Skip to content

Latest commit

 

History

History
900 lines (760 loc) · 310 KB

README.md

File metadata and controls

900 lines (760 loc) · 310 KB

Ansible Playbook: Gas Station ⛽

Brought to you by Megabyte Labs



A no-stone-unturned Ansible playbook you can use to set up the ultimate home lab or on-premise addition to your cloud!


Table of Contents

Introduction

Welcome to a new way of doing things. Born out of complete paranoia and a relentless pursuit of the best of GitHub Awesome lists, Gas Station aims to add the capability of being able to completely wipe whole networks and restore them on a regular basis. It takes a unique approach to network provisioning because it supports desktop provisioning as a first-class citizen. By default, without much configuration, it is meant to provision and maintain the state of a network that includes development workstations and servers. One type of user that might benefit from this project is a web developer who wants to start saving the state of their desktop as code. Another type of user is one who wants to start hosting RAM-intensive web applications in their home-lab environment to save huge amounts on cloud costs. This project is also meant to be maintainable by a single person. Granted, if you look through our eco-system you will see we are well-equipped for supporting entire teams as well.

Gas Station a collection of Ansible playbooks, configurations, scripts, and roles meant to provision computers and networks with the "best of GitHub". By leveraging Ansible, you can provision your whole network relatively fast in the event of a disaster or scheduled network reset. This project is also intended to increase the security of your network by allowing you to frequently wipe, reinstall, and re-provision your network, bringing it back to its original state. This is done by backing up container storage volumes (like database files and Docker volumes) to encrypted S3 buckets, storing configurations in encrypted git repositories, and leveraging GitHub-sourced power tools to make the job easy-peasy.

This project started when a certain somebody changed their desktop wallpaper to an cute picture of a cat 🐱 when, all of a sudden, their computer meowed. Well, it actually started before that but no one believes someone who claims that time travelers hacked them on a regular basis. Tip: If you are stuck in spiritual darkness involving time travelers, save yourself some headaches by adopting an other-people first mentality that may include volunteering, tithing, and surrendering to Jesus Christ. Anyway, enough preaching!

Gas Station is:

  • Highly configurable - most roles come with optional variables that you can configure to change the behavior of the role
  • Highly configured - in-depth research is done to ensure each software component is configured with bash completions, plugins that are well-received by the community, and integrated with other software used in the playbook
  • Compatible with all major operating systems (i.e. Windows, Mac OS X, Ubuntu, Fedora, CentOS, Debian, and even Archlinux)
  • The product of a team of experts
  • An amazing way to learn about developer tools that many would consider to be "the best of GitHub"
  • Open to new ideas - feel free to open an issue or contribute with a pull request!

Quick Start

The easiest way to run the entire playbook, outlined in the main.yml file, is to run the appropriate command listed below. These commands will run the playbook on the machine you run the command on. This is probably the best way to get your feet wet before you decide to give us a ⭐ and customize the playbook for your own needs. Ideally, this command should be run on the machine that you plan on running Ansible with to provision the other computers on your network. It is only guaranteed to work on fresh installs so testing it out with Vagrant is highly encouraged.

Vagrant (Recommended)

To test it out with Vagrant, you can run the following commands which will open up an interactive dialog where you can pick which operating system and virtualization provider you wish to test the installation with:

bash start.sh && task ansible:test:vagrant

macOS/Linux

curl -sSL https://install.doctor/quickstart > ./setup.sh && bash ./setup.sh

Windows

In an administrative PowerShell session, run:

iex ((New-Object System.Net.WebClient).DownloadString('https://install.doctor/windows-quickstart'))

Qubes

Our playbooks include a specially crafted playbook for Qubes. It will load your VMs with sensible defaults. For more details, check out the Qubes playbook and Qubes variables. Perhaps most importantly, the "quickstart" the inventory file details the VM structure that the provisioning script adds to the target system.

To setup Qubes, run the following on a fresh install in dom0:

qvm-run --pass-io sys-firewall "curl -sSL https://install.doctor/qubes" > ./setup.sh && bash ./setup.sh

Supported Operating Systems

The following chart shows the operating systems that have been tested for compatibility using the environments/dev/ environment. This chart is automatically generated using the Ansible Molecule tests you can view in the molecule/default/ folder. We currently have logic in place to automatically handle the testing of Windows, Mac OS X, Ubuntu, Fedora, CentOS, Debian, Archlinux, and, of course, Qubes. If your operating system is not listed but is a variant of one of the systems we test (i.e. a Debian-flavored system or a RedHat-flavored system) then it might still work.

compatibility_matrix

Requirements

Host Requirements

There are Python and Ansible package requirements need to be installed by running the following command (or equivalent) in the root of this repository:

pip3 install -r .config/requirements.txt
ansible-galaxy install requirements.yml

Easier Method of Installing the Host Requirements

You can also run bash start.sh if you do not mind development dependencies being installed as well. This method will even handle installing Python 3 and Ansible.

Operating System

This playbook is built and tested to run on fresh installs of Windows, Mac OS X, Ubuntu, Fedora, Debian, CentOS, Archlinux, and Qubes. It may still be possible to run the playbook on your current machine. However, installing the playbook on a fresh install is the only thing we actively support. That said, if you come across an issue with an environment that already has configurations and software present, please do not hesitate to open an issue.

Connection

SSH (or WinRM in the case of Windows) and Python should be available on the target systems you would like to provision. If you are attempting to provision a Windows machine, you can ensure that WinRM is enabled and configured so that you can remotely provision the Windows target by running the following command with PowerShell:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://install.doctor/windows-client'))

MAS on Mac OS X

We use mas to install apps from the App Store in some of our roles. Sadly, automatically signing into the App Store is not possible on OS X 10.13+ via mas. This is because mas no longer supports login functionality on OS X 10.13+.

There is another caveat with mas. In order to install an application using mas, the application has to have already been added via the App Store GUI. This means that the first time around you will have to install the apps via the App Store GUI so they are associated with your App Store account.

Software

This project breaks down software into a role (found in the subdirectories of the roles/ folder) if the software requires anything other than being added to the PATH variable. Below is a quick description of what each role does. Browsing through this list, along with the conditions laid out in main.yml, you will be able to get a better picture of what software will be installed by the default main.yml playbook.

Role-Based Software

Role Name Description GitHub            
Android Studio Android Studio is the official integrated development environment for Google's Android operating system, built on JetBrains' IntelliJ IDEA software and designed specifically for Android development. This role installs Android Studio on nearly any operating system and also ensures a configurable list of command-line tools and SDKs are installed and seamlessly integrated with the system (i.e. the role adds the appropriate items to the PATH environment variable). (Homepage | Documentation | Role on GitHub) ❌ Closed source
Appium Appium is an open source automation tool for running scripts and testing native applications, mobile-web applications and hybrid applications on Android or iOS using a webdriver. (Homepage | Documentation) GitHub Repo stars
Autokey AutoKey is a free, open-source scripting application for Linux. AutoKey allows the user to define hotkeys and trigger phrases which expand to predefined text, automating frequent or repetitive tasks such as correcting typographical errors or common spelling mistakes and inserting boiler plate sections of text. AutoHotKey is a similar piece of software that is only available on the Windows platform. (Homepage | Documentation) GitHub Repo stars
IntelliJ IDEA (CE) IntelliJ IDEA is an integrated development environment written in Java for developing computer software. It is developed by JetBrains, and is available as an Apache 2 Licensed community edition, and in a proprietary commercial edition. Both can be used for commercial development. (Homepage | Documentation) GitHub Repo stars
XCode Xcode is Apple's integrated development environment for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS. (Homepage | Documentation) ❌ Closed source
Host Home Page N/A
MAAS MAAS allows very fast server provisioning for your data centre. It allows self-service, remote installation of Windows, CentOS, ESXi and Ubuntu on real servers. It turns your data centre into a bare metal cloud. (Homepage | Documentation) GitHub Repo stars
pfSense pfSense is a firewall/router computer software distribution based on FreeBSD. pfSense Community Edition is the open source version while pfSense Plus has moved to a closed source model. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. (Homepage | Documentation) GitHub Repo stars
PiHole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. It is designed for low-power embedded devices with network capability, such as the Raspberry Pi, but supports any Linux machines. (Homepage | Documentation) GitHub Repo stars
Qubes Qubes is a Linux distribution that introduces some radically new concepts that basically boil down to running everything inside of a VM. It is touted by security professionals as one of (if not, the most) secure desktop operating system. In Qubes, the base namespace is called dom0 which is more or less the control point for all the other VMs that you would run applications in. This role updates dom0 and then sets up a configurable list of features into dom0 including setting up sys-usb (a VM for all your USB devices), adding YubiKey integration, forcing system updates over Tor, and a handful of other additions every Qubes user should have as part of their stack. (Homepage | Documentation) GitHub Repo stars
Security Onion Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! This role takes it a step further and automates the whole setup process. (Homepage | Documentation) GitHub Repo stars
Sonatype Nexus Sonatype Nexus is a repository manager that lets you proxy and cache assets from apt-get, yum, npm, pypi, and a handful of other sources. This role sets up Sonatype Nexus using the awesome work of the ansible-ThoTeam/nexus3-oss repository on GitHub. (Homepage | Documentation | Role on GitHub) GitHub Repo stars
AntiVirus Clam AntiVirus is a free software, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. rkhunter is a Unix-based tool that scans for rootkits, backdoors, and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases. Malwarebytes is an anti-malware software for Microsoft Windows, macOS, Chrome OS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. N/A
CertBot Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. (Homepage | Documentation) GitHub Repo stars
Elastic Agent Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. A single agent makes it easier and faster to deploy monitoring across your infrastructure. The agent’s single, unified policy makes it easier to add integrations for new data sources. You can use Elastic Agent with Fleet. Fleet is a Kibana service that allows you to add and manage integrations for popular services and platforms, as well as manage Elastic Agent installations. (Homepage | Documentation) GitHub Repo stars
Gitlab Runner GitLab Runner is an application that works with GitLab CI/CD to run jobs in a pipeline. (Homepage | Documentation) GitHub Repo stars
Guacamole Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. (Homepage | Documentation) GitHub Repo stars
NGINX It also generates sites-enabled proxies using YML configurations. Easter eggs included. Nginx, stylized as NGINX, nginx or NginX, is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. (Homepage | Documentation) GitHub Repo stars
Samba Samba is a free and open-source software that allows files to be shared across Windows and Linux systems simply and easily. To be exact, it is an open-source implementation of the SMB/CIFS protocol. (Homepage | Documentation) GitHub Repo stars
Wazuh Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. (Homepage | Documentation) GitHub Repo stars
Common For example, this role sets the timezone, sets the hostname, sets up the swap space, ensures auto-login is either disabled or enabled, and customizes GRUB (on Linux). It also ensures that specified groups are present on the system. On Windows, the role ensures all the available updates are installed, ensures Scoop is installed, and ensures common dependencies like Bandizip (a compressed-file manager) are installed. N/A
Debloat Windows This repository is the home of an Ansible role that Debloats Windows N/A
DNS This role ensures that DNS requests are encrypted if you supply it the appropriate configuration. It uses systemd on Linux. On macOS/Windows, it installs and configures Stubby. N/A
Firewall This role is intended to be used with the ProfessorManhattan playbook. It integrates tightly with the other roles included with the playbook. N/A
GlusterFS Gluster is a free and open source software scalable network filesystem. Gluster is a software defined distributed storage that can scale to several petabytes. It provides interfaces for object, block and file storage. N/A
Sanoid Sanoid is a free and open source snapshot management tool. Sanoid is a policy-driven snapshot management tool for ZFS filesystems. When combined with the Linux KVM hypervisor, you can use it to make your systems functionally immortal. N/A
A binary authorization system for MacOS A binary authorization system for MacOS (santa) role is a daemon that makes execution decisions based on the contents of a local database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server. N/A
Security This role turns on auto-updates and configures sudo, for instance. N/A
Betelgeuse Theme Betelgeuse is a theme for KDE, XFCE, Gnome, and many more themeing engines. It is heavily based on Sweet. It tries to make the theme compatible with many environment types. It also includes special styles geared towards styling Qubes OS. N/A
Common For example, this role sets the timezone, sets the hostname, sets up the swap space, ensures auto-login is either disabled or enabled, and customizes GRUB (on Linux). It also ensures that specified groups are present on the system. On Windows, the role ensures all the available updates are installed, ensures Scoop is installed, and ensures common dependencies like Bandizip (a compressed-file manager) are installed. N/A
Autorestic Autorestic is a wrapper around Restic. The Restic CLI can be a bit overwhelming and difficult to manage if you have many different location that you want to backup to multiple locations. Autorestic makes managing all your S3 backups easier by making it config / cron driven. (Homepage | Documentation) GitHub Repo stars
null null (Documentation) GitHub Repo stars

We encourage you to browse through the repositories that are linked to in the table above to learn about the configuration options they support. Some of the roles are included as roles because they support configurations that rely on user-specific variables like API keys.

Binaries

A lot of the nifty software we install by default does not require any configuration other than being added to the PATH or being installed with an installer like brew. For this kind of software that requires no configuration, we list the software we would like installed by the playbook as a variable in group_vars/ or host_vars/ as an array of keys assigned to the software variable (example here). With those keys, we install the software using the professormanhattan.genericinstaller role which determines how to install the binaries by looking up the keys against the software_package object (example here).

NOTE: The binary packages listed in these charts will attempt to install using the system package manager and then from source if the option is available before resorting to less desirable methods like downloading the binary from GitHub releases. The order of installation method preference that the professormanhattan.genericinstaller role attempts to use is defined in the INSERT_VARIABLE_NAME variable. The default order is:

  1. System package managers
  2. Compiling from source (via Go, Rust, etc.)
  3. Installing via Homebrew
  4. Downloading the pre-compiled assets from GitHub releases

For your convienience, we have split the long list of single binary based software into two lists - one for CLIs and one for Applications:

Binary Desktop Applications

Package Description GitHub            
Altair A beautiful feature-rich GraphQL Client for all platforms GitHub Repo stars
Betwixt Web Debugging Proxy based on Chrome DevTools Network panel GitHub Repo stars
BitWarden The desktop vault (Windows, macOS, & Linux) GitHub Repo stars
Cerebro Open-source productivity booster with a brain GitHub Repo stars
Cumulus A SoundCloud player that lives in the menubar GitHub Repo stars
Dat Desktop Peer to peer data syncronization GitHub Repo stars
Google Assistant Unofficial Desktop Client A cross-platform unofficial Google Assistant Client for Desktop GitHub Repo stars
Gitify GitHub notifications on the menu bar GitHub Repo stars
Jitsi Meet Electron Desktop application for Jitsi Meet built with Electron GitHub Repo stars
Manta Flexible invoicing desktop app with beautiful & customizable templates GitHub Repo stars
MarkText A simple and elegant markdown editor, available for Linux, macOS and Windows GitHub Repo stars
MassCode A free and open source code snippets manager for developers GitHub Repo stars
MJML App The desktop app for MJML GitHub Repo stars
Mockoon Mockoon is the easiest and quickest way to run mock APIs locally. No remote deployment, no account required, open source GitHub Repo stars
Motrix A full-featured download manager GitHub Repo stars
MQTT X Elegant Cross-platform MQTT 5.0 Desktop Client GitHub Repo stars
Mullvad VPN The Mullvad VPN client app for desktop and mobile GitHub Repo stars
Nuclear Streaming music player that finds free music GitHub Repo stars
Pretzel Pretzel is Mac desktop app that shows and find keyboard shortcuts based on your current app GitHub Repo stars
raindrop All-in-one bookmark manager N/A
Responsively A modified web browser that helps in responsive web development GitHub Repo stars
RunJS A JavaScript playground that auto-evaluates as you type GitHub Repo stars
Scrcpy GUI A simple & beautiful GUI application for scrcpy GitHub Repo stars
Skype Skype is for connecting with the people that matter most in your life and work N/A
Slack Transform the way that you work with one place for everyone and everything that you need to get things done N/A
SQLectron A simple and lightweight SQL client desktop with cross database and platform support GitHub Repo stars
SwitchHosts Extension to switch hosts GitHub Repo stars
Tabby A terminal for a more modern age GitHub Repo stars
Temps Simple menubar application based on Electron with actual weather information and forecast GitHub Repo stars
Udemy Course Downloader A desktop application for downloading Udemy Courses GitHub Repo stars
WebTorrent Desktop Streaming torrent app for Mac, Windows, and Linux GitHub Repo stars

Binary CLIs / TUIs

Package Description GitHub            
act To run Github Actions locally GitHub Repo stars
argo ArgoCD is a declarative GitOps continuous delivery platform. N/A
azure-functions-core-tools A local development experience for creating, developing, testing, running, and debugging Azure Functions GitHub Repo stars
bandwhich Terminal bandwidth utilization tool GitHub Repo stars
bane Custom & better AppArmor profile generator for Docker containers GitHub Repo stars
bat Clone of cat(1) with syntax highlighting and Git integration GitHub Repo stars
bin Effortless binary manager GitHub Repo stars
bivac Backup Interface for Volumes Attached to Containers GitHub Repo stars
boilr boilerplate template manager that generates files or directories from template repositories GitHub Repo stars
budibase-cli The Budibase CLI is how you initialise, manage and update your Budibase installation GitHub Repo stars
captain Helps manage docker-compose.yml files from anywhere in the file system GitHub Repo stars
clair Vulnerability Static Analysis for Containers GitHub Repo stars
cloudflared Cloudflare Tunnel client GitHub Repo stars
cmctl A CLI tool that can help you to manage cert-manager resources inside your cluster N/A
confd Manage local application configuration files using templates and data from etcd or consul GitHub Repo stars
consul-cli Command line interface to Consul HTTP API GitHub Repo stars
croc Easily and securely send things from one computer to another GitHub Repo stars
ctop Top-like interface for container metrics GitHub Repo stars
curator Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots N/A
dasel Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool GitHub Repo stars
dat Peer-to-peer sharing & live syncronization of files via command line GitHub Repo stars
delta A syntax-highlighting pager for git and diff output GitHub Repo stars
dive A tool for exploring each layer in a docker image GitHub Repo stars
desed Debugger for Sed: demystify and debug the sed scripts, from comfort of terminal GitHub Repo stars
deta Command line interface for managing Deta micros and deployments GitHub Repo stars
direnv Extension to load and unload environment variables depending on the current directory GitHub Repo stars
docker-slim Extension to minify and secure Docker images GitHub Repo stars
dockle Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start GitHub Repo stars
doctl The official command line interface for the DigitalOcean API GitHub Repo stars
dog A command-line DNS client GitHub Repo stars
drone The Drone command line tools are used to interact with the Drone from the command line, and provide important utilities for managing users and repository settings GitHub Repo stars
duf a better 'df' alternative GitHub Repo stars
dust A more intuitive version of du in rust GitHub Repo stars
envconsul Launch a subprocess with environment variables using data from @hashicorp Consul and Vault GitHub Repo stars
etcd Distributed reliable key-value store for the most critical data of a distributed system GitHub Repo stars
fd A simple, fast and user-friendly alternative to 'find' GitHub Repo stars
ffsend Easily and securely share files from the command line, a fully featured Firefox Send client GitHub Repo stars
filebrowser Web file browser GitHub Repo stars
fm Terminal file manager GitHub Repo stars
fq jq for binary formats GitHub Repo stars
fselect Extension to find files with SQL-like queries GitHub Repo stars
Fuego Fuego is a command line client for the firestore database GitHub Repo stars
gdrive Google Drive CLI Client GitHub Repo stars
ghorg Supports GitHub, GitLab, Bitbucket, and more GitHub Repo stars
gitleaks Extension to scan git repos (or files) for secrets using regex and entropy GitHub Repo stars
gitomatic A tool to monitor git repositories and automatically pull & push changes GitHub Repo stars
glab An open-source GitLab command line tool bringing GitLab's cool features to your command line GitHub Repo stars
glow Glow is a terminal based markdown reader designed from the ground up to bring out the beauty—and power—of the CLI GitHub Repo stars
gojq gojq is a pure Go implementation of jq that is mostly backwards compatible (but not completely) GitHub Repo stars
go-chromecast CLI for Google Chromecast, Home devices and Cast Groups GitHub Repo stars
gping Ping, but with a graph GitHub Repo stars
grex A command-line tool and library for generating regular expressions from user-provided test cases GitHub Repo stars
gron Extension to make JSON greppable GitHub Repo stars
hclq Command-line processor for HashiCorp config files, like sed for HCL — Terraform, Consul, Nomad, Vault GitHub Repo stars
hexyl A command-line hex viewer GitHub Repo stars
hey HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom GitHub Repo stars
hostctl This tool gives more control over the use of hosts file GitHub Repo stars
htmlq A lightweight and flexible command-line JSON processor for HTML GitHub Repo stars
hyperfine A command-line benchmarking tool GitHub Repo stars
jiq Create jq queries interactively by leveraging a live reload feature in the terminal GitHub Repo stars
jo JSON output from a shell GitHub Repo stars
jq Command-line JSON processor GitHub Repo stars
kdash A simple and fast dashboard for Kubernetes GitHub Repo stars
kn The Knative CLI (kn) provides a quick and easy interface for creating Knative resources, such as Knative Services and Event Sources GitHub Repo stars
kubenav kubenav is the navigator for your Kubernetes clusters right in your pocket GitHub Repo stars
license Command-line license text generator GitHub Repo stars
linkerd2 Linkerd is an ultralight, security-first service mesh for Kubernetes GitHub Repo stars
linuxkit A toolkit for building secure, portable and lean operating systems for containers GitHub Repo stars
logcli Run LogQL queries against a Loki server GitHub Repo stars
mc MinIO Client is a replacement for ls, cp, mkdir, diff and rsync commands for filesystems and object storage GitHub Repo stars
mergestat Query git repositories with SQL. Generate reports, perform status checks, analyze codebases GitHub Repo stars
mkcert A simple zero-config tool to make locally trusted development certificates with any names GitHub Repo stars
mole CLI application to create ssh tunnels focused on resiliency and user experience GitHub Repo stars
muffet Fast website link checker in Go GitHub Repo stars
nebula A scalable overlay networking tool GitHub Repo stars
nnn A full-featured terminal file manager GitHub Repo stars
node-prune Extension to remove unnecessary files from node_modules GitHub Repo stars
nomino Batch rename utility for developers GitHub Repo stars
osquery SQL powered operating system instrumentation, monitoring, and analytics GitHub Repo stars
ots Share end-to-end encrypted secrets with others via a one-time URL GitHub Repo stars
oq A performant, and portable jq wrapper to facilitate the consumption and output of formats other than JSON; using jq filters to transform the data GitHub Repo stars
page-fetch Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files GitHub Repo stars
pass Password manager N/A
pastel A command-line tool to generate, analyze, convert and manipulate colors GitHub Repo stars
peco Simplistic interactive filtering tool GitHub Repo stars
pony Local file-based password, API key, secret, recovery code store backed by GPG GitHub Repo stars
procs A modern replacement for ps written in Rust GitHub Repo stars
psu CLI client for Portainer GitHub Repo stars
pup Parsing HTML at the command line GitHub Repo stars
q Run SQL directly on CSV or TSV files GitHub Repo stars
rancher The Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server GitHub Repo stars
rip A safe and ergonomic alternative to rm GitHub Repo stars
s5cmd Parallel S3 and local filesystem execution tool with benchmarks that show it is the fastest S3 downloader GitHub Repo stars
schema A tool to infer and instantiate schemas and translate between data formats GitHub Repo stars
scrcpy Display and control your Android device GitHub Repo stars
sd Intuitive find & replace CLI (sed alternative) GitHub Repo stars
sentry-cli sentry-cli can connect to the Sentry API and manage some data for your projects GitHub Repo stars
sftpgo S3, Google Cloud Storage, Azure Blob GitHub Repo stars
shfmt A shell parser, formatter, and interpreter with bash support; includes shfmt GitHub Repo stars
skm A simple and powerful SSH keys manager GitHub Repo stars
ssh-vault Encrypt/decrypt using ssh keys GitHub Repo stars
ssl-proxy Simple zero-config SSL reverse proxy with real autogenerated certificates GitHub Repo stars
sync-ssh-keys Sync public ssh keys to ~/.ssh/authorized_keys, based on Github/Gitlab organization membership GitHub Repo stars
sysbench System performance benchmark tool GitHub Repo stars
sysget One package manager to rule them all GitHub Repo stars
Task A task runner / simpler Make alternative written in Go GitHub Repo stars
Teleport Modern SSH server for teams managing distributed infrastructure GitHub Repo stars
teller never leave your command line for secrets GitHub Repo stars
tflint A Pluggable Terraform Linter GitHub Repo stars
tilt Define your dev environment as code. For microservice apps on Kubernetes GitHub Repo stars
tokei Tokei is a program that displays statistics about the code GitHub Repo stars
transfer Converts from one encoding to another GitHub Repo stars
trivy Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues GitHub Repo stars
up Ultimate Plumber is a tool for writing Linux pipes with instant live preview GitHub Repo stars
vault HashiCorp Vault is a secrets management tool specifically designed to control access to sensitive credentials in a low-trust environment. It can be used to store sensitive values and at the same time dynamically generate access for specific services/applications on lease N/A
@cliVector /) Vector is a lightweight, ultra-fast tool for building observability pipelines that lets you collect, transform, and route all your logs and metrics with one simple tool. N/A
velero Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. N/A
waypoint A tool to build, deploy, and release any application on any platform GitHub Repo stars
websocat CLI for interacting with web sockets GitHub Repo stars
whaler Whaler takes a Docker image and attempts to reverse engineer the Dockerfile that created it GitHub Repo stars
winrm-cli Command-line tool to remotely execute commands on Windows machines through WinRM GitHub Repo stars
wkhtmltopdf Convert HTML to PDF using Webkit (QtWebKit) GitHub Repo stars
xurls Extract urls from text GitHub Repo stars
yq Process YAML documents from the CLI GitHub Repo stars

NPM Packages

NPM provides a huge catalog of useful CLIs and libraries so we also include a useful and interesting default set of NPM-hosted CLIs for hosts in the desktop group (defined here, for example):

Package Description GitHub            
@angular/cli Official CLI for Angular capable of generating new projects, generating boilerplate files, and testing apps with LiveReload (Homepage | Documentation) GitHub Repo stars
@cloudflare/wrangler A CLI tool designed for folks who are interested in using Cloudflare Workers (Homepage | Documentation) GitHub Repo stars
@feathersjs/cli Feathers is a lightweight web-framework for creating real-time applications and REST APIs using JavaScript or TypeScript. (Homepage | Documentation) GitHub Repo stars
@ionic/cli A command line interface (CLI) is go-to tool for developing Ionic apps (Homepage | Documentation) GitHub Repo stars
@nestjs/cli A command-line interface tool that helps you to initialize, develop, and maintain your Nest applications (Homepage | Documentation) GitHub Repo stars
@sentry/cli A Sentry command line client for some generic tasks (Homepage | Documentation) GitHub Repo stars
@vercel/ncc CLI for compiling a Node.js module into a single file, together with all its dependencies, gcc-style (Homepage) GitHub Repo stars
auto-install Auto installs dependencies as you code (Homepage) GitHub Repo stars
bitly-cli-client Shorten links with Bitly in the terminal (Homepage) GitHub Repo stars
browser-sync test desktop and mobile versions of a website at the same time (Homepage | Documentation) GitHub Repo stars
caniuse-cmd Caniuse command line tool (Homepage | Documentation) GitHub Repo stars
carbon-now-cli Tool that generates beautiful images of source code through an intuitive UI, while customizing aspects like fonts, themes, window controls and much mor (Homepage) GitHub Repo stars
commitizen The commitizen command line utility (Homepage | Documentation) GitHub Repo stars
cordova The command line tool to build, deploy and manage Cordova-based applications (Homepage | Documentation) GitHub Repo stars
deviceframe Put device frames around mobile/web/progressive app screenshots (Homepage) GitHub Repo stars
editly A tool and framework for declarative NLE (non-linear video editing) using Node.js and ffmpeg (Homepage) GitHub Repo stars
electron A tool that enables to write cross-platform desktop applications using JavaScript, HTML and CSS (Homepage | Documentation) GitHub Repo stars
emma-cli Install the package you are looking for GitHub Repo stars
emoj Find relevant emoji from text on the command-line GitHub Repo stars
empty-trash-cli A CLI to empty the trash GitHub Repo stars
eslint A tool for identifying and reporting on patterns found in ECMAScript/JavaScript code (Homepage | Documentation) GitHub Repo stars
fastify-cli Command line tools for Fastify. Generate, write, and run an application with one single command (Homepage | Documentation) GitHub Repo stars
firebase-tools The Firebase Command Line Interface (CLI) Tools can be used to test, manage, and deploy Firebase project from the command line (Homepage | Documentation) GitHub Repo stars
fkill-cli Fabulously kill processes. Cross-platform. GitHub Repo stars
git-open Type git open to open the repo website (GitHub, GitLab, Bitbucket) in browser GitHub Repo stars
google-font-installer Google Font Installer is a NodeJS module/CLI that lets you Search, Download and Install fonts offered by Google Web Fonts GitHub Repo stars
gtop System monitoring dashboard for terminal. Deprecated in favor of Glances. GitHub Repo stars
gulp A toolkit that helps you automate painful or time-consuming tasks in your development workflow (Homepage | Documentation) GitHub Repo stars
imgur-uploader-cli CLI to upload images to imgur GitHub Repo stars
ios-deploy Command line tool to install aand debug iOS apps. Xcode must be installed (i.e. this is a macOS-only package) GitHub Repo stars
is-up-cli Check whether a website is up or down using the isitup.org API (Homepage) GitHub Repo stars
localtunnel localtunnel exposes localhost to the world for easy testing and sharing (Homepage) GitHub Repo stars
mjml A markup language created by Mailjet and designed to reduce the pain of coding a responsive email (Homepage | Documentation) GitHub Repo stars
nativefier Tool to make any web page a desktop application (Documentation) GitHub Repo stars
nectarjs A JavaScript native compiler (Homepage | Documentation) GitHub Repo stars
newman A command-line collection runner for Postman (Homepage | Documentation) GitHub Repo stars
np A better npm publish GitHub Repo stars
npm-check Check for outdated, incorrect, and unused dependencies (Homepage) GitHub Repo stars
nrm nrm can help you easy and fast switch between different npm registries GitHub Repo stars
oclif A framework for building CLIs in Node.js (Homepage | Documentation) GitHub Repo stars
package-size Tool to get the bundle size of an npm package GitHub Repo stars
pageres-cli A CLI to capture screenshots of websites in various resolutions GitHub Repo stars
playwright Single API to automate Chromium, WebKit, and Firefox (available as a CLI and library) (Homepage | Documentation) GitHub Repo stars
pm2 PM2 is a production process manager for Node.js applications with a built-in load balancer (Homepage | Documentation) GitHub Repo stars
pkg This command line interface enables you to package your Node.js project into an executable that can be run even on devices without Node.js installed GitHub Repo stars
prettier A code formatter (Homepage | Documentation) GitHub Repo stars
psi PageSpeed Insights with reporting (Homepage | Documentation) GitHub Repo stars
ramda-cli A tool for processing data with functional pipelines in the command-line or interactively in browser GitHub Repo stars
semantic-release A tool that automates the process of releasing software, featuring integrations with GitHub / GitLab releases (Homepage | Documentation) GitHub Repo stars
serve Static file serving and directory listing GitHub Repo stars
serverless Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more (Homepage | Documentation) GitHub Repo stars
share-cli Quickly share files from your command line GitHub Repo stars
sharp-cli CLI for sharp, a high performance Node.js image processing module GitHub Repo stars
speed-test Test your internet connection speed and ping using speedtest.net from the CLI GitHub Repo stars
stegcloak StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters (Homepage) GitHub Repo stars
supdock A CLI for running commands like "docker logs" in an easier, more interactive way GitHub Repo stars
surge Publish web apps to a CDN with a single command and no setup required (Homepage | Documentation) GitHub Repo stars
svgo SVG Optimizer is a Node.js-based tool for optimizing SVG vector graphics files GitHub Repo stars
terminalizer Record your terminal and generate animated gif images or share a web player link (Homepage) GitHub Repo stars
tinypng-cli Handy command line tool for shrinking PNG images using the TinyPNG API GitHub Repo stars
tldr A Node.js based command-line client for tldr (Homepage) GitHub Repo stars
ts2c A JavaScript/TypeScript to C compiler GitHub Repo stars
typescript A language for application-scale JavaScript (Homepage | Documentation) GitHub Repo stars
wifi-password-cli CLI to get current wifi password GitHub Repo stars
wordpressify Automate your WordPress development workflow (Homepage | Documentation) GitHub Repo stars
zx A tool for writing better scripts GitHub Repo stars

Python Packages

In a similar fashion to the NPM packages, we include a great set of default Python packages that are included by default for the desktop group (defined here):

Package Description GitHub            
ansibleconnect Parses Ansible inventory and opens up a tmux session for each host GitHub Repo stars
ansible-lint Lint tool that checks Ansible projects for best practices and problematic code (Documentation) GitHub Repo stars
asciinema Tool that records terminal session and replay them in a terminal as well as in a web browser (Homepage | Documentation) GitHub Repo stars
aws-shell AWS shell is the interactive productivity booster for the AWS CLI (Documentation) GitHub Repo stars
cookiecutter A command-line utility that creates projects from cookiecutters (project templates) (Documentation) GitHub Repo stars
gdown An alternative to wget and curl that can handle downloading large files from Google Drive GitHub Repo stars
git-filter-repo Tool that aids in wiping particular sections of a repository (Documentation) GitHub Repo stars
gixy A tool to analyze Nginx configuration GitHub Repo stars
gphotos-sync A tool that can be used to backup photos and video from Google Photos (Documentation) GitHub Repo stars
httpstat A script that reflects curl statistics in a fascinating and well-defined way, it is a single file which is compatible with Python 3 and requires no additional software (dependencies) to be installed on a users system GitHub Repo stars
http-prompt An interactive command-line HTTP client featuring autocomplete and syntax highlighting, built on HTTPie and prompt_toolkit (Homepage | Documentation) GitHub Repo stars
iredis A terminal client for redis with auto-completion and syntax highlighting (Homepage) GitHub Repo stars
kube-shell An integrated shell for working with the Kubernetes CLI GitHub Repo stars
litecli A command-line client for SQLite databases that has auto-completion and syntax highlighting (Homepage | Documentation) GitHub Repo stars
netaddr A system-independent network address manipulation library for Python 2.7 and 3.5+ (Documentation) GitHub Repo stars
ngxtop ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server GitHub Repo stars
molecule Molecule project is designed to aid in the development and testing of Ansible roles. Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios (Documentation) GitHub Repo stars
mycli Command line interface for MySQL database with auto-completion and syntax highlighting (Homepage | Documentation) GitHub Repo stars
pre-commit A framework for managing and maintaining multi-language pre-commit hooks (Homepage | Documentation) GitHub Repo stars
pywhat what is recursive GitHub Repo stars
social-analyzer API, CLI & Web App for analyzing & finding a person’s profile across social media websites GitHub Repo stars
spotdl A tool to download Spotify playlists and songs along with album art and metadata GitHub Repo stars
starred Generate a GitHub Awesome list directly from your starred repositories GitHub Repo stars
statcode man pages for HTTP status codes (used by running statcode 418, for instance) GitHub Repo stars
trufflehog A tool which makes it easier to search through the history of a git repository to discover passwords and other secrets (Homepage) GitHub Repo stars
virtualenv A tool for creating isolated virtual Python environments (Homepage | Documentation) GitHub Repo stars
yamllint A linter for YAML files (Documentation) GitHub Repo stars

Ruby Gems

A handful of Ruby gems are also installed on targets in the desktop group (defined here):

Package Description GitHub            
Bundler A tool that manages ruby application's gem dependencies through its entire life, across many machines, systematically and repeatably (Homepage | Documentation) GitHub Repo stars
Chef A systems integration framework, built to bring the benefits of configuration management to the entire infrastructure (Homepage | Documentation) GitHub Repo stars
CocoaPods A tool that manages library dependencies for Xcode project (Homepage | Documentation) GitHub Repo stars
fpm A tool that converts directories, rpms, python eggs, rubygems, and more to rpms, debs, solaris packages and more (Documentation) GitHub Repo stars
mdl A style checker/lint tool for markdown files GitHub Repo stars
mdl A log viewer for Papertrail (a logging service with a basic free plan) (Homepage) GitHub Repo stars
t A command-line power tool for Twitter GitHub Repo stars

Visual Studio Code Extensions

A considerable amount of effort has gone into researching and finding the "best" VS Code extensions. They are defined here and Gas Station also installs a good baseline configuration which includes settings for these extensions:

Package Description GitHub            
Angular Language Service Editor services for Angular template files GitHub Repo stars
MJML MJML preview, lint, and compile GitHub Repo stars
Markdown Emoji Adds emoji syntax support to VS Code's built-in Markdown preview GitHub Repo stars
Turbo Console Log This extension make debugging much easier by automating the operation of writing meaningful log message GitHub Repo stars
Firestore Rules Firestore security rule support for Visual Studio Code GitHub Repo stars
Regex Previewer Shows the current regular expression's matches in a side-by-side document GitHub Repo stars
MySQL A database GUI for SQL, SQLite, MongoDB, Redis, and ElasticSearch GitHub Repo stars
markdownlint Markdown/CommonMark linting and style checking for Visual Studio Code GitHub Repo stars
ESLint Integrates ESLint into VS Code GitHub Repo stars
Deno Adds support for Deno (powered by the Deno language server) GitHub Repo stars
GitLens GitLens is a popular extension that supercharges the Git capabilities built into VS Code GitHub Repo stars
EditorConfig This plugin attempts to override user/workspace settings with setting found in .editorconfig files GitHub Repo stars
Prettier Prettier is an opinionated code formatter GitHub Repo stars
Carbon Now A VS Code extension to open the current editor content in carbon.now.sh GitHub Repo stars
Jest Runner Manage, run, and debug individual Jest tests GitHub Repo stars
Auto Rename Tag Automatically rename paired HTML/XML tag, same as Visual Studio IDE does GitHub Repo stars
Code Runner Run code snippet or code file GitHub Repo stars
GitHub Pull Requests and Issues Review and manage your GitHub pull requests and issues directly in VS Code GitHub Repo stars
GitLab Workflow This extension integrates GitLab to VS Code N/A
Cloud Code This extension brings the power and convenience of IDEs to cloud-native application development GitHub Repo stars
Go This extension provides rich language support for the Go programming language, integrates with Google Cloud services like Google Kubernetes Engine, Cloud Run, Cloud APIs, and Secret Manager GitHub Repo stars
HashiCorp Terraform This extension adds syntax highlighting and other editing features for Terraform files using the Terraform Language Server GitHub Repo stars
Draw.io Integration Allows editing draw.io images in VS Code by adding files ending with .drawio.png GitHub Repo stars
Output Colorizer This extension adds syntax colorization for both the output/debug/extensions panel and *.log files, other extension that colorize the output panel will disable this extension GitHub Repo stars
SSH FS Allows mounting SSH destinations as file system mounts inside VS Code GitHub Repo stars
Bash IDE This extension utilizes the bash language server, that is based on Tree Sitter and its grammar for Bash and supports explainshell integration GitHub Repo stars
Docker This extension makes it easy to build, manage, and deploy containerized applications from Visual Studio Code GitHub Repo stars
Kubernetes The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications GitHub Repo stars
Remote Containers Containers extension enables the use a Docker container as a full-featured development environment GitHub Repo stars
Remote SSH SSH enables the use of any remote machine with a SSH server as the development environment GitHub Repo stars
Remote WSL WSL extension enables the use VS Code on Windows to build Linux applications that run on the Windows Subsystem for Linux(WSL) GitHub Repo stars
Python A VS Code extension with rich support for the Python language, including features such as IntelliSense (Pylance), linting, debugging, code navigation, code formatting, refactoring, variable explorer, test explorer, and more GitHub Repo stars
PowerShell This extension provides rich PowerShell language support for Visual Studio Code GitHub Repo stars
Live Share This extension enables to collaboratively edit and debug with others in real time, regardless what programming languages are used GitHub Repo stars
Live Share Audio This extension enhances the existing Visual Studio Live Share experience, by enabling to quickly spin up an audio call directly from within Visual Studio Code, without needing to use a separate tool or service GitHub Repo stars
autoDocstring Python Docstring Generator Aids in writing Python doc strings via templates GitHub Repo stars
Nx Console A UI to accompany the Nx CLI GitHub Repo stars
Taskfile This extension provides Intellisense, Tasks, a Tree View and Hover actions for your Taskfiles GitHub Repo stars
ngrok A VSCode extension for controlling ngrok from the command palette GitHub Repo stars
Material Icon Theme Material design icons GitHub Repo stars
CSS Peek A VSCode extension for peeking at CSS definitions from a class or id taq in HTML GitHub Repo stars
Paste JSON as Code An extension that generates types and helper code for reading JSON GitHub Repo stars
TypeScript Hero A VSCode extension to organize and sort all the TS imports GitHub Repo stars
Ansible This extension adds language support for Ansible to Visual Studio Code and OpenVSX compatible editors by leveraging ansible-language-server GitHub Repo stars
YAML Provides comprehensive YAML Language support to Visual Studio Code, via the yaml-language-server, with built-in Kubernetes syntax support GitHub Repo stars
Sort JSON Objects Alphabetically sorts the keys in selected JSON objects GitHub Repo stars
Paste and Indent This extension adds limited support for pasting and indenting code GitHub Repo stars
Comments in Typescript Adds automatic templating of TypeScript-flavored JSDoc comments GitHub Repo stars
Markdown Preview Enhanced An extension that provides with many useful functionalities such as automatic scroll sync, math typesetting, mermaid, PlantUML, pandoc, PDF export, code chunk, presentation writer, etc GitHub Repo stars
Code Time A plugin for automatic programming metrics and time tracking Visual Studio Code GitHub Repo stars
Auto Import An extension that automatically finds, parses and provides code actions and code completion for all available imports GitHub Repo stars
Stylelint A mighty, modern CSS linter that helps to enforce consistent conventions and avoid errors in stylesheets GitHub Repo stars
ShellCheck Integrates Shellcheck linting (linting for shell scripts) GitHub Repo stars
Firebase A VSCode extension for syntax highlighting, hover help and code completions with Firestore security rules and index definition files GitHub Repo stars
Sort Lines An extension that sorts lines of text in Visual Studio Code GitHub Repo stars
Error Lens An extension that charges language diagnostic features by making diagnostics stand out more prominently, highlighting the entire line wherever a diagnostic is generated by the language and also prints the message inline GitHub Repo stars
LTeX – LanguageTool Grammar/Spelling Adds LanguageTool functionality including grammar and spell-checking GitHub Repo stars
IntelliCode The IntelliCode extension for Visual Studio Code provides artificial intelligence-assisted IntelliSense for Python, Java, TypeScript, and JavaScript GitHub Repo stars
Arduino The Arduino extension makes it easy to develop, build, deploy and debug your Arduino sketches in Visual Studio Code, with a rich set of functionalities GitHub Repo stars
CodeTour Allows running, creating, and editting code tours which are a unique way of guiding contributors through the code base of a project GitHub Repo stars
GistPad A Visual Studio Code extension that allows you to edit GitHub Gists and repositories from the comfort of your favorite editor GitHub Repo stars
TODO Highlight An extension that highlights TODO, FIXME, and other annotations within the code GitHub Repo stars
Import Cost This extension will display inline in the editor the size of the imported package GitHub Repo stars
Surround Easily add code that surrounds other code like try/catches GitHub Repo stars

Chrome Extensions

To reduce the amount of time it takes to configure Chromium-based browsers like Brave, Chromium, and Chrome, we also include the capability of automatically installing Chromium-based browser extensions (via a variable defined here):

Package Description GitHub            
AdGuard AdBlocker Blocks all types of ads on all web pages, even on Facebook, YouTube and all other websites (Homepage | Documentation) GitHub Repo stars
Automa A drag-and-drop, nicely polished browser automation tool (Homepage | Documentation) GitHub Repo stars
Bitly Creates short, customized, powerful links from any page and share them with the world (Homepage | Documentation) GitHub Repo stars
Bitwarden A secure and free password manager for all of the devices (Homepage | Documentation) GitHub Repo stars
Buffer Shares contents to Instagram, Twitter, Facebook, Pinterest and LinkedIn from anywhere on the web (Homepage | Documentation) GitHub Repo stars
Checkbot SEO, web speed, and security tester/crawler (Homepage | Documentation) N/A
Falcon Chrome extension for full text history search GitHub Repo stars
Floccus Syncs bookmarks across browsers via Nextcloud, WebDAV or Google Drive (Homepage | Documentation) GitHub Repo stars
Git History Browser Extension Adds a button to github to see the file history GitHub Repo stars
Google Dictionary View definitions easily as you browse the web N/A
GSConnect Integrates GSConnect / KDEConnect into Chrome-based browsers (allows you to send SMS links / images from the browser). (Homepage | Documentation) GitHub Repo stars
Headless Recorder A Chrome extension for recording browser interaction and generating Puppeteer & Playwright scripts (Homepage) GitHub Repo stars
JSON Viewer Pro A completely free extension to visualise JSON response in awesome Tree and Chart view with great user experience and options (Homepage) GitHub Repo stars
LastPass A password manager that saves passwords and gives secure access from every computer and mobile device (Homepage | Documentation) N/A
LanguageTool Grammar and spelling checker with Google Docs integration (Homepage | Documentation) GitHub Repo stars
Mailvelope E-mail encryption tool that integrates with popular e-mail providers (Homepage | Documentation) GitHub Repo stars
Markdown Here A Chrome extension to write email in Markdown and render it (make it pretty!) before sending (Homepage) GitHub Repo stars
MetaMask An extension for accessing Ethereum enabled distributed applications, or "Dapps" in browser (Homepage | Documentation) GitHub Repo stars
NoScript NoScript allows you to selectively block scripts on certain websites (Homepage | Documentation) GitHub Repo stars
Octohint The missing IntelliSense hint for GitHub and GitLab GitHub Repo stars
Rakuten A Chrome extension to find best shopping deals and coupons and just save them (Homepage | Documentation) N/A
Save to Google Drive Save web content or screen capture directly to Google Drive. N/A
Screenity The most powerful screen recorder for Chrome (Homepage) GitHub Repo stars
SingleFile A Chrome extension to save a complete page into a single HTML file GitHub Repo stars
SponsorBlock A Chrome extension to skip sponsorships, subscription begging and more on YouTube videos (Homepage | Documentation) GitHub Repo stars
TasksBoard Organize and share TODO lists that are synchronized with Google To-Do. (Homepage) N/A
Vimeo Record A Chrome extension to record and share unlimited free video messages from your browser (Homepage | Documentation) N/A
Vytal An extension that spoofs user-agent, language, and location data using the chrome.debugger (Homepage | Documentation) GitHub Repo stars
Web Vitals A Chrome extension to measure metrics for a healthy site (Homepage) GitHub Repo stars

Firefox Add-Ons

Below you can find the Firefox extensions that the base configuration of this playbook will automatically install:

Package Description GitHub            
AdGuard AdBlocker Block ads on Facebook, Youtube and all other websites (Homepage | Documentation) GitHub Repo stars
Automa A drag-and-drop, nicely polished browser automation tool (Homepage | Documentation) GitHub Repo stars
Bitwarden A secure and free password manager for all of the devices (Homepage | Documentation) GitHub Repo stars
Buffer Share great content to Instagram, Twitter, Facebook, Pinterest and LinkedIn from anywhere on the web (Homepage | Documentation) N/A
Falcon Firefox extension for full text browsing history search GitHub Repo stars
Floccus Syncs bookmarks across browsers via Nextcloud, WebDAV or Google Drive (Homepage | Documentation) GitHub Repo stars
Git History Browser Extension Adds a button to github to see the file history GitHub Repo stars
GSConnect Integrates GSConnect / KDEConnect into Firefox-based browsers (allows you to send SMS links / images from the browser). (Homepage | Documentation) GitHub Repo stars
Dictionary Anywhere View definitions easily as you browse the web GitHub Repo stars
JSON Lite highlights, shows items count/size, handles large files GitHub Repo stars
LanguageTool Check text with the free style and grammar checker (Homepage | Documentation) GitHub Repo stars
Mailvelope E-mail encryption tool that integrates with popular e-mail providers (Homepage | Documentation) GitHub Repo stars
Markdown Here Write email in Markdown, then make it pretty (Homepage) GitHub Repo stars
MetaMask Ethereum Browser Extension (Homepage | Documentation) GitHub Repo stars
NoScript NoScript, a tool integrated with the Tor browser, allows you to block scripts from running (Homepage | Documentation) GitHub Repo stars
Profile Switcher Works in combination with a Rust program to allow you to maintain multiple profiles. (Homepage | Documentation) GitHub Repo stars
Rakuten Find best shopping deals and coupons and just save them (Homepage | Documentation) N/A
Screen Recorder Record computer's screeen (Homepage) N/A
SingleFile Save a complete page into a single HTML file GitHub Repo stars
SponsorBlock Skip YouTube video sponsors (Homepage | Documentation) GitHub Repo stars
Sweet Dark The Sweet Dark theme. (Homepage | Documentation) GitHub Repo stars
TinyURL A one-click tool to generate a tiny URL N/A

Homebrew Formulae (macOS and Linux only)

Although most of the brew installs are handled by the Binaries installer, some brew packages are also installed using this configuration. The default Homebrew formulae include:

Package Description GitHub            
automake Tool for generating GNU Standards-compliant Makefiles (Homepage | Documentation) GitHub Repo stars
Carthage A simple, decentralized dependency manager for Cocoa GitHub Repo stars
chrome-cli Control Google Chrome from the command-line GitHub Repo stars
findutils Collection of GNU find, xargs, and locate (Homepage) N/A
ideviceinstaller Tool for managing apps on iOS devices (Homepage | Documentation) GitHub Repo stars
libimobiledevice Library to communicate with iOS devices natively (Homepage | Documentation) GitHub Repo stars
cli Trellis | GitHub | Homepage | Documentation WordPress development platform that requires Vagrant and a VM provider like VirtualBox (Homepage | Documentation) GitHub Repo stars
youtube-dl youtube-dl is an advanced video download application perhaps most well-known for its ability to download YouTube videos from the command-line. It also supports downloading from other sites such as Twitter, Facebook, Vimeo, Twitch, DailyMotion and many more. (Homepage) GitHub Repo stars

Homebrew Casks (macOS only)

On macOS, some software is installed using Homebrew casks. These include:

Package Description GitHub            
Clocker macOS program that shows the time in multiple timezones in the top menu bar (Homepage) GitHub Repo stars
Secretive there is no importing/exporting keys so you only have access to the public key GitHub Repo stars
Sloth macOS program that shows all open files, directories, sockets, pipes, and devices in use by all running processes on the system (Homepage) GitHub Repo stars
Stats macOS program that shows the system monitor in the top menu bar (Homepage) GitHub Repo stars

Go, Rust, and System-Specific Packages

Go packages, Rust crates, and system-specific packages like .deb and .rpm bundles are all handled by the professormanhattan.genericinstaller role described above in the Binaries section. There are also ways of installing Go and Rust packages directly by using configuration options provided by their corresponding roles outlined in the Roles section.

Web Applications

This playbook does a bit more than just install software. It also optionally sets up web applications too. If you choose to deploy the default Gas Station web applications on your network, you should probably do it on a computer/server that has a lot of RAM (e.g. 64GB+).

Although a production environment will always be more stable and performant if it is hosted with a major cloud provider, sometimes it makes more sense to locally host web applications. Some applications have abnormally large RAM requirements that could potentially cost thousands per month to host with a legit cloud provider.

We use Kubernetes as the provider for the majority of the applications. It is a production-grade system and although there is a steeper learning curve it is well worth it. Each application we install is packaged as a Helm chart. All of the data is backed up regularly to an encrypted cloud S3 bucket of your choice.

Helm Charts

The available Helm charts that this playbook completely handles the set up for are listed below.

Package Description GitHub            
Argo ArgoCD is a declarative GitOps continuous delivery platform. (Helm Reference) GitHub Repo stars
Budibase Budibase is a platform that allows you to codelessly create internal apps in minutes. (Helm Reference) GitHub Repo stars
Cert-Manager Cert-Manager is a powerful and extensible X.509 certificate controller. (Helm Reference) GitHub Repo stars
Concourse Concourse is a sophisticated, open-source CI/CD platform that markets itself as, "the open-source continuous thing-doer." (Helm Reference) GitHub Repo stars
Consul HashiCorp Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. (Helm Reference) GitHub Repo stars
Drone Drone is a simple, modern, multi-cloud-capable CI platform written in Go. (Helm Reference) GitHub Repo stars
Elastic ECK Elastic Cloud on Kubernetes (ECK) is the official operator by Elastic for automating the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Beats, Enterprise Search, Elastic Agent and Elastic Maps Server on Kubernetes. (Helm Reference) GitHub Repo stars
Falco Falco is the cloud-native runtime security project. (Helm Reference) GitHub Repo stars
Fission Fission is a framework for serverless functions on Kubernetes. (Helm Reference) GitHub Repo stars
GitLab GitLab is a single application that spans the entire software development lifecycle. (Helm Reference) GitHub Repo stars
GitLab Runner This chart deploys an instance of GitLab runner to a Kubernetes cluster. GitLab runner allows you to attach container/VM instances to GitLab CI workflows. (Helm Reference) GitHub Repo stars
Graylog Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data. (Helm Reference) GitHub Repo stars
Knative Knative is an open-source Enterprise-level solution to build serverless and event-driven applications. It manages serverless containers in Kubernetes environments. (Helm Reference) GitHub Repo stars
Kubeapps Kubeapps is a web-based UI for deploying and managing applications in Kubernetes clusters. (Helm Reference) GitHub Repo stars
Kubernetes Dashboard Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. (Helm Reference) GitHub Repo stars
Linkerd Linkerd is a service mesh that is ultra light, ultra simple, ultra powerful. According to their website, Linkerd adds security, observability, and reliability to Kubernetes, without the complexity. (Helm Reference) GitHub Repo stars
Loki Grafana Loki is a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. (Helm Reference) GitHub Repo stars
Minio MinIO offers high-performance, S3 compatible object storage. Native to Kubernetes, MinIO is the only object storage suite available on every public cloud, every Kubernetes distribution, the private cloud and the edge. (Helm Reference) GitHub Repo stars
n8n n8n is a free and open-source, self-hostable workflow automation tool that some consider to be a worthy replacement for IFTTT. (Helm Reference) GitHub Repo stars
Prometheus Operator A stack that includes everything required for an HA Prometheus / Grafana setup with pre-configured cluster monitoring and charts. It can also be modified to be used for any purpose that Prometheus / Grafana might be used for. (Helm Reference) GitHub Repo stars
Rancher Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters, while providing DevOps teams with integrated tools for running containerized workloads. (Helm Reference) GitHub Repo stars
Sentry Sentry is the leading open-source error logging application that tracks with full stacktraces & asynchronous context. Sentry's eco-system includes dozens of SDKs, written for many different languages/environments. (Helm Reference) GitHub Repo stars
Space Cloud Space Cloud is an open-source Kubernetes-based serverless platform with built-in security and instant GraphQL APIs for any database and microservice. (Helm Reference) GitHub Repo stars
Thanos Thanos is an open source, highly available Prometheus setup with long term storage capabilities. (Helm Reference) GitHub Repo stars
Vault HashiCorp Vault is a secrets management tool specifically designed to control access to sensitive credentials in a low-trust environment. It can be used to store sensitive values and at the same time dynamically generate access for specific services/applications on lease. (Helm Reference) GitHub Repo stars
VaultWarden VaultWarden is an optimized, resource-efficient version of the open source BitWarden web app (a password management platform). (Helm Reference) GitHub Repo stars
Vector Vector is a lightweight, ultra-fast tool for building observability pipelines that lets you collect, transform, and route all your logs and metrics with one simple tool. (Helm Reference) GitHub Repo stars
velero Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. (Helm Reference) GitHub Repo stars

Host Applications

By default, on each computer provisioned using the default settings of Gas Station, several apps are installed on each host. Docker Compose is used to manage the deployment. The default apps include:

App Description GitHub            
Authelia An authentication portal that supports SSO and 2FA (Homepage | Documentation) GitHub Repo stars
Homer A very simple homepage which is customized by the playbook to automatically include links to the Docker containers you choose to host on the computer (Demo) GitHub Repo stars
Portainer A Docker management tool (Homepage | Documentation | Demo) GitHub Repo stars
Serve Simple interface for viewing files located or symlinked to in the /var/www/ folder of the machine GitHub Repo stars

You can, of course, disable deploying these apps. However, we include them because they have a small footprint and include useful features. You can also customize the list of apps you wish to include on each host.

