Skip to content

Latest commit

 

History

History
777 lines (658 loc) · 156 KB

README.md

File metadata and controls

777 lines (658 loc) · 156 KB

Ansible Playbook: Gas Station ⛽

Brought to you by Megabyte Labs



A no-stone-unturned Ansible playbook you can use to set up the ultimate home lab or on-premise addition to your cloud!

Table of Contents

Introduction

Welcome to a new way of doing things. Born out of complete paranoia and a relentless pursuit of the best of GitHub Awesome lists, Gas Station aims to add the capability of being able to completely wipe whole networks and restore them on a regular basis. It takes a unique approach to network provisioning because it supports desktop provisioning as a first-class citizen. By default, without much configuration, it is meant to provision and maintain the state of a network that includes development workstations and servers. One type of user that might benefit from this project is a web developer who wants to start saving the state of their desktop as code. Another type of user is one who wants to start hosting RAM-intensive web applications in their home-lab environment to save huge amounts on cloud costs. This project is also meant to be maintainable by a single person. Granted, if you look through our eco-system you will see we are well-equipped for supporting entire teams as well.

Gas Station a collection of Ansible playbooks, configurations, scripts, and roles meant to provision computers and networks with the "best of GitHub". By leveraging Ansible, you can provision your whole network relatively fast in the event of a disaster or scheduled network reset. This project is also intended to increase the security of your network by allowing you to frequently wipe, reinstall, and re-provision your network, bringing it back to its original state. This is done by backing up container storage volumes (like database files and Docker volumes) to encrypted S3 buckets, storing configurations in encrypted git repositories, and leveraging GitHub-sourced power tools to make the job easy-peasy.

This project started when a certain somebody changed their desktop wallpaper to an cute picture of a cat 🐱 when, all of a sudden, their computer meowed. Well, it actually started before that but no one believes someone who claims that time travelers hacked them on a regular basis. Tip: If you are stuck in spiritual darkness involving time travelers, save yourself some headaches by adopting an other-people first mentality that may include volunteering, tithing, and surrendering to Jesus Christ. Anyway, enough preaching!

Gas Station is:

  • Highly configurable - most roles come with optional variables that you can configure to change the behavior of the role
  • Highly configured - in-depth research is done to ensure each software component is configured with bash completions, plugins that are well-received by the community, and integrated with other software used in the playbook
  • Compatible with all major operating systems (i.e. Windows, Mac OS X, Ubuntu, Fedora, CentOS, Debian, and even Archlinux)
  • The product of a team of experts
  • An amazing way to learn about developer tools that many would consider to be "the best of GitHub"
  • Open to new ideas - feel free to open an issue or contribute with a pull request!

Quick Start

The easiest way to run the entire playbook, outlined in the main.yml file, is to run the appropriate command listed below. These commands will run the playbook on the machine you run the command on. This is probably the best way to get your feet wet before you decide to give us a ⭐ and customize the playbook for your own needs. Ideally, this command should be run on the machine that you plan on running Ansible with to provision the other computers on your network. It is only guaranteed to work on fresh installs so testing it out with Vagrant is highly encouraged.

Vagrant (Recommended)

To test it out with Vagrant, you can run the following commands which will open up an interactive dialog where you can pick which operating system and virtualization provider you wish to test the installation with:

bash .config/scripts/start.sh # Only required if you do not have the dependencies (i.e. Task) already installed
task ansible:test:vagrant

macOS/Linux

curl -sS https://gitlab.com/megabyte-labs/gas-station/-/raw/master/files/quickstart.sh | bash

Windows

In an administrative PowerShell session, run:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://gitlab.com/megabyte-labs/gas-station/-/raw/master/files/quickstart.ps1'))

Supported Operating Systems

The following chart shows the operating systems that have been tested for compatibility using the environments/dev/ environment. This chart is automatically generated using the Ansible Molecule tests you can view in the molecule/default/ folder. We currently have logic in place to automatically handle the testing of Windows, Mac OS X, Ubuntu, Fedora, CentOS, Debian, and Archlinux. If your operating system is not listed but is a variant of one of the systems we test (i.e. a Debian-flavored system or a RedHat-flavored system) then it might still work.

compatibility_matrix

Requirements

Host Requirements

There are Python and Ansible package requirements need to be installed by running the following command (or equivalent) in the root of this repository:

if type poetry &> /dev/null; then poetry install --no-root; else pip3 install -r .config/requirements.txt; fi
ansible-galaxy install requirements.yml

Easier Method of Installing the Host Requirements

You can also run bash .config/scripts/start.sh if you do not mind development dependencies being installed as well. This method will even handle installing Python 3 and Ansible.

Operating System

This playbook is built and tested to run on fresh installs of Windows, Mac OS X, Ubuntu, Fedora, Debian, CentOS, and Archlinux. It may still be possible to run the playbook on your current machine. However, installing the playbook on a fresh install is the only thing we actively support. That said, if you come across an issue with an environment that already has configurations and software present, please do not hesitate to open an issue.

Connection

SSH (or WinRM in the case of Windows) and Python should be available on the target systems you would like to provision. If you are attempting to provision a Windows machine, you can ensure that WinRM is enabled and configured so that you can remotely provision the Windows target by running the following command with PowerShell:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://gitlab.com/megabyte-labs/gas-station/-/raw/master/files/client.ps1'))

MAS on Mac OS X

We use mas to install apps from the App Store in some of our roles. Sadly, automatically signing into the App Store is not possible on OS X 10.13+ via mas. This is because mas no longer supports login functionality on OS X 10.13+.

There is another caveat with mas. In order to install an application using mas, the application has to have already been added via the App Store GUI. This means that the first time around you will have to install the apps via the App Store GUI so they are associated with your App Store account.

Software

This project breaks down software into a role (found in the subdirectories of the roles/ folder) if the software requires anything other than being added to the PATH variable. Below is a quick description of what each role does. Browsing through this list, along with the conditions laid out in main.yml, you will be able to get a better picture of what software will be installed by the default main.yml playbook.

role_descriptions

We encourage you to browse through the repositories that are linked to in the table above to learn about the configuration options they support.

Binaries

A lot of nifty software does not require any configuration other than being added to the PATH or being installed with an installer like brew. For this kind of software that requires no configuration, we list the software we would like installed by the playbook as a variable in group_vars/ or host_vars/ as an array of keys assigned to the software variable (example here). With those keys, we install the software using the [professormanhattan.genericinstaller](https://galaxy.ansible.com/professormanhattan/genericinstaller) role which determines how to install the binaries by looking up the keys against the software_package object (example here). For your convienience, the software we recommend and install by default is listed below:

Package Description
act To run Github Actions locally
altair A beautiful feature-rich GraphQL Client for all platforms
askgit Query git repositories with SQL. Generate reports, perform status checks, analyze codebases
bandwhich Terminal bandwidth utilization tool
bane Custom & better AppArmor profile generator for Docker containers
bat Clone of cat(1) with syntax highlighting and Git integration
betwixt Web Debugging Proxy based on Chrome DevTools Network panel
bin Effortless binary manager
bitwarden The desktop vault (Windows, macOS, & Linux)
bivac Backup Interface for Volumes Attached to Containers
boilr boilerplate template manager that generates files or directories from template repositories
cerebro Open-source productivity booster with a brain
clair Vulnerability Static Analysis for Containers
consul-cli Command line interface to Consul HTTP API
croc Easily and securely send things from one computer to another
ctop Top-like interface for container metrics
cumulus A SoundCloud player that lives in the menubar
dasel Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool
dat peer-to-peer sharing & live syncronization of files via command line
dat-desktop Peer to peer data syncronization
delta A syntax-highlighting pager for git and diff output
dive A tool for exploring each layer in a docker image
desed Debugger for Sed: demystify and debug the sed scripts, from comfort of terminal
deta Command line interface for managing Deta micros and deployments
direnv Extension to load and unload environment variables depending on the current directory
docker-slim Extension to minify and secure Docker images
dockle Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
doctl The official command line interface for the DigitalOcean API
dog A command-line DNS client
duf a better 'df' alternative
dust A more intuitive version of du in rust
envconsul Launch a subprocess with environment variables using data from @hashicorp Consul and Vault
fd A simple, fast and user-friendly alternative to 'find'
felony An open-source pgp keychain built on the modern web with Electron, React, and Redux
ffsend Easily and securely share files from the command line, a fully featured Firefox Send client
filebrowser Web file browser
fselect Extension to find files with SQL-like queries
fq jq for binary formats
fuego Fuego is a command line client for the firestore database
g-assist A cross-platform unofficial Google Assistant Client for Desktop
ganache Personal blockchain for Ethereum development
gitify GitHub notifications on the menu bar
gitleaks Extension to scan git repos (or files) for secrets using regex and entropy
gitomatic A tool to monitor git repositories and automatically pull & push changes
glab An open-source GitLab command line tool bringing GitLab's cool features to your command line
glow Glow is a terminal based markdown reader designed from the ground up to bring out the beauty—and power—of the CLI
go-chromecast cli for Google Chromecast, Home devices and Cast Groups
gping Ping, but with a graph
grex A command-line tool and library for generating regular expressions from user-provided test cases
gron Extension to make JSON greppable
hclq Command-line processor for HashiCorp config files, like sed for HCL — Terraform, Consul, Nomad, Vault
hexyl A command-line hex viewer
hey HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom
hostctl This tool gives more control over the use of hosts file
htmlq A lightweight and flexible command-line JSON processor for HTML
hyperfine A command-line benchmarking tool
jitsi-meet-electron Desktop application for Jitsi Meet built with Electron
jo JSON output from a shell
jq Command-line JSON processor
kdash A simple and fast dashboard for Kubernetes
kubenav kubenav is the navigator for your Kubernetes clusters right in your pocket
license Command-line license text generator
linuxkit A toolkit for building secure, portable and lean operating systems for containers
manta Flexible invoicing desktop app with beautiful & customizable templates
mark-text A simple and elegant markdown editor, available for Linux, macOS and Windows
masscode A free and open source code snippets manager for developers
mc MinIO Client is a replacement for ls, cp, mkdir, diff and rsync commands for filesystems and object storage
mjml-app The desktop app for MJML
mkcert A simple zero-config tool to make locally trusted development certificates with any names
mockoon Mockoon is the easiest and quickest way to run mock APIs locally. No remote deployment, no account required, open source
motrix A full-featured download manager
mqttx Elegant Cross-platform MQTT 5.0 Desktop Client
muffet Fast website link checker in Go
mullvad-vpn The Mullvad VPN client app for desktop and mobile
nebula A scalable overlay networking tool
nnn A full-featured terminal file manager
node-prune Extension to remove unnecessary files from node_modules
nomino Batch rename utility for developers
nuclear Streaming music player that finds free music
osquery SQL powered operating system instrumentation, monitoring, and analytics
ots Share end-to-end encrypted secrets with others via a one-time URL
oq A performant, and portable jq wrapper to facilitate the consumption and output of formats other than JSON; using jq filters to transform the data
page-fetch Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files
pass Password manager
pastel A command-line tool to generate, analyze, convert and manipulate colors
peco Simplistic interactive filtering tool
pony Local file-based password, API key, secret, recovery code store backed by GPG
pretzel Pretzel is Mac desktop app that shows and find keyboard shortcuts based on your current app
procs A modern replacement for ps written in Rust
psu CLI client for Portainer
pup Parsing HTML at the command line
q Run SQL directly on CSV or TSV files
responsively A modified web browser that helps in responsive web development
rip A safe and ergonomic alternative to rm
runjs A JavaScript playground that auto-evaluates as you type
s5cmd Parallel S3 and local filesystem execution tool
schema A tool to infer and instantiate schemas and translate between data formats
scrcpy A simple & beautiful GUI application for scrcpy
sd Intuitive find & replace CLI (sed alternative)
shfmt A shell parser, formatter, and interpreter with bash support; includes shfmt
skm A simple and powerful SSH keys manager
snitch OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
sqlectron A simple and lightweight SQL client desktop with cross database and platform support
ssh-vault Encrypt/decrypt using ssh keys
ssl-proxy Simple zero-config SSL reverse proxy with real autogenerated certificates
switchhosts Extension to switch hosts
sysbench System performance benchmark tool
tabby A terminal for a more modern age
task A task runner / simpler Make alternative written in Go
teleport Modern SSH server for teams managing distributed infrastructure
tflint A Pluggable Terraform Linter
temps Simple menubar application based on Electron with actual weather information and forecast
tokei Tokei is a program that displays statistics about the code
transfer Converts from one encoding to another
trivy Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
up Ultimate Plumber is a tool for writing Linux pipes with instant live preview
udemy-downloader-gui A desktop application for downloading Udemy Courses
waypoint A tool to build, deploy, and release any application on any platform
websocat CLI for interacting with web sockets
webtorrent Streaming torrent app for Mac, Windows, and Linux
wkhtmltopdf Convert HTML to PDF using Webkit (QtWebKit)
xurls Extract urls from text
yq Process YAML documents from the CLI

NPM Packages

NPM provides a huge catalog of useful CLIs and libraries so we also include a useful and interesting default set of NPM-hosted CLIs for hosts in the desktop group (defined here, for example):

Package Description
@angular/cli Official CLI for Angular capable of generating new projects, generating boilerplate files, and testing apps with LiveReload
@cloudflare/wrangler A CLI tool designed for folks who are interested in using Cloudflare Workers
@ionic/cli A command line interface (CLI) is go-to tool for developing Ionic apps
@nestjs/cli A command-line interface tool that helps you to initialize, develop, and maintain your Nest applications
@prettier/plugin-ruby A prettier plugin for the Ruby programming language and its ecosystem
@prettier/plugin-xml A prettier plugin for XML. prettier is an opinionated code formatter that supports multiple languages and integrates with most editors
@sentry/cli A Sentry command line client for some generic tasks
@vercel/ncc CLI for compiling a Node.js module into a single file, together with all its dependencies, gcc-style
add-gitignore CLI script that generates a .gitignore file for the projects
auto-install Auto installs dependencies as you code
bitly-cli-client Shorten links with Bitly in the terminal
browser-sync test desktop and mobile versions of a website at the same time
caniuse-cmd Caniuse command line tool
carbon-now-cli Tool that generates beautiful images of source code through an intuitive UI, while customizing aspects like fonts, themes, window controls and much mor
commitizen The commitizen command line utility
composerize Turns docker run commands into docker-compose files
cordova The command line tool to build, deploy and manage Cordova-based applications
deviceframe Put device frames around mobile/web/progressive app screenshots
editly A tool and framework for declarative NLE (non-linear video editing) using Node.js and ffmpeg
electron A tool that enables to write cross-platform desktop applications using JavaScript, HTML and CSS
emma-cli Install the package you are looking for
emoj Find relevant emoji from text on the command-line
empty-trash-cli A CLI to empty the trash
eslint A tool for identifying and reporting on patterns found in ECMAScript/JavaScript code
fastify-cli Command line tools for Fastify. Generate, write, and run an application with one single command
firebase-tools The Firebase Command Line Interface (CLI) Tools can be used to test, manage, and deploy Firebase project from the command line
firetable The Firetable CLI automates the steps required to set up the Firetable app and other operations on computer
fkill-cli Fabulously kill processes. Cross-platform.
fx Command-line JSON processing tool
gistup Create a gist from the command line
git-open Type git open to open the repo website (GitHub, GitLab, Bitbucket) in browser
git-standup Shows commits from the last working day in the current directory and the directories below current level plus it comes with several options to modify how it behaves
google-font-installer Google Font Installer is a NodeJS module/CLI that lets you Search, Download and Install fonts offered by Google Web Fonts
gtop System monitoring dashboard for terminal
gulp A toolkit that helps you automate painful or time-consuming tasks in your development workflow
imgur-uploader-cli CLI to upload images to imgur
ios-deploy Command line tool to install aand debug iOS apps
ipfs-deploy Upload static website to IPFS pinning services and optionally update DNS
is-up-cli Check whether a website is up or down using the isitup.org API
jp-cli Simply parse JSON from any input source
jsfmt For formatting, searching, and rewriting JavaScript. Analogous to gofmt
localtunnel localtunnel exposes localhost to the world for easy testing and sharing
mjml A markup language created by Mailjet and designed to reduce the pain of coding a responsive email
mklicense CLI tool for generating Licenses
movie-cli A CLI for getting information about a movies and comparing two movies
nativefier Tool to make any web page a desktop application
navi A JavaScript library for declaratively mapping URLs to asynchronous content
nectarjs A JavaScript native compiler
newman A command-line collection runner for Postman
np A better npm publish
npm-check Check for outdated, incorrect, and unused dependencies
nrm nrm can help you easy and fast switch between different npm registries
nve Run any command on specific Node.js versions
oclif A framework for building CLIs in Node.js
package-size Tool to get the bundle size of an npm package
pageres-cli A CLI to capture screenshots of websites in various resolutions
playwright Single API to automate Chromium, WebKit, and Firefox (available as a CLI and library)
pm2 PM2 is a production process manager for Node.js applications with a built-in load balancer
pxi pxi (pixie) is a small, fast, and magical command-line data processor similar to jq, mlr, and awk
pkg This command line interface enables you to package your Node.js project into an executable that can be run even on devices without Node.js installed
prettier A code formatter
prettier-package-json A JSON formatter inspired by prettier
prettier-plugin-go-template Tool to fix formatting for go template files
prettier-plugin-java An opinionated code formatter which forces a certain coding style
prettier-plugin-properties Adds support to Prettier for .properties files
prettier-plugin-sh Prettier is an opinionated code formatter
prettier-plugin-toml Prettier is an opinionated code formatter
psi PageSpeed Insights with reporting
serve Static file serving and directory listing
serverless Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more
share-cli Quickly share files from your command line
sharp-cli CLI for sharp, a high performance Node.js image processing module
speed-test Test your internet connection speed and ping using speedtest.net from the CLI
stegcloak StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters
surge Publish web apps to a CDN with a single command and no setup required
svgo SVG Optimizer is a Node.js-based tool for optimizing SVG vector graphics files
terminalizer Record your terminal and generate animated gif images or share a web player link terminalizer.com
tinypng-cli Handy command line tool for shrinking PNG images using the TinyPNG API
tldr A Node.js based command-line client for tldr
typescript A language for application-scale JavaScript
wallace-cli Pretty CSS analytics in terminal
wifi-password-cli CLI to get current wifi password
wordpressify Automate your WordPress development workflow
zx A tool for writing better scripts

Python Packages

In a similar fashion to the NPM packages, we include a great set of default Python packages that are included by default for the desktop group (defined here):

Package Description
ansibleconnect Parses Ansible inventory and opens up a tmux session for each host
ansible-lint Lint tool that checks Ansible projects for best practices and problematic code
asciinema Tool that records terminal session and replay them in a terminal as well as in a web browser
aws-shell AWS shell is the interactive productivity booster for the AWS CLI
cookiecutter A command-line utility that creates projects from cookiecutters (project templates)
gdown An alternative to wget and curl that can handle downloading large files from Google Drive
git-filter-repo Tool that aids in wiping particular sections of a repository
gixy A tool to analyze Nginx configuration
httpstat A script that reflects curl statistics in a fascinating and well-defined way, it is a single file which is compatible with Python 3 and requires no additional software (dependencies) to be installed on a users system
http-prompt An interactive command-line HTTP client featuring autocomplete and syntax highlighting, built on HTTPie and prompt_toolkit
iredis A terminal client for redis with auto-completion and syntax highlighting
kube-shell An integrated shell for working with the Kubernetes CLI
litecli A command-line client for SQLite databases that has auto-completion and syntax highlighting
netaddr A system-independent network address manipulation library for Python 2.7 and 3.5+
ngxtop ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server
molecule Molecule project is designed to aid in the development and testing of Ansible roles. Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios
mycli Command line interface for MySQL database with auto-completion and syntax highlighting
pre-commit A framework for managing and maintaining multi-language pre-commit hooks
pywhat what is recursive
social-analyzer API, CLI & Web App for analyzing & finding a person’s profile across social media websites
spotdl A tool to download Spotify playlists and songs along with album art and metadata
starred Generate a GitHub Awesome list directly from your starred repositories
statcode man pages for HTTP status codes (used by running statcode 418, for instance)
truffleHog A tool which makes it easier to search through the history of a git repository to discover passwords and other secrets
virtualenv A tool for creating isolated virtual python environments
yamllint A linter for YAML files

Ruby Gems

A handful of Ruby gems are also installed on targets in the desktop group (defined here):

Package Description
bropages Informative CLI tool that provides community-curated examples for most CLI programs
bundler A tool that manages ruby application's gem dependencies through its entire life, across many machines, systematically and repeatably
chef A systems integration framework, built to bring the benefits of configuration management to the entire infrastructure
cocoapods A tool that manages library dependencies for Xcode project
fpm A tool that converts directories, rpms, python eggs, rubygems, and more to rpms, debs, solaris packages and more
gist A tool that provides a single function (Gist.gist) that uploads a gist
mdl A style checker/lint tool for markdown files
t A command-line power tool for Twitter

Visual Studio Code Extensions

A considerable amount of effort has gone into researching and finding the "best" VS Code extensions. They are defined here and Gas Station also installs a good baseline configuration which includes settings for these extensions:

Package Description
Angular.ng-template Editor services for Angular template files
attilabuti.vscode-mjml MJML preview, lint, and compile
bierner.markdown-emoji Adds emoji syntax support to VS Code's built-in Markdown preview
ChakrounAnas.turbo-console-log This extension make debugging much easier by automating the operation of writing meaningful log message
ChFlick.firecode Firestore security rule support for Visual Studio Code
chrmarti.regex Shows the current regular expression's matches in a side-by-side document
CoenraadS.bracket-pair-colorizer This extension allows matching brackets to be identified with colours
cweijan.vscode-mysql-client2 A database GUI for SQL, SQLite, MongoDB, Redis, and ElasticSearch
DavidAnson.vscode-markdownlint Markdown/CommonMark linting and style checking for Visual Studio Code
dbaeumer.vscode-eslint Integrates ESLint into VS Code
denoland.vscode-deno Adds support for Deno (powered by the Deno language server)
dracula-theme.theme-dracula A dark theme for Visual Studio Code
drewbourne.vscode-remark-lint Use Unified, Remark, and Retext plugins to lint Markdown
eamodio.gitlens GitLens is a popular extension that supercharges the Git capabilities built into VS Code
EditorConfig.EditorConfig This plugin attempts to override user/workspace settings with setting found in .editorconfig files
esbenp.prettier-vscode Prettier is an opinionated code formatter
ericadamski.carbon-now-sh A VS Code extension to open the current editor content in carbon.now.sh
firefox-devtools.vscode-firefox-debug A VS Code extension to debug web applications and extensions running in the Mozilla Firefox browser
firsttris.vscode-jest-runner Manage, run, and debug individual Jest tests
formulahendry.auto-rename-tag Automatically rename paired HTML/XML tag, same as Visual Studio IDE does
formulahendry.code-runner Run code snippet or code file
GitHub.vscode-pull-request-github Review and manage your GitHub pull requests and issues directly in VS Code
GitLab.gitlab-workflow This extension integrates GitLab to VS Code
GoogleCloudTools.cloudcode This extension brings the power and convenience of IDEs to cloud-native application development
golang.Go This extension provides rich language support for the Go programming language, integrates with Google Cloud services like Google Kubernetes Engine, Cloud Run, Cloud APIs, and Secret Manager
HashiCorp.terraform This extension adds syntax highlighting and other editing features for Terraform files using the Terraform Language Server
hediet.vscode-drawio Allows editing draw.io images in VS Code by adding files ending with .drawio.png
IBM.output-colorizer This extension adds syntax colorization for both the output/debug/extensions panel and *.log files, other extension that colorize the output panel will disable this extension
johnpapa.vscode-peacock This extension subtly changes the color of the Visual Studio workspace
Kelvin.vscode-sshfs Allows mounting SSH destinations as file system mounts inside VS Code
KnisterPeter.vscode-commitizen Adds support for commitizen
kruemelkatze.vscode-dashboard This VS code extension organize the projects in a speed-dial like manner
mads-hartmann.bash-ide-vscode This extension utilizes the bash language server, that is based on Tree Sitter and its grammar for Bash and supports explainshell integration
mechatroner.rainbow-csv provides info about column on hover, transforms and filters tables using built-in SQL-like query language
msjsdiag.debugger-for-chrome This extension has been deprecated as Visual Studio Code now has a bundled JavaScript Debugger that covers the same functionality
msjsdiag.debugger-for-edge This extension debugs JavaScript code in the Microsoft Edge browser, also used to enable JavaScript debugging inside the Microsoft Edge browser when launched from ASP.Net Projects in Visual Studio
ms-azuretools.vscode-docker This extension makes it easy to build, manage, and deploy containerized applications from Visual Studio Code
ms-kubernetes-tools.vscode-kubernetes-tools The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications
ms-vscode-remote.remote-containers Containers extension enables the use a Docker container as a full-featured development environment
ms-vscode-remote.remote-ssh SSH enables the use of any remote machine with a SSH server as the development environment
ms-vscode-remote.remote-wsl WSL extension enables the use VS Code on Windows to build Linux applications that run on the Windows Subsystem for Linux(WSL)
ms-python.python A VS Code extension with rich support for the Python language, including features such as IntelliSense (Pylance), linting, debugging, code navigation, code formatting, refactoring, variable explorer, test explorer, and more
ms-vscode.PowerShell This extension provides rich PowerShell language support for Visual Studio Code
ms-vscode.vscode-typescript-tslint-plugin This extension checks TypeScript code for readability, maintainability, and functionality errors
MS-vsliveshare.vsliveshare This extension enables to collaboratively edit and debug with others in real time, regardless what programming languages are used
MS-vsliveshare.vsliveshare-audio This extension enhances the existing Visual Studio Live Share experience, by enabling to quickly spin up an audio call directly from within Visual Studio Code, without needing to use a separate tool or service
njpwerner.autodocstring Aids in writing Python doc strings via templates
nrwl.angular-console A UI to accompany the Nx CLI
paulvarache.vscode-taskfile This extension provides Intellisense, Tasks, a Tree View and Hover actions for your Taskfiles
philnash.ngrok-for-vscode A VSCode extension for controlling ngrok from the command palette
PKief.material-icon-theme Material design icons
pnp.polacode A VSCode extension that creates unique and sharable screenshots of code
pranaygp.vscode-css-peek A VSCode extension for peeking at CSS definitions from a class or id taq in HTML
quicktype.quicktype An extension that generates types and helper code for reading JSON
RandomFractalsInc.vscode-data-preview Preview, modify, analyze, and visualize data in a variety of formats
rbbit.typescript-hero A VSCode extension to organize and sort all the TS imports
redhat.ansible This extension adds language support for Ansible to Visual Studio Code and OpenVSX compatible editors by leveraging ansible-language-server
redhat.vscode-yaml Provides comprehensive YAML Language support to Visual Studio Code, via the yaml-language-server, with built-in Kubernetes syntax support
richie5um2.vscode-sort-json Alphabetically sorts the keys in selected JSON objects
Rubymaniac.vscode-paste-and-indent This extension adds limited support for pasting and indenting code
salbert.comment-ts Adds automatic templating of TypeScript-flavored JSDoc comments
shd101wyy.markdown-preview-enhanced An extension that provides with many useful functionalities such as automatic scroll sync, math typesetting, mermaid, PlantUML, pandoc, PDF export, code chunk, presentation writer, etc
snipsnapdev.snipsnap-vscode Snippet management engine with accompanying web app
softwaredotcom.swdc-vscode A plugin for automatic programming metrics and time tracking Visual Studio Code
steoates.autoimport An extension that automatically finds, parses and provides code actions and code completion for all available imports
stylelint.vscode-stylelint A mighty, modern CSS linter that helps to enforce consistent conventions and avoid errors in stylesheets
TabNine.tabnine-vscode Tabnine is the AI code completion tool trusted by millions of developers to code faster with fewer errors
timonwong.shellcheck Integrates Shellcheck linting (linting for shell scripts)
toba.vsfire A VSCode extension for syntax highlighting, hover help and code completions with Firestore security rules and index definition files
tyriar.sort-lines An extension that sorts lines of text in Visual Studio Code
usernamehw.errorlens An extension that charges language diagnostic features by making diagnostics stand out more prominently, highlighting the entire line wherever a diagnostic is generated by the language and also prints the message inline
valentjn.vscode-ltex Adds LanguageTool functionality including grammar and spell-checking
VisualStudioExptTeam.vscodeintellicode The IntelliCode extension for Visual Studio Code provides artificial intelligence-assisted IntelliSense for Python, Java, TypeScript, and JavaScript
vsciot-vscode.vscode-arduino The Arduino extension makes it easy to develop, build, deploy and debug your Arduino sketches in Visual Studio Code, with a rich set of functionalities
vsls-contrib.codetour Allows running, creating, and editting code tours which are a unique way of guiding contributors through the code base of a project
vsls-contrib.gistfs A Visual Studio Code extension that allows you to edit GitHub Gists and repositories from the comfort of your favorite editor
WallabyJs.quokka-vscode An extension for rapid JavaScript / TypeScript prototyping
wayou.vscode-todo-highlight An extension that highlights TODO, FIXME, and other annotations within the code
wix.vscode-import-cost This extension will display inline in the editor the size of the imported package
yatki.vscode-surround Easily add code that surrounds other code like try/catches

Chrome Extensions

To reduce the amount of time it takes to configure Chromium-based browsers like Brave, Chromium, and Chrome, we also include the capability of automatically installing Chromium-based browser extensions (via a variable defined here):

Package Description
AdGuard AdBlocker Blocks all types of ads on all web pages, even on Facebook, YouTube and all other websites
Bitly Creates short, customized, powerful links from any page and share them with the world
Bitwarden A secure and free password manager for all of the devices
Buffer Shares contents to Instagram, Twitter, Facebook, Pinterest and LinkedIn from anywhere on the web
Checkbot SEO, web speed, and security tester/crawler
Falcon Chrome extension for full text history search
Floccus Syncs bookmarks across browsers via Nextcloud, WebDAV or Google Drive
Git History Browser Extension Adds a button to github to see the file history
Google Dictionary View definitions easily as you browse the web
Grammarly A Chrome extension for grammar and spelling to style and tone, and eliminate writing errors and find the perfect words to express
Headless Recorder A Chrome extension for recording browser interaction and generating Puppeteer & Playwright scripts
HTTPS Everywhere A Chrome extension to encrypt the Web! Automatically use HTTPS security on many sites
JSON Viewer Pro A completely free extension to visualise JSON response in awesome Tree and Chart view with great user experience and options
LastPass A password manager that saves passwords and gives secure access from every computer and mobile device
LanguageTool Grammar and spelling checker with Google Docs integration
Markdown Here A Chrome extension to write email in Markdown and render it (make it pretty!) before sending
MetaMask An extension for accessing Ethereum enabled distributed applications, or "Dapps" in browser
Octohint The missing IntelliSense hint for GitHub and GitLab
Rakuten A Chrome extension to find best shopping deals and coupons and just save them
Screenity The most powerful screen recorder for Chrome
SingleFile A Chrome extension to save a complete page into a single HTML file
SponsorBlock A Chrome extension to skip sponsorships, subscription begging and more on YouTube videos
Vimeo Record A Chrome extension to record and share unlimited free video messages from your browser
Web Vitals A Chrome extension to measure metrics for a healthy site

Homebrew Formulae (macOS and Linux only)

Although most of the brew installs are handled by the Binaries installer, some brew packages are also installed using this configuration. The default Homebrew formulae include:

Package Description
automake Tool for generating GNU Standards-compliant Makefiles
carthage A simple, decentralized dependency manager for Cocoa
chrome-cli Control Google Chrome from the command-line
findutils Collection of GNU find, xargs, and locate
ideviceinstaller Tool for managing apps on iOS devices
libimobiledevice Library to communicate with iOS devices natively
secretive there is no importing/exporting keys so you only have access to the public key

Homebrew Casks (macOS only)

On macOS, some software is installed using Homebrew casks. These include:

Package Description
clocker macOS program that shows the time in multiple timezones in the top menu bar
sloth macOS program that shows all open files, directories, sockets, pipes, and devices in use by all running processes on the system
stats macOS program that shows the system monitor in the top menu bar

Go, Rust, and System-Specific Packages

Go packages, Rust crates, and system-specific packages like .deb and .rpm bundles are all handled by the [professormanhattan.genericinstaller](https://galaxy.ansible.com/professormanhattan/genericinstaller) role described above in the Binaries section. There are also ways of installing Go and Rust packages directly by using configuration options provided by their corresponding roles outlined in the Roles section.

Web Applications

This playbook does a bit more than just install software. It also optionally sets up web applications too. If you choose to deploy the default Gas Station web applications on your network, you should probably do it on a computer/server that has a lot of RAM (e.g. 64GB+).

Although a production environment will always be more stable and performant if it is hosted with a major cloud provider, sometimes it makes more sense to locally host web applications. Some applications have abnormally large RAM requirements that could potentially cost thousands per month to host with a legit cloud provider.

We use Kubernetes as the provider for the majority of the applications. It is a production-grade system and although there is a steeper learning curve it is well worth it. Each application we install is packaged as a Helm chart. All of the data is backed up regularly to an encrypted cloud S3 bucket of your choice.

Helm Charts

The available Helm charts that this playbook completely handles the set up for are listed below.

Package Description
Budibase Budibase
Argo Helm NEED (I thnink?)
cert-manager Helm NEED
Falco NEED Falco NEED
GitLab Runner Deploys an instance of GitLab runner to a Kubernetes cluster. GitLab runner allows you to attach computers to GitLab CI workflows.
kubequery kubequery
vaultwarden vaultwarden
Drone Drone
Kibana NEED Kibana NEED
HashiCorp Consul Helm NEED
HashiCorp Vault Helm NEED
HashiCorp Waypoint Helm
Kubernetes Dashboard Helm NEED
kube-prometheus-stack Installs a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. This Helm includes the official Grafana Helm chart. NEED
Thanos Thanos
Minio Helm
Loki Loki
Kubeapps NEED Kubeapps NEED
Logstash Logstash
ElasticSearch ElasticSearch
n8n n8n
graylog NEED graylog NEED
Knative NEED Knative NEED
Fission 8 Fission 8
Concourse NEED Concourse NEED
Nexus Repository Manager Helm
Rancher Helm
Sentry NEED Sentry NEED
UniFi Helm
Celium NEED REQUIRED for GitLab -- see: https://docs.gitlab.com/ee/topics/autodevops/stages.html#network-policy
Vector Vector
Velero Helm NEED
DKron Helm
Space Cloud Waiting on someone to make a Helm
Cool tools https://github.com/auto-ssl/lua-resty-auto-ssl https://github.com/weaveworks/weave https://adminbro.com/ https://www.vultr.com/products/bare-metal/ https://github.com/containrrr/watchtower https://www.boundaryproject.io/ https://artifacthub.io/packages/helm/cluster-autoscaler/cluster-autoscaler https://github.com/linkerd/linkerd2 https://cilium.io/ https://github.com/porter-dev/porter

Host Applications

By default, on each computer provisioned using the default settings of Gas Station, several apps are installed on each host. Docker Compose is used to manage the deployment. The default apps include:

App Description
Authelia An authentication portal that supports SSO and 2FA
Homer A very simple homepage which is customized by the playbook to automatically include links to the Docker containers you choose to host on the computer
Portainer A Docker management tool
Serve Simple interface for viewing files located or symlinked to in the /var/www/ folder of the machine

You can, of course, disable deploying these apps. However, we include them because they have a small footprint and include useful features. You can also customize the list of apps you wish to include on each host.

HTPC

We do not maintain any of the host applications except the ones listed above. However, we do provide the capability of marking a computer being provisioned as an HTPC. Doing this will include a suite of web applications with powerful auto-downloading, organizing, tagging, and media-serving capabilities. Since most people will probably be stepping outside the confines of the law for this, it is not recommended. If you still want to experiment then you can find descriptions of the applications below. The applications are intended to be hosted on a single computer via Docker Compose. The backend for Kodi is included but you should still use the regular installation method for Plex and the front-end of Kodi to view your media collection.

App Description
WireGuard Dedicated VPN for the HTPC applications
Bazarr Manages and automatically downloads subtitles
Heimdall Start page for all the HTPC apps
Jackett Request proxy server for Radarr and Sonarr
Kodi Headless Backend for Kodi
Lidarr Music collection manager that automatically downloads from BitTorrent and Usenet
NZBGet Usenet downloader
Ombi Plex request and user management system
Organizr Front end for HTPC web applications
Radarr Automatic movie downloader
Sonarr Automatic TV show downloader
Tautulli Metrics and monitoring for Plex
Transmission BitTorrent client

Philosophy

The philosophy of this project basically boils down to "automate everything" and include the best development tools that might be useful without over-bloating the machine with services. Automating everything should include tasks like automatically accepting software terms in advance or pre-populating Portainer with certificates of all the Docker hosts you would like to control. One problem we face is that there are so many great tools offered on GitHub. A lot of research has to go into what to include and what to pass on. The decision of whether or not to include a piece of software in the default playbook basically boils down to:

  • Project popularity - If one project has 10k stars and a similar alternative has 500 stars then 9 times of out 10 the more popular project is selected.
  • Last commit date - We prefer software that is being actively maintained, for obvious reasons.
  • Cross platform - Our playbook supports the majority of popular operating systems so we opt for cross-platform software. However, in some cases, we will include software that has limited cross-platform support like Xcode (which is only available on Mac OS X). If a piece of software is too good to pass up, it is added and only installed on the system(s) that support it.
  • Usefulness - If a tool could potentially improve developer effectiveness then we are more likely to include it.
  • System Impact - Software that can be run with a small RAM footprint and software that does not need a service to load on boot is much more likely to be included.

One of the goals of this project is to be able to re-provision a network with the click of a button. This might not be feasible since consumer-grade hardware usually does not include features like IPMI (which is a feature included in high-end motherboards that lets you control the power state remotely). However, we aim to reduce the amount of interaction required when re-provisioning an entire network down to the bare minimum. In the worst case scenario, you will have to reformat, reinstall the operating system, and ensure that OpenSSH is running (or WinRM in the case of Windows) on each of the computers in your network. However, the long term goal is to allow the user to reformat and reinstall the operating system used as your Ansible host using an automated USB installer and then automatically re-provision everything else on the network by utilizing IPMI.

You might ask, "But how can I retain application-level configurations?" We currently handle this by:

  • Pre-defining dotfiles in a customizable Git repository
  • Backing up to encrypted S3 buckets
  • Syncing files to private git repositories
  • Utilizing tools that synchronize settings like mackup or macprefs in the case of macOS

However, we intentionally keep this synchronization to a minimum (i.e. only back up what is necessary). After all, one of the goals of this project is to be able to regularly flush the bad stuff off a system. By keeping what we back up to a minimum, we reduce the attack surface.

Architecture

You can find a high-level overview of what each folder and file does in the ARCHITECTURE.md file.

Managing Environments

We accomplish managing different environments by symlinking all the folders that should be unique to each network environment (e.g. host_vars/, group_vars/, inventories/, files/vpn/, and files/ssh/). In the environments/ folder, you will see multiple folders. In our case, environments/dev/ contains sensible configurations for testing the playbook and its' roles. The production environment is a seperate git submodule that links to a private git repository that contains our Ansible-vaulted API keys and passwords. When you are ready to set up your production configurations, you can use this method of storing your environment-specific folders in the environments/ folder as well. But if you are just starting off, you do not have to worry about this since, by default, this playbook is configured to run with the settings included in the /environments/dev/ folder.

Switching Between Environments

If you already have the project bootstrapped (i.e. already ran bash .config/scripts/start.sh), you can switch environments with an interactive prompt by running:

task ansible:playbook:environment

Alternatively, you can run the following if you would like to bypass the prompt:

task ansible:playbook:environment -- environmentName

Contributing

Contributions, issues, and feature requests are welcome! Feel free to check the issues page. If you would like to contribute, please take a look at the contributing guide.

Sponsorship

Dear Awesome Person,

I create open source projects out of love. Although I have a job, shelter, and as much fast food as I can handle, it would still be pretty cool to be appreciated by the community for something I have spent a lot of time and money on. Please consider sponsoring me! Who knows? Maybe I will be able to quit my job and publish open source full time.

Sincerely,

Brian Zalewski

Open Collective sponsors GitHub sponsors Patreon

License

Copyright © 2020-2021 Megabyte LLC. This project is MIT licensed.