Massive user refactor

README.md

@@ -24,6 +24,11 @@ Quick helpers to remember common tasks
 
 
 ```yaml
+# Detect Manjaro
+- name: Configure Manjaro mirrorlist for linstore nginx proxy
+  include_tasks: manjaro.yml
+  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
+
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
 

app/erpnext-12/tasks/configure-erpnext.yml

@@ -22,7 +22,7 @@
   args:
     chdir: '{{ base }}'
     # Ensures this command only runs if the dir does NOT exist
-    creates: '{{ path }}'
+    creates: '{{ path }}/apps/frappe'
   when: frappe_repo is undefined
 
 # Run frappe bench init with custom repo
@@ -33,7 +33,7 @@
   args:
     chdir: '{{ base }}'
     # Ensures this command only runs if the dir does NOT exist
-    creates: '{{ path }}'
+    creates: '{{ path }}/apps/frappe'
   when: frappe_repo is defined
 
 # Create frappe-bench supervisor configs

app/erpnext-12/tasks/configure-mysql.yml

@@ -18,6 +18,7 @@
     # Ensure this runs only once
     creates: ~/.config/ansible-flag-mysql-password-enabled
   notify: restart mysql
+  ignore_errors: yes
 
 # Copy MariaDB /etc/mysql/mariadb.conf.d/60-frappe.cnf
 - name: Copying /etc/mysql/mariadb.conf.d/60-frappe.cnf

app/wkhtmltopdf/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+# Install wkhtmltopdf
+- name: Installing wkhtmltopdf
+  apt:
+    update_cache: yes
+    state: present
+    name: wkhtmltopdf

functions/user.yml

@@ -1,103 +0,0 @@
----
-# HELP
-# If you want NO password, set password: '*'
-# If you just want a group with the same users name, and no others, use group: []
-# If you don't want a home directory use create_home: no
-
-# Optional
-# ssh_authorized: true|false (default true) - Adds users public key to authorized_keys on server
-# ssh_keys: true|false (default false) - Adds users public AND private key to server
-# create_home: yes|no (default yes) - Creates /home/user directory
-
-
-
-- name: Registering {{ user }} home directory variable
-  shell: >
-    getent passwd {{ user }} | cut -d: -f6
-  changed_when: false
-  register: user_home
-
-# Create group by same ID as user
-- name: Creating group {{ user  }}
-  group:
-    name: '{{ user }}'
-    gid: '{{ id }}'
-  when: gid is undefined
-
-# Create group by options gid
-- name: Creating group {{ user  }}
-  group:
-    name: '{{ user }}'
-    gid: '{{ gid }}'
-  when: gid is defined
-
-- name: Creating user {{ user }}
-  user:
-    name: '{{ user }}'
-    uid: '{{ id }}'
-    comment: '{{ user }}'
-    group: '{{ user }}'
-    groups: '{{ group }}'
-    password: '{{ password }}'
-    update_password: always
-    create_home: '{{ create_home | default("yes")  }}'
-    shell: /bin/bash
-
-#- name: Setting user {{ user }} password
-  #user:
-    #password: '{{ password }}'
-  #when: password is defined
-
-- name: Adding users sudoers.d file
-  file:
-    path: '/etc/sudoers.d/{{ user }}'
-    state: touch
-    mode: "0640" #-rw-r-----
-  when: '"sudo" in group'
-
-- name: Setting user to nopasswd sudo access
-  lineinfile:
-    path: '/etc/sudoers.d/{{ user }}'
-    line: '{{ user }}  ALL=(ALL)  NOPASSWD:ALL'
-  when: '"sudo" in group'
-
-# Create users ~/.ssh directory
-- name: Creating {{ user }} ~/.ssh directory
-  file:
-    path: '{{ "~" + user | expanduser }}/.ssh'
-    state: directory
-
-# Authorize users SSH keys
-# NOTE, when: ssh_authorize|bool == true
-# IS working, BUT even if ssh_authorize = false the
-# with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
-# So you have to create at least a blank users/keys/user.key.pub file
-- name: Authorizing SSH keys for {{ user }}
-  authorized_key:
-    user: '{{ user }}'
-    key: '{{ item }}'
-  with_file:
-    - 'keys/{{ user }}.key.pub'
-  when: ssh_authorize|default(true)|bool
-
-# Create users public key
-- name: Copying {{ user }} SSH public key
-  copy:
-    src: 'keys/{{ user }}.key.pub'
-    #dest: '{{ user_home }}/.ssh/id_rsa.pub'
-    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    mode: 0644
-  when: ssh_keys|default(false)|bool
-
-# Create users private key
-- name: Copying {{ user }} SSH private key
-  copy:
-    src: '../../../vault/{{ user }}.key'
-    #dest: '{{ user_home }}/.ssh/id_rsa'
-    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    mode: 0600
-  when: ssh_keys|default(false)|bool

functions/user_authorize.yml

@@ -1,8 +0,0 @@
----
-# Authorize this key to this users ~/.ssh/authorized_keys file
-- name: Adding {{ authorize }} to {{ user }} user ~/.ssh/authorized_keys file
-  authorized_key:
-    user: '{{ user }}'
-    key: '{{ item }}'
-  with_file:
-    - 'keys/{{ authorize }}.key.pub'

server/files/profile.d/git_prompt.sh

@@ -0,0 +1,564 @@
+# bash/zsh git prompt support
+#
+# Copyright (C) 2006,2007 Shawn O. Pearce <spearce@spearce.org>
+# Distributed under the GNU General Public License, version 2.0.