HTPC

We do not maintain any of the host applications except the ones listed above. However, we do provide the capability of marking a computer being provisioned as an HTPC. Doing this will include a suite of web applications with powerful auto-downloading, organizing, tagging, and media-serving capabilities. Since most people will probably be stepping outside the confines of the law for this, it is not recommended. If you still want to experiment then you can find descriptions of the applications below. The applications are intended to be hosted on a single computer via Docker Compose. The backend for Kodi is included but you should still use the regular installation method for Plex and the front-end of Kodi to view your media collection.

App Description GitHub            
WireGuard Dedicated WireGuard VPN for the HTPC applications which is configured in our docker-compose.yml file to be used as the internet connection for all the containers (Homepage) GitHub Repo stars
Bazarr Manages and automatically downloads subtitles (Homepage | Documentation) GitHub Repo stars
Heimdall Simple start page for all the HTPC apps (Homepage) GitHub Repo stars
Jackett Request proxy server for Radarr and Sonarr which helps speed things up GitHub Repo stars
Kodi Headless Backend for Kodi used to host a centralized database for Kodi instances (Homepage | Documentation) GitHub Repo stars
Lidarr Music collection manager that automatically downloads from BitTorrent and Usenet (Homepage | Documentation) GitHub Repo stars
NZBGet NZBGet is a Usenet download manager used to download from NewsGroups which are supposedly more secure than torrents. NOTE: Viruses are still prevalent on both NewsGroups and torrents - make sure you don't run anything with admin / sudo privileges. (Homepage | Documentation) GitHub Repo stars
Ombi Plex media request and user management system which can be used to allow users who use your HTPC server to request movies, TV shows, and other media (Homepage | Documentation | Demo) GitHub Repo stars
Organizr Front end for HTPC web applications with a full-featured user interface that is full of eye candy (Homepage | Documentation | Demo) GitHub Repo stars
Radarr Automatic movie downloader that can even be configured to download lists including the Top 250 IMBD movies (Homepage | Documentation) GitHub Repo stars
Sonarr Automatic TV show downloader with tons of ways to easily and automatically download TV shows (Homepage | Documentation) GitHub Repo stars
Tautulli Metrics and monitoring dashboard for Plex (Homepage | Documentation) GitHub Repo stars
Transmission BitTorrent client that can be used in conjunction with or as an alternative to using NewsGroups via NZBGet (Homepage | Documentation) GitHub Repo stars

Online Services

Certain parts of the stack rely on cloud-based service providers. All of the providers can be used for free. The providers are generally chosen because their settings need to persist or the functionality that they provide would benefit from a security-hardened SaaS offering.

You can, of course, swap these services out for alternatives. However, our scripts integrate these specific services so if you want to swap them out then some leg work will be necessary.

Service Description Price
CloudFlare CloudFlare is a DNS provider, edge network, and much more. Some day it might be able to replace all the services in this list but until then CloudFlare is the preferred provider for anything it offers a product for. In our configurations, CloudFlare is used for DNS, encrypted tunnels via cloudflared, CloudFlare WARP, and CloudFlare Teams. On top of that, CloudFlare provides some other great features that can be utilized to make lightning-fast web apps. (Documentation) Free for the services we integrate
Digital Ocean Digital Ocean is a cloud hosting provider. Anytime CloudFlare's offerings are not enough to satisfy requirements, Digital Ocean is used. The service has a clean and simple web UI, a wide variety of CLIs/SDKs available on GitHub, and the company has been around since 2011. Digital Ocean is primarily used by our stack to host Kubernetes, S3 buckets, and cheap virtual private servers. (Documentation) ~$40/month for a Kubernetes cluster, S3 bucket, and a general-purpose VPS
Wasabi Wasabi is the cheapest S3 bucket provider available. It is used as a secondary backup for any data that is backed up / saved to an S3 bucket. (Documentation) $5.99/month for S3 bucket
Ory Ory is the only identity platform that can scale indefinitely and is based entirely on open source. Ory is leveraged to provide a feature-rich and programmable single sign-on platform. It includes support for hardware-based tokens. (Documentation) Free for the developer edition
Proton Proton Mail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland. Proton Mail and ProtonVPN are used in our stack to provide secure e-mail and configure VPN profiles using ProtonVPN's unique security features. With the Business plan, you can get custom domain branded e-mail and enough VPN connections to configure your router / VPN profiles on each of your devices. (Documentation) $12.99/month for the Business edition
GMail GMail is a free e-mail service offered by Google. In some cases, we leverage GMail's SMTP capabilities to send notification e-mails. (Documentation) Free

Philosophy

The philosophy of this project basically boils down to "automate everything" and include the best development tools that might be useful without over-bloating the machine with services. Automating everything should include tasks like automatically accepting software terms in advance or pre-populating Portainer with certificates of all the Docker hosts you would like to control. One problem we face is that there are so many great tools offered on GitHub. A lot of research has to go into what to include and what to pass on. The decision of whether or not to include a piece of software in the default playbook basically boils down to:

  • Project popularity - If one project has 10k stars and a similar alternative has 500 stars then 9 times of out 10 the more popular project is selected.
  • Last commit date - We prefer software that is being actively maintained, for obvious reasons.
  • Cross platform - Our playbook supports the majority of popular operating systems so we opt for cross-platform software. However, in some cases, we will include software that has limited cross-platform support like Xcode (which is only available on Mac OS X). If a piece of software is too good to pass up, it is added and only installed on the system(s) that support it.
  • Usefulness - If a tool could potentially improve developer effectiveness then we are more likely to include it.
  • System Impact - Software that can be run with a small RAM footprint and software that does not need a service to load on boot is much more likely to be included.

One of the goals of this project is to be able to re-provision a network with the click of a button. This might not be feasible since consumer-grade hardware usually does not include features like IPMI (which is a feature included in high-end motherboards that lets you control the power state remotely). However, we aim to reduce the amount of interaction required when re-provisioning an entire network down to the bare minimum. In the worst case scenario, you will have to reformat, reinstall the operating system, and ensure that OpenSSH is running (or WinRM in the case of Windows) on each of the computers in your network. However, the long term goal is to allow the user to reformat and reinstall the operating system used as your Ansible host using an automated USB installer and then automatically re-provision everything else on the network by utilizing IPMI.

You might ask, "But how can I retain application-level configurations?" We currently handle this by:

  • Pre-defining dotfiles in a customizable Git repository
  • Backing up to encrypted S3 buckets
  • Syncing files to private git repositories
  • Utilizing tools that synchronize settings like mackup or macprefs in the case of macOS

However, we intentionally keep this synchronization to a minimum (i.e. only back up what is necessary). After all, one of the goals of this project is to be able to regularly flush the bad stuff off a system. By keeping what we back up to a minimum, we reduce the attack surface.

Architecture

You can find a high-level overview of what each folder and file does in the ARCHITECTURE.md file.

Managing Environments

We accomplish managing different environments by symlinking all the folders that should be unique to each network environment (e.g. host_vars/, group_vars/, inventories/, files/vpn/, and files/ssh/). In the environments/ folder, you will see multiple folders. In our case, environments/dev/ contains sensible configurations for testing the playbook and its' roles. The production environment is a seperate git submodule that links to a private git repository that contains our Ansible-vaulted API keys and passwords. When you are ready to set up your production configurations, you can use this method of storing your environment-specific folders in the environments/ folder as well. But if you are just starting off, you do not have to worry about this since, by default, this playbook is configured to run with the settings included in the /environments/dev/ folder.

Switching Between Environments

If you already have the project bootstrapped (i.e. already ran bash .config/scripts/start.sh), you can switch environments with an interactive prompt by running:

task ansible:playbook:environment

Alternatively, you can run the following if you would like to bypass the prompt:

task ansible:playbook:environment -- environmentName

Contributing

Contributions, issues, and feature requests are welcome! Feel free to check the issues page. If you would like to contribute, please take a look at the contributing guide.

Sponsorship

Dear Awesome Person,

I create open source projects out of love. Although I have a job, shelter, and as much fast food as I can handle, it would still be pretty cool to be appreciated by the community for something I have spent a lot of time and money on. Please consider sponsoring me! Who knows? Maybe I will be able to quit my job and publish open source full time.

Sincerely,

Brian Zalewski

Open Collective sponsors GitHub sponsors Patreon

Affiliates

Below you will find a list of services we leverage that offer special incentives for signing up for their services through our special links:

MailChimp DigitalOcean Referral Badge

License

Copyright © 2020-2021 Megabyte LLC. This project is MIT licensed.