From 6bb3e3f34fede24e0e5e9f0961c0a2401e166034 Mon Sep 17 00:00:00 2001
From: Matthew Reschke <mail@mreschke.com>
Date: Tue, 12 May 2020 17:07:38 -0600
Subject: [PATCH] Lots of updated roles

---
 README.md                                     | 91 +++++++++++++++++--
 app/atlassian/confluence/tasks/mysql.yml      |  2 +-
 app/atlassian/servicedesk/tasks/mysql.yml     |  2 +-
 app/erpnext-12/tasks/configure-erpnext.yml    | 28 +++---
 app/erpnext-12/tasks/configure-linux.yml      | 10 +-
 app/erpnext-12/tasks/main.yml                 |  6 +-
 app/konga-0.14.7/tasks/main.yml               | 38 ++++----
 .../{files => templates}/konga.service        |  2 +-
 build/artifactory-pro/tasks/main.yml          |  2 +-
 code/pyenv/files/profile.d/pyenv.sh           |  6 +-
 code/pyenv/tasks/install-pyenv.yml            | 12 +--
 code/pyenv/tasks/install-python.yml           | 20 ++++
 code/pyenv/tasks/main.yml                     | 10 +-
 .../bin/pyenv-fix-permissions.sh              |  2 +-
 functions/copy_etc-profile.d.yml              | 18 +++-
 functions/copy_usr-local-bin.yml              | 22 ++++-
 mail/getmail/tasks/main.yml                   | 13 ++-
 mail/mutt/tasks/main.yml                      |  8 ++
 server/files/profile.d/bash_aliases.sh        | 10 ++
 system/tmux/tasks/main.yml                    |  8 ++
 user/tasks/create.yml                         |  4 +-
 user/tasks/debug.yml                          |  3 +-
 user/tasks/ssh.yml                            |  6 +-
 user/tasks/sudo.yml                           |  2 +-
 .../opennebula-5.10-controller/tasks/main.yml |  2 +-
 virt/opennebula-5.10-kvm-node/tasks/main.yml  |  6 +-
 .../tasks/configure-mariadb.yml               |  2 +-
 .../tasks/configure-redis.yml                 |  2 +-
 .../tasks/configure.yml                       | 10 +-
 virt/opennebula-5.4-controller/tasks/user.yml |  4 +-
 .../tasks/configure.yml                       | 18 +---
 virt/opennebula-5.8-controller/tasks/main.yml |  2 +-
 virt/opennebula-5.8-kvm-node/tasks/main.yml   |  2 +-
 web/haproxy/tasks/main.yml                    | 14 +--
 .../bin/haproxy_create_error_log.sh           |  2 +-
 35 files changed, 264 insertions(+), 125 deletions(-)
 rename app/konga-0.14.7/{files => templates}/konga.service (91%)
 create mode 100644 code/pyenv/tasks/install-python.yml
 rename code/pyenv/{files => templates}/bin/pyenv-fix-permissions.sh (89%)
 create mode 100644 mail/mutt/tasks/main.yml
 create mode 100644 system/tmux/tasks/main.yml
 rename web/haproxy/{files => templates}/bin/haproxy_create_error_log.sh (92%)

diff --git a/README.md b/README.md
index 39eec07..c9b5e94 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,60 @@ ln -s ~/Code/ansible-shared ~/Code/ansible/playbooks/roles/shared
 
 These shared roles are geared toward Debian 9 and 10 with a few compatible with Ubuntu.
 
-These shared roles assume a fresh stock Debian base with the main user being `toor`.
+File `playbooks/group_vars/all` has user directory like so...add all your users here
+```
+users:
+  # Root and toor
+  root:
+    id: 0
+    gid: 0
+    password: '{{ root_linux_password }}'
+  toor:
+    id: 1000
+    gid: 1000
+    password: '{{ toor_linux_password }}'
+    groups: '{{ superuser_groups }}'
+```
+
+File `playbooks/group_vars/Debian.yml` like so
+```
+# ------------------------------------------------------------------------------
+# Debian specific variables
+# ------------------------------------------------------------------------------
+superuser: toor
+supergroup: staff
+sudogroup: sudo
+superuser_groups: [sudo,users,staff,adm,cdrom,floppy,audio,dip,video,plugdev,netdev]
+```
+
+Make one for each of your OS types, a `ManjroLinux.yml` may look like so
+```
+# ------------------------------------------------------------------------------
+# Manjaro specific variables
+# ------------------------------------------------------------------------------
+superuser: toor
+supergroup: staff
+sudogroup: wheel
+superuser_groups: [wheel,users,staff,adm,sys,network,power,video,storage,lp,input,audio]
+```
+
+Your `ansible.cfg` should look about like so.
+```
+# Ansible configuration for defaults and path modifications
+# mReschke 2020-04-02
+
+[defaults]
+remote_user = root
+remote_tmp = /tmp/ansible-$USER
+roles_path = ./roles
+private_key_file = ~/.ssh/mreschke-root.key
+vault_password_file = ~/.files/configs/ansible/vault.passwd
+retry_files_enabled = False
+display_skipped_hosts = False
+force_color = 1
+nocows = 1
+```
+
 
