Group/host variable refactor
This commit is contained in:
parent
eb308670cc
commit
4b8aaf3e95
78 changed files with 445 additions and 374 deletions
|
|
@ -1,5 +1,6 @@
|
|||
[defaults]
|
||||
roles_path = ./roles
|
||||
inventory = inventory.yml
|
||||
ask_vault_pass = true
|
||||
|
||||
[privilege_escalation]
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62383364643761623739623632633261343735343465336235386336333234656631363432623535
|
||||
6562623634363937356137616131396264633161363461340a343432363362346664646161656563
|
||||
35623334326238326135646261666330666531633831656564396139666261623937626338386632
|
||||
3233333039623039640a383931633539363238326164643365316236326435643537303866373835
|
||||
66393465663364303134376566623736636664353031336537663036636462613766343739336331
|
||||
6438643538326533313433616438386165626537373162393430
|
||||
|
|
@ -1 +0,0 @@
|
|||
YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34303432393930626266313563613636343439623631633163656532363631313039386231623936
|
||||
3336636666626237316532346230303961323263613161320a383436636634376162353863386161
|
||||
36663064366461333335613633316630633335666335613464333863656536623230383262623733
|
||||
3065363835666231630a616362333233643637613762313437626366363365313831363661313336
|
||||
66373966656534646462653833343935623466613662333932666666366430663061366261396330
|
||||
3064636536643933613738356461313135363033633366396130
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64663539393065396333623165623833636539633932306437363365656532343565643866616532
|
||||
6562373233633237623761376234336331373637393431380a386261306438393837633037383464
|
||||
64623965376138313665393239346138383230383565626264393635303835396537663865313237
|
||||
6431313635333030390a646466303961663932353830366235643762393039396531316465333837
|
||||
61613264356263616332633334386532303761353536663033373639626634396164623335626566
|
||||
3632373266313435646338343738656663356635623138623939
|
||||
|
|
@ -1 +0,0 @@
|
|||
hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63643763346434313734663761386539393032613366626230373862643431613963633664353264
|
||||
6466616235653963643861643439633537656439363735330a366439356537386662353431643163
|
||||
33363830646433336366353363623835373639383663633837313030393162643931353331633133
|
||||
6534363438303261320a333364313534336465616336386337383935353631646361623866326232
|
||||
64373139636633393236303335396138326638333635663839663734346463303739646431353437
|
||||
3838653361383663633632363862306565643531353066623336
|
||||
|
|
@ -1,16 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
MAIN="main"
|
||||
DEVELOPMENT="development"
|
||||
|
||||
tmux start-server
|
||||
tmux new-session -ds $MAIN
|
||||
tmux new-window
|
||||
tmux new-window
|
||||
tmux select-window -t 0
|
||||
|
||||
tmux new-session -ds $DEVELOPMENT
|
||||
tmux new-window
|
||||
tmux new-window
|
||||
tmux new-window
|
||||
tmux select-window -t 0
|
||||
|
|
|
|||
|
|
@ -1,21 +1,13 @@
|
|||
xdg_config_dir: '{{ ansible_env.HOME }}/.config'
|
||||
xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
|
||||
|
||||
register_uefi_entries: false
|
||||
ansible_become_method: community.general.run0
|
||||
|
||||
packages:
|
||||
- firefox
|
||||
- mpv
|
||||
- youtube-dl
|
||||
- keepassxc
|
||||
- gimp
|
||||
- nftables
|
||||
- mpd
|
||||
- nfs-utils
|
||||
- okular
|
||||
- postgresql
|
||||
- plasma-meta
|
||||
- syncthing
|
||||
- wezterm
|
||||
- tmux
|
||||
- unrar
|
||||
|
|
@ -26,13 +18,11 @@ packages:
|
|||
- iproute2
|
||||
- curl
|
||||
- reflector
|
||||
- laptop-detect
|
||||
- pipewire
|
||||
- pipewire-pulse
|
||||
- pipewire-alsa
|
||||
- merkuro
|
||||
- kmail
|
||||
- wireguard-tools
|
||||
- otf-monaspace-nerd
|
||||
- systemd-ukify
|
||||
- efibootmgr
|
||||
|
|
@ -40,14 +30,16 @@ packages:
|
|||
- aspell-nl
|
||||
- aspell-en
|
||||
|
||||
platform_packages: []
|
||||
xdg_config_dir: '{{ ansible_env.HOME }}/.config'
|
||||
xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
|
||||
|
||||
modprobe_templates: []
|
||||
mkinitcpio_templates: []
|
||||
|
||||
boot_configuration:
|
||||
|
||||
vpn_config_dir: '/etc/wireguard'
|
||||
|
||||
server_domain: fudiggity.nl
|
||||
|
||||
register_uefi_entries: false
|
||||
|
||||
wezterm_font_size: 12
|
||||
39
group_vars/personal/system.yml
Normal file
39
group_vars/personal/system.yml
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
packages:
|
||||
- keepassxc
|
||||
- gimp
|
||||
- nftables
|
||||
- okular
|
||||
- postgresql
|
||||
- plasma-meta
|
||||
- wezterm
|
||||
- tmux
|
||||
- unrar
|
||||
- vim
|
||||
- git
|
||||
- openssl
|
||||
- kmail
|
||||
- iproute2
|
||||
- curl
|
||||
- reflector
|
||||
- pipewire
|
||||
- pipewire-pulse
|
||||
- pipewire-alsa
|
||||
- merkuro
|
||||
- kmail
|
||||
- otf-monaspace-nerd
|
||||
- systemd-ukify
|
||||
- efibootmgr
|
||||
- git-delta
|
||||
- aspell-nl
|
||||
- aspell-en
|
||||
|
||||
# custom packages
|
||||
- firefox
|
||||
- mpv
|
||||
- youtube-dl
|
||||
- nfs-utils
|
||||
- syncthing
|
||||
- mpd
|
||||
- wireguard-tools
|
||||
|
||||
vpn_config_dir: '/etc/wireguard'
|
||||
|
|
@ -57,7 +57,6 @@
|
|||
name: iwd
|
||||
state: restarted
|
||||
enabled: true
|
||||
when: platform == "laptop"
|
||||
|
||||
- name: stop mpd service
|
||||
systemd:
|
||||
|
|
|
|||
|
|
@ -1,17 +1,15 @@
|
|||
platform_packages: []
|
||||
|
||||
modprobe_templates:
|
||||
- src: 'templates/desktop/modprobe/99-amdgpu.conf.j2'
|
||||
- src: 'templates/personal/desktop/modprobe/99-amdgpu.conf.j2'
|
||||
dest: '/etc/modprobe.d/99-amdgpu.conf'
|
||||
|
||||
mkinitcpio_templates:
|
||||
- src: 'templates/desktop/mkinitcpio/1-modules.conf.j2'
|
||||
- src: 'templates/personal/desktop/mkinitcpio/1-modules.conf.j2'
|
||||
dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
|
||||
|
||||
- src: 'templates/desktop/mkinitcpio/linux.preset.j2'
|
||||
- src: 'templates/personal/desktop/mkinitcpio/linux.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux.preset'
|
||||
|
||||
- src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2'
|
||||
- src: 'templates/personal/desktop/mkinitcpio/linux-lts.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux-lts.preset'
|
||||
|
||||
boot_configuration:
|
||||
|
|
@ -24,7 +24,7 @@ vpn_default:
|
|||
endpoint: '{{ server_domain }}:51902'
|
||||
public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
|
||||
preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
|
||||
preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk'
|
||||
preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk'
|
||||
|
||||
vpn_media:
|
||||
ip: '10.0.1.3'
|
||||
|
|
@ -36,7 +36,7 @@ vpn_media:
|
|||
|
||||
public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub'
|
||||
private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key'
|
||||
private_key_source_path: 'files/desktop/wireguard/media/desktop.key'
|
||||
private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key'
|
||||
|
||||
peers:
|
||||
- name: 'zeus-media'
|
||||
|
|
@ -46,4 +46,4 @@ vpn_media:
|
|||
endpoint: '{{ server_domain }}.nl:51903'
|
||||
public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
|
||||
preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
|
||||
preshared_key_source_path: 'files/desktop/wireguard/media/preshared.psk'
|
||||
preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk'
|
||||
61
host_vars/xps/system.yml
Normal file
61
host_vars/xps/system.yml
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
packages:
|
||||
- keepassxc
|
||||
- gimp
|
||||
- nftables
|
||||
- okular
|
||||
- postgresql
|
||||
- plasma-meta
|
||||
- wezterm
|
||||
- tmux
|
||||
- unrar
|
||||
- vim
|
||||
- git
|
||||
- openssl
|
||||
- kmail
|
||||
- iproute2
|
||||
- curl
|
||||
- reflector
|
||||
- pipewire
|
||||
- pipewire-pulse
|
||||
- pipewire-alsa
|
||||
- merkuro
|
||||
- kmail
|
||||
- otf-monaspace-nerd
|
||||
- systemd-ukify
|
||||
- efibootmgr
|
||||
- git-delta
|
||||
- aspell-nl
|
||||
- aspell-en
|
||||
|
||||
# custom packages
|
||||
- firefox
|
||||
- mpv
|
||||
- youtube-dl
|
||||
- nfs-utils
|
||||
- syncthing
|
||||
- mpd
|
||||
- wireguard-tools
|
||||
|
||||
# custom host packages
|
||||
- iwd
|
||||
- nvidia
|
||||
- nvidia-prime
|
||||
- nvidia-utils
|
||||
- lib32-nvidia-utils
|
||||
|
||||
boot_configuration:
|
||||
disk: /dev/nvme0n1
|
||||
partition: 1
|
||||
|
||||
mkinitcpio_templates:
|
||||
- src: 'templates/personal/xps/mkinitcpio/1-modules.conf.j2'
|
||||
dest: '/etc/mkinitcpio.conf.d/1-modules.conf'
|
||||
|
||||
- src: 'templates/personal/xps/mkinitcpio/2-hooks.conf.j2'
|
||||
dest: '/etc/mkinitcpio.conf.d/2-hooks.conf'
|
||||
|
||||
- src: 'templates/personal/xps/mkinitcpio/linux.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux.preset'
|
||||
|
||||
- src: 'templates/personal/xps/mkinitcpio/linux-lts.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux-lts.preset'
|
||||
|
|
@ -23,7 +23,7 @@ vpn_default:
|
|||
endpoint: '{{ server_domain }}:51902'
|
||||
public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
|
||||
preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
|
||||
preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk'
|
||||
preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk'
|
||||
|
||||
vpn_media:
|
||||
ip: '10.0.1.2'
|
||||
|
|
@ -44,4 +44,4 @@ vpn_media:
|
|||
endpoint: '{{ server_domain }}:51903'
|
||||
public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
|
||||
preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
|
||||
preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk'
|
||||
preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk'
|
||||
6
inventory.yml
Normal file
6
inventory.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
personal:
|
||||
hosts:
|
||||
xps:
|
||||
ansible_connection: local
|
||||
desktop:
|
||||
ansible_connection: local
|
||||
105
playbook.yml
105
playbook.yml
|
|
@ -1,61 +1,21 @@
|
|||
- name: Arch Linux provisioning
|
||||
hosts: localhost
|
||||
pre_tasks:
|
||||
- name: Install shared packages
|
||||
become: true
|
||||
community.general.pacman:
|
||||
name: '{{ packages }}'
|
||||
|
||||
- name: Platform vars
|
||||
tags: platform_vars
|
||||
block:
|
||||
- name: Detect platform
|
||||
ansible.builtin.command: laptop-detect
|
||||
register: is_laptop
|
||||
failed_when: is_laptop.rc == 2
|
||||
|
||||
- name: Set platform (desktop)
|
||||
ansible.builtin.set_fact:
|
||||
platform: desktop
|
||||
when: is_laptop.rc == 1
|
||||
|
||||
- name: Set platform (laptop)
|
||||
ansible.builtin.set_fact:
|
||||
platform: laptop
|
||||
when: is_laptop.rc == 0
|
||||
|
||||
- name: Load desktop specific vars
|
||||
ansible.builtin.include_vars:
|
||||
dir: vars/desktop
|
||||
when: platform == 'desktop'
|
||||
|
||||
- name: Load laptop specific vars
|
||||
ansible.builtin.include_vars:
|
||||
dir: vars/laptop
|
||||
when: platform == 'laptop'
|
||||
|
||||
- name: Install platform specific packages
|
||||
become: true
|
||||
community.general.pacman:
|
||||
name: '{{ platform_packages }}'
|
||||
when: platform_packages | length > 0
|
||||
hosts:
|
||||
- xps
|
||||
- desktop
|
||||
gather_facts: true
|
||||
roles:
|
||||
- common
|
||||
tasks:
|
||||
- name: Verifying that a limit is set
|
||||
ansible.builtin.fail:
|
||||
msg: 'This playbook cannot be run with no limit'
|
||||
run_once: true
|
||||
when: ansible_limit is not defined
|
||||
|
||||
- name: Generic provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/setup.yml'
|
||||
tags: setup
|
||||
|
||||
- name: Desktop provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/setup-desktop.yml'
|
||||
when: platform == 'desktop'
|
||||
tags: laptop
|
||||
|
||||
- name: Laptop provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/setup-laptop.yml'
|
||||
when: platform == 'laptop'
|
||||
tags: laptop
|
||||
|
||||
- name: Network provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/network.yml'
|
||||
tags: network
|
||||
|
|
@ -64,33 +24,46 @@
|
|||
ansible.builtin.import_tasks: 'tasks/systemd.yml'
|
||||
tags: systemd
|
||||
|
||||
# TODO: move to development playbook
|
||||
- name: Git provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/git.yml'
|
||||
tags: git
|
||||
|
||||
- name: MPV provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/mpv.yml'
|
||||
tags: mpv
|
||||
|
||||
- name: MPD provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/mpd.yml'
|
||||
tags: mpd
|
||||
|
||||
- name: Syncthing provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/syncthing.yml'
|
||||
tags: syncthing
|
||||
|
||||
- name: Systemd timer provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/timer.yml'
|
||||
tags: timers
|
||||
|
||||
- name: Personal provisiong
|
||||
when: "'personal' in group_names"
|
||||
block:
|
||||
- name: Wireguard provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/wireguard.yml'
|
||||
tags: wireguard
|
||||
|
||||
- name: MPV provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/mpv.yml'
|
||||
tags: mpv
|
||||
|
||||
- name: MPD provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/mpd.yml'
|
||||
tags: mpd
|
||||
|
||||
- name: Syncthing provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/syncthing.yml'
|
||||
tags: syncthing
|
||||
|
||||
- name: Desktop provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/desktop.yml'
|
||||
when: ansible_hostname == 'desktop'
|
||||
tags: desktop
|
||||
|
||||
- name: XPS provisioning
|
||||
ansible.builtin.import_tasks: 'tasks/personal/xps.yml'
|
||||
when: ansible_hostname == 'xps'
|
||||
tags: xps
|
||||
handlers:
|
||||
- name: Import default handlers
