diff --git a/ansible.cfg b/ansible.cfg index 5ec08e7..32fe937 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,6 @@ [defaults] roles_path = ./roles +inventory = inventory.yml ask_vault_pass = true [privilege_escalation] diff --git a/files/desktop/wireguard/media/desktop.key b/files/desktop/wireguard/media/desktop.key deleted file mode 100644 index 8782234..0000000 --- a/files/desktop/wireguard/media/desktop.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62383364643761623739623632633261343735343465336235386336333234656631363432623535 -6562623634363937356137616131396264633161363461340a343432363362346664646161656563 -35623334326238326135646261666330666531633831656564396139666261623937626338386632 -3233333039623039640a383931633539363238326164643365316236326435643537303866373835 -66393465663364303134376566623736636664353031336537663036636462613766343739336331 -6438643538326533313433616438386165626537373162393430 diff --git a/files/desktop/wireguard/media/desktop.pub b/files/desktop/wireguard/media/desktop.pub deleted file mode 100644 index 640bf96..0000000 --- a/files/desktop/wireguard/media/desktop.pub +++ /dev/null @@ -1 +0,0 @@ -YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/desktop/wireguard/media/preshared.psk b/files/desktop/wireguard/media/preshared.psk deleted file mode 100644 index 8e41aac..0000000 --- a/files/desktop/wireguard/media/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34303432393930626266313563613636343439623631633163656532363631313039386231623936 -3336636666626237316532346230303961323263613161320a383436636634376162353863386161 -36663064366461333335613633316630633335666335613464333863656536623230383262623733 -3065363835666231630a616362333233643637613762313437626366363365313831363661313336 -66373966656534646462653833343935623466613662333932666666366430663061366261396330 -3064636536643933613738356461313135363033633366396130 diff --git a/files/laptop/wireguard/media/laptop.key b/files/laptop/wireguard/media/laptop.key deleted file mode 100644 index 939f255..0000000 --- a/files/laptop/wireguard/media/laptop.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64663539393065396333623165623833636539633932306437363365656532343565643866616532 -6562373233633237623761376234336331373637393431380a386261306438393837633037383464 -64623965376138313665393239346138383230383565626264393635303835396537663865313237 -6431313635333030390a646466303961663932353830366235643762393039396531316465333837 -61613264356263616332633334386532303761353536663033373639626634396164623335626566 -3632373266313435646338343738656663356635623138623939 diff --git a/files/laptop/wireguard/media/laptop.pub b/files/laptop/wireguard/media/laptop.pub deleted file mode 100644 index aec0b05..0000000 --- a/files/laptop/wireguard/media/laptop.pub +++ /dev/null @@ -1 +0,0 @@ -hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/laptop/wireguard/media/preshared.psk b/files/laptop/wireguard/media/preshared.psk deleted file mode 100644 index ca1d895..0000000 --- a/files/laptop/wireguard/media/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63643763346434313734663761386539393032613366626230373862643431613963633664353264 -6466616235653963643861643439633537656439363735330a366439356537386662353431643163 -33363830646433336366353363623835373639383663633837313030393162643931353331633133 -6534363438303261320a333364313534336465616336386337383935353631646361623866326232 -64373139636633393236303335396138326638333635663839663734346463303739646431353437 -3838653361383663633632363862306565643531353066623336 diff --git a/files/desktop/wireguard/default/desktop.key b/files/personal/desktop/wireguard/default/desktop.key similarity index 100% rename from files/desktop/wireguard/default/desktop.key rename to files/personal/desktop/wireguard/default/desktop.key diff --git a/files/desktop/wireguard/default/desktop.pub b/files/personal/desktop/wireguard/default/desktop.pub similarity index 100% rename from files/desktop/wireguard/default/desktop.pub rename to files/personal/desktop/wireguard/default/desktop.pub diff --git a/files/desktop/wireguard/default/preshared.psk b/files/personal/desktop/wireguard/default/preshared.psk similarity index 100% rename from files/desktop/wireguard/default/preshared.psk rename to files/personal/desktop/wireguard/default/preshared.psk diff --git a/files/gpg_key b/files/personal/gpg/gpg_key similarity index 100% rename from files/gpg_key rename to files/personal/gpg/gpg_key diff --git a/files/gpg_pub b/files/personal/gpg/gpg_pub similarity index 100% rename from files/gpg_pub rename to files/personal/gpg/gpg_pub diff --git a/files/laptop/wireguard/default/preshared.psk b/files/personal/xps/wireguard/default/preshared.psk similarity index 100% rename from files/laptop/wireguard/default/preshared.psk rename to files/personal/xps/wireguard/default/preshared.psk diff --git a/files/laptop/wireguard/default/laptop.key b/files/personal/xps/wireguard/default/xps.key similarity index 100% rename from files/laptop/wireguard/default/laptop.key rename to files/personal/xps/wireguard/default/xps.key diff --git a/files/laptop/wireguard/default/laptop.pub b/files/personal/xps/wireguard/default/xps.pub similarity index 100% rename from files/laptop/wireguard/default/laptop.pub rename to files/personal/xps/wireguard/default/xps.pub diff --git a/files/tmux_start b/files/tmux_start index 4e6646d..56d5770 100755 --- a/files/tmux_start +++ b/files/tmux_start @@ -1,16 +1,8 @@ #!