refactor: updates playbooks

playbooks/playbook-client-dev.yml

@@ -19,13 +19,12 @@
         env_tun_setup: true
         # APT -------------------------------
         apt_base: true
-        # apt_exa: false
         apt_eza: true
         apt_bat: true
-        apt_auth_priv: true
-        apt_cert: true
-        apt_archive: true
-        apt_dev: true
+        # apt_auth_priv: true
+        # apt_cert: true
+        # apt_archive: true
+        # apt_dev: true
         apt_snap: true
         # apt_latex: true
         # apt_pandoc: true
@@ -34,23 +33,24 @@
         snap_btop: true
         snap_httpie: true
         snap_node: true
+        snap_go: true
         # OTHER --------------------------------
         inst_git_conf: true
         inst_fonts: true
-        inst_zsh_conf: true
-        inst_tmux_conf: true
-        inst_nvim_conf: true
+        # inst_zsh_conf: true
+        # inst_tmux_conf: true
+        # inst_nvim_conf: true
         # PYTHON --------------------------------
         apt_python: true
         apt_python_pip: true
         apt_python_venv: true
-        apt_python_dev: true
-        pip_s_tui: true
-        pip_autopep8: true
-        pip_black: true
-        pip_mypy: true
+        # apt_python_dev: true
+        # pip_s_tui: true
+        # pip_autopep8: true
+        # pip_black: true
+        # pip_mypy: true
         pip_pre_commit: true
-        pip_ansible: true
+        # pip_ansible: true
 
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -66,43 +66,40 @@
       install_client_config:
         # GNOME ---------------------------------
         gnome_gui_setup: true
-        gnome_gui_setup_extensions: true
-        # gnome_gui_setup_extensions_git_blur_shell: true
-        gnome_gui_setup_extensions_git_dash_to_panel: true
         gnome_gui_setup_overlay: true
         gnome_terminal_setup_overlay: true
         # APT -----------------------------------
-        apt_base: true
-        apt_auth_priv: true
-        apt_ubuntu: true
-        apt_archive: true
+        # apt_base: true
+        # apt_auth_priv: true
+        # apt_ubuntu: true
+        # apt_archive: true
         apt_snap: true
         apt_flatpak: true
         # apt_logitech_unifying_solaar: true
         apt_virt_viewer: true
         # DPKG ----------------------------------
         dpkg_veracrypt: true
         # APPIMAGE ------------------------------
-        app_image_logseq: true
-        app_image_ultimaker: true
+        # app_image_ultimaker: true
         # SNAP ----------------------------------
         snap_chromium: true
         snap_firefox: true
         snap_onlyoffice: true
         snap_thunderbird: true
         snap_signal: true
-        snap_telegram: true
+        # snap_telegram: true
         # snap_darktable: true
-        snap_drawio: true
+        # snap_drawio: true
         # snap_gimp: true
         snap_inkscape: true
         # snap_lunacy: true
         snap_spotify: true
         snap_code: true
         snap_remmina: true
         # FLATPAK -------------------------------
-        flatpak_flatseal: true
-        flatpak_easy_effects: true
+        flatpak_logseq: true
+        # flatpak_flatseal: true
+        # flatpak_easy_effects: true
         flatpak_haruna: true
         flatpak_upscayl: true
         # OTHER -------------------------------

playbooks/playbook-s-cis.yml

@@ -12,6 +12,7 @@
   vars:
     pl_a_var_client_server: "{{ true if inventory_hostname in (groups['clients'] | default([])) else false }}"
     pl_a_var_server_client: "{{ false if inventory_hostname in (groups['clients'] | default([])) else true }}"
+    # pl_a_cis_preferred_capturing_log_method: "{{ 'rsyslog' if inventory_hostname in (groups['clients'] | default([])) else 'journald' }}"
   roles:
     - role: ansible-cis-ubuntu-2204
       when:
@@ -32,7 +33,7 @@
         # -------------------------
         cis_ubuntu2204_rule_5_1_24: true
         cis_ubuntu2204_rule_5_1_24_ssh_user: "{{ ansible_user }}"
-        cis_ubuntu2204_rule_5_1_24_ssh_pub_key: "{{ pl_a_cis_setup_ssh_pub_key | default(omit) }}"
+        cis_ubuntu2204_rule_5_1_24_ssh_pub_key: "{{ pl_a_cis_setup_ssh_pub_key | default(null) }}"
         # -------------------------
         cis_ubuntu2204_rule_1_3_1_3: false # AppArmor complain mode
         cis_ubuntu2204_rule_1_3_1_4: false # AppArmor enforce mode
@@ -108,14 +109,19 @@
         cis_ubuntu2404_section6: true
         cis_ubuntu2404_section7: true
         # -------------------------
-        cis_ubuntu2404_rule_1_1_1_7: false # squashfs - IMPACT: Snap packages utilizes squashfs as a compressed filesystem, disabling squashfs will cause Snap packages to fail.
+        cis_ubuntu2404_rule_1_1_1_4: "{{ pl_a_var_server_client }}" # hfsplus
+        cis_ubuntu2404_rule_1_1_1_7: "{{ pl_a_var_server_client }}" # squashfs - IMPACT: Snap packages utilizes squashfs as a compressed filesystem, disabling squashfs will cause Snap packages to fail.
         # -------------------------
         cis_ubuntu2404_rule_5_1_24: true
         cis_ubuntu2404_rule_5_1_24_ssh_user: "{{ ansible_user }}"
-        cis_ubuntu2404_rule_5_1_24_ssh_pub_key: "{{ pl_a_cis_setup_ssh_pub_key | default(omit) }}"
+        cis_ubuntu2404_rule_5_1_24_ssh_pub_key: "{{ pl_a_cis_setup_ssh_pub_key | default(null) }}"
         # -------------------------
-        cis_ubuntu2404_rule_1_3_1_3: false # AppArmor complain mode
+        cis_ubuntu2404_rule_1_3_1_3: true # AppArmor complain mode
         cis_ubuntu2404_rule_1_3_1_4: false # AppArmor enforce mode
+        # cis_ubuntu2404_apparmor_update_to_complain_profiles:
+        #   - firefox
+        # cis_ubuntu2404_apparmor_update_to_enforce_profiles:
+        #   - firefox
         # -------------------------
         cis_ubuntu2404_set_boot_pass: false # bootloader password (disabled)
         cis_ubuntu2404_disable_boot_pass: true # bootloader password (disabled with cis_ubuntu2404_set_boot_pass)
@@ -141,6 +147,8 @@
         cis_ubuntu2404_journald_runtime_keep_free: 512M
         cis_ubuntu2404_journald_max_file_sec: 1month
         # -------------------------
+        cis_ubuntu2404_preferred_capturing_log_method: "{{ pl_a_cis_preferred_capturing_log_method | default('rsyslog') }}"
+        # -------------------------
         cis_ubuntu2404_required_ipv6: "{{ pl_a_cis_ipv6_required | default(false) | bool }}"
         cis_ubuntu2404_firewall: ufw
         # -------------------------

playbooks/playbook-server-cluster.yml

@@ -20,14 +20,14 @@
         # APT (1) -------------------------------
         # apt_base: true
         # apt_exa: false
-        apt_eza: true
-        apt_bat: true
-        apt_cert: true
+        # apt_eza: true
+        # apt_bat: true
+        # apt_cert: true
         apt_qemu_guest_agent: true
         # OTHER --------------------------------
         # inst_git_conf: true
         # inst_fonts: true
-        inst_zsh_conf: true
+        # inst_zsh_conf: true
 
 # ------------------------------------------------------------------------------
 - name: Container installer