' alias neworigin='setorigin' alias origin='setorigin' alias gpar='gitpushallremote' diff --git a/dot_zsh_functions b/dot_zsh_functions index cddf1d1..c87b25c 100644 --- a/dot_zsh_functions +++ b/dot_zsh_functions @@ -290,6 +290,11 @@ function vaultgetsecret { local secret_string=$(echo "\$ANSIBLE_VAULT;1.1;AES256\n$secret") echo "$secret_string" | awk '{$1=$1;print}' | ansible-vault decrypt --vault-password-file=$VAULT_PASSWORD_FILE } +function setorigin { + gra origin "$1" 2>/dev/null + grset origin "$1" + copyhooks +} function gitpushallremote { grv grv | grep push | awk '{print $1}' | while read -r remote @@ -298,6 +303,12 @@ function gitpushallremote { git push --all "$remote" done } +function clone { + local folder=$(echo $1 | cut -d'/' -f2 | cut -d'.' -f1) + gcls "$1" + cd "$folder" + copyhooks +} function colorpic { local picture_url="$1" echo "Colorizing $picture_url" @@ -306,3 +317,7 @@ function colorpic { echo "Display in progress..." eval "\curl -s $result_url | imgcat" } +function brewadd { + brew install "$1" + ansible 127.0.0.1 -m lineinfile -a "path=~/Brewfile line='brew \"$1\"'" +} diff --git a/dot_zshrc b/dot_zshrc index 8fab469..fa57d58 100644 --- a/dot_zshrc +++ b/dot_zshrc @@ -132,9 +132,9 @@ export PROXY_HOST="" export COLORPIC_APIKEY="" export VAULT_PASSWORD_FILE="" -if test -f "$HOME/.secrets"; then - chmod +x "$HOME/.secrets" - source "$HOME/.secrets" +if test -f "$HOME/.scripts/secrets.sh"; then + chmod +x "$HOME/.scripts/secrets.sh" + source "$HOME/.scripts/secrets.sh" fi export REPO_PATH=$HOME/Code