/bin/bash MAIN="main" -DEVELOPMENT="development" tmux start-server tmux new-session -ds $MAIN tmux new-window -tmux new-window -tmux select-window -t 0 - -tmux new-session -ds $DEVELOPMENT -tmux new-window -tmux new-window -tmux new-window tmux select-window -t 0 diff --git a/vars/main.yml b/group_vars/all/main.yml similarity index 80% rename from vars/main.yml rename to group_vars/all/main.yml index 5dccfd9..405504f 100644 --- a/vars/main.yml +++ b/group_vars/all/main.yml @@ -1,21 +1,13 @@ -xdg_config_dir: '{{ ansible_env.HOME }}/.config' -xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' - -register_uefi_entries: false +ansible_become_method: community.general.run0 packages: - firefox - - mpv - - youtube-dl - keepassxc - gimp - nftables - - mpd - - nfs-utils - okular - postgresql - plasma-meta - - syncthing - wezterm - tmux - unrar @@ -26,13 +18,11 @@ packages: - iproute2 - curl - reflector - - laptop-detect - pipewire - pipewire-pulse - pipewire-alsa - merkuro - kmail - - wireguard-tools - otf-monaspace-nerd - systemd-ukify - efibootmgr @@ -40,14 +30,16 @@ packages: - aspell-nl - aspell-en -platform_packages: [] +xdg_config_dir: '{{ ansible_env.HOME }}/.config' +xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' + modprobe_templates: [] mkinitcpio_templates: [] boot_configuration: -vpn_config_dir: '/etc/wireguard' - server_domain: fudiggity.nl +register_uefi_entries: false + wezterm_font_size: 12 diff --git a/vars/gpg.yml b/group_vars/personal/gpg.yml similarity index 100% rename from vars/gpg.yml rename to group_vars/personal/gpg.yml diff --git a/vars/mpd.yml b/group_vars/personal/mpd.yml similarity index 100% rename from vars/mpd.yml rename to group_vars/personal/mpd.yml diff --git a/group_vars/personal/system.yml b/group_vars/personal/system.yml new file mode 100644 index 0000000..f3e9732 --- /dev/null +++ b/group_vars/personal/system.yml @@ -0,0 +1,39 @@ +packages: + - keepassxc + - gimp + - nftables + - okular + - postgresql + - plasma-meta + - wezterm + - tmux + - unrar + - vim + - git + - openssl + - kmail + - iproute2 + - curl + - reflector + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + - aspell-nl + - aspell-en + + # custom packages + - firefox + - mpv + - youtube-dl + - nfs-utils + - syncthing + - mpd + - wireguard-tools + +vpn_config_dir: '/etc/wireguard' diff --git a/handlers.yml b/handlers.yml index 23ae9bb..0af528a 100644 --- a/handlers.yml +++ b/handlers.yml @@ -57,7 +57,6 @@ name: iwd state: restarted enabled: true - when: platform == "laptop" - name: stop mpd service systemd: diff --git a/vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml similarity index 100% rename from vars/desktop/syncthing.yml rename to host_vars/desktop/syncthing.yml diff --git a/vars/desktop/system.yml b/host_vars/desktop/system.yml similarity index 51% rename from vars/desktop/system.yml rename to host_vars/desktop/system.yml index 61a2959..67054cd 100644 --- a/vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -1,17 +1,15 @@ -platform_packages: [] - modprobe_templates: - - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' + - src: 'templates/personal/desktop/modprobe/99-amdgpu.conf.j2' dest: '/etc/modprobe.d/99-amdgpu.conf' mkinitcpio_templates: - - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' + - src: 'templates/personal/desktop/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - src: 'templates/desktop/mkinitcpio/linux.preset.j2' + - src: 'templates/personal/desktop/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/personal/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' boot_configuration: diff --git a/vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml similarity index 84% rename from vars/desktop/vpn.yml rename to host_vars/desktop/vpn.yml index 066741b..3cc3977 100644 --- a/vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -24,7 +24,7 @@ vpn_default: endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk' + preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.3' @@ -36,7 +36,7 @@ vpn_media: public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: 'files/desktop/wireguard/media/desktop.key' + private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key' peers: - name: 'zeus-media' @@ -46,4 +46,4 @@ vpn_media: endpoint: '{{ server_domain }}.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/desktop/wireguard/media/preshared.psk' + preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk' diff --git a/vars/laptop/syncthing.yml b/host_vars/xps/syncthing.yml similarity index 100% rename from vars/laptop/syncthing.yml rename to host_vars/xps/syncthing.yml diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml new file mode 100644 index 0000000..23170ef --- /dev/null +++ b/host_vars/xps/system.yml @@ -0,0 +1,61 @@ +packages: + - keepassxc + - gimp + - nftables + - okular + - postgresql + - plasma-meta + - wezterm + - tmux + - unrar + - vim + - git + - openssl + - kmail + - iproute2 + - curl + - reflector + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + - aspell-nl + - aspell-en + + # custom packages + - firefox + - mpv + - youtube-dl + - nfs-utils + - syncthing + - mpd + - wireguard-tools + + # custom host packages + - iwd + - nvidia + - nvidia-prime + - nvidia-utils + - lib32-nvidia-utils + +boot_configuration: + disk: /dev/nvme0n1 + partition: 1 + +mkinitcpio_templates: + - src: 'templates/personal/xps/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + + - src: 'templates/personal/xps/mkinitcpio/2-hooks.conf.j2' + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + + - src: 'templates/personal/xps/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/personal/xps/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' diff --git a/vars/laptop/vpn.yml b/host_vars/xps/vpn.yml similarity index 89% rename from vars/laptop/vpn.yml rename to host_vars/xps/vpn.yml index 158db4e..1a2eab2 100644 --- a/vars/laptop/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -23,7 +23,7 @@ vpn_default: endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk' + preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.2' @@ -44,4 +44,4 @@ vpn_media: endpoint: '{{ server_domain }}:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk' + preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk' diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..610f4b7 --- /dev/null +++ b/inventory.yml @@ -0,0 +1,6 @@ +personal: + hosts: + xps: + ansible_connection: local + desktop: + ansible_connection: local diff --git a/playbook.yml b/playbook.yml index 155fbe1..a604be7 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,61 +1,21 @@ - name: Arch Linux provisioning - hosts: localhost - pre_tasks: - - name: Install shared packages - become: true - community.general.pacman: - name: '{{ packages }}' - - - name: Platform vars - tags: platform_vars - block: - - name: Detect platform - ansible.builtin.command: laptop-detect - register: is_laptop - failed_when: is_laptop.rc == 2 - - - name: Set platform (desktop) - ansible.builtin.set_fact: - platform: desktop - when: is_laptop.rc == 1 - - - name: Set platform (laptop) - ansible.builtin.set_fact: - platform: laptop - when: is_laptop.rc == 0 - - - name: Load desktop specific vars - ansible.builtin.include_vars: - dir: vars/desktop - when: platform == 'desktop' - - - name: Load laptop specific vars - ansible.builtin.include_vars: - dir: vars/laptop - when: platform == 'laptop' - - - name: Install platform specific packages - become: true - community.general.pacman: - name: '{{ platform_packages }}' - when: platform_packages | length > 0 + hosts: + - xps + - desktop + gather_facts: true roles: - common tasks: + - name: Verifying that a limit is set + ansible.builtin.fail: + msg: 'This playbook cannot be run with no limit' + run_once: true + when: ansible_limit is not defined + - name: Generic provisioning ansible.builtin.import_tasks: 'tasks/setup.yml' tags: setup - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/setup-desktop.yml' - when: platform == 'desktop' - tags: laptop - - - name: Laptop provisioning - ansible.builtin.import_tasks: 'tasks/setup-laptop.yml' - when: platform == 'laptop' - tags: laptop - - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' tags: network @@ -64,33 +24,46 @@ ansible.builtin.import_tasks: 'tasks/systemd.yml' tags: systemd + # TODO: move to development playbook - name: Git provisioning ansible.builtin.import_tasks: 'tasks/git.yml' tags: git - - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/mpv.yml' - tags: mpv - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' - tags: syncthing - - name: Systemd timer provisioning ansible.builtin.import_tasks: 'tasks/timer.yml' tags: timers + - name: Personal provisiong + when: "'personal' in group_names" + block: + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/personal/wireguard.yml' + tags: wireguard + + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/personal/mpv.yml' + tags: mpv + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/personal/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/personal/syncthing.yml' + tags: syncthing + + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/personal/desktop.yml' + when: ansible_hostname == 'desktop' + tags: desktop + + - name: XPS provisioning + ansible.builtin.import_tasks: 'tasks/personal/xps.yml' + when: ansible_hostname == 'xps' + tags: xps handlers: - name: Import default handlers ansible.builtin.import_tasks: 'handlers.yml' - name: Import common role handlers ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' - vars_files: - - 'vars/main.yml' - - 'vars/gpg.yml' - - 'vars/mpd.yml' diff --git a/tasks/git.yml b/tasks/git.yml index 3b07f8f..a375d3b 100644 --- a/tasks/git.yml +++ b/tasks/git.yml @@ -1,24 +1,28 @@ -- name: copy git configuration - template: +- name: Copy git configuration + ansible.builtin.template: src: 'templates/gitconfig.j2' dest: '{{ ansible_env.HOME }}/.gitconfig' + mode: '0755' -- name: copy keys - copy: +- name: Copy keys + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } - - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } + - src: 'files/personal/gpg/gpg_key' + dest: '{{ ansible_env.HOME }}/gpg.key' + - src: 'files/personal/gpg/gpg_pub' + dest: '{{ ansible_env.HOME }}/gpg.pub' -- name: import secret key - command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' +- name: Import secret key + ansible.builtin.command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' -- name: import public key - command: 'gpg --import ~/gpg.pub' +- name: Import public key + ansible.builtin.command: 'gpg --import ~/gpg.pub' -- name: remove temp keys - file: +- name: Remove temp keys + ansible.builtin.file: path: '{{ item }}' state: absent loop: diff --git a/tasks/mpv.yml b/tasks/mpv.yml deleted file mode 100644 index c0e8a8a..0000000 --- a/tasks/mpv.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: create configuration directory - file: - path: '{{ ansible_env.HOME }}/.config/mpv' - state: directory - mode: '0700' - -- name: copy configuration files - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0644' - loop: - - { - src: 'templates/mpv/input.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf', - } - - { - src: 'templates/mpv/config.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf', - } diff --git a/tasks/network.yml b/tasks/network.yml index feec18b..d00a814 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,67 +3,25 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. -- name: Create Wireguard directories +- name: Copy firewall template become: true - ansible.builtin.file: - path: '{{ item }}' + ansible.builtin.template: + src: "{{ lookup('ansible.builtin.first_found', paths) }}" + dest: '/etc/nftables.conf' owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ vpn_default.private_key_path | dirname }}' - - '{{ vpn_default.public_key_path | dirname }}' - - '{{ vpn_media.private_key_path | dirname }}' - - '{{ vpn_media.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ vpn_default.public_key_path }}' - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub' - - - dest: '{{ vpn_default.private_key_path }}' - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key' - - - dest: '{{ vpn_media.public_key_path }}' - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub' - - - dest: '{{ vpn_media.private_key_path }}' - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ vpn_default.peers + vpn_media.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved + group: root + mode: '0600' + vars: + paths: + - 'templates/{{ ansible_hostname }}/nftables.j2' + - 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2' + notify: restart nftables - name: Desktop configuration notify: - restart systemd-networkd - restart systemd-resolved - when: platform == "desktop" + when: ansible_hostname == 'desktop' block: - name: Setup network configuration become: true @@ -74,21 +32,9 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/desktop/network/enp.network.j2' + - src: 'templates/personal/desktop/network/enp.network.j2' dest: '/etc/systemd/network/20-wired.network' - - src: 'templates/desktop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/desktop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/desktop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/desktop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - - name: Remove leftover configuration files become: true ansible.builtin.file: @@ -98,12 +44,12 @@ - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' -- name: Laptop configuration +- name: XPS configuration notify: - restart systemd-networkd - restart systemd-resolved - restart iwd - when: platform == "laptop" + when: ansible_hostname == 'xps' block: - name: Setup network configuration become: true @@ -114,21 +60,9 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/laptop/network/wireless.network.j2' + - src: 'templates/personal/xps/network/wireless.network.j2' dest: '/etc/systemd/network/20-wireless.network' - - src: 'templates/laptop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/laptop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/laptop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/laptop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - - name: Remove leftover configuration files become: true ansible.builtin.file: @@ -137,13 +71,3 @@ loop: - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' - -- name: Copy firewall template - become: true - ansible.builtin.template: - src: 'templates/{{ platform }}/nftables.j2' - dest: '/etc/nftables.conf' - owner: root - group: root - mode: '0600' - notify: restart nftables diff --git a/tasks/setup-desktop.yml b/tasks/personal/desktop.yml similarity index 67% rename from tasks/setup-desktop.yml rename to tasks/personal/desktop.yml index f06ec16..7ebea99 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/personal/desktop.yml @@ -1,10 +1,12 @@ - name: Create xdg-desktop-portal.service.d directory - file: + ansible.builtin.file: path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' state: directory + mode: '0755' - name: Copy xdg-desktop-portal.service drop-in - template: - src: templates/desktop/xdg-desktop-portal.service.j2 + ansible.builtin.template: + src: templates/personal/desktop/xdg-desktop-portal.service.j2 dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' + mode: '0755' notify: user daemon-reload diff --git a/tasks/mpd.yml b/tasks/personal/mpd.yml similarity index 87% rename from tasks/mpd.yml rename to tasks/personal/mpd.yml index 08de7d4..8126cf1 100644 --- a/tasks/mpd.yml +++ b/tasks/personal/mpd.yml @@ -4,10 +4,10 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/mpd/service.j2' + - src: 'templates/personal/mpd/service.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - src: 'templates/mpd/socket.j2' + - src: 'templates/personal/mpd/socket.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service @@ -34,6 +34,7 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' + mode: '0755' loop: - path: '{{ mpd_configuration_dir }}/log' state: 'absent' @@ -50,11 +51,11 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'templates/mpd/mpd.conf.j2' + - src: 'templates/personal/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/mpd/ncmpcpp/config.j2' + - src: 'templates/personal/mpd/ncmpcpp/config.j2' dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/mpd/ncmpcpp/bindings.j2' + - src: 'templates/personal/mpd/ncmpcpp/bindings.j2' dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service diff --git a/tasks/personal/mpv.yml b/tasks/personal/mpv.yml new file mode 100644 index 0000000..3b1e48f --- /dev/null +++ b/tasks/personal/mpv.yml @@ -0,0 +1,16 @@ +- name: Create configuration directory + ansible.builtin.file: + path: '{{ ansible_env.HOME }}/.config/mpv' + state: directory + mode: '0700' + +- name: Copy configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0644' + loop: + - src: 'templates/personal/mpv/input.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' + - src: 'templates/personal/mpv/config.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/syncthing.yml b/tasks/personal/syncthing.yml similarity index 100% rename from tasks/syncthing.yml rename to tasks/personal/syncthing.yml diff --git a/tasks/personal/wireguard.yml b/tasks/personal/wireguard.yml new file mode 100644 index 0000000..81657ea --- /dev/null +++ b/tasks/personal/wireguard.yml @@ -0,0 +1,112 @@ +# Note: Only compatible with personal group + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ vpn_default.private_key_path | dirname }}' + - '{{ vpn_default.public_key_path | dirname }}' + - '{{ vpn_media.private_key_path | dirname }}' + - '{{ vpn_media.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ vpn_default.public_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub' + + - dest: '{{ vpn_default.private_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key' + + - dest: '{{ vpn_media.public_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub' + + - dest: '{{ vpn_media.private_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ vpn_default.peers + vpn_media.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Desktop configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + when: ansible_hostname == 'desktop' + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/personal/desktop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/personal/desktop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/personal/desktop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/personal/desktop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + +- name: XPS configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + - restart iwd + when: ansible_hostname == 'xps' + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/personal/xps/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/personal/xps/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/personal/xps/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/personal/xps/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' diff --git a/tasks/setup-laptop.yml b/tasks/personal/xps.yml similarity index 79% rename from tasks/setup-laptop.yml rename to tasks/personal/xps.yml index 01517f4..10b48b2 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/personal/xps.yml @@ -1,7 +1,7 @@ - name: Provision powertop systemd service become: true ansible.builtin.template: - src: 'templates/laptop/powertop.service.j2' + src: 'templates/personal/xps/powertop.service.j2' dest: '/etc/systemd/system/powertop.service' owner: root group: root diff --git a/tasks/setup.yml b/tasks/setup.yml index 0833f95..197cfb0 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,166 +1,183 @@ -- name: copy reflector configuration +- name: Provision pollkit administrator configuration become: true - template: + ansible.builtin.template: + src: 'templates/polkit.j2' + dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules' + mode: '0755' + +- name: Install shared packages + become: true + community.general.pacman: + name: '{{ packages }}' + +- name: Copy reflector configuration + become: true + ansible.builtin.template: src: 'templates/reflector.j2' dest: '/etc/xdg/reflector/reflector.conf' - owner: root - group: root mode: '0600' # started by weekly timer -- name: disable reflector +- name: Disable reflector become: true - systemd: + ansible.builtin.systemd: name: reflector state: stopped enabled: false -- name: copy pacman configuration +- name: Copy pacman configuration become: true - template: + ansible.builtin.template: src: 'templates/pacman.j2' dest: '/etc/pacman.conf' owner: root group: root mode: '0644' -- name: create extra conf +- name: Create extra conf become: true - file: + ansible.builtin.file: path: '/etc/pacman.d/extra.conf' owner: root group: root state: touch mode: '0644' -- name: create wezterm configuration dir - file: +- name: Create wezterm configuration dir + ansible.builtin.file: path: '{{ xdg_config_dir }}/wezterm/includes' state: directory + mode: '0755' -- name: copy wezterm configuration files - template: +- name: Copy wezterm configuration files + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { - src: 'templates/wezterm/wezterm.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - } - - { - src: 'templates/wezterm/includes/colors.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - } - - { - src: 'templates/wezterm/includes/fonts.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - } - - { - src: 'templates/wezterm/includes/window.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - } + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' -- name: enable fstrim timer + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + +- name: Enable fstrim timer become: true - systemd: + ansible.builtin.systemd: name: fstrim.timer enabled: true -- name: remove the sysctl.d directory +- name: Remove the sysctl.d directory become: true - file: + ansible.builtin.file: path: /etc/sysctl.d state: absent -- name: recreate the sysctl.d directory +- name: Recreate the sysctl.d directory become: true - file: + ansible.builtin.file: path: /etc/sysctl.d state: directory - mode: 755 + mode: '0755' -- name: copy sysctl files +- name: Copy sysctl files become: true - template: + when: "'personal' not in group_names" + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { - src: 'templates/{{ platform }}/sysctl/99-sysrq.conf.j2', - dest: '/etc/sysctl.d/99-sysrq.conf' - } - - { - src: 'templates/{{ platform }}/sysctl/98-forward.conf.j2', - dest: '/etc/sysctl.d/98-foward.conf' - } + - src: 'templates/sysctl/99-sysrq.conf.j2' + dest: '/etc/sysctl.d/99-sysrq.conf' + - src: 'templates/sysctl/98-forward.conf.j2' + dest: '/etc/sysctl.d/98-foward.conf' notify: reload sysctl configuration -- name: remove the modprobe.d directory +- name: Remove the modprobe.d directory become: true - file: + ansible.builtin.file: path: /etc/modprobe.d state: absent -- name: recreate the modprobe.d directory +- name: Recreate the modprobe.d directory become: true - file: + ansible.builtin.file: path: /etc/modprobe.d state: directory - mode: 755 + mode: '0755' -- name: copy modprobe configuration files +- name: Copy modprobe configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: '{{ modprobe_templates }}' when: modprobe_templates -- name: copy kernel parameters template +- name: Copy kernel parameters template become: true - template: - src: 'templates/{{ platform }}/cmdline.j2' + when: "'personal' not in group_names" + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/cmdline.j2' dest: '/etc/kernel/cmdline' + mode: '0755' -- name: remove the mkinitcpio directories +- name: Copy kernel parameters template for personal group become: true - file: + when: "'personal' in group_names" + ansible.builtin.template: + src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2' + dest: '/etc/kernel/cmdline' + mode: '0755' + +- name: Remove the mkinitcpio directories + become: true + ansible.builtin.file: path: '{{ item }}' state: absent loop: - /etc/mkinitcpio.conf.d - /etc/mkinitcpio.d -- name: recreate the mkinitcpio directories +- name: Recreate the mkinitcpio directories become: true - file: + ansible.builtin.file: path: '{{ item }}' state: directory - mode: 755 + mode: '0755' loop: - /etc/mkinitcpio.conf.d - /etc/mkinitcpio.d -- name: copy mkinitcpio configuration files +- name: Copy mkinitcpio configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: '{{ mkinitcpio_templates }}' when: mkinitcpio_templates -- name: regenerate initramfs images +- name: Regenerate initramfs images become: true - command: 'mkinitcpio --allpresets' + ansible.builtin.command: 'mkinitcpio --allpresets' register: mkinitcpio_stats -- name: log mkinitcpio stdout - debug: +- name: Log mkinitcpio stdout + ansible.builtin.debug: var: mkinitcpio_stats.stdout_lines -- name: create a Linux UEFI boot entry +- name: Create a Linux UEFI boot entry become: true - command: efibootmgr \ + ansible.builtin.command: efibootmgr \ --create \ --disk '{{ boot_configuration.disk }}' \ --part '{{ boot_configuration.partition }}' \ @@ -171,14 +188,14 @@ register: efi_linux_stats when: register_uefi_entries -- name: log efibootmgr stdout - debug: +- name: Log efibootmgr stdout + ansible.builtin.debug: var: efi_linux_stats.stdout_lines when: register_uefi_entries -- name: create a Linux LTS UEFI boot entry +- name: Create a Linux LTS UEFI boot entry become: true - command: efibootmgr \ + ansible.builtin.command: efibootmgr \ --create \ --disk '{{ boot_configuration.disk }}' \ --part '{{ boot_configuration.partition }}' \ @@ -189,7 +206,7 @@ register: efi_linux_lts_stats when: register_uefi_entries -- name: log efibootmgr LTS stdout - debug: +- name: Log efibootmgr LTS stdout + ansible.builtin.debug: var: efi_linux_lts_stats.stdout_lines when: register_uefi_entries diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 204acf8..4b6e6e5 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,18 +1,18 @@ -- name: setup systemd user service folder - file: +- name: Setup systemd user service folder + ansible.builtin.file: path: '{{ xdg_config_dir }}/systemd/user' state: directory mode: '0755' -- name: add ssh-agent service - template: +- name: Add ssh-agent service + ansible.builtin.template: src: 'templates/ssh-agent.j2' dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' mode: '0644' notify: restart user ssh-agent -- name: copy tmux service - template: +- name: Copy tmux service + ansible.builtin.template: src: 'templates/tmux.j2' dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' mode: '0644' @@ -20,8 +20,8 @@ - user daemon-reload - restart tmux service -- name: copy tmux startup script - copy: +- name: Copy tmux startup script + ansible.builtin.copy: src: 'files/tmux_start' dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' mode: '0740' diff --git a/templates/laptop/sysctl/98-forward.conf.j2 b/templates/laptop/sysctl/98-forward.conf.j2 deleted file mode 100644 index 16f90a8..0000000 --- a/templates/laptop/sysctl/98-forward.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -net.ipv4.ip_forward = 1 diff --git a/templates/laptop/sysctl/99-sysrq.conf.j2 b/templates/laptop/sysctl/99-sysrq.conf.j2 deleted file mode 100644 index a4c7283..0000000 --- a/templates/laptop/sysctl/99-sysrq.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -kernel.sysrq = 1 diff --git a/templates/desktop/cmdline.j2 b/templates/personal/desktop/cmdline.j2 similarity index 100% rename from templates/desktop/cmdline.j2 rename to templates/personal/desktop/cmdline.j2 diff --git a/templates/desktop/mkinitcpio/1-modules.conf.j2 b/templates/personal/desktop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/desktop/mkinitcpio/1-modules.conf.j2 rename to templates/personal/desktop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/desktop/mkinitcpio/linux-lts.preset.j2 rename to templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/personal/desktop/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/desktop/mkinitcpio/linux.preset.j2 rename to templates/personal/desktop/mkinitcpio/linux.preset.j2 diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/personal/desktop/modprobe/99-amdgpu.conf.j2 similarity index 100% rename from templates/desktop/modprobe/99-amdgpu.conf.j2 rename to templates/personal/desktop/modprobe/99-amdgpu.conf.j2 diff --git a/templates/desktop/network/enp.network.j2 b/templates/personal/desktop/network/enp.network.j2 similarity index 100% rename from templates/desktop/network/enp.network.j2 rename to templates/personal/desktop/network/enp.network.j2 diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/personal/desktop/network/wg0.netdev.j2 similarity index 100% rename from templates/desktop/network/wg0.netdev.j2 rename to templates/personal/desktop/network/wg0.netdev.j2 diff --git a/templates/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 similarity index 100% rename from templates/desktop/network/wg0.network.j2 rename to templates/personal/desktop/network/wg0.network.j2 diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/personal/desktop/network/wg1.netdev.j2 similarity index 100% rename from templates/desktop/network/wg1.netdev.j2 rename to templates/personal/desktop/network/wg1.netdev.j2 diff --git a/templates/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 similarity index 100% rename from templates/desktop/network/wg1.network.j2 rename to templates/personal/desktop/network/wg1.network.j2 diff --git a/templates/desktop/nftables.j2 b/templates/personal/desktop/nftables.j2 similarity index 100% rename from templates/desktop/nftables.j2 rename to templates/personal/desktop/nftables.j2 diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/personal/desktop/xdg-desktop-portal.service.j2 similarity index 100% rename from templates/desktop/xdg-desktop-portal.service.j2 rename to templates/personal/desktop/xdg-desktop-portal.service.j2 diff --git a/templates/mpd/mpd.conf.j2 b/templates/personal/mpd/mpd.conf.j2 similarity index 100% rename from templates/mpd/mpd.conf.j2 rename to templates/personal/mpd/mpd.conf.j2 diff --git a/templates/mpd/ncmpc.j2 b/templates/personal/mpd/ncmpc.j2 similarity index 100% rename from templates/mpd/ncmpc.j2 rename to templates/personal/mpd/ncmpc.j2 diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/personal/mpd/ncmpcpp/bindings.j2 similarity index 100% rename from templates/mpd/ncmpcpp/bindings.j2 rename to templates/personal/mpd/ncmpcpp/bindings.j2 diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/personal/mpd/ncmpcpp/config.j2 similarity index 100% rename from templates/mpd/ncmpcpp/config.j2 rename to templates/personal/mpd/ncmpcpp/config.j2 diff --git a/templates/mpd/service.j2 b/templates/personal/mpd/service.j2 similarity index 100% rename from templates/mpd/service.j2 rename to templates/personal/mpd/service.j2 diff --git a/templates/mpd/socket.j2 b/templates/personal/mpd/socket.j2 similarity index 100% rename from templates/mpd/socket.j2 rename to templates/personal/mpd/socket.j2 diff --git a/templates/mpv/config.j2 b/templates/personal/mpv/config.j2 similarity index 100% rename from templates/mpv/config.j2 rename to templates/personal/mpv/config.j2 diff --git a/templates/mpv/input.j2 b/templates/personal/mpv/input.j2 similarity index 100% rename from templates/mpv/input.j2 rename to templates/personal/mpv/input.j2 diff --git a/templates/laptop/cmdline.j2 b/templates/personal/xps/cmdline.j2 similarity index 100% rename from templates/laptop/cmdline.j2 rename to templates/personal/xps/cmdline.j2 diff --git a/templates/laptop/mkinitcpio/1-modules.conf.j2 b/templates/personal/xps/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/1-modules.conf.j2 rename to templates/personal/xps/mkinitcpio/1-modules.conf.j2 diff --git a/templates/laptop/mkinitcpio/2-hooks.conf.j2 b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/2-hooks.conf.j2 rename to templates/personal/xps/mkinitcpio/2-hooks.conf.j2 diff --git a/templates/laptop/mkinitcpio/linux-lts.preset.j2 b/templates/personal/xps/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/laptop/mkinitcpio/linux-lts.preset.j2 rename to templates/personal/xps/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/laptop/mkinitcpio/linux.preset.j2 b/templates/personal/xps/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/laptop/mkinitcpio/linux.preset.j2 rename to templates/personal/xps/mkinitcpio/linux.preset.j2 diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/personal/xps/network/wg0.netdev.j2 similarity index 100% rename from templates/laptop/network/wg0.netdev.j2 rename to templates/personal/xps/network/wg0.netdev.j2 diff --git a/templates/laptop/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 similarity index 100% rename from templates/laptop/network/wg0.network.j2 rename to templates/personal/xps/network/wg0.network.j2 diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/personal/xps/network/wg1.netdev.j2 similarity index 100% rename from templates/laptop/network/wg1.netdev.j2 rename to templates/personal/xps/network/wg1.netdev.j2 diff --git a/templates/laptop/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 similarity index 100% rename from templates/laptop/network/wg1.network.j2 rename to templates/personal/xps/network/wg1.network.j2 diff --git a/templates/laptop/network/wireless.network.j2 b/templates/personal/xps/network/wireless.network.j2 similarity index 100% rename from templates/laptop/network/wireless.network.j2 rename to templates/personal/xps/network/wireless.network.j2 diff --git a/templates/laptop/nftables.j2 b/templates/personal/xps/nftables.j2 similarity index 100% rename from templates/laptop/nftables.j2 rename to templates/personal/xps/nftables.j2 diff --git a/templates/laptop/powertop.service.j2 b/templates/personal/xps/powertop.service.j2 similarity index 100% rename from templates/laptop/powertop.service.j2 rename to templates/personal/xps/powertop.service.j2 diff --git a/templates/polkit.j2 b/templates/polkit.j2 new file mode 100644 index 0000000..86a4b5f --- /dev/null +++ b/templates/polkit.j2 @@ -0,0 +1,11 @@ +/* {{ ansible_managed }} + * + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:" + * without password authentication, similar to "sudo NOPASSWD:" + */ +polkit.addRule(function(action, subject) { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); diff --git a/templates/desktop/sysctl/98-forward.conf.j2 b/templates/sysctl/98-forward.conf.j2 similarity index 100% rename from templates/desktop/sysctl/98-forward.conf.j2 rename to templates/sysctl/98-forward.conf.j2 diff --git a/templates/desktop/sysctl/99-sysrq.conf.j2 b/templates/sysctl/99-sysrq.conf.j2 similarity index 100% rename from templates/desktop/sysctl/99-sysrq.conf.j2 rename to templates/sysctl/99-sysrq.conf.j2 diff --git a/vars/laptop/system.yml b/vars/laptop/system.yml deleted file mode 100644 index be95be8..0000000 --- a/vars/laptop/system.yml +++ /dev/null @@ -1,23 +0,0 @@ -platform_packages: - - iwd - - nvidia - - nvidia-prime - - nvidia-utils - - lib32-nvidia-utils - -boot_configuration: - disk: /dev/nvme0n1 - partition: 1 - -mkinitcpio_templates: - - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2' - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - - src: 'templates/laptop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset'