Group/host variable refactor

2025-03-15 00:05:30 +01:00 · 2025-03-15 00:05:30 +01:00 · 4b8aaf3e95
commit 4b8aaf3e95
parent eb308670cc
78 changed files with 445 additions and 374 deletions
--- a/templates/desktop/cmdline.j2
+++ b/templates/desktop/cmdline.j2
@ -1 +0,0 @@
-root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable
--- a/templates/desktop/mkinitcpio/1-modules.conf.j2
+++ b/templates/desktop/mkinitcpio/1-modules.conf.j2
@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-MODULES=(amdgpu)
--- a/templates/desktop/mkinitcpio/linux-lts.preset.j2
+++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2
@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-#
-# mkinitcpio preset file for the 'linux' package
-
-PRESETS=('default')
-
-default_uki="/boot/EFI/Linux/linux-lts.efi"
-default_kver="/boot/vmlinuz-linux-lts"
--- a/templates/desktop/mkinitcpio/linux.preset.j2
+++ b/templates/desktop/mkinitcpio/linux.preset.j2
@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-#
-# mkinitcpio preset file for the 'linux' package
-
-PRESETS=('default')
-
-default_uki="/boot/EFI/Linux/linux.efi"
-default_kver="/boot/vmlinuz-linux"
--- a/templates/desktop/modprobe/99-amdgpu.conf.j2
+++ b/templates/desktop/modprobe/99-amdgpu.conf.j2
@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-# disable Panel Self Refresh for 6.10
-# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514
-options amdgpu dcdebugmask=0x12
--- a/templates/desktop/network/enp.network.j2
+++ b/templates/desktop/network/enp.network.j2
@ -1,5 +0,0 @@
-[Match]
-Name=enp*
-
-[Network]
-DHCP=yes
--- a/templates/desktop/network/wg0.netdev.j2
+++ b/templates/desktop/network/wg0.netdev.j2
@ -1,24 +0,0 @@
-# {{ ansible_managed }}
-
-[NetDev]
-Name={{ vpn_default.interface }}
-Kind=wireguard
-Description=WireGuard tunnel {{ vpn_default.interface }}
-
-[WireGuard]
-PrivateKeyFile={{ vpn_default.private_key_path }}
-
-{% for peer in vpn_default.peers %}
-[WireGuardPeer]
-PublicKey={{ peer.public_key }}
-PresharedKeyFile={{ peer.preshared_key_path }}
-{% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
-{% endfor %}
-{% if peer.endpoint %}
-Endpoint={{ peer.endpoint }}
-{% endif %}
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
--- a/templates/desktop/network/wg0.network.j2
+++ b/templates/desktop/network/wg0.network.j2
@ -1,19 +0,0 @@
-# {{ ansible_managed }}
-
-[Match]
-Name={{ vpn_default.interface }}
-
-[Network]
-Address={{ vpn_default.ip }}/{{ vpn_default.prefix }}
-DNS={{ vpn_default.dns }}
-Domains={{ vpn_default.domains | join(' ') }}
-
-{% for peer in vpn_default.peers %}
-{% for ip in peer.allowed_ips %}
-{% if ip.create_route %}
-[Route]
-Destination={{ ip.address }}
-Scope=link
-{% endif %}
-{% endfor %}
-{% endfor %}
--- a/templates/desktop/network/wg1.netdev.j2
+++ b/templates/desktop/network/wg1.netdev.j2
@ -1,24 +0,0 @@
-# {{ ansible_managed }}
-
-[NetDev]
-Name={{ vpn_media.interface }}
-Kind=wireguard
-Description=WireGuard tunnel {{ vpn_media.interface }}
-
-[WireGuard]
-PrivateKeyFile={{ vpn_media.private_key_path }}
-
-{% for peer in vpn_media.peers %}
-[WireGuardPeer]
-PublicKey={{ peer.public_key }}
-PresharedKeyFile={{ peer.preshared_key_path }}
-{% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
-{% endfor %}
-{% if peer.endpoint %}
-Endpoint={{ peer.endpoint }}
-{% endif %}
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
--- a/templates/desktop/network/wg1.network.j2
+++ b/templates/desktop/network/wg1.network.j2
@ -1,19 +0,0 @@
-# {{ ansible_managed }}
-
-[Match]
-Name={{ vpn_media.interface }}
-
-[Network]
-Address={{ vpn_media.ip }}/{{ vpn_media.prefix }}
-DNS={{ vpn_media.dns }}
-Domains={{ vpn_media.domains | join(' ') }}
-
-{% for peer in vpn_media.peers %}
-{% for ip in peer.allowed_ips %}
-{% if ip.create_route %}
-[Route]
-Destination={{ ip.address }}
-Scope=link
-{% endif %}
-{% endfor %}
-{% endfor %}
--- a/templates/desktop/nftables.j2
+++ b/templates/desktop/nftables.j2
@ -1,43 +0,0 @@
-#!/usr/bin/nft -f
-# vim:set ts=2 sw=2 et:
-
-flush ruleset
-
-table inet filter {
-  chain input {
-    type filter hook input priority 0; policy drop;
-
-    # allow established/related connections
-    ct state { established, related } accept
-
-    # early drop of invalid connections
-    ct state invalid drop
-
-    # allow from loopback
-    iifname lo accept
-
-    # allow icmp
-    ip protocol icmp accept
-    ip6 nexthdr icmpv6 accept
-
-    # allow ssh
-    tcp dport ssh accept
-
-    # syncthing
-    ip saddr 10.0.0.1 tcp dport 22000 accept
-  }
-
-  chain forward {
-    type filter hook forward priority security; policy drop;
-
-    ct state { established, related } accept;
-
-    mark 1 accept
-  }
-}
-
-table ip filter {
-  chain DOCKER-USER {
-    mark set 1
-  }
-}
--- a/templates/desktop/sysctl/98-forward.conf.j2
+++ b/templates/desktop/sysctl/98-forward.conf.j2
@ -1,2 +0,0 @@
-# {{ ansible_managed }}
-net.ipv4.ip_forward = 1
--- a/templates/desktop/sysctl/99-sysrq.conf.j2
+++ b/templates/desktop/sysctl/99-sysrq.conf.j2
@ -1,2 +0,0 @@
-# {{ ansible_managed }}
-kernel.sysrq = 1
--- a/templates/desktop/xdg-desktop-portal.service.j2
+++ b/templates/desktop/xdg-desktop-portal.service.j2
@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Requires=plasma-core.target
-After=plasma-core.target
				`@ -1 +0,0 @@`
				`root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable`