Massive user refactor

2020-04-22 18:04:16 -06:00
parent 429dd8e5a7
commit 5a9254097e
26 changed files with 896 additions and 123 deletions
--- a/README.md
+++ b/README.md
@@ -24,6 +24,11 @@ Quick helpers to remember common tasks
 ```yaml
 # Detect Manjaro
 - name: Configure Manjaro mirrorlist for linstore nginx proxy
  include_tasks: manjaro.yml
  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
--- a/app/erpnext-12/tasks/configure-erpnext.yml
+++ b/app/erpnext-12/tasks/configure-erpnext.yml
@@ -22,7 +22,7 @@
  args:
    chdir: '{{ base }}'
    # Ensures this command only runs if the dir does NOT exist
-    creates: '{{ path }}'
+    creates: '{{ path }}/apps/frappe'
  when: frappe_repo is undefined
 # Run frappe bench init with custom repo
@@ -33,7 +33,7 @@
  args:
    chdir: '{{ base }}'
    # Ensures this command only runs if the dir does NOT exist
-    creates: '{{ path }}'
+    creates: '{{ path }}/apps/frappe'
  when: frappe_repo is defined
 # Create frappe-bench supervisor configs
--- a/app/erpnext-12/tasks/configure-mysql.yml
+++ b/app/erpnext-12/tasks/configure-mysql.yml
@@ -18,6 +18,7 @@
    # Ensure this runs only once
    creates: ~/.config/ansible-flag-mysql-password-enabled
  notify: restart mysql
  ignore_errors: yes
 # Copy MariaDB /etc/mysql/mariadb.conf.d/60-frappe.cnf
 - name: Copying /etc/mysql/mariadb.conf.d/60-frappe.cnf
--- a/app/wkhtmltopdf/tasks/main.yml
+++ b/app/wkhtmltopdf/tasks/main.yml
@@ -0,0 +1,7 @@
 ---
 # Install wkhtmltopdf
 - name: Installing wkhtmltopdf
  apt:
    update_cache: yes
    state: present
    name: wkhtmltopdf
--- a/functions/user.yml
+++ b/functions/user.yml
@@ -1,103 +0,0 @@
 ---
 # HELP
 # If you want NO password, set password: '*'
 # If you just want a group with the same users name, and no others, use group: []
 # If you don't want a home directory use create_home: no
 # Optional
 # ssh_authorized: true|false (default true) - Adds users public key to authorized_keys on server
 # ssh_keys: true|false (default false) - Adds users public AND private key to server
 # create_home: yes|no (default yes) - Creates /home/user directory
 - name: Registering {{ user }} home directory variable
  shell: >
    getent passwd {{ user }} | cut -d: -f6
  changed_when: false
  register: user_home
 # Create group by same ID as user
 - name: Creating group {{ user  }}
  group:
    name: '{{ user }}'
    gid: '{{ id }}'
  when: gid is undefined
 # Create group by options gid
 - name: Creating group {{ user  }}
  group:
    name: '{{ user }}'
    gid: '{{ gid }}'
  when: gid is defined
 - name: Creating user {{ user }}
  user:
    name: '{{ user }}'
    uid: '{{ id }}'
    comment: '{{ user }}'
    group: '{{ user }}'
    groups: '{{ group }}'
    password: '{{ password }}'
    update_password: always
    create_home: '{{ create_home | default("yes")  }}'
    shell: /bin/bash
 #- name: Setting user {{ user }} password
  #user:
    #password: '{{ password }}'
  #when: password is defined
 - name: Adding users sudoers.d file
  file:
    path: '/etc/sudoers.d/{{ user }}'
    state: touch
    mode: "0640" #-rw-r-----
  when: '"sudo" in group'
 - name: Setting user to nopasswd sudo access
  lineinfile:
    path: '/etc/sudoers.d/{{ user }}'
    line: '{{ user }}  ALL=(ALL)  NOPASSWD:ALL'
  when: '"sudo" in group'
 # Create users ~/.ssh directory
 - name: Creating {{ user }} ~/.ssh directory
  file:
    path: '{{ "~" + user | expanduser }}/.ssh'
    state: directory
 # Authorize users SSH keys
 # NOTE, when: ssh_authorize|bool == true
 # IS working, BUT even if ssh_authorize = false the
 # with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
 # So you have to create at least a blank users/keys/user.key.pub file
 - name: Authorizing SSH keys for {{ user }}
  authorized_key:
    user: '{{ user }}'
    key: '{{ item }}'
  with_file:
    - 'keys/{{ user }}.key.pub'
  when: ssh_authorize|default(true)|bool
 # Create users public key
 - name: Copying {{ user }} SSH public key
  copy:
    src: 'keys/{{ user }}.key.pub'
    #dest: '{{ user_home }}/.ssh/id_rsa.pub'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0644
  when: ssh_keys|default(false)|bool
 # Create users private key
 - name: Copying {{ user }} SSH private key
  copy:
    src: '../../../vault/{{ user }}.key'
    #dest: '{{ user_home }}/.ssh/id_rsa'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0600
  when: ssh_keys|default(false)|bool
--- a/functions/user_authorize.yml
+++ b/functions/user_authorize.yml
@@ -1,8 +0,0 @@
 ---
 # Authorize this key to this users ~/.ssh/authorized_keys file
 - name: Adding {{ authorize }} to {{ user }} user ~/.ssh/authorized_keys file
  authorized_key:
    user: '{{ user }}'
    key: '{{ item }}'
  with_file:
    - 'keys/{{ authorize }}.key.pub'
--- a/server/files/profile.d/git_prompt.sh
+++ b/server/files/profile.d/git_prompt.sh
@@ -0,0 +1,564 @@
 # bash/zsh git prompt support
 #
 # Copyright (C) 2006,2007 Shawn O. Pearce <spearce@spearce.org>
 # Distributed under the GNU General Public License, version 2.0.
 #
 # This script allows you to see repository status in your prompt.
 #
 # To enable:
 #
 #    1) Copy this file to somewhere (e.g. ~/.git-prompt.sh).
 #    2) Add the following line to your .bashrc/.zshrc:
 #        source ~/.git-prompt.sh
 #    3a) Change your PS1 to call __git_ps1 as
 #        command-substitution:
 #        Bash: PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '
 #        ZSH:  setopt PROMPT_SUBST ; PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '
 #        the optional argument will be used as format string.
 #    3b) Alternatively, for a slightly faster prompt, __git_ps1 can
 #        be used for PROMPT_COMMAND in Bash or for precmd() in Zsh
 #        with two parameters, <pre> and <post>, which are strings
 #        you would put in $PS1 before and after the status string
 #        generated by the git-prompt machinery.  e.g.
 #        Bash: PROMPT_COMMAND='__git_ps1 "\u@\h:\w" "\\\$ "'
 #          will show username, at-sign, host, colon, cwd, then
 #          various status string, followed by dollar and SP, as
 #          your prompt.
 #        ZSH:  precmd () { __git_ps1 "%n" ":%~$ " "|%s" }
 #          will show username, pipe, then various status string,
 #          followed by colon, cwd, dollar and SP, as your prompt.
 #        Optionally, you can supply a third argument with a printf
 #        format string to finetune the output of the branch status
 #
 # The repository status will be displayed only if you are currently in a
 # git repository. The %s token is the placeholder for the shown status.
 #
 # The prompt status always includes the current branch name.
 #
 # In addition, if you set GIT_PS1_SHOWDIRTYSTATE to a nonempty value,
 # unstaged (*) and staged (+) changes will be shown next to the branch
 # name.  You can configure this per-repository with the
 # bash.showDirtyState variable, which defaults to true once
 # GIT_PS1_SHOWDIRTYSTATE is enabled.
 #
 # You can also see if currently something is stashed, by setting
 # GIT_PS1_SHOWSTASHSTATE to a nonempty value. If something is stashed,
 # then a '$' will be shown next to the branch name.
 #
 # If you would like to see if there're untracked files, then you can set
 # GIT_PS1_SHOWUNTRACKEDFILES to a nonempty value. If there're untracked
 # files, then a '%' will be shown next to the branch name.  You can
 # configure this per-repository with the bash.showUntrackedFiles
 # variable, which defaults to true once GIT_PS1_SHOWUNTRACKEDFILES is
 # enabled.
 #
 # If you would like to see the difference between HEAD and its upstream,
 # set GIT_PS1_SHOWUPSTREAM="auto".  A "<" indicates you are behind, ">"
 # indicates you are ahead, "<>" indicates you have diverged and "="
 # indicates that there is no difference. You can further control
 # behaviour by setting GIT_PS1_SHOWUPSTREAM to a space-separated list
 # of values:
 #
 #     verbose       show number of commits ahead/behind (+/-) upstream
 #     name          if verbose, then also show the upstream abbrev name
 #     legacy        don't use the '--count' option available in recent
 #                   versions of git-rev-list
 #     git           always compare HEAD to @{upstream}
 #     svn           always compare HEAD to your SVN upstream
 #
 # You can change the separator between the branch name and the above
 # state symbols by setting GIT_PS1_STATESEPARATOR. The default separator
 # is SP.
 #
 # By default, __git_ps1 will compare HEAD to your SVN upstream if it can
 # find one, or @{upstream} otherwise.  Once you have set
 # GIT_PS1_SHOWUPSTREAM, you can override it on a per-repository basis by
 # setting the bash.showUpstream config variable.
 #
 # If you would like to see more information about the identity of
 # commits checked out as a detached HEAD, set GIT_PS1_DESCRIBE_STYLE
 # to one of these values:
 #
 #     contains      relative to newer annotated tag (v1.6.3.2~35)
 #     branch        relative to newer tag or branch (master~4)
 #     describe      relative to older annotated tag (v1.6.3.1-13-gdd42c2f)
 #     tag           relative to any older tag (v1.6.3.1-13-gdd42c2f)
 #     default       exactly matching tag
 #
 # If you would like a colored hint about the current dirty state, set
 # GIT_PS1_SHOWCOLORHINTS to a nonempty value. The colors are based on
 # the colored output of "git status -sb" and are available only when
 # using __git_ps1 for PROMPT_COMMAND or precmd.
 #
 # If you would like __git_ps1 to do nothing in the case when the current
 # directory is set up to be ignored by git, then set
 # GIT_PS1_HIDE_IF_PWD_IGNORED to a nonempty value. Override this on the
 # repository level by setting bash.hideIfPwdIgnored to "false".
 # check whether printf supports -v
 __git_printf_supports_v=
 printf -v __git_printf_supports_v -- '%s' yes >/dev/null 2>&1
 # stores the divergence from upstream in $p
 # used by GIT_PS1_SHOWUPSTREAM
 __git_ps1_show_upstream ()
 {
 	local key value
 	local svn_remote svn_url_pattern count n
 	local upstream=git legacy="" verbose="" name=""
 	svn_remote=()
 	# get some config options from git-config
 	local output="$(git config -z --get-regexp '^(svn-remote\..*\.url|bash\.showupstream)$' 2>/dev/null | tr '\0\n' '\n ')"
 	while read -r key value; do
 		case "$key" in
 		bash.showupstream)
 			GIT_PS1_SHOWUPSTREAM="$value"
 			if [[ -z "${GIT_PS1_SHOWUPSTREAM}" ]]; then
 				p=""
 				return
 			fi
 			;;
 		svn-remote.*.url)
 			svn_remote[$((${#svn_remote[@]} + 1))]="$value"
 			svn_url_pattern="$svn_url_pattern\\|$value"
 			upstream=svn+git # default upstream is SVN if available, else git
 			;;
 		esac
 	done <<< "$output"
 	# parse configuration values
 	for option in ${GIT_PS1_SHOWUPSTREAM}; do
 		case "$option" in
 		git|svn) upstream="$option" ;;
 		verbose) verbose=1 ;;
 		legacy)  legacy=1  ;;
 		name)    name=1 ;;
 		esac
 	done
 	# Find our upstream
 	case "$upstream" in
 	git)    upstream="@{upstream}" ;;
 	svn*)
 		# get the upstream from the "git-svn-id: ..." in a commit message
 		# (git-svn uses essentially the same procedure internally)
 		local -a svn_upstream
 		svn_upstream=($(git log --first-parent -1 \
 					--grep="^git-svn-id: \(${svn_url_pattern#??}\)" 2>/dev/null))
 		if [[ 0 -ne ${#svn_upstream[@]} ]]; then
 			svn_upstream=${svn_upstream[${#svn_upstream[@]} - 2]}
 			svn_upstream=${svn_upstream%@*}
 			local n_stop="${#svn_remote[@]}"
 			for ((n=1; n <= n_stop; n++)); do
 				svn_upstream=${svn_upstream#${svn_remote[$n]}}
 			done
 			if [[ -z "$svn_upstream" ]]; then
 				# default branch name for checkouts with no layout:
 				upstream=${GIT_SVN_ID:-git-svn}
 			else
 				upstream=${svn_upstream#/}
 			fi
 		elif [[ "svn+git" = "$upstream" ]]; then
 			upstream="@{upstream}"
 		fi
 		;;
 	esac
 	# Find how many commits we are ahead/behind our upstream
 	if [[ -z "$legacy" ]]; then
 		count="$(git rev-list --count --left-right \
 				"$upstream"...HEAD 2>/dev/null)"
 	else
 		# produce equivalent output to --count for older versions of git
 		local commits
 		if commits="$(git rev-list --left-right "$upstream"...HEAD 2>/dev/null)"
 		then
 			local commit behind=0 ahead=0
 			for commit in $commits
 			do
 				case "$commit" in
 				"<"*) ((behind++)) ;;
 				*)    ((ahead++))  ;;
 				esac
 			done
 			count="$behind	$ahead"
 		else
 			count=""
 		fi
 	fi
 	# calculate the result
 	if [[ -z "$verbose" ]]; then
 		case "$count" in
 		"") # no upstream
 			p="" ;;
 		"0	0") # equal to upstream
 			p="=" ;;
 		"0	"*) # ahead of upstream
 			p=">" ;;
 		*"	0") # behind upstream
 			p="<" ;;
 		*)	    # diverged from upstream
 			p="<>" ;;
 		esac
 	else
 		case "$count" in
 		"") # no upstream
 			p="" ;;
 		"0	0") # equal to upstream
 			p=" u=" ;;
 		"0	"*) # ahead of upstream
 			p=" u+${count#0	}" ;;
 		*"	0") # behind upstream
 			p=" u-${count%	0}" ;;
 		*)	    # diverged from upstream
 			p=" u+${count#*	}-${count%	*}" ;;
 		esac
 		if [[ -n "$count" && -n "$name" ]]; then
 			__git_ps1_upstream_name=$(git rev-parse \
 				--abbrev-ref "$upstream" 2>/dev/null)
 			if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
 				p="$p \${__git_ps1_upstream_name}"
 			else
 				p="$p ${__git_ps1_upstream_name}"
 				# not needed anymore; keep user's
 				# environment clean
 				unset __git_ps1_upstream_name
 			fi
 		fi
 	fi
 }
 # Helper function that is meant to be called from __git_ps1.  It
 # injects color codes into the appropriate gitstring variables used
 # to build a gitstring.
 __git_ps1_colorize_gitstring ()
 {
 	if [[ -n ${ZSH_VERSION-} ]]; then
 		local c_red='%F{red}'
 		local c_green='%F{green}'
 		local c_lblue='%F{blue}'
 		local c_clear='%f'
 	else
 		# Using \[ and \] around colors is necessary to prevent
 		# issues with command line editing/browsing/completion!
 		local c_red='\[\e[31m\]'
 		local c_green='\[\e[32m\]'
 		local c_lblue='\[\e[1;34m\]'
 		local c_clear='\[\e[0m\]'
 	fi
 	local bad_color=$c_red
 	local ok_color=$c_green
 	local flags_color="$c_lblue"
 	local branch_color=""
 	if [ $detached = no ]; then
 		branch_color="$ok_color"
 	else
 		branch_color="$bad_color"
 	fi
 	c="$branch_color$c"
 	z="$c_clear$z"
 	if [ "$w" = "*" ]; then
 		w="$bad_color$w"
 	fi
 	if [ -n "$i" ]; then
 		i="$ok_color$i"
 	fi
 	if [ -n "$s" ]; then
 		s="$flags_color$s"
 	fi
 	if [ -n "$u" ]; then
 		u="$bad_color$u"
 	fi
 	r="$c_clear$r"
 }
 # Helper function to read the first line of a file into a variable.
 # __git_eread requires 2 arguments, the file path and the name of the
 # variable, in that order.
 __git_eread ()
 {
 	test -r "$1" && IFS=$'\r\n' read "$2" <"$1"
 }
 # see if a cherry-pick or revert is in progress, if the user has committed a
 # conflict resolution with 'git commit' in the middle of a sequence of picks or
 # reverts then CHERRY_PICK_HEAD/REVERT_HEAD will not exist so we have to read
 # the todo file.
 __git_sequencer_status ()
 {
 	local todo
 	if test -f "$g/CHERRY_PICK_HEAD"
 	then
 		r="|CHERRY-PICKING"
 		return 0;
 	elif test -f "$g/REVERT_HEAD"
 	then
 		r="|REVERTING"
 		return 0;
 	elif __git_eread "$g/sequencer/todo" todo
 	then
 		case "$todo" in
 		p[\ \	]|pick[\ \	]*)
 			r="|CHERRY-PICKING"
 			return 0
 		;;
 		revert[\ \	]*)
 			r="|REVERTING"
 			return 0
 		;;
 		esac
 	fi
 	return 1
 }
 # __git_ps1 accepts 0 or 1 arguments (i.e., format string)
 # when called from PS1 using command substitution
 # in this mode it prints text to add to bash PS1 prompt (includes branch name)
 #
 # __git_ps1 requires 2 or 3 arguments when called from PROMPT_COMMAND (pc)
 # in that case it _sets_ PS1. The arguments are parts of a PS1 string.
 # when two arguments are given, the first is prepended and the second appended
 # to the state string when assigned to PS1.
 # The optional third parameter will be used as printf format string to further
 # customize the output of the git-status string.
 # In this mode you can request colored hints using GIT_PS1_SHOWCOLORHINTS=true
 __git_ps1 ()
 {
 	# preserve exit status
 	local exit=$?
 	local pcmode=no
 	local detached=no
 	local ps1pc_start='\u@\h:\w '
 	local ps1pc_end='\$ '
 	local printf_format=' (%s)'
 	case "$#" in
 		2|3)	pcmode=yes
 			ps1pc_start="$1"
 			ps1pc_end="$2"
 			printf_format="${3:-$printf_format}"
 			# set PS1 to a plain prompt so that we can
 			# simply return early if the prompt should not
 			# be decorated
 			PS1="$ps1pc_start$ps1pc_end"
 		;;
 		0|1)	printf_format="${1:-$printf_format}"
 		;;
 		*)	return $exit
 		;;
 	esac
 	# ps1_expanded:  This variable is set to 'yes' if the shell
 	# subjects the value of PS1 to parameter expansion:
 	#
 	#   * bash does unless the promptvars option is disabled
 	#   * zsh does not unless the PROMPT_SUBST option is set
 	#   * POSIX shells always do
 	#
 	# If the shell would expand the contents of PS1 when drawing
 	# the prompt, a raw ref name must not be included in PS1.
 	# This protects the user from arbitrary code execution via
 	# specially crafted ref names.  For example, a ref named
 	# 'refs/heads/$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)' might cause the
 	# shell to execute 'sudo rm -rf /' when the prompt is drawn.
 	#
 	# Instead, the ref name should be placed in a separate global
 	# variable (in the __git_ps1_* namespace to avoid colliding
 	# with the user's environment) and that variable should be
 	# referenced from PS1.  For example:
 	#
 	#     __git_ps1_foo=$(do_something_to_get_ref_name)
 	#     PS1="...stuff...\${__git_ps1_foo}...stuff..."
 	#
 	# If the shell does not expand the contents of PS1, the raw
 	# ref name must be included in PS1.
 	#
 	# The value of this variable is only relevant when in pcmode.
 	#
 	# Assume that the shell follows the POSIX specification and
 	# expands PS1 unless determined otherwise.  (This is more
 	# likely to be correct if the user has a non-bash, non-zsh
 	# shell and safer than the alternative if the assumption is
 	# incorrect.)
 	#
 	local ps1_expanded=yes
 	[ -z "${ZSH_VERSION-}" ] || [[ -o PROMPT_SUBST ]] || ps1_expanded=no
 	[ -z "${BASH_VERSION-}" ] || shopt -q promptvars || ps1_expanded=no
 	local repo_info rev_parse_exit_code
 	repo_info="$(git rev-parse --git-dir --is-inside-git-dir \
 		--is-bare-repository --is-inside-work-tree \
 		--short HEAD 2>/dev/null)"
 	rev_parse_exit_code="$?"
 	if [ -z "$repo_info" ]; then
 		return $exit
 	fi
 	local short_sha=""
 	if [ "$rev_parse_exit_code" = "0" ]; then
 		short_sha="${repo_info##*$'\n'}"
 		repo_info="${repo_info%$'\n'*}"
 	fi
 	local inside_worktree="${repo_info##*$'\n'}"
 	repo_info="${repo_info%$'\n'*}"
 	local bare_repo="${repo_info##*$'\n'}"
 	repo_info="${repo_info%$'\n'*}"
 	local inside_gitdir="${repo_info##*$'\n'}"
 	local g="${repo_info%$'\n'*}"
 	if [ "true" = "$inside_worktree" ] &&
 	   [ -n "${GIT_PS1_HIDE_IF_PWD_IGNORED-}" ] &&
 	   [ "$(git config --bool bash.hideIfPwdIgnored)" != "false" ] &&
 	   git check-ignore -q .
 	then
 		return $exit
 	fi
 	local r=""
 	local b=""
 	local step=""
 	local total=""
 	if [ -d "$g/rebase-merge" ]; then
 		__git_eread "$g/rebase-merge/head-name" b
 		__git_eread "$g/rebase-merge/msgnum" step
 		__git_eread "$g/rebase-merge/end" total
 		if [ -f "$g/rebase-merge/interactive" ]; then
 			r="|REBASE-i"
 		else
 			r="|REBASE-m"
 		fi
 	else
 		if [ -d "$g/rebase-apply" ]; then
 			__git_eread "$g/rebase-apply/next" step
 			__git_eread "$g/rebase-apply/last" total
 			if [ -f "$g/rebase-apply/rebasing" ]; then
 				__git_eread "$g/rebase-apply/head-name" b
 				r="|REBASE"
 			elif [ -f "$g/rebase-apply/applying" ]; then
 				r="|AM"
 			else
 				r="|AM/REBASE"
 			fi
 		elif [ -f "$g/MERGE_HEAD" ]; then
 			r="|MERGING"
 		elif __git_sequencer_status; then
 			:
 		elif [ -f "$g/BISECT_LOG" ]; then
 			r="|BISECTING"
 		fi
 		if [ -n "$b" ]; then
 			:
 		elif [ -h "$g/HEAD" ]; then
 			# symlink symbolic ref
 			b="$(git symbolic-ref HEAD 2>/dev/null)"
 		else
 			local head=""
 			if ! __git_eread "$g/HEAD" head; then
 				return $exit
 			fi
 			# is it a symbolic ref?
 			b="${head#ref: }"
 			if [ "$head" = "$b" ]; then
 				detached=yes
 				b="$(
 				case "${GIT_PS1_DESCRIBE_STYLE-}" in
 				(contains)
 					git describe --contains HEAD ;;
 				(branch)
 					git describe --contains --all HEAD ;;
 				(tag)
 					git describe --tags HEAD ;;
 				(describe)
 					git describe HEAD ;;
 				(* | default)
 					git describe --tags --exact-match HEAD ;;
 				esac 2>/dev/null)" ||
 				b="$short_sha..."
 				b="($b)"
 			fi
 		fi
 	fi
 	if [ -n "$step" ] && [ -n "$total" ]; then
 		r="$r $step/$total"
 	fi
 	local w=""
 	local i=""
 	local s=""
 	local u=""
 	local c=""
 	local p=""
 	if [ "true" = "$inside_gitdir" ]; then
 		if [ "true" = "$bare_repo" ]; then
 			c="BARE:"
 		else
 			b="GIT_DIR!"
 		fi
 	elif [ "true" = "$inside_worktree" ]; then
 		if [ -n "${GIT_PS1_SHOWDIRTYSTATE-}" ] &&
 		   [ "$(git config --bool bash.showDirtyState)" != "false" ]
 		then
 			git diff --no-ext-diff --quiet || w="*"
 			git diff --no-ext-diff --cached --quiet || i="+"
 			if [ -z "$short_sha" ] && [ -z "$i" ]; then
 				i="#"
 			fi
 		fi
 		if [ -n "${GIT_PS1_SHOWSTASHSTATE-}" ] &&
 		   git rev-parse --verify --quiet refs/stash >/dev/null
 		then
 			s="$"
 		fi
 		if [ -n "${GIT_PS1_SHOWUNTRACKEDFILES-}" ] &&
 		   [ "$(git config --bool bash.showUntrackedFiles)" != "false" ] &&
 		   git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' >/dev/null 2>/dev/null
 		then
 			u="%${ZSH_VERSION+%}"
 		fi
 		if [ -n "${GIT_PS1_SHOWUPSTREAM-}" ]; then
 			__git_ps1_show_upstream
 		fi
 	fi
 	local z="${GIT_PS1_STATESEPARATOR-" "}"
 	# NO color option unless in PROMPT_COMMAND mode
 	if [ $pcmode = yes ] && [ -n "${GIT_PS1_SHOWCOLORHINTS-}" ]; then
 		__git_ps1_colorize_gitstring
 	fi
 	b=${b##refs/heads/}
 	if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
 		__git_ps1_branch_name=$b
 		b="\${__git_ps1_branch_name}"
 	fi
 	local f="$w$i$s$u"
 	local gitstring="$c$b${f:+$z$f}$r$p"
 	if [ $pcmode = yes ]; then
 		if [ "${__git_printf_supports_v-}" != yes ]; then
 			gitstring=$(printf -- "$printf_format" "$gitstring")
 		else
 			printf -v gitstring -- "$printf_format" "$gitstring"
 		fi
 		PS1="$ps1pc_start$gitstring$ps1pc_end"
 	else
 		printf -- "$printf_format" "$gitstring"
 	fi
 	return $exit
 }
--- a/server/tasks/agnostic/main.yml
+++ b/server/tasks/agnostic/main.yml
@@ -33,6 +33,7 @@
    owner: root
    group: root
    state: link
  when: ansible_os_family == "Debian"
 # Increase number of TCP connections per port (debian default 128)
 - name: Increasing number of TCP connections per port /etc/sysctl.conf net.core.somaxconn = 4096
--- a/server/tasks/debian/main.yml
+++ b/server/tasks/debian/main.yml
@@ -1,20 +1,19 @@
 ---
 # Debian Server
 # ------------------------------------------------------------------------------
- name: Configuring debian/ubuntu server
+- name: Configuring Debian/Ubuntu physical OR virtual server
  include_tasks: all.yml
 # Physical Debian Server
 # ------------------------------------------------------------------------------
- name: Configuring physical debian/ubuntu server
+- name: Configuring Debian/Ubuntu physical server
  include_tasks: physical.yml
  when: type == 'physical'
 # Virtual Debian Server
 # ------------------------------------------------------------------------------
-# Currently NO virtual specific debian customizations
+- name: Configuring Debian/Ubuntu virtual server
-#- name: Configuring virtual debian/ubuntu server
+  include_tasks: virtual.yml
-#  include_tasks: virtual.yml
+  when: type == 'virtual'
 #  when: type == 'virtual'
--- a/server/tasks/debian/virtual.yml
+++ b/server/tasks/debian/virtual.yml
@@ -0,0 +1,5 @@
 ---
 # ------------------------------------------------------------------------------
 # These tasks run for virtual Debian/Ubuntu servers
 # ------------------------------------------------------------------------------
--- a/server/tasks/main.yml
+++ b/server/tasks/main.yml
@@ -6,6 +6,12 @@
  include_tasks: debian/main.yml
  when: ansible_os_family == "Debian"
 # Manjaro server
 # Run first to install base software required for agnostic/main.yml
 # ------------------------------------------------------------------------------
 - name: Configure Manjaro server
  include_tasks: manjaro/main.yml
  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
 # Any server (OS agnostic)
 # ------------------------------------------------------------------------------
--- a/server/tasks/manjaro/all.yml
+++ b/server/tasks/manjaro/all.yml
@@ -0,0 +1,49 @@
 ---
 # ------------------------------------------------------------------------------
 # These tasks run for any Majaro server (physical or virtual)
 # ------------------------------------------------------------------------------
 # Change the games:x:50: group to staff
 - name: Ensuring group staff:50
  replace:
    path: /etc/group
    regexp: '^games:x:50:'
    replace: 'staff:x:50:'
  #shell: groupmod --new-name staff games
 # Install common Manjaro applications
 - name: Installing common Manjaro applications
  pacman:
    update_cache: yes
    state: present
    name:
      - sudo            # Give certain users the ability to run some commands as root
      - openssh         # Premier connectivity tool for remote login with the SSH protocol
      - nmap            # Utility for network discovery and security auditing
      - htop            # Interactive process viewer
      - iotop           # Display bandwidth usage on an interface
      - iftop           # Network top to watch network usage
      - iperf           # A tool to measure maximum TCP bandwidth
      - ethtool         # Utility for controlling network drivers and hardware
      - sysstat         # A collection of performance monitoring tools (iostat,isag,mpstat,pidstat,sadf,sar)
      - vim             # Vi Improved, a highly configurable, improved version of the vi text editor
      - nano            # Pico editor clone with enhancements
      - rsync           # A file transfer program to keep remote files in sync
      - curl            # An URL retrieval utility and library
      - wget            # Network utility to retrieve files from the Web
      - mlocate         # Merging locate/updatedb implementation
      - ntp             # Network Time Protocol reference implementation
      - tar             # Utility used to store, backup, and transport files
      - zip             # Compressor/archiver for creating and modifying zipfiles
      - unzip           # For extracting and viewing files in .zip archives
      - bzip2           # A high-quality data compression program
      - p7zip           # Command-line file archiver with high compression ratio
      - gzip            # GNU compression utilit
      - git             # The fast distributed version control system
      - nfs-utils       # Support programs for Network File Systems
      - cifs-utils      # CIFS filesystem user-space tools
      - dos2unix        # Text file format converter
      - acl             # Access control list utilities, libraries and headers
      - bind-tools      # The ISC DNS tools (dig...)
      - yay             # Yet another yogurt. Pacman wrapper and AUR helper written in go.
      - base-devel      # Development tools (this is a package group, not a package)
--- a/server/tasks/manjaro/main.yml
+++ b/server/tasks/manjaro/main.yml
@@ -0,0 +1,19 @@
 ---
 # Manjaro Server
 # ------------------------------------------------------------------------------
 - name: Configuring Manjaro Physical OR Virtual server
  include_tasks: all.yml
 # Physical Manjaro Server
 # ------------------------------------------------------------------------------
 - name: Configuring Manjaro physical server
  include_tasks: physical.yml
  when: type == 'physical'
 # Virtual Manjaro Server
 # ------------------------------------------------------------------------------
 - name: Configuring Manjaro virtual server
  include_tasks: virtual.yml
  when: type == 'virtual'
--- a/server/tasks/manjaro/physical.yml
+++ b/server/tasks/manjaro/physical.yml
@@ -0,0 +1,17 @@
 ---
 # ------------------------------------------------------------------------------
 # These tasks run for physical Manjaro servers
 # ------------------------------------------------------------------------------
 # Install physical Manjaro applications
 - name: Installing physical Manjaro server applications
  pacman:
    update_cache: yes
    state: present
    name:
      - ifenslave       # Utility for bonding ethernet interfaces
      - ethtool         # Utility for controlling network drivers and hardware
      - bridge-utils    # Utilities for configuring the Linux ethernet bridge
      - multipath-tools # Multipath tools for Linux (including kpartx)
      - ntfs-3g         # NTFS filesystem driver and utilities
      - smartmontools   # Control and monitor S.M.A.R.T. enabled ATA and SCSI Hard Drives
--- a/server/tasks/manjaro/virtual.yml
+++ b/server/tasks/manjaro/virtual.yml
@@ -0,0 +1,5 @@
 ---
 # ------------------------------------------------------------------------------
 # These tasks run for virtual Manjaro servers
 # ------------------------------------------------------------------------------
--- a/user/tasks/authorize.yml
+++ b/user/tasks/authorize.yml
@@ -0,0 +1,7 @@
 ---
 # Authorize this key to this users ~/.ssh/authorized_keys file
 - name: Adding {{ user }} SSH key to {{ ssh_into }} users ~/.ssh/authorized_keys
  authorized_key:
    user: '{{ item }}'
    key: "{{ lookup('file', user_path + '/keys/' + user + '.key.pub') }}"
  with_items: '{{ ssh_into }}'
--- a/user/tasks/create.yml
+++ b/user/tasks/create.yml
@@ -0,0 +1,46 @@
 ---
 # Groups from group_vars/users.yml
 - set_fact:
    user_groups: "{{ users[user]['groups'] }}"
  when: (user_groups is undefined or user_groups == "") and users[user]['groups'] is defined
 # Using complete groups from playbook user line
 - set_fact:
    user_groups: '{{ user_groups }}'
  when: user_groups is defined and user_groups != ""
 # Appending groups to group_vars/users.yml
 - set_fact:
    user_groups: "{{ users[user]['groups'] + add_groups }}"
  when: add_groups is defined and add_groups != "" and users[user]['groups'] is defined
 # Add OS specific sudo group
 - set_fact:
    user_groups: "{{ user_groups + [sudogroup] }}"
  when: add_sudo|default(false)|bool
 # Set root groups
 - set_fact:
    user_groups: [root]
  when: user == 'root'
 # ------------------------------------------------------------------------------
 - include_tasks: debug.yml
 - include_tasks: user.yml
 - include_tasks: sudo.yml
 - include_tasks: ssh.yml
 # ------------------------------------------------------------------------------
 # Reset variable defaults for next run
 # No way to "unset" a variable, so set to "" and treat "" as undefined in the facts above
 - set_fact:
    user_groups: ""
    add_groups: ""
    ssh_info: ""
    add_sudo: no
    create: yes
    ssh_keys: yes
    ssh_authorize: no
--- a/user/tasks/debug.yml
+++ b/user/tasks/debug.yml
@@ -0,0 +1,11 @@
 ---
 # Debug
 - name: User Debug Details
  debug:
    msg:
      - "User: {{ user }}"
      - "ID: {{ users[user]['id'] }}"
      - "GID: {{ users[user]['gid'] }}"
      - "Groups: {{ user_groups }}"
      - "Password: {{ users[user]['password'] }}"
      #- "{{ network['netmask'] }}"
--- a/user/tasks/main.yml
+++ b/user/tasks/main.yml
@@ -0,0 +1,39 @@
 ---
 ################################################################################
 # Usage Examples
  # Uses groups defined in group_vars/users.yml
  #- { role: shared/user, user: toor }
  # Overrides groups and sets them all here
  #- { role: shared/user, user: toor, user_groups: [all1, all2] }
  # Adds these groups to groups in gruops_vars/users.yml
  #- { role: shared/user, user: toor, add_groups: [add1, add2] }
  # Add OS specific sudo groups to user
  #- { role: shared/user, user: billolo, add_sudo: yes }
  # Create user AND authorize their key to other users
  #- { role: shared/user, user: toor, ssh_into: [mreschke,billolo] }