|
||||
ansible.builtin.import_tasks: 'handlers.yml'
|
||||
|
||||
- name: Import common role handlers
|
||||
ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
|
||||
vars_files:
|
||||
- 'vars/main.yml'
|
||||
- 'vars/gpg.yml'
|
||||
- 'vars/mpd.yml'
|
||||
|
|
|
|||
|
|
@ -1,24 +1,28 @@
|
|||
- name: copy git configuration
|
||||
template:
|
||||
- name: Copy git configuration
|
||||
ansible.builtin.template:
|
||||
src: 'templates/gitconfig.j2'
|
||||
dest: '{{ ansible_env.HOME }}/.gitconfig'
|
||||
mode: '0755'
|
||||
|
||||
- name: copy keys
|
||||
copy:
|
||||
- name: Copy keys
|
||||
ansible.builtin.copy:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop:
|
||||
- { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' }
|
||||
- { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' }
|
||||
- src: 'files/personal/gpg/gpg_key'
|
||||
dest: '{{ ansible_env.HOME }}/gpg.key'
|
||||
- src: 'files/personal/gpg/gpg_pub'
|
||||
dest: '{{ ansible_env.HOME }}/gpg.pub'
|
||||
|
||||
- name: import secret key
|
||||
command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key'
|
||||
- name: Import secret key
|
||||
ansible.builtin.command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key'
|
||||
|
||||
- name: import public key
|
||||
command: 'gpg --import ~/gpg.pub'
|
||||
- name: Import public key
|
||||
ansible.builtin.command: 'gpg --import ~/gpg.pub'
|
||||
|
||||
- name: remove temp keys
|
||||
file:
|
||||
- name: Remove temp keys
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
loop:
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
- name: create configuration directory
|
||||
file:
|
||||
path: '{{ ansible_env.HOME }}/.config/mpv'
|
||||
state: directory
|
||||
mode: '0700'
|
||||
|
||||
- name: copy configuration files
|
||||
template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0644'
|
||||
loop:
|
||||
- {
|
||||
src: 'templates/mpv/input.j2',
|
||||
dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf',
|
||||
}
|
||||
- {
|
||||
src: 'templates/mpv/config.j2',
|
||||
dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf',
|
||||
}
|
||||
|
|
@ -3,67 +3,25 @@
|
|||
# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
|
||||
# for example.
|
||||
|
||||
- name: Create Wireguard directories
|
||||
- name: Copy firewall template
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
ansible.builtin.template:
|
||||
src: "{{ lookup('ansible.builtin.first_found', paths) }}"
|
||||
dest: '/etc/nftables.conf'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0750'
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- '{{ vpn_config_dir }}'
|
||||
- '{{ vpn_default.private_key_path | dirname }}'
|
||||
- '{{ vpn_default.public_key_path | dirname }}'
|
||||
- '{{ vpn_media.private_key_path | dirname }}'
|
||||
- '{{ vpn_media.public_key_path | dirname }}'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
|
||||
- name: Copy Wireguard credentials
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- dest: '{{ vpn_default.public_key_path }}'
|
||||
src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub'
|
||||
|
||||
- dest: '{{ vpn_default.private_key_path }}'
|
||||
src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key'
|
||||
|
||||
- dest: '{{ vpn_media.public_key_path }}'
|
||||
src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub'
|
||||
|
||||
- dest: '{{ vpn_media.private_key_path }}'
|
||||
src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
|
||||
- name: Copy Wireguard preshared keys
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: '{{ item.preshared_key_source_path }}'
|
||||
dest: '{{ item.preshared_key_path }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop: '{{ vpn_default.peers + vpn_media.peers }}'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
group: root
|
||||
mode: '0600'
|
||||
vars:
|
||||
paths:
|
||||
- 'templates/{{ ansible_hostname }}/nftables.j2'
|
||||
- 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2'
|
||||
notify: restart nftables
|
||||
|
||||
- name: Desktop configuration
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
when: platform == "desktop"
|
||||
when: ansible_hostname == 'desktop'
|
||||
block:
|
||||
- name: Setup network configuration
|
||||
become: true
|
||||
|
|
@ -74,21 +32,9 @@
|
|||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- src: 'templates/desktop/network/enp.network.j2'
|
||||
- src: 'templates/personal/desktop/network/enp.network.j2'
|
||||
dest: '/etc/systemd/network/20-wired.network'
|
||||
|
||||
- src: 'templates/desktop/network/wg0.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.network'
|
||||
|
||||
- src: 'templates/desktop/network/wg0.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.netdev'
|
||||
|
||||
- src: 'templates/desktop/network/wg1.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.network'
|
||||
|
||||
- src: 'templates/desktop/network/wg1.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.netdev'
|
||||
|
||||
- name: Remove leftover configuration files
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
|
|
@ -98,12 +44,12 @@
|
|||
- '/etc/systemd/network/30-vmbr0.network'
|
||||
- '/etc/systemd/network/30-vmbr0.netdev'
|
||||
|
||||
- name: Laptop configuration
|
||||
- name: XPS configuration
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
- restart iwd
|
||||
when: platform == "laptop"
|
||||
when: ansible_hostname == 'xps'
|
||||
block:
|
||||
- name: Setup network configuration
|
||||
become: true
|
||||
|
|
@ -114,21 +60,9 @@
|
|||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- src: 'templates/laptop/network/wireless.network.j2'
|
||||
- src: 'templates/personal/xps/network/wireless.network.j2'
|
||||
dest: '/etc/systemd/network/20-wireless.network'
|
||||
|
||||
- src: 'templates/laptop/network/wg0.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.network'
|
||||
|
||||
- src: 'templates/laptop/network/wg0.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.netdev'
|
||||
|
||||
- src: 'templates/laptop/network/wg1.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.network'
|
||||
|
||||
- src: 'templates/laptop/network/wg1.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.netdev'
|
||||
|
||||
- name: Remove leftover configuration files
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
|
|
@ -137,13 +71,3 @@
|
|||
loop:
|
||||
- '/etc/systemd/network/30-vmbr0.network'
|
||||
- '/etc/systemd/network/30-vmbr0.netdev'
|
||||
|
||||
- name: Copy firewall template
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: 'templates/{{ platform }}/nftables.j2'
|
||||
dest: '/etc/nftables.conf'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
notify: restart nftables
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
- name: Create xdg-desktop-portal.service.d directory
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Copy xdg-desktop-portal.service drop-in
|
||||
template:
|
||||
src: templates/desktop/xdg-desktop-portal.service.j2
|
||||
ansible.builtin.template:
|
||||
src: templates/personal/desktop/xdg-desktop-portal.service.j2
|
||||
dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf'
|
||||
mode: '0755'
|
||||
notify: user daemon-reload
|
||||
|
|
@ -4,10 +4,10 @@
|
|||
dest: '{{ item.dest }}'
|
||||
mode: '0644'
|
||||
loop:
|
||||
- src: 'templates/mpd/service.j2'
|
||||
- src: 'templates/personal/mpd/service.j2'
|
||||
dest: '{{ xdg_config_dir }}/systemd/user/mpd.service'
|
||||
|
||||
- src: 'templates/mpd/socket.j2'
|
||||
- src: 'templates/personal/mpd/socket.j2'
|
||||
dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
|
||||
notify:
|
||||
- stop mpd service
|
||||
|
|
@ -34,6 +34,7 @@
|
|||
ansible.builtin.file:
|
||||
path: '{{ item.path }}'
|
||||
state: '{{ item.state }}'
|
||||
mode: '0755'
|
||||
loop:
|
||||
- path: '{{ mpd_configuration_dir }}/log'
|
||||
state: 'absent'
|
||||
|
|
@ -50,11 +51,11 @@
|
|||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop:
|
||||
- src: 'templates/mpd/mpd.conf.j2'
|
||||
- src: 'templates/personal/mpd/mpd.conf.j2'
|
||||
dest: '{{ mpd_configuration_dir }}/mpd.conf'
|
||||
- src: 'templates/mpd/ncmpcpp/config.j2'
|
||||
- src: 'templates/personal/mpd/ncmpcpp/config.j2'
|
||||
dest: '{{ ncmpcpp_configuration_dir }}/config'
|
||||
- src: 'templates/mpd/ncmpcpp/bindings.j2'
|
||||
- src: 'templates/personal/mpd/ncmpcpp/bindings.j2'
|
||||
dest: '{{ ncmpcpp_configuration_dir }}/bindings'
|
||||
notify:
|
||||
- stop mpd service
|
||||
16
tasks/personal/mpv.yml
Normal file
16
tasks/personal/mpv.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
- name: Create configuration directory
|
||||
ansible.builtin.file:
|
||||
path: '{{ ansible_env.HOME }}/.config/mpv'
|
||||
state: directory
|
||||
mode: '0700'
|
||||
|
||||
- name: Copy configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0644'
|
||||
loop:
|
||||
- src: 'templates/personal/mpv/input.j2'
|
||||
dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf'
|
||||
- src: 'templates/personal/mpv/config.j2'
|
||||
dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf'
|
||||
112
tasks/personal/wireguard.yml
Normal file
112
tasks/personal/wireguard.yml
Normal file
|
|
@ -0,0 +1,112 @@
|
|||
# Note: Only compatible with personal group
|
||||
|
||||
- name: Create Wireguard directories
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0750'
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- '{{ vpn_config_dir }}'
|
||||
- '{{ vpn_default.private_key_path | dirname }}'
|
||||
- '{{ vpn_default.public_key_path | dirname }}'
|
||||
- '{{ vpn_media.private_key_path | dirname }}'
|
||||
- '{{ vpn_media.public_key_path | dirname }}'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
|
||||
- name: Copy Wireguard credentials
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- dest: '{{ vpn_default.public_key_path }}'
|
||||
src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub'
|
||||
|
||||
- dest: '{{ vpn_default.private_key_path }}'
|
||||
src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key'
|
||||
|
||||
- dest: '{{ vpn_media.public_key_path }}'
|
||||
src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub'
|
||||
|
||||
- dest: '{{ vpn_media.private_key_path }}'
|
||||
src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
|
||||
- name: Copy Wireguard preshared keys
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: '{{ item.preshared_key_source_path }}'
|
||||
dest: '{{ item.preshared_key_path }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop: '{{ vpn_default.peers + vpn_media.peers }}'
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
|
||||
- name: Desktop configuration
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
when: ansible_hostname == 'desktop'
|
||||
block:
|
||||
- name: Setup network configuration
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- src: 'templates/personal/desktop/network/wg0.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.network'
|
||||
|
||||
- src: 'templates/personal/desktop/network/wg0.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.netdev'
|
||||
|
||||
- src: 'templates/personal/desktop/network/wg1.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.network'
|
||||
|
||||
- src: 'templates/personal/desktop/network/wg1.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.netdev'
|
||||
|
||||
- name: XPS configuration
|
||||
notify:
|
||||
- restart systemd-networkd
|
||||
- restart systemd-resolved
|
||||
- restart iwd
|
||||
when: ansible_hostname == 'xps'
|
||||
block:
|
||||
- name: Setup network configuration
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop:
|
||||
- src: 'templates/personal/xps/network/wg0.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.network'
|
||||
|
||||
- src: 'templates/personal/xps/network/wg0.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg0.netdev'
|
||||
|
||||
- src: 'templates/personal/xps/network/wg1.network.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.network'
|
||||
|
||||
- src: 'templates/personal/xps/network/wg1.netdev.j2'
|
||||
dest: '/etc/systemd/network/40-wg1.netdev'
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
- name: Provision powertop systemd service
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: 'templates/laptop/powertop.service.j2'
|
||||
src: 'templates/personal/xps/powertop.service.j2'
|
||||
dest: '/etc/systemd/system/powertop.service'
|
||||
owner: root
|
||||
group: root
|
||||
169
tasks/setup.yml
169
tasks/setup.yml
|
|
@ -1,166 +1,183 @@
|
|||
- name: copy reflector configuration
|
||||
- name: Provision pollkit administrator configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/polkit.j2'
|
||||
dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules'
|
||||
mode: '0755'
|
||||
|
||||
- name: Install shared packages
|
||||
become: true
|
||||
community.general.pacman:
|
||||
name: '{{ packages }}'
|
||||
|
||||
- name: Copy reflector configuration
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: 'templates/reflector.j2'
|
||||
dest: '/etc/xdg/reflector/reflector.conf'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
|
||||
# started by weekly timer
|
||||
- name: disable reflector
|
||||
- name: Disable reflector
|
||||
become: true
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: reflector
|
||||
state: stopped
|
||||
enabled: false
|
||||
|
||||
- name: copy pacman configuration
|
||||
- name: Copy pacman configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/pacman.j2'
|
||||
dest: '/etc/pacman.conf'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: create extra conf
|
||||
- name: Create extra conf
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/pacman.d/extra.conf'
|
||||
owner: root
|
||||
group: root
|
||||
state: touch
|
||||
mode: '0644'
|
||||
|
||||
- name: create wezterm configuration dir
|
||||
file:
|
||||
- name: Create wezterm configuration dir
|
||||
ansible.builtin.file:
|
||||
path: '{{ xdg_config_dir }}/wezterm/includes'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: copy wezterm configuration files
|
||||
template:
|
||||
- name: Copy wezterm configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop:
|
||||
- {
|
||||
src: 'templates/wezterm/wezterm.lua.j2',
|
||||
dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
|
||||
}
|
||||
- {
|
||||
src: 'templates/wezterm/includes/colors.lua.j2',
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
|
||||
}
|
||||
- {
|
||||
src: 'templates/wezterm/includes/fonts.lua.j2',
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
|
||||
}
|
||||
- {
|
||||
src: 'templates/wezterm/includes/window.lua.j2',
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
|
||||
}
|
||||
- src: 'templates/wezterm/wezterm.lua.j2'
|
||||
dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
|
||||
|
||||
- name: enable fstrim timer
|
||||
- src: 'templates/wezterm/includes/colors.lua.j2'
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
|
||||
|
||||
- src: 'templates/wezterm/includes/fonts.lua.j2'
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
|
||||
|
||||
- src: 'templates/wezterm/includes/window.lua.j2'
|
||||
dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
|
||||
|
||||
- name: Enable fstrim timer
|
||||
become: true
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: fstrim.timer
|
||||
enabled: true
|
||||
|
||||
- name: remove the sysctl.d directory
|
||||
- name: Remove the sysctl.d directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/sysctl.d
|
||||
state: absent
|
||||
|
||||
- name: recreate the sysctl.d directory
|
||||
- name: Recreate the sysctl.d directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/sysctl.d
|
||||
state: directory
|
||||
mode: 755
|
||||
mode: '0755'
|
||||
|
||||
- name: copy sysctl files
|
||||
- name: Copy sysctl files
|
||||
become: true
|
||||
template:
|
||||
when: "'personal' not in group_names"
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop:
|
||||
- {
|
||||
src: 'templates/{{ platform }}/sysctl/99-sysrq.conf.j2',
|
||||
dest: '/etc/sysctl.d/99-sysrq.conf'
|
||||
}
|
||||
- {
|
||||
src: 'templates/{{ platform }}/sysctl/98-forward.conf.j2',
|
||||
dest: '/etc/sysctl.d/98-foward.conf'
|
||||
}
|
||||
- src: 'templates/sysctl/99-sysrq.conf.j2'
|
||||
dest: '/etc/sysctl.d/99-sysrq.conf'
|
||||
- src: 'templates/sysctl/98-forward.conf.j2'
|
||||
dest: '/etc/sysctl.d/98-foward.conf'
|
||||
notify: reload sysctl configuration
|
||||
|
||||
- name: remove the modprobe.d directory
|
||||
- name: Remove the modprobe.d directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/modprobe.d
|
||||
state: absent
|
||||
|
||||
- name: recreate the modprobe.d directory
|
||||
- name: Recreate the modprobe.d directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/modprobe.d
|
||||
state: directory
|
||||
mode: 755
|
||||
mode: '0755'
|
||||
|
||||
- name: copy modprobe configuration files
|
||||
- name: Copy modprobe configuration files
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop: '{{ modprobe_templates }}'
|
||||
when: modprobe_templates
|
||||
|
||||
- name: copy kernel parameters template
|
||||
- name: Copy kernel parameters template
|
||||
become: true
|
||||
template:
|
||||
src: 'templates/{{ platform }}/cmdline.j2'
|
||||
when: "'personal' not in group_names"
|
||||
ansible.builtin.template:
|
||||
src: 'templates/{{ ansible_hostname }}/cmdline.j2'
|
||||
dest: '/etc/kernel/cmdline'
|
||||
mode: '0755'
|
||||
|
||||
- name: remove the mkinitcpio directories
|
||||
- name: Copy kernel parameters template for personal group
|
||||
become: true
|
||||
file:
|
||||
when: "'personal' in group_names"
|
||||
ansible.builtin.template:
|
||||
src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2'
|
||||
dest: '/etc/kernel/cmdline'
|
||||
mode: '0755'
|
||||
|
||||
- name: Remove the mkinitcpio directories
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/mkinitcpio.conf.d
|
||||
- /etc/mkinitcpio.d
|
||||
|
||||
- name: recreate the mkinitcpio directories
|
||||
- name: Recreate the mkinitcpio directories
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
state: directory
|
||||
mode: 755
|
||||
mode: '0755'
|
||||
loop:
|
||||
- /etc/mkinitcpio.conf.d
|
||||
- /etc/mkinitcpio.d
|
||||
|
||||
- name: copy mkinitcpio configuration files
|
||||
- name: Copy mkinitcpio configuration files
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '{{ item.dest }}'
|
||||
mode: '0755'
|
||||
loop: '{{ mkinitcpio_templates }}'
|
||||
when: mkinitcpio_templates
|
||||
|
||||
- name: regenerate initramfs images
|
||||
- name: Regenerate initramfs images
|
||||
become: true
|
||||
command: 'mkinitcpio --allpresets'
|
||||
ansible.builtin.command: 'mkinitcpio --allpresets'
|
||||
register: mkinitcpio_stats
|
||||
|
||||
- name: log mkinitcpio stdout
|
||||
debug:
|
||||
- name: Log mkinitcpio stdout
|
||||
ansible.builtin.debug:
|
||||
var: mkinitcpio_stats.stdout_lines
|
||||
|
||||
- name: create a Linux UEFI boot entry
|
||||
- name: Create a Linux UEFI boot entry
|
||||
become: true
|
||||
command: efibootmgr \
|
||||
ansible.builtin.command: efibootmgr \
|
||||
--create \
|
||||
--disk '{{ boot_configuration.disk }}' \
|
||||
--part '{{ boot_configuration.partition }}' \
|
||||
|
|
@ -171,14 +188,14 @@
|
|||
register: efi_linux_stats
|
||||
when: register_uefi_entries
|
||||
|
||||
- name: log efibootmgr stdout
|
||||
debug:
|
||||
- name: Log efibootmgr stdout
|
||||
ansible.builtin.debug:
|
||||
var: efi_linux_stats.stdout_lines
|
||||
when: register_uefi_entries
|
||||
|
||||
- name: create a Linux LTS UEFI boot entry
|
||||
- name: Create a Linux LTS UEFI boot entry
|
||||
become: true
|
||||
command: efibootmgr \
|
||||
ansible.builtin.command: efibootmgr \
|
||||
--create \
|
||||
--disk '{{ boot_configuration.disk }}' \
|
||||
--part '{{ boot_configuration.partition }}' \
|
||||
|
|
@ -189,7 +206,7 @@
|
|||
register: efi_linux_lts_stats
|
||||
when: register_uefi_entries
|
||||
|
||||
- name: log efibootmgr LTS stdout
|
||||
debug:
|
||||
- name: Log efibootmgr LTS stdout
|
||||
ansible.builtin.debug:
|
||||
var: efi_linux_lts_stats.stdout_lines
|
||||
when: register_uefi_entries
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
- name: setup systemd user service folder
|
||||
file:
|
||||
- name: Setup systemd user service folder
|
||||
ansible.builtin.file:
|
||||
path: '{{ xdg_config_dir }}/systemd/user'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: add ssh-agent service
|
||||
template:
|
||||
- name: Add ssh-agent service
|
||||
ansible.builtin.template:
|
||||
src: 'templates/ssh-agent.j2'
|
||||
dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service'
|
||||
mode: '0644'
|
||||
notify: restart user ssh-agent
|
||||
|
||||
- name: copy tmux service
|
||||
template:
|
||||
- name: Copy tmux service
|
||||
ansible.builtin.template:
|
||||
src: 'templates/tmux.j2'
|
||||
dest: '{{ xdg_config_dir }}/systemd/user/tmux.service'
|
||||
mode: '0644'
|
||||
|
|
@ -20,8 +20,8 @@
|
|||
- user daemon-reload
|
||||
- restart tmux service
|
||||
|
||||
- name: copy tmux startup script
|
||||
copy:
|
||||
- name: Copy tmux startup script
|
||||
ansible.builtin.copy:
|
||||
src: 'files/tmux_start'
|
||||
dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start'
|
||||
mode: '0740'
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
net.ipv4.ip_forward = 1
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
kernel.sysrq = 1
|
||||
11
templates/polkit.j2
Normal file
11
templates/polkit.j2
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
/* {{ ansible_managed }}
|
||||
*
|
||||
* Allow members of the wheel group to execute any actions
|
||||
* without password authentication, similar to "sudo NOPASSWD:"
|
||||
* without password authentication, similar to "sudo NOPASSWD:"
|
||||
*/
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (subject.isInGroup("wheel")) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
platform_packages:
|
||||
- iwd
|
||||
- nvidia
|
||||
- nvidia-prime
|
||||
- nvidia-utils
|
||||
- lib32-nvidia-utils
|
||||
|
||||
boot_configuration:
|
||||
disk: /dev/nvme0n1
|
||||
partition: 1
|
||||
|
||||
mkinitcpio_templates:
|
||||
- src: 'templates/laptop/mkinitcpio/1-modules.conf.j2'
|
||||
dest: '/etc/mkinitcpio.conf.d/1-modules.conf'
|
||||
|
||||
- src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2'
|
||||
dest: '/etc/mkinitcpio.conf.d/2-hooks.conf'
|
||||
|
||||
- src: 'templates/laptop/mkinitcpio/linux.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux.preset'
|
||||
|
||||
- src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2'
|
||||
dest: '/etc/mkinitcpio.d/linux-lts.preset'
|
||||
Loading…
Add table
Add a link
Reference in a new issue