blob: 0e8ec209d3e5699e91e7e83b770332c1ae37f3a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
---
# tasks file for custom-config
- name: Getting all interactive users
ansible.builtin.shell: "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1}' /etc/passwd"
register: users
- name: Disable mouse interactivity in vim (╯°□°)╯︵ ┻━┻
ansible.builtin.blockinfile:
path: /etc/vim/vimrc
marker: "\" {mark} ANSIBLE MANAGED BLOCK"
insertafter: EOF
state: present
block: |
set mouse=
set ttymouse=
- name: Add sudo-NOPASSWD to users
loop: "{{ users.stdout_lines }}"
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
insertafter: EOF
line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
validate: /usr/sbin/visudo -cf %s
- name: Initialize Gef for all users
ansible.builtin.script: /opt/gef/scripts/gef.sh
become_user: "{{ item }}"
loop: "{{ users.stdout_lines }}"
- name: Copying over zsh functions file for all users
ansible.builtin.copy:
src: zsh_functions.zsh
dest: "~{{ item }}/.zsh_functions"
owner: "{{ item }}"
group: "{{ item }}"
mode: '0640'
loop: "{{ users.stdout_lines }}"
- name: Enabling zsh functions
loop: "{{ users.stdout_lines }}"
ansible.builtin.blockinfile:
path: "~{{ item }}/.zshrc"
state: present
insertafter: EOF
owner: "{{ item }}"
block: |
if [ -f ~/.zsh_functions ]; then
source ~/.zsh_functions
fi
- name: Copying over tmux config to all users
ansible.builtin.copy:
src: tmux_conf
dest: "~{{ item }}/.tmux.conf"
owner: "{{ item }}"
group: "{{ item }}"
mode: '0640'
loop: "{{ users.stdout_lines }}"
- name: Enable SSH Subshell
ansible.builtin.lineinfile:
path: /etc/ssh/ssh_config
state: present
insertafter: EOF
line: 'EnableEscapeCommandline=yes'
- name: Create /srv/smb/ directory for payload population
ansible.builtin.file:
path: /srv/smb
state: directory
mode: '0755'
- name: Creating IWR share in samba config
ansible.builtin.blockinfile:
path: /etc/samba/smb.conf
insertafter: EOF
state: present
block: |
[iwr]
comment = Invoke-WebReq'd em? Damn near killed em!
path = /srv/smb
guest ok = yes
browseable = yes
create mask = 0600
directory mask = 0755
- name: Ensure that samba doesn't start on boot
ansible.builtin.systemd:
name: smbd
enabled: no
state: stopped
|