 
 # Snippets
@@ -24,10 +77,10 @@ Quick helpers to remember common tasks
 
 
 ```yaml
-# Detect Manjaro
-- name: Configure Manjaro mirrorlist for linstore nginx proxy
-  include_tasks: manjaro.yml
-  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
+# Detect OS
+when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
+when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "16.04"
+when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
 
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
@@ -45,6 +98,26 @@ Quick helpers to remember common tasks
     mode: '0644'
   notify: restart nginx
 
+# Template in a loop
+- name: Templating ~/.getmail/config
+  template:
+    src: getmail
+    dest: '{{ "~" + item.username | expanduser }}/.getmail/config'
+    owner: '{{ item.username }}'
+    group: 'users'
+    mode: '0644'
+  with_items: "{{ getmail_users }}"
+
+# Symlink in a loop
+- name: Symlinking /store/apps/getmail to ~/Mail
+  file:
+    src: '/store/apps/getmail/{ item.email }'
+    dest: '{{ "~" + item.username | expanduser }}/Mail'
+    state: link
+    owner: '{{ item.username }}'
+    group: 'users'
+  with_items: "{{ getmail_users }}"
+
 # Install common apps for all debian machines
 - name: Installing Debian common applications
   apt:
@@ -59,8 +132,8 @@ Quick helpers to remember common tasks
   file:
     path: /etc/nginx
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Set chown toor:toor -R /etc/nginx
@@ -69,7 +142,7 @@ Quick helpers to remember common tasks
     path: /etc/nginx
     state: directory
     recurse: yes
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
 
 ```
diff --git a/app/atlassian/confluence/tasks/mysql.yml b/app/atlassian/confluence/tasks/mysql.yml
index 607fe27..e4c6aec 100644
--- a/app/atlassian/confluence/tasks/mysql.yml
+++ b/app/atlassian/confluence/tasks/mysql.yml
@@ -6,7 +6,7 @@
     dest: /etc/mysql/mysql.conf.d/mysqld.cnf
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify: restart mysql # Only reloads if file has changed!
 
 # Create the confluence MySQL database
diff --git a/app/atlassian/servicedesk/tasks/mysql.yml b/app/atlassian/servicedesk/tasks/mysql.yml
index 4ab9b10..d4a3284 100644
--- a/app/atlassian/servicedesk/tasks/mysql.yml
+++ b/app/atlassian/servicedesk/tasks/mysql.yml
@@ -6,7 +6,7 @@
     dest: "/etc/mysql/percona-server.conf.d/mysqld.cnf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart mysql # Only runs if file changed!
 
 # Create the servicedesk MySQL database
diff --git a/app/erpnext-12/tasks/configure-erpnext.yml b/app/erpnext-12/tasks/configure-erpnext.yml
index 06453e1..6d71666 100644
--- a/app/erpnext-12/tasks/configure-erpnext.yml
+++ b/app/erpnext-12/tasks/configure-erpnext.yml
@@ -10,14 +10,14 @@
   file:
     path: '{{ base }}'
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Run frappe bench init
 - name: Running frappe bench init
-  # NOTICE: running as toor
-  become_user: toor
+  # NOTICE: running as superuser
+  become_user: '{{ superuser }}'
   shell: bench init {{ projectname }} --frappe-branch version-12 --no-backups
   args:
     chdir: '{{ base }}'
@@ -27,8 +27,8 @@
 
 # Run frappe bench init with custom repo
 - name: Running frappe bench init with custom repo
-  # NOTICE: running as toor
-  become_user: toor
+  # NOTICE: running as superuser
+  become_user: '{{ superuser }}'
   shell: bench init {{ projectname }} --frappe-path {{ frappe_repo }} --frappe-branch version-12 --no-backups
   args:
     chdir: '{{ base }}'
@@ -38,7 +38,7 @@
 
 # Create frappe-bench supervisor configs
 - name: Creating frappe-bench supervisor config
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench setup supervisor
   args:
     chdir: '{{ path }}'
@@ -54,7 +54,7 @@
 
 # Get ERPNext app
 - name: Getting ERPNext app
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench get-app erpnext --branch version-12
   args:
     chdir: '{{ path }}'
@@ -64,7 +64,7 @@
 
 # Get ERPNext app from custom repo
 - name: Getting ERPNext app from custom repo
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench get-app erpnext {{ erpnext_repo }} --branch version-12
   args:
     chdir: '{{ path }}'
@@ -74,7 +74,7 @@
 
 # Settings frappe bench mariadb-host
 - name: Setting frappe bench mariadb-host
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench set-mariadb-host {{ db_host }}
   args:
     chdir: '{{ path }}'
@@ -82,7 +82,7 @@
 
 # Create new site using local database
 - name: Creating new frappe site using local database
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force
   args:
     chdir: '{{ path }}'
@@ -92,7 +92,7 @@
 
 # Create new site using remote database
 - name: Creating new frappe site using remote database
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force --no-mariadb-socket
   args:
     chdir: '{{ path }}'
@@ -102,7 +102,7 @@
 
 # Adding ERPNext to site
 - name: Adding ERPNext to site
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench --site {{ site }} install-app erpnext
   args:
     chdir: '{{ path }}'
@@ -111,7 +111,7 @@
 
 # Create frappe-bench nginx configs
 - name: Creating frappe-bench nginx config
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench setup nginx
   args:
     chdir: '{{ path }}'
diff --git a/app/erpnext-12/tasks/configure-linux.yml b/app/erpnext-12/tasks/configure-linux.yml
index a6c4204..e092078 100644
--- a/app/erpnext-12/tasks/configure-linux.yml
+++ b/app/erpnext-12/tasks/configure-linux.yml
@@ -1,9 +1,9 @@
 ---
-# Copy ssh client config for toor user so we can git clone without confirmation
-- name: Copying toor SSH client config
+# Copy ssh client config for superuser user so we can git clone without confirmation
+- name: Copying superuser SSH client config
   copy:
     src: 'ssh.config'
-    dest: '/home/toor/.ssh/config'
-    owner: toor
-    group: toor
+    dest: '/home/{{ superuser }}/.ssh/config'
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     mode: '0644'
diff --git a/app/erpnext-12/tasks/main.yml b/app/erpnext-12/tasks/main.yml
index 6fe7333..6a949c9 100644
--- a/app/erpnext-12/tasks/main.yml
+++ b/app/erpnext-12/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
 # NOTICE: Commands like frappe bench and git clone need to run
-# as the toor user, not root.  The playbook that runs this role
-# should be logging in as toor, using become:yes with toors ssh key
+# as the superuser user, not root.  The playbook that runs this role
+# should be logging in as superuser, using become:yes with superusers ssh key
 # Because become:yes all command still run as root, until I use
-# become_user: toor below.
+# become_user: superuser below.
 
 - include_tasks: configure-linux.yml
 - include_tasks: configure-mysql.yml
diff --git a/app/konga-0.14.7/tasks/main.yml b/app/konga-0.14.7/tasks/main.yml
index 91e213a..26b59d4 100644
--- a/app/konga-0.14.7/tasks/main.yml
+++ b/app/konga-0.14.7/tasks/main.yml
@@ -13,8 +13,8 @@
   file:
     path: /var/www
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Create /var/www/konga folder
@@ -22,14 +22,14 @@
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Git clone https://github.com/pantsel/konga.git
 - name: Git clone https://github.com/pantsel/konga.git tag 0.14.7
-  # NOTICE: running as toor
-  become_user: toor
+  # NOTICE: running as superuser
+  become_user: '{{ superuser }}'
   git:
     clone: yes
     force: yes
@@ -38,13 +38,13 @@
     version: 0.14.7
     depth: 1
 
-# Ensure konga git contents owned by toor
-- name: Ensuring konga git contents owned by toor
+# Ensure konga git contents owned by superuser
+- name: Ensuring konga git contents owned by superuser
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     recurse: yes
 
 # Delete package-lock.json
@@ -55,31 +55,31 @@
 
 # Install konga npm packages
 - name: Installing konga NPM packages
-  # NOTICE: running as toor
-  become_user: toor
+  # NOTICE: running as superuser
+  become_user: '{{ superuser }}'
   npm:
     path: /var/www/konga
 
 # Install konga bower dependencies
 - name: Installing konga bower dependencies
-  # NOTICE: running as toor
-  become_user: toor
+  # NOTICE: running as superuser
+  become_user: '{{ superuser }}'
   shell: npm run bower-deps
   args:
     chdir: /var/www/konga
 
-# Ensure konga git contents owned by toor
-- name: Ensuring konga git contents owned by toor
+# Ensure konga git contents owned by superuser
+- name: Ensuring konga git contents owned by superuser
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
-    group: toor
+    owner: '{{ superuser }}'
+    group: '{{ superuser }}'
     recurse: yes
 
 # Copy konga systemd unit file
 - name: Copying konga.service systemd unit file
-  copy:
+  template:
     src: konga.service
     dest: "/etc/systemd/system/konga.service"
     owner: root
diff --git a/app/konga-0.14.7/files/konga.service b/app/konga-0.14.7/templates/konga.service
similarity index 91%
rename from app/konga-0.14.7/files/konga.service
rename to app/konga-0.14.7/templates/konga.service
index 68302b6..65084d3 100644
--- a/app/konga-0.14.7/files/konga.service
+++ b/app/konga-0.14.7/templates/konga.service
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 Type=simple
-User=toor
+User={{ superuser }}
 WorkingDirectory=/var/www/konga
 ExecStart=/usr/bin/node --harmony app.js --prod
 Restart=on-failure
diff --git a/build/artifactory-pro/tasks/main.yml b/build/artifactory-pro/tasks/main.yml
index c5d61ee..df3a566 100644
--- a/build/artifactory-pro/tasks/main.yml
+++ b/build/artifactory-pro/tasks/main.yml
@@ -17,5 +17,5 @@
     dest: /etc/opt/jfrog/artifactory/default
     owner: artifactory
     group: artifactory
-    mode: 0644
+    mode: '0644'
   notify: restart artifactory
diff --git a/code/pyenv/files/profile.d/pyenv.sh b/code/pyenv/files/profile.d/pyenv.sh
index e13ef30..bcd5375 100644
--- a/code/pyenv/files/profile.d/pyenv.sh
+++ b/code/pyenv/files/profile.d/pyenv.sh
@@ -12,8 +12,4 @@ if command -v pyenv 1>/dev/null 2>&1; then
         eval "$(pyenv init -)"
 fi
 
-
-# Python aliases
-alias pv='echo "Version:" && python --version && echo && echo "Interpreter Path:" && python -c "import sys;print(sys.prefix)" && echo && echo "Paths:" && python -c "import sys;print(sys.path);"'
-alias activate='source env/bin/activate && pv'
-alias pips='pipenv shell && echo "pipenv shell has been deactivated" && echo && pv'
+# Python aliases for pv, activate and pips should already be defined in shared/server
diff --git a/code/pyenv/tasks/install-pyenv.yml b/code/pyenv/tasks/install-pyenv.yml
index bae254d..9582044 100644
--- a/code/pyenv/tasks/install-pyenv.yml
+++ b/code/pyenv/tasks/install-pyenv.yml
@@ -17,6 +17,8 @@
       - libgdbm-dev
       - libc6-dev
       - libbz2-dev
+      - libffi-dev
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
 # Debian 10
 - name: Installing build-essential and pyenv dependencies
@@ -34,21 +36,19 @@
       - libc6-dev
       - libbz2-dev
       - libffi-dev
-    when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
-
-
-    # Install pyenv using git clone
+# Install pyenv using git clone
 - name: Installing pyenv using git clone
   git:
     repo: https://github.com/pyenv/pyenv.git
     dest: /usr/local/lib/pyenv
+    force: yes
     depth: 1
 
 # Set users and permissions
 # There is also a files/bin/pyenv-fix-permissions.sh that mirror the below
 # which you can run manually after you install a new version (pyenv sets mask and ignores setfacl)
-- command: chown toor:staff /usr/local/lib/pyenv -R
-- command: chmod 2775 /usr/local/lib/pyenv
+- file: 'path=/usr/local/lib/pyenv owner={{ superuser }} group={{ supergroup }} state=directory recurse=yes mode=2775'
 - command: find /usr/local/lib/pyenv -type d -exec chmod 2775 {} \;
 - command: setfacl -R -d -m user::rwx,group::rwx /usr/local/lib/pyenv
diff --git a/code/pyenv/tasks/install-python.yml b/code/pyenv/tasks/install-python.yml
new file mode 100644
index 0000000..9c03dba
--- /dev/null
+++ b/code/pyenv/tasks/install-python.yml
@@ -0,0 +1,20 @@
+---
+# Pre output
+- debug:
+    msg: 'Pyenv about to install python {{ item }}'
+  with_items: '{{ python_versions }}'
+
+# Install python versions via pyenv
+- name: 'Installing Python version(s) via pyenv'
+  become_user: '{{ superuser }}'
+  shell: 'source /etc/profile.d/pyenv.sh && /usr/local/lib/pyenv/bin/pyenv install --skip-existing {{ item }}'
+  args:
+    executable: /bin/bash
+  with_items: '{{ python_versions }}'
+
+# Set pyenv global python versions
+- name: 'Setting pyenv global python versions'
+  become_user: '{{ superuser }}'
+  shell: 'source /etc/profile.d/pyenv.sh && /usr/local/lib/pyenv/bin/pyenv global {{ python_global_versions }}'
+  args:
+    executable: /bin/bash
diff --git a/code/pyenv/tasks/main.yml b/code/pyenv/tasks/main.yml
index 98d0cb5..9e4eeff 100644
--- a/code/pyenv/tasks/main.yml
+++ b/code/pyenv/tasks/main.yml
@@ -1,9 +1,13 @@
 ---
-# Install pyenv
-- include_tasks: install-pyenv.yml
-
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
 
 # Copy scripts to /usr/local/bin
 - include_tasks: ../../../functions/copy_usr-local-bin.yml
+
+# Install pyenv
+- include_tasks: install-pyenv.yml
+
+# Install python versions
+- include_tasks: install-python.yml
+
diff --git a/code/pyenv/files/bin/pyenv-fix-permissions.sh b/code/pyenv/templates/bin/pyenv-fix-permissions.sh
similarity index 89%
rename from code/pyenv/files/bin/pyenv-fix-permissions.sh
rename to code/pyenv/templates/bin/pyenv-fix-permissions.sh
index e1e4dab..fe45c53 100755
--- a/code/pyenv/files/bin/pyenv-fix-permissions.sh
+++ b/code/pyenv/templates/bin/pyenv-fix-permissions.sh
@@ -7,7 +7,7 @@
 # mReschke 2019-04-19
 
 path=/usr/local/lib/pyenv
-chown toor:staff $path -R
+chown {{ superuser }}:{{ supergroup }} $path -R
 chmod 2775 $path
 find $path -type d -exec chmod 2775 {} \;
 setfacl -R -d -m user::rwx,group::rwx $path
diff --git a/functions/copy_etc-profile.d.yml b/functions/copy_etc-profile.d.yml
index cbf6cad..316135f 100644
--- a/functions/copy_etc-profile.d.yml
+++ b/functions/copy_etc-profile.d.yml
@@ -1,10 +1,24 @@
 # Copy profiles to /etc/profile.d/
+# Templates messes up a lot of back scripts (errors on odd chars)
+# So copy all files/bin/* using COPY
 - name: Copying profiles to /etc/profile.d
   copy:
     src: "{{ item }}"
     dest: /etc/profile.d/
     owner: root
     group: root
-    mode: 0755
+    mode: '0755'
   with_fileglob:
-    - profile.d/*
+    - files/profile.d/*
+
+# Template and copy profiles to /etc/profile.d/
+# Careful here, as some script can mess up the template system (jinja2)
+- name: Copy templated profiles to /etc/profile.d/
+  template:
+    src: "{{ item }}"
+    dest: /etc/profile.d/
+    owner: root
+    group: root
+    mode: '0755'
+  with_fileglob:
+    - templates/profile.d/*
diff --git a/functions/copy_usr-local-bin.yml b/functions/copy_usr-local-bin.yml
index 7c2e194..ccb3fb8 100644
--- a/functions/copy_usr-local-bin.yml
+++ b/functions/copy_usr-local-bin.yml
@@ -1,10 +1,24 @@
 # Copy scripts to /usr/local/bin
+# Templates messes up a lot of back scripts (errors on odd chars)
+# So copy all files/bin/* using COPY
 - name: Copying scripts to /usr/local/bin
   copy:
     src: "{{ item }}"
     dest: /usr/local/bin/
-    owner: toor
-    group: staff
-    mode: 0775
+    owner: '{{ superuser }}'
+    group: '{{ supergroup }}'
+    mode: '0775'
   with_fileglob:
-    - bin/*
+    - files/bin/*
+
+# Template and copy scripts to /usr/local/bin
+# Careful here, as some script can mess up the template system (jinja2)
+- name: Copy templated scripts to /usr/local/bin
+  template:
+    src: "{{ item }}"
+    dest: /usr/local/bin/
+    owner: '{{ superuser }}'
+    group: '{{ supergroup }}'
+    mode: '0775'
+  with_fileglob:
+    - templates/bin/*
diff --git a/mail/getmail/tasks/main.yml b/mail/getmail/tasks/main.yml
index 6256c3e..ef4f877 100644
--- a/mail/getmail/tasks/main.yml
+++ b/mail/getmail/tasks/main.yml
@@ -1,7 +1,16 @@
 ---
-# Install getmail
-- name: Installing getmail
+# Install getmail for Debian 9
+- name: Installing getmail for Debian 9
   apt:
     update_cache: yes
     state: present
     name: getmail4
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install getmail for Debian 10
+- name: Installing getmail for Debian 10
+  apt:
+    update_cache: yes
+    state: present
+    name: getmail
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
diff --git a/mail/mutt/tasks/main.yml b/mail/mutt/tasks/main.yml
new file mode 100644
index 0000000..c0f3966
--- /dev/null
+++ b/mail/mutt/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# Install mutt email client
+- name: Installing mutt email client
+  apt:
+    update_cache: yes
+    state: present
+    name: mutt
+
diff --git a/server/files/profile.d/bash_aliases.sh b/server/files/profile.d/bash_aliases.sh
index d6f460c..68cef75 100644
--- a/server/files/profile.d/bash_aliases.sh
+++ b/server/files/profile.d/bash_aliases.sh
@@ -43,3 +43,13 @@ alias rm='rm -Irv'
 # What is my external IP address
 alias whatismyip='curl -s http://icanhazip.com/'
 
+# Python
+alias pv='echo "Version:" && python --version && echo && echo "Interpreter Path:" && python -c "import sys;print(sys.prefix)" && echo && echo "Paths:" && python -c "import sys;print(sys.path);"'
+alias activate='source env/bin/activate && pv'
+alias pips='pipenv shell && echo "pipenv shell has been deactivated" && echo && pv'
+
+# Docker
+alias dps="docker ps"
+alias dpsa="docker ps -a"
+alias dimg="docker images"
+alias dimga="docker images -a"
diff --git a/system/tmux/tasks/main.yml b/system/tmux/tasks/main.yml
new file mode 100644
index 0000000..1d1cbb3
--- /dev/null
+++ b/system/tmux/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# Install tmux
+- name: Installing tmux
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - tmux
diff --git a/user/tasks/create.yml b/user/tasks/create.yml
index 5b5942b..a968525 100644
--- a/user/tasks/create.yml
+++ b/user/tasks/create.yml
@@ -41,6 +41,6 @@
     ssh_info: ""
     add_sudo: no
     create: yes
-    ssh_keys: yes
-    ssh_authorize: no
+    ssh_keys: no
+    ssh_authorize: yes
 
diff --git a/user/tasks/debug.yml b/user/tasks/debug.yml
index 3881805..f97673d 100644
--- a/user/tasks/debug.yml
+++ b/user/tasks/debug.yml
@@ -7,5 +7,4 @@
       - "ID: {{ users[user]['id'] }}"
       - "GID: {{ users[user]['gid'] }}"
       - "Groups: {{ user_groups }}"
-      - "Password: {{ users[user]['password'] }}"
-      #- "{{ network['netmask'] }}"
+      #- "Password: {{ users[user]['password'] }}"
diff --git a/user/tasks/ssh.yml b/user/tasks/ssh.yml
index c5d961f..1f3352a 100644
--- a/user/tasks/ssh.yml
+++ b/user/tasks/ssh.yml
@@ -1,6 +1,6 @@
 ---
 # Create users ~/.ssh directory
-- name: Creating {{ user }} ~/.ssh directory
+- name: Creating {{ user }} ~/.ssh directoryxx
   file:
     path: '{{ "~" + user | expanduser }}/.ssh'
     state: directory
@@ -26,7 +26,7 @@
     dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0644
+    mode: '0644'
   when: ssh_keys|default(false)|bool
 