+#
+# This script allows you to see repository status in your prompt.
+#
+# To enable:
+#
+#    1) Copy this file to somewhere (e.g. ~/.git-prompt.sh).
+#    2) Add the following line to your .bashrc/.zshrc:
+#        source ~/.git-prompt.sh
+#    3a) Change your PS1 to call __git_ps1 as
+#        command-substitution:
+#        Bash: PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '
+#        ZSH:  setopt PROMPT_SUBST ; PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '
+#        the optional argument will be used as format string.
+#    3b) Alternatively, for a slightly faster prompt, __git_ps1 can
+#        be used for PROMPT_COMMAND in Bash or for precmd() in Zsh
+#        with two parameters, <pre> and <post>, which are strings
+#        you would put in $PS1 before and after the status string
+#        generated by the git-prompt machinery.  e.g.
+#        Bash: PROMPT_COMMAND='__git_ps1 "\u@\h:\w" "\\\$ "'
+#          will show username, at-sign, host, colon, cwd, then
+#          various status string, followed by dollar and SP, as
+#          your prompt.
+#        ZSH:  precmd () { __git_ps1 "%n" ":%~$ " "|%s" }
+#          will show username, pipe, then various status string,
+#          followed by colon, cwd, dollar and SP, as your prompt.
+#        Optionally, you can supply a third argument with a printf
+#        format string to finetune the output of the branch status
+#
+# The repository status will be displayed only if you are currently in a
+# git repository. The %s token is the placeholder for the shown status.
+#
+# The prompt status always includes the current branch name.
+#
+# In addition, if you set GIT_PS1_SHOWDIRTYSTATE to a nonempty value,
+# unstaged (*) and staged (+) changes will be shown next to the branch
+# name.  You can configure this per-repository with the
+# bash.showDirtyState variable, which defaults to true once
+# GIT_PS1_SHOWDIRTYSTATE is enabled.
+#
+# You can also see if currently something is stashed, by setting
+# GIT_PS1_SHOWSTASHSTATE to a nonempty value. If something is stashed,
+# then a '$' will be shown next to the branch name.
+#
+# If you would like to see if there're untracked files, then you can set
+# GIT_PS1_SHOWUNTRACKEDFILES to a nonempty value. If there're untracked
+# files, then a '%' will be shown next to the branch name.  You can
+# configure this per-repository with the bash.showUntrackedFiles
+# variable, which defaults to true once GIT_PS1_SHOWUNTRACKEDFILES is
+# enabled.
+#
+# If you would like to see the difference between HEAD and its upstream,
+# set GIT_PS1_SHOWUPSTREAM="auto".  A "<" indicates you are behind, ">"
+# indicates you are ahead, "<>" indicates you have diverged and "="
+# indicates that there is no difference. You can further control
+# behaviour by setting GIT_PS1_SHOWUPSTREAM to a space-separated list
+# of values:
+#
+#     verbose       show number of commits ahead/behind (+/-) upstream
+#     name          if verbose, then also show the upstream abbrev name
+#     legacy        don't use the '--count' option available in recent
+#                   versions of git-rev-list
+#     git           always compare HEAD to @{upstream}
+#     svn           always compare HEAD to your SVN upstream
+#
+# You can change the separator between the branch name and the above
+# state symbols by setting GIT_PS1_STATESEPARATOR. The default separator
+# is SP.
+#
+# By default, __git_ps1 will compare HEAD to your SVN upstream if it can
+# find one, or @{upstream} otherwise.  Once you have set
+# GIT_PS1_SHOWUPSTREAM, you can override it on a per-repository basis by
+# setting the bash.showUpstream config variable.
+#
+# If you would like to see more information about the identity of
+# commits checked out as a detached HEAD, set GIT_PS1_DESCRIBE_STYLE
+# to one of these values:
+#
+#     contains      relative to newer annotated tag (v1.6.3.2~35)
+#     branch        relative to newer tag or branch (master~4)
+#     describe      relative to older annotated tag (v1.6.3.1-13-gdd42c2f)
+#     tag           relative to any older tag (v1.6.3.1-13-gdd42c2f)
+#     default       exactly matching tag
+#
+# If you would like a colored hint about the current dirty state, set
+# GIT_PS1_SHOWCOLORHINTS to a nonempty value. The colors are based on
+# the colored output of "git status -sb" and are available only when
+# using __git_ps1 for PROMPT_COMMAND or precmd.
+#
+# If you would like __git_ps1 to do nothing in the case when the current
+# directory is set up to be ignored by git, then set
+# GIT_PS1_HIDE_IF_PWD_IGNORED to a nonempty value. Override this on the
+# repository level by setting bash.hideIfPwdIgnored to "false".
+
+# check whether printf supports -v
+__git_printf_supports_v=
+printf -v __git_printf_supports_v -- '%s' yes >/dev/null 2>&1
+
+# stores the divergence from upstream in $p
+# used by GIT_PS1_SHOWUPSTREAM
+__git_ps1_show_upstream ()
+{
+	local key value
+	local svn_remote svn_url_pattern count n
+	local upstream=git legacy="" verbose="" name=""
+
+	svn_remote=()
+	# get some config options from git-config
+	local output="$(git config -z --get-regexp '^(svn-remote\..*\.url|bash\.showupstream)$' 2>/dev/null | tr '\0\n' '\n ')"
+	while read -r key value; do
+		case "$key" in
+		bash.showupstream)
+			GIT_PS1_SHOWUPSTREAM="$value"
+			if [[ -z "${GIT_PS1_SHOWUPSTREAM}" ]]; then
+				p=""
+				return
+			fi
+			;;
+		svn-remote.*.url)
+			svn_remote[$((${#svn_remote[@]} + 1))]="$value"
+			svn_url_pattern="$svn_url_pattern\\|$value"
+			upstream=svn+git # default upstream is SVN if available, else git
+			;;
+		esac
+	done <<< "$output"
+
+	# parse configuration values
+	for option in ${GIT_PS1_SHOWUPSTREAM}; do
+		case "$option" in
+		git|svn) upstream="$option" ;;
+		verbose) verbose=1 ;;
+		legacy)  legacy=1  ;;
+		name)    name=1 ;;
+		esac
+	done
+
+	# Find our upstream
+	case "$upstream" in
+	git)    upstream="@{upstream}" ;;
+	svn*)
+		# get the upstream from the "git-svn-id: ..." in a commit message
+		# (git-svn uses essentially the same procedure internally)
+		local -a svn_upstream
+		svn_upstream=($(git log --first-parent -1 \
+					--grep="^git-svn-id: \(${svn_url_pattern#??}\)" 2>/dev/null))
+		if [[ 0 -ne ${#svn_upstream[@]} ]]; then
+			svn_upstream=${svn_upstream[${#svn_upstream[@]} - 2]}
+			svn_upstream=${svn_upstream%@*}
+			local n_stop="${#svn_remote[@]}"
+			for ((n=1; n <= n_stop; n++)); do
+				svn_upstream=${svn_upstream#${svn_remote[$n]}}
+			done
+
+			if [[ -z "$svn_upstream" ]]; then
+				# default branch name for checkouts with no layout:
+				upstream=${GIT_SVN_ID:-git-svn}
+			else
+				upstream=${svn_upstream#/}
+			fi
+		elif [[ "svn+git" = "$upstream" ]]; then
+			upstream="@{upstream}"
+		fi
+		;;
+	esac
+
+	# Find how many commits we are ahead/behind our upstream
+	if [[ -z "$legacy" ]]; then
+		count="$(git rev-list --count --left-right \
+				"$upstream"...HEAD 2>/dev/null)"
+	else
+		# produce equivalent output to --count for older versions of git
+		local commits
+		if commits="$(git rev-list --left-right "$upstream"...HEAD 2>/dev/null)"
+		then
+			local commit behind=0 ahead=0
+			for commit in $commits
+			do
+				case "$commit" in
+				"<"*) ((behind++)) ;;
+				*)    ((ahead++))  ;;
+				esac
+			done
+			count="$behind	$ahead"
+		else
+			count=""
+		fi
+	fi
+
+	# calculate the result
+	if [[ -z "$verbose" ]]; then
+		case "$count" in
+		"") # no upstream
+			p="" ;;
+		"0	0") # equal to upstream
+			p="=" ;;
+		"0	"*) # ahead of upstream
+			p=">" ;;
+		*"	0") # behind upstream
+			p="<" ;;
+		*)	    # diverged from upstream
+			p="<>" ;;
+		esac
+	else
+		case "$count" in
+		"") # no upstream
+			p="" ;;
+		"0	0") # equal to upstream
+			p=" u=" ;;
+		"0	"*) # ahead of upstream
+			p=" u+${count#0	}" ;;
+		*"	0") # behind upstream
+			p=" u-${count%	0}" ;;
+		*)	    # diverged from upstream
+			p=" u+${count#*	}-${count%	*}" ;;
+		esac
+		if [[ -n "$count" && -n "$name" ]]; then
+			__git_ps1_upstream_name=$(git rev-parse \
+				--abbrev-ref "$upstream" 2>/dev/null)
+			if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
+				p="$p \${__git_ps1_upstream_name}"
+			else
+				p="$p ${__git_ps1_upstream_name}"
+				# not needed anymore; keep user's
+				# environment clean
+				unset __git_ps1_upstream_name
+			fi
+		fi
+	fi
+
+}
+
+# Helper function that is meant to be called from __git_ps1.  It
+# injects color codes into the appropriate gitstring variables used
+# to build a gitstring.
+__git_ps1_colorize_gitstring ()
+{
+	if [[ -n ${ZSH_VERSION-} ]]; then
+		local c_red='%F{red}'
+		local c_green='%F{green}'
+		local c_lblue='%F{blue}'
+		local c_clear='%f'
+	else
+		# Using \[ and \] around colors is necessary to prevent
+		# issues with command line editing/browsing/completion!
+		local c_red='\[\e[31m\]'
+		local c_green='\[\e[32m\]'
+		local c_lblue='\[\e[1;34m\]'
+		local c_clear='\[\e[0m\]'
+	fi
+	local bad_color=$c_red
+	local ok_color=$c_green
+	local flags_color="$c_lblue"
+
+	local branch_color=""
+	if [ $detached = no ]; then
+		branch_color="$ok_color"
+	else
+		branch_color="$bad_color"
+	fi
+	c="$branch_color$c"
+
+	z="$c_clear$z"
+	if [ "$w" = "*" ]; then
+		w="$bad_color$w"
+	fi
+	if [ -n "$i" ]; then
+		i="$ok_color$i"
+	fi
+	if [ -n "$s" ]; then
+		s="$flags_color$s"
+	fi
+	if [ -n "$u" ]; then
+		u="$bad_color$u"
+	fi
+	r="$c_clear$r"
+}
+
+# Helper function to read the first line of a file into a variable.
+# __git_eread requires 2 arguments, the file path and the name of the
+# variable, in that order.
+__git_eread ()
+{
+	test -r "$1" && IFS=$'\r\n' read "$2" <"$1"
+}
+
+# see if a cherry-pick or revert is in progress, if the user has committed a
+# conflict resolution with 'git commit' in the middle of a sequence of picks or
+# reverts then CHERRY_PICK_HEAD/REVERT_HEAD will not exist so we have to read
+# the todo file.
+__git_sequencer_status ()
+{
+	local todo
+	if test -f "$g/CHERRY_PICK_HEAD"
+	then
+		r="|CHERRY-PICKING"
+		return 0;
+	elif test -f "$g/REVERT_HEAD"
+	then
+		r="|REVERTING"
+		return 0;
+	elif __git_eread "$g/sequencer/todo" todo
+	then
+		case "$todo" in
+		p[\ \	]|pick[\ \	]*)
+			r="|CHERRY-PICKING"
+			return 0
+		;;
+		revert[\ \	]*)
+			r="|REVERTING"
+			return 0
+		;;
+		esac
+	fi
+	return 1
+}
+
+# __git_ps1 accepts 0 or 1 arguments (i.e., format string)
+# when called from PS1 using command substitution
+# in this mode it prints text to add to bash PS1 prompt (includes branch name)
+#
+# __git_ps1 requires 2 or 3 arguments when called from PROMPT_COMMAND (pc)
+# in that case it _sets_ PS1. The arguments are parts of a PS1 string.
+# when two arguments are given, the first is prepended and the second appended
+# to the state string when assigned to PS1.
+# The optional third parameter will be used as printf format string to further
+# customize the output of the git-status string.
+# In this mode you can request colored hints using GIT_PS1_SHOWCOLORHINTS=true
+__git_ps1 ()
+{
+	# preserve exit status
+	local exit=$?
+	local pcmode=no
+	local detached=no
+	local ps1pc_start='\u@\h:\w '
+	local ps1pc_end='\$ '
+	local printf_format=' (%s)'
+
+	case "$#" in
+		2|3)	pcmode=yes
+			ps1pc_start="$1"
+			ps1pc_end="$2"
+			printf_format="${3:-$printf_format}"
+			# set PS1 to a plain prompt so that we can
+			# simply return early if the prompt should not
+			# be decorated
+			PS1="$ps1pc_start$ps1pc_end"
+		;;
+		0|1)	printf_format="${1:-$printf_format}"
+		;;
+		*)	return $exit
+		;;
+	esac
+
+	# ps1_expanded:  This variable is set to 'yes' if the shell
+	# subjects the value of PS1 to parameter expansion:
+	#
+	#   * bash does unless the promptvars option is disabled
+	#   * zsh does not unless the PROMPT_SUBST option is set
+	#   * POSIX shells always do
+	#
+	# If the shell would expand the contents of PS1 when drawing
+	# the prompt, a raw ref name must not be included in PS1.
+	# This protects the user from arbitrary code execution via
+	# specially crafted ref names.  For example, a ref named
+	# 'refs/heads/$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)' might cause the
+	# shell to execute 'sudo rm -rf /' when the prompt is drawn.
+	#
+	# Instead, the ref name should be placed in a separate global
+	# variable (in the __git_ps1_* namespace to avoid colliding
+	# with the user's environment) and that variable should be
+	# referenced from PS1.  For example:
+	#
+	#     __git_ps1_foo=$(do_something_to_get_ref_name)
+	#     PS1="...stuff...\${__git_ps1_foo}...stuff..."
+	#
+	# If the shell does not expand the contents of PS1, the raw
+	# ref name must be included in PS1.
+	#
+	# The value of this variable is only relevant when in pcmode.
+	#
+	# Assume that the shell follows the POSIX specification and
+	# expands PS1 unless determined otherwise.  (This is more
+	# likely to be correct if the user has a non-bash, non-zsh
+	# shell and safer than the alternative if the assumption is
+	# incorrect.)
+	#
+	local ps1_expanded=yes
+	[ -z "${ZSH_VERSION-}" ] || [[ -o PROMPT_SUBST ]] || ps1_expanded=no
+	[ -z "${BASH_VERSION-}" ] || shopt -q promptvars || ps1_expanded=no
+
+	local repo_info rev_parse_exit_code
+	repo_info="$(git rev-parse --git-dir --is-inside-git-dir \
+		--is-bare-repository --is-inside-work-tree \
+		--short HEAD 2>/dev/null)"
+	rev_parse_exit_code="$?"
+
+	if [ -z "$repo_info" ]; then
+		return $exit
+	fi
+
+	local short_sha=""
+	if [ "$rev_parse_exit_code" = "0" ]; then
+		short_sha="${repo_info##*$'\n'}"
+		repo_info="${repo_info%$'\n'*}"
+	fi
+	local inside_worktree="${repo_info##*$'\n'}"
+	repo_info="${repo_info%$'\n'*}"
+	local bare_repo="${repo_info##*$'\n'}"
+	repo_info="${repo_info%$'\n'*}"
+	local inside_gitdir="${repo_info##*$'\n'}"
+	local g="${repo_info%$'\n'*}"
+
+	if [ "true" = "$inside_worktree" ] &&
+	   [ -n "${GIT_PS1_HIDE_IF_PWD_IGNORED-}" ] &&
+	   [ "$(git config --bool bash.hideIfPwdIgnored)" != "false" ] &&
+	   git check-ignore -q .
+	then
+		return $exit
+	fi
+
+	local r=""
+	local b=""
+	local step=""
+	local total=""
+	if [ -d "$g/rebase-merge" ]; then
+		__git_eread "$g/rebase-merge/head-name" b
+		__git_eread "$g/rebase-merge/msgnum" step
+		__git_eread "$g/rebase-merge/end" total
+		if [ -f "$g/rebase-merge/interactive" ]; then
+			r="|REBASE-i"
+		else
+			r="|REBASE-m"
+		fi
+	else
+		if [ -d "$g/rebase-apply" ]; then
+			__git_eread "$g/rebase-apply/next" step
+			__git_eread "$g/rebase-apply/last" total
+			if [ -f "$g/rebase-apply/rebasing" ]; then
+				__git_eread "$g/rebase-apply/head-name" b
+				r="|REBASE"
+			elif [ -f "$g/rebase-apply/applying" ]; then
+				r="|AM"
+			else
+				r="|AM/REBASE"
+			fi
+		elif [ -f "$g/MERGE_HEAD" ]; then
+			r="|MERGING"
+		elif __git_sequencer_status; then
+			:
+		elif [ -f "$g/BISECT_LOG" ]; then
+			r="|BISECTING"
+		fi
+
+		if [ -n "$b" ]; then
+			:
+		elif [ -h "$g/HEAD" ]; then
+			# symlink symbolic ref
+			b="$(git symbolic-ref HEAD 2>/dev/null)"
+		else
+			local head=""
+			if ! __git_eread "$g/HEAD" head; then
+				return $exit
+			fi
+			# is it a symbolic ref?
+			b="${head#ref: }"
+			if [ "$head" = "$b" ]; then
+				detached=yes
+				b="$(
+				case "${GIT_PS1_DESCRIBE_STYLE-}" in
+				(contains)
+					git describe --contains HEAD ;;
+				(branch)
+					git describe --contains --all HEAD ;;
+				(tag)
+					git describe --tags HEAD ;;
+				(describe)
+					git describe HEAD ;;
+				(* | default)
+					git describe --tags --exact-match HEAD ;;
+				esac 2>/dev/null)" ||
+
+				b="$short_sha..."
+				b="($b)"
+			fi
+		fi
+	fi
+
+	if [ -n "$step" ] && [ -n "$total" ]; then
+		r="$r $step/$total"
+	fi
+
+	local w=""
+	local i=""
+	local s=""
+	local u=""
+	local c=""
+	local p=""
+
+	if [ "true" = "$inside_gitdir" ]; then
+		if [ "true" = "$bare_repo" ]; then
+			c="BARE:"
+		else
+			b="GIT_DIR!"
+		fi
+	elif [ "true" = "$inside_worktree" ]; then
+		if [ -n "${GIT_PS1_SHOWDIRTYSTATE-}" ] &&
+		   [ "$(git config --bool bash.showDirtyState)" != "false" ]
+		then
+			git diff --no-ext-diff --quiet || w="*"
+			git diff --no-ext-diff --cached --quiet || i="+"
+			if [ -z "$short_sha" ] && [ -z "$i" ]; then
+				i="#"
+			fi
+		fi
+		if [ -n "${GIT_PS1_SHOWSTASHSTATE-}" ] &&
+		   git rev-parse --verify --quiet refs/stash >/dev/null
+		then
+			s="$"
+		fi
+
+		if [ -n "${GIT_PS1_SHOWUNTRACKEDFILES-}" ] &&
+		   [ "$(git config --bool bash.showUntrackedFiles)" != "false" ] &&
+		   git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- ':/*' >/dev/null 2>/dev/null
+		then
+			u="%${ZSH_VERSION+%}"
+		fi
+
+		if [ -n "${GIT_PS1_SHOWUPSTREAM-}" ]; then
+			__git_ps1_show_upstream
+		fi
+	fi
+
+	local z="${GIT_PS1_STATESEPARATOR-" "}"
+
+	# NO color option unless in PROMPT_COMMAND mode
+	if [ $pcmode = yes ] && [ -n "${GIT_PS1_SHOWCOLORHINTS-}" ]; then
+		__git_ps1_colorize_gitstring
+	fi
+
+	b=${b##refs/heads/}
+	if [ $pcmode = yes ] && [ $ps1_expanded = yes ]; then
+		__git_ps1_branch_name=$b
+		b="\${__git_ps1_branch_name}"
+	fi
+
+	local f="$w$i$s$u"
+	local gitstring="$c$b${f:+$z$f}$r$p"
+
+	if [ $pcmode = yes ]; then
+		if [ "${__git_printf_supports_v-}" != yes ]; then
+			gitstring=$(printf -- "$printf_format" "$gitstring")
+		else
+			printf -v gitstring -- "$printf_format" "$gitstring"
+		fi
+		PS1="$ps1pc_start$gitstring$ps1pc_end"
+	else
+		printf -- "$printf_format" "$gitstring"
+	fi
+
+	return $exit
+}

server/tasks/agnostic/main.yml

@@ -33,6 +33,7 @@
     owner: root
     group: root
     state: link
+  when: ansible_os_family == "Debian"
 
 # Increase number of TCP connections per port (debian default 128)
 - name: Increasing number of TCP connections per port /etc/sysctl.conf net.core.somaxconn = 4096

server/tasks/debian/main.yml

@@ -1,20 +1,19 @@
 ---
 # Debian Server
 # ------------------------------------------------------------------------------
-- name: Configuring debian/ubuntu server
+- name: Configuring Debian/Ubuntu physical OR virtual server
   include_tasks: all.yml
 
 # Physical Debian Server
 # ------------------------------------------------------------------------------
-- name: Configuring physical debian/ubuntu server
+- name: Configuring Debian/Ubuntu physical server
   include_tasks: physical.yml
   when: type == 'physical'
 
 
 # Virtual Debian Server
 # ------------------------------------------------------------------------------
-# Currently NO virtual specific debian customizations
-#- name: Configuring virtual debian/ubuntu server
-#  include_tasks: virtual.yml
-#  when: type == 'virtual'
+- name: Configuring Debian/Ubuntu virtual server
+  include_tasks: virtual.yml
+  when: type == 'virtual'
 

server/tasks/debian/virtual.yml

@@ -0,0 +1,5 @@
+---
+# ------------------------------------------------------------------------------
+# These tasks run for virtual Debian/Ubuntu servers
+# ------------------------------------------------------------------------------
+

server/tasks/main.yml

@@ -6,6 +6,12 @@
   include_tasks: debian/main.yml
   when: ansible_os_family == "Debian"
 
+# Manjaro server
+# Run first to install base software required for agnostic/main.yml
+# ------------------------------------------------------------------------------
+- name: Configure Manjaro server
+  include_tasks: manjaro/main.yml
+  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
 
 # Any server (OS agnostic)
 # ------------------------------------------------------------------------------

server/tasks/manjaro/all.yml

@@ -0,0 +1,49 @@
+---
+# ------------------------------------------------------------------------------
+# These tasks run for any Majaro server (physical or virtual)
+# ------------------------------------------------------------------------------
+
+# Change the games:x:50: group to staff
+- name: Ensuring group staff:50
+  replace:
+    path: /etc/group
+    regexp: '^games:x:50:'
+    replace: 'staff:x:50:'
+  #shell: groupmod --new-name staff games
+
+# Install common Manjaro applications
+- name: Installing common Manjaro applications
+  pacman:
+    update_cache: yes
+    state: present
+    name:
+      - sudo            # Give certain users the ability to run some commands as root
+      - openssh         # Premier connectivity tool for remote login with the SSH protocol
+      - nmap            # Utility for network discovery and security auditing
+      - htop            # Interactive process viewer
+      - iotop           # Display bandwidth usage on an interface
+      - iftop           # Network top to watch network usage
+      - iperf           # A tool to measure maximum TCP bandwidth
+      - ethtool         # Utility for controlling network drivers and hardware
+      - sysstat         # A collection of performance monitoring tools (iostat,isag,mpstat,pidstat,sadf,sar)
+      - vim             # Vi Improved, a highly configurable, improved version of the vi text editor
+      - nano            # Pico editor clone with enhancements
+      - rsync           # A file transfer program to keep remote files in sync
+      - curl            # An URL retrieval utility and library
+      - wget            # Network utility to retrieve files from the Web
+      - mlocate         # Merging locate/updatedb implementation
+      - ntp             # Network Time Protocol reference implementation
+      - tar             # Utility used to store, backup, and transport files
+      - zip             # Compressor/archiver for creating and modifying zipfiles
+      - unzip           # For extracting and viewing files in .zip archives
+      - bzip2           # A high-quality data compression program
+      - p7zip           # Command-line file archiver with high compression ratio
+      - gzip            # GNU compression utilit
+      - git             # The fast distributed version control system
+      - nfs-utils       # Support programs for Network File Systems
+      - cifs-utils      # CIFS filesystem user-space tools
+      - dos2unix        # Text file format converter
+      - acl             # Access control list utilities, libraries and headers
+      - bind-tools      # The ISC DNS tools (dig...)
+      - yay             # Yet another yogurt. Pacman wrapper and AUR helper written in go.
+      - base-devel      # Development tools (this is a package group, not a package)

server/tasks/manjaro/main.yml

@@ -0,0 +1,19 @@
+---
+# Manjaro Server
+# ------------------------------------------------------------------------------
+- name: Configuring Manjaro Physical OR Virtual server
+  include_tasks: all.yml
+
+# Physical Manjaro Server
+# ------------------------------------------------------------------------------
+- name: Configuring Manjaro physical server
+  include_tasks: physical.yml
+  when: type == 'physical'
+
+
+# Virtual Manjaro Server
+# ------------------------------------------------------------------------------
+- name: Configuring Manjaro virtual server
+  include_tasks: virtual.yml
+  when: type == 'virtual'
+

server/tasks/manjaro/physical.yml

@@ -0,0 +1,17 @@
+---
+# ------------------------------------------------------------------------------
+# These tasks run for physical Manjaro servers
+# ------------------------------------------------------------------------------
+
+# Install physical Manjaro applications
+- name: Installing physical Manjaro server applications
+  pacman:
+    update_cache: yes
+    state: present
+    name:
+      - ifenslave       # Utility for bonding ethernet interfaces
+      - ethtool         # Utility for controlling network drivers and hardware
+      - bridge-utils    # Utilities for configuring the Linux ethernet bridge
+      - multipath-tools # Multipath tools for Linux (including kpartx)
+      - ntfs-3g         # NTFS filesystem driver and utilities
+      - smartmontools   # Control and monitor S.M.A.R.T. enabled ATA and SCSI Hard Drives

server/tasks/manjaro/virtual.yml

@@ -0,0 +1,5 @@
+---
+# ------------------------------------------------------------------------------
+# These tasks run for virtual Manjaro servers
+# ------------------------------------------------------------------------------
+

user/tasks/authorize.yml

@@ -0,0 +1,7 @@
+---
+# Authorize this key to this users ~/.ssh/authorized_keys file
+- name: Adding {{ user }} SSH key to {{ ssh_into }} users ~/.ssh/authorized_keys
+  authorized_key:
+    user: '{{ item }}'
+    key: "{{ lookup('file', user_path + '/keys/' + user + '.key.pub') }}"
+  with_items: '{{ ssh_into }}'

user/tasks/create.yml

@@ -0,0 +1,46 @@
+---
+# Groups from group_vars/users.yml
+- set_fact:
+    user_groups: "{{ users[user]['groups'] }}"
+  when: (user_groups is undefined or user_groups == "") and users[user]['groups'] is defined
+
+# Using complete groups from playbook user line
+- set_fact:
+    user_groups: '{{ user_groups }}'
+  when: user_groups is defined and user_groups != ""
+
+# Appending groups to group_vars/users.yml
+- set_fact:
+    user_groups: "{{ users[user]['groups'] + add_groups }}"
+  when: add_groups is defined and add_groups != "" and users[user]['groups'] is defined
+
+# Add OS specific sudo group
+- set_fact:
+    user_groups: "{{ user_groups + [sudogroup] }}"
+  when: add_sudo|default(false)|bool
+
+# Set root groups
+- set_fact:
+    user_groups: [root]
+  when: user == 'root'
+
+# ------------------------------------------------------------------------------
+
+- include_tasks: debug.yml
+- include_tasks: user.yml
+- include_tasks: sudo.yml
+- include_tasks: ssh.yml
+
+# ------------------------------------------------------------------------------
+
+# Reset variable defaults for next run
+# No way to "unset" a variable, so set to "" and treat "" as undefined in the facts above
+- set_fact:
+    user_groups: ""
+    add_groups: ""
+    ssh_info: ""
+    add_sudo: no
+    create: yes
+    ssh_keys: yes
+    ssh_authorize: no
+

user/tasks/debug.yml

@@ -0,0 +1,11 @@
+---
+# Debug
+- name: User Debug Details
+  debug:
+    msg:
+      - "User: {{ user }}"
+      - "ID: {{ users[user]['id'] }}"
+      - "GID: {{ users[user]['gid'] }}"
+      - "Groups: {{ user_groups }}"
+      - "Password: {{ users[user]['password'] }}"
+      #- "{{ network['netmask'] }}"

user/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+################################################################################
+# Usage Examples
+  # Uses groups defined in group_vars/users.yml
+  #- { role: shared/user, user: toor }
+
+  # Overrides groups and sets them all here
+  #- { role: shared/user, user: toor, user_groups: [all1, all2] }
+
+  # Adds these groups to groups in gruops_vars/users.yml
+  #- { role: shared/user, user: toor, add_groups: [add1, add2] }
+
+  # Add OS specific sudo groups to user
+  #- { role: shared/user, user: billolo, add_sudo: yes }
+
+  # Create user AND authorize their key to other users
+  #- { role: shared/user, user: toor, ssh_into: [mreschke,billolo] }
+
+  # Authorize a users key to other users without creating the user (create: no)
+  #- { role: shared/user, user: mreschke, create: no, ssh_into: [toor,root]}
+
+# Optional arguments
+#   add_sudo: yes
+#   ssh_keys: yes (deploys id_rsa and is_rsa.pub)
+#   ssh_authorize: no (default yes, stops adding user to authorized_keys)
+#   create_home: no
+#   shell: /bin/zsh
+################################################################################
+# Create user and groups
+- include_tasks: create.yml
+  when: create|default(true)|bool
+
+# Authorize user via SSH
+- include_tasks: authorize.yml
+  when: ssh_into is defined and ssh_info != ""
+
+# Manjaro modifications per user
+- include_tasks: manjaro.yml
+  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"

user/tasks/manjaro.yml

@@ -0,0 +1,15 @@
+---
+# Manjaro Hack, alter ~/.bashrc
+- name: Adding bash prompt for Manjaro Linux
+  lineinfile:
+    path: '{{ "~" + user | expanduser }}/.bashrc'
+    line: 'source /etc/profile.d/bash_prompt.sh'
+    create: yes
+  when: user != 'root'
+
+- # Manjaro symlink ~/.vim
+- name: Symlinking ~/.vim to /etc/vim
+  file:
+    src: /etc/vim
+    dest: '{{ "~" + user | expanduser }}/.vim'
+    state: link

user/tasks/ssh.yml

@@ -0,0 +1,40 @@
+---
+# Create users ~/.ssh directory
+- name: Creating {{ user }} ~/.ssh directory
+  file:
+    path: '{{ "~" + user | expanduser }}/.ssh'
+    state: directory
+
+# Authorize users SSH keys
+# NOTE, when: ssh_authorize|bool == true
+# IS working, BUT even if ssh_authorize = false the
+# with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
+# So you have to create at least a blank users/keys/user.key.pub file
+- name: Authorizing SSH keys for {{ user }}
+  authorized_key:
+    user: '{{ user }}'
+    key: '{{ item }}'
+  with_file:
+    - '{{ user_path }}/keys/{{ user }}.key.pub'
+  when: ssh_authorize|default(true)|bool
+
+# Create users public key
+- name: Copying {{ user }} SSH public key
+  copy:
+    src: '{{ user_path }}/keys/{{ user }}.key.pub'
+    #dest: '{{ user_home }}/.ssh/id_rsa.pub'
+    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
+    owner: '{{ user }}'
+    group: '{{ user }}'
+    mode: 0644
+  when: ssh_keys|default(false)|bool
+
+# Create users private key
+- name: Copying {{ user }} SSH private key
+  copy:
+    src: '../vault/{{ user }}.key'
+    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
+    owner: '{{ user }}'
+    group: '{{ user }}'
+    mode: 0600
+  when: ssh_keys|default(false)|bool

user/tasks/sudo.yml

@@ -0,0 +1,20 @@
+---
+- name: Adding users sudoers.d file
+  file:
+    path: '/etc/sudoers.d/{{ user }}'
+    state: touch
+    mode: "0640" #-rw-r-----
+  when: 'sudogroup in user_groups'
+
+- name: Setting user to nopasswd sudo access
+  lineinfile:
+    path: '/etc/sudoers.d/{{ user }}'
+    line: '{{ user }}  ALL=(ALL)  NOPASSWD:ALL'
+  #when: '"sudo" in group'
+  when: 'sudogroup in user_groups'
+
+- name: Ensuring sudo is disabled if no longer in sudo group
+  file:
+    path: /etc/sudoers.d/{{ user }}
+    state: absent
+  when: 'sudogroup not in user_groups'

user/tasks/user.yml

@@ -0,0 +1,19 @@
+---
+# Create main user gruop
+- name: Creating group {{ user }}
+  group:
+    name: '{{ user }}'
+    gid: "{{ users[user]['gid'] }}"
+
+# Create user
+- name: Creating user {{ user }}
+  user:
+    name: '{{ user }}'
+    uid: "{{ users[user]['id'] }}"
+    comment: '{{ user }}'
+    group: '{{ user }}'
+    groups: '{{ user_groups }}'
+    password: "{{ users[user]['password'] }}"
+    update_password: always
+    create_home: "{{ create_home | default('yes') }}"
+    shell: "{{ shell | default('/bin/bash') }}"

virt/opennebula-5.10-controller/tasks/main.yml

@@ -3,12 +3,13 @@
   apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
   when: ansible_os_family == "Debian"
 
+# Note, using http instead of https so apt-cacher-ng may cache the repo
 - name: Adding Debian 9 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
 - name: Adding Debian 10 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
 # Install OpenNebula

virt/opennebula-5.10-kvm-node/tasks/main.yml

@@ -3,12 +3,13 @@
   apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
   when: ansible_os_family == "Debian"
 
+# Note, using http instead of https so apt-cacher-ng may cache the repo
 - name: Adding Debian 9 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/9 stable opennebula' state=present
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
 - name: Adding Debian 10 OpenNebula repository
-  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
+  apt_repository: repo='deb http://downloads.opennebula.org/repo/5.10/Debian/10 stable opennebula' state=present
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
 # Install OpenNebula

web/apt-cacher-ng/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+# Install apt-cacher-ng
+- name: Installing apt-cacher-ng
+  apt:
+    update_cache: yes
+    state: present
+    name: apt-cacher-ng