  # Authorize a users key to other users without creating the user (create: no)
  #- { role: shared/user, user: mreschke, create: no, ssh_into: [toor,root]}
 # Optional arguments
 #   add_sudo: yes
 #   ssh_keys: yes (deploys id_rsa and is_rsa.pub)
 #   ssh_authorize: no (default yes, stops adding user to authorized_keys)
 #   create_home: no
 #   shell: /bin/zsh
 ################################################################################
 # Create user and groups
 - include_tasks: create.yml
  when: create|default(true)|bool
 # Authorize user via SSH
 - include_tasks: authorize.yml
  when: ssh_into is defined and ssh_info != ""
 # Manjaro modifications per user
 - include_tasks: manjaro.yml
  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
--- a/user/tasks/manjaro.yml
+++ b/user/tasks/manjaro.yml
@@ -0,0 +1,15 @@
 ---
 # Manjaro Hack, alter ~/.bashrc
 - name: Adding bash prompt for Manjaro Linux
  lineinfile:
    path: '{{ "~" + user | expanduser }}/.bashrc'
    line: 'source /etc/profile.d/bash_prompt.sh'
    create: yes
  when: user != 'root'
 - # Manjaro symlink ~/.vim
 - name: Symlinking ~/.vim to /etc/vim
  file:
    src: /etc/vim
    dest: '{{ "~" + user | expanduser }}/.vim'
    state: link
--- a/user/tasks/ssh.yml
+++ b/user/tasks/ssh.yml
@@ -0,0 +1,40 @@
 ---
 # Create users ~/.ssh directory
 - name: Creating {{ user }} ~/.ssh directory
  file:
    path: '{{ "~" + user | expanduser }}/.ssh'
    state: directory
 # Authorize users SSH keys
 # NOTE, when: ssh_authorize|bool == true
 # IS working, BUT even if ssh_authorize = false the
 # with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
 # So you have to create at least a blank users/keys/user.key.pub file
 - name: Authorizing SSH keys for {{ user }}
  authorized_key:
    user: '{{ user }}'
    key: '{{ item }}'
  with_file:
    - '{{ user_path }}/keys/{{ user }}.key.pub'
  when: ssh_authorize|default(true)|bool
 # Create users public key
 - name: Copying {{ user }} SSH public key
  copy:
    src: '{{ user_path }}/keys/{{ user }}.key.pub'
    #dest: '{{ user_home }}/.ssh/id_rsa.pub'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0644
  when: ssh_keys|default(false)|bool
 # Create users private key
 - name: Copying {{ user }} SSH private key
  copy:
    src: '../vault/{{ user }}.key'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0600
  when: ssh_keys|default(false)|bool
--- a/user/tasks/sudo.yml
+++ b/user/tasks/sudo.yml
@@ -0,0 +1,20 @@
 ---
 - name: Adding users sudoers.d file
  file:
    path: '/etc/sudoers.d/{{ user }}'
    state: touch
    mode: "0640" #-rw-r-----
  when: 'sudogroup in user_groups'
 - name: Setting user to nopasswd sudo access
  lineinfile:
    path: '/etc/sudoers.d/{{ user }}'
    line: '{{ user }}  ALL=(ALL)  NOPASSWD:ALL'
  #when: '"sudo" in group'
  when: 'sudogroup in user_groups'
 - name: Ensuring sudo is disabled if no longer in sudo group
  file:
    path: /etc/sudoers.d/{{ user }}
    state: absent
  when: 'sudogroup not in user_groups'
--- a/user/tasks/user.yml
+++ b/user/tasks/user.yml
@@ -0,0 +1,19 @@
 ---
 # Create main user gruop
 - name: Creating group {{ user }}
  group:
    name: '{{ user }}'
    gid: "{{ users[user]['gid'] }}"
 # Create user
 - name: Creating user {{ user }}
  user:
    name: '{{ user }}'
    uid: "{{ users[user]['id'] }}"
    comment: '{{ user }}'
    group: '{{ user }}'
    groups: '{{ user_groups }}'
    password: "{{ users[user]['password'] }}"
    update_password: always
    create_home: "{{ create_home | default('yes') }}"
    shell: "{{ shell | default('/bin/bash') }}"
--- a/virt/opennebula-5.10-controller/tasks/main.yml
+++ b/virt/opennebula-5.10-controller/tasks/main.yml
@@ -3,12 +3,13 @@
  apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
  when: ansible_os_family == "Debian"
 # Note, using http instead of https so apt-cacher-ng may cache the repo
 - name: Adding Debian 9 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 - name: Adding Debian 10 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 # Install OpenNebula
--- a/virt/opennebula-5.10-kvm-node/tasks/main.yml
+++ b/virt/opennebula-5.10-kvm-node/tasks/main.yml
@@ -3,12 +3,13 @@
  apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
  when: ansible_os_family == "Debian"
 # Note, using http instead of https so apt-cacher-ng may cache the repo
 - name: Adding Debian 9 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 - name: Adding Debian 10 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 # Install OpenNebula
--- a/web/apt-cacher-ng/tasks/main.yml
+++ b/web/apt-cacher-ng/tasks/main.yml
@@ -0,0 +1,7 @@
 ---
 # Install apt-cacher-ng
 - name: Installing apt-cacher-ng
  apt:
    update_cache: yes
    state: present
    name: apt-cacher-ng