 # Create users private key
@@ -36,5 +36,5 @@
     dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0600
+    mode: '0600'
   when: ssh_keys|default(false)|bool
diff --git a/user/tasks/sudo.yml b/user/tasks/sudo.yml
index 0e25476..afb9dc4 100644
--- a/user/tasks/sudo.yml
+++ b/user/tasks/sudo.yml
@@ -3,7 +3,7 @@
   file:
     path: '/etc/sudoers.d/{{ user }}'
     state: touch
-    mode: "0640" #-rw-r-----
+    mode: '0640'
   when: 'sudogroup in user_groups'
 
 - name: Setting user to nopasswd sudo access
diff --git a/virt/opennebula-5.10-controller/tasks/main.yml b/virt/opennebula-5.10-controller/tasks/main.yml
index fd43c5a..9dad6fe 100644
--- a/virt/opennebula-5.10-controller/tasks/main.yml
+++ b/virt/opennebula-5.10-controller/tasks/main.yml
@@ -66,4 +66,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
diff --git a/virt/opennebula-5.10-kvm-node/tasks/main.yml b/virt/opennebula-5.10-kvm-node/tasks/main.yml
index ee5e7c3..4d59f0e 100644
--- a/virt/opennebula-5.10-kvm-node/tasks/main.yml
+++ b/virt/opennebula-5.10-kvm-node/tasks/main.yml
@@ -27,7 +27,7 @@
     dest: '/etc/libvirt/libvirtd.conf'
     owner: 'root'
     group: 'root'
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
@@ -38,7 +38,7 @@
     dest: '/etc/libvirt/libvirtd.conf'
     owner: 'root'
     group: 'root'
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
@@ -76,4 +76,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
diff --git a/virt/opennebula-5.4-controller/tasks/configure-mariadb.yml b/virt/opennebula-5.4-controller/tasks/configure-mariadb.yml
index fb85a1a..c9c25d8 100644
--- a/virt/opennebula-5.4-controller/tasks/configure-mariadb.yml
+++ b/virt/opennebula-5.4-controller/tasks/configure-mariadb.yml
@@ -6,7 +6,7 @@
     dest: "/etc/mysql/mariadb.conf.d/50-server.cnf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart mariadb # Only runs if file changed!
 
 # Set MySQL options defined in OpenNebula docs
diff --git a/virt/opennebula-5.4-controller/tasks/configure-redis.yml b/virt/opennebula-5.4-controller/tasks/configure-redis.yml
index 402ca99..4898f22 100644
--- a/virt/opennebula-5.4-controller/tasks/configure-redis.yml
+++ b/virt/opennebula-5.4-controller/tasks/configure-redis.yml
@@ -6,5 +6,5 @@
     dest: "/etc/redis/redis.conf"
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart redis # Only runs if file changed!
diff --git a/virt/opennebula-5.4-controller/tasks/configure.yml b/virt/opennebula-5.4-controller/tasks/configure.yml
index 8cae2bc..9ebf26b 100644
--- a/virt/opennebula-5.4-controller/tasks/configure.yml
+++ b/virt/opennebula-5.4-controller/tasks/configure.yml
@@ -10,7 +10,7 @@
     dest: "/etc/one/oned.conf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart opennebula
 
 # Override sunstone CSS
@@ -20,7 +20,7 @@
     dest: '/usr/lib/one/sunstone/public/css/custom.css'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
   notify: restart sunstone
 
 # Set oneadmin password (not linux password, but OpenNebula software password)
@@ -45,7 +45,7 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Authorize oneadmin user to SSH into itself
 - name: Authorizing SSH keys for oneadmin
@@ -62,7 +62,7 @@
     dest: '/var/lib/one/.ssh/id_rsa.pub'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Create oneadmin private key
 - name: Copying oneadmin SSH private key
@@ -71,4 +71,4 @@
     dest: '/var/lib/one/.ssh/id_rsa'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0600
+    mode: '0600'
diff --git a/virt/opennebula-5.4-controller/tasks/user.yml b/virt/opennebula-5.4-controller/tasks/user.yml
index 4c2e7c2..780cf93 100644
--- a/virt/opennebula-5.4-controller/tasks/user.yml
+++ b/virt/opennebula-5.4-controller/tasks/user.yml
@@ -24,7 +24,7 @@
     dest: /var/lib/one/.ssh/id_rsa.pub
     owner: oneadmin
     group: oneadmin
-    mode: 0644
+    mode: '0644'
 
 - name: Copying oneadmin SSH private key
   copy:
@@ -32,7 +32,7 @@
     dest: /var/lib/one/.ssh/id_rsa
     owner: oneadmin
     group: oneadmin
-    mode: 0600
+    mode: '0600'
 
 # Authorize oneadmin to SSH to self
 - name: Authorizing oneadmin SSH keys
diff --git a/virt/opennebula-5.4-kvm-node/tasks/configure.yml b/virt/opennebula-5.4-kvm-node/tasks/configure.yml
index e218605..0a6d832 100644
--- a/virt/opennebula-5.4-kvm-node/tasks/configure.yml
+++ b/virt/opennebula-5.4-kvm-node/tasks/configure.yml
@@ -38,7 +38,7 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Authorize oneadmin user to SSH into itself
 - name: Authorizing SSH keys for oneadmin
@@ -55,7 +55,7 @@
     dest: '/var/lib/one/.ssh/id_rsa.pub'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Create oneadmin private key
 - name: Copying oneadmin SSH private key
@@ -64,7 +64,7 @@
     dest: '/var/lib/one/.ssh/id_rsa'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0600
+    mode: '0600'
 
 # Copy libvirt.conf
 - name: Copying /etc/libvirt/libvirt.conf
@@ -73,19 +73,11 @@
     dest: /etc/libvirt/libvirt.conf
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd # Only runs if file changed!
 
 # Copy scripts to /usr/local/bin
-- name: Copying scripts to /usr/local/bin
-  template:
-    src: "{{ item }}"
-    dest: /usr/local/bin/
-    owner: toor
-    group: staff
-    mode: 0755
-  with_fileglob:
-    - files/bin/*
+- include_tasks: ../../../functions/copy_usr-local-bin.yml
 
 # Schedule cron
 - name: Scheduling cron cron-root-daily-12am
diff --git a/virt/opennebula-5.8-controller/tasks/main.yml b/virt/opennebula-5.8-controller/tasks/main.yml
index 56f78a6..09289ab 100644
--- a/virt/opennebula-5.8-controller/tasks/main.yml
+++ b/virt/opennebula-5.8-controller/tasks/main.yml
@@ -60,4 +60,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
diff --git a/virt/opennebula-5.8-kvm-node/tasks/main.yml b/virt/opennebula-5.8-kvm-node/tasks/main.yml
index 094c3ab..57f07a9 100644
--- a/virt/opennebula-5.8-kvm-node/tasks/main.yml
+++ b/virt/opennebula-5.8-kvm-node/tasks/main.yml
@@ -54,4 +54,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
diff --git a/web/haproxy/tasks/main.yml b/web/haproxy/tasks/main.yml
index d8ee630..4386fe0 100644
--- a/web/haproxy/tasks/main.yml
+++ b/web/haproxy/tasks/main.yml
@@ -13,7 +13,7 @@
     dest: /etc/rsyslog.conf
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart rsyslog
 
 # Copy /etc/rsyslog.d/49-haproxy.conf
@@ -24,16 +24,8 @@
     dest: /etc/rsyslog.d/49-haproxy.conf
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart rsyslog
 
 # Copy scripts to /usr/local/bin
-- name: Copying scripts to /usr/local/bin
-  copy:
-    src: "{{ item }}"
-    dest: /usr/local/bin/
-    owner: toor
-    group: staff
-    mode: 0775
-  with_fileglob:
-    - bin/*
+- include_tasks: ../../../functions/copy_usr-local-bin.yml
diff --git a/web/haproxy/files/bin/haproxy_create_error_log.sh b/web/haproxy/templates/bin/haproxy_create_error_log.sh
similarity index 92%
rename from web/haproxy/files/bin/haproxy_create_error_log.sh
rename to web/haproxy/templates/bin/haproxy_create_error_log.sh
index b32dc27..17548b4 100755
--- a/web/haproxy/files/bin/haproxy_create_error_log.sh
+++ b/web/haproxy/templates/bin/haproxy_create_error_log.sh
@@ -22,4 +22,4 @@ cat $log_src \
 	> $log_dest
 
 
-chown toor:toor $log_dest
+chown {{ superuser }}:{{ superuser }} $log_dest