From 970f7489fb1b916bbbf4e02ba7f4ca7ec37d0c6c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 12 Oct 2025 15:33:37 +0200 Subject: [PATCH] Layout refactor Also included provisioning for htpc host --- default.yml | 40 +++ desktop.yml | 34 +++ files/personal/all/gpg/gpg_key | 264 ------------------ files/personal/all/gpg/gpg_pub | 40 --- .../desktop/fudiggity.key} | 0 .../desktop/fudiggity.pub} | 0 .../desktop}/preshared.psk | 0 files/wireguard-media/htpc/fudiggity.key | 7 + files/wireguard-media/htpc/fudiggity.pub | 1 + files/wireguard-media/htpc/preshared.psk | 7 + .../desktop/fudiggity.key} | 0 .../desktop/fudiggity.pub} | 0 .../desktop}/preshared.psk | 0 .../xps.key => wireguard/xps/fudiggity.key} | 0 .../xps.pub => wireguard/xps/fudiggity.pub} | 0 .../default => wireguard/xps}/preshared.psk | 0 group_vars/all/main.yml | 17 -- group_vars/personal/gpg.yml | 8 - group_vars/personal/system.yml | 39 --- handlers.yml | 2 +- host_vars/desktop/network.yml | 5 + host_vars/desktop/system.yml | 46 ++- host_vars/desktop/vpn.yml | 51 ---- host_vars/htpc/network.yml | 11 + host_vars/htpc/system.yml | 44 +++ host_vars/xps/main.yml | 1 - host_vars/xps/network.yml | 5 + host_vars/xps/pa-dlna.yml | 2 + host_vars/xps/system.yml | 49 ++-- host_vars/xps/vpn.yml | 52 ---- htpc.yml | 19 ++ inventory.yml | 7 +- playbook.yml | 67 ----- tasks/{personal => }/desktop.yml | 2 +- tasks/{personal/all/mpd.yml => mpd.yaml} | 14 +- tasks/{personal/all => }/mpv.yml | 4 +- tasks/network.yml | 112 -------- tasks/network/desktop.yml | 27 ++ tasks/network/htpc.yml | 0 tasks/network/main.yml | 28 ++ tasks/network/xps.yml | 47 ++++ tasks/personal/all/wireguard.yml | 112 -------- tasks/setup.yml | 53 ++-- tasks/{personal/all => }/syncthing.yml | 2 +- tasks/timer.yml | 6 +- tasks/wireguard-media.yml | 71 +++++ tasks/wireguard.yml | 71 +++++ tasks/{personal => }/xps.yml | 4 +- templates/{personal => }/desktop/cmdline.j2 | 0 .../desktop/mkinitcpio/1-modules.conf.j2 | 0 .../desktop/mkinitcpio/linux-lts.preset.j2 | 0 .../desktop/mkinitcpio/linux.preset.j2 | 0 .../desktop/modprobe/99-amdgpu.conf.j2 | 0 .../desktop/network/enp1s0.link.j2 | 0 .../desktop/network/enp1s0.network.j2 | 0 .../xps => desktop}/network/wg0.netdev.j2 | 8 +- templates/desktop/network/wg0.network.j2 | 10 + .../desktop/network/wg1.netdev.j2 | 8 +- templates/desktop/network/wg1.network.j2 | 10 + templates/{personal => }/desktop/nftables.j2 | 0 .../desktop/xdg-desktop-portal.service.j2 | 0 templates/htpc/cmdline.j2 | 1 + templates/htpc/mkinitcpio/1-modules.conf.j2 | 3 + .../mkinitcpio/linux-lts.preset.j2 | 0 .../xps => htpc}/mkinitcpio/linux.preset.j2 | 0 templates/htpc/network/enp1s0.link.j2 | 7 + templates/htpc/network/enp1s0.network.j2 | 17 ++ .../xps => htpc}/network/wg1.netdev.j2 | 8 +- templates/htpc/network/wg1.network.j2 | 10 + templates/htpc/nftables.j2 | 29 ++ templates/{personal/all => }/mpd/mpd.conf.j2 | 0 templates/{personal/all => }/mpd/ncmpc.j2 | 0 .../all => }/mpd/ncmpcpp/bindings.j2 | 0 .../{personal/all => }/mpd/ncmpcpp/config.j2 | 0 templates/{personal/all => }/mpd/service.j2 | 0 templates/{personal/all => }/mpd/socket.j2 | 0 templates/{personal/all => }/mpv/config.j2 | 0 templates/{personal/all => }/mpv/input.j2 | 0 .../personal/desktop/network/wg0.network.j2 | 10 - .../personal/desktop/network/wg1.network.j2 | 10 - templates/personal/xps/network/wg0.network.j2 | 10 - templates/personal/xps/network/wg1.network.j2 | 10 - .../{syncthing.j2 => syncthing/config.j2} | 0 templates/{personal => }/xps/cmdline.j2 | 0 templates/{personal => }/xps/iwd.j2 | 0 .../xps/mkinitcpio/1-modules.conf.j2 | 0 .../xps/mkinitcpio/2-hooks.conf.j2 | 0 templates/xps/mkinitcpio/linux-lts.preset.j2 | 8 + templates/xps/mkinitcpio/linux.preset.j2 | 8 + .../desktop => xps}/network/wg0.netdev.j2 | 8 +- templates/xps/network/wg0.network.j2 | 10 + templates/xps/network/wg1.netdev.j2 | 25 ++ templates/xps/network/wg1.network.j2 | 10 + .../xps/network/wlan0-frans.network.j2 | 0 .../xps/network/wlan0-local.network.j2 | 0 .../xps/network/wlan0.network.j2 | 0 templates/{personal => }/xps/nftables.j2 | 0 .../{personal => }/xps/pa-dlna/config.j2 | 0 .../{personal => }/xps/pa-dlna/service.j2 | 0 {group_vars/personal => vars}/mpd.yml | 0 vars/wireguard-media.yml | 22 ++ vars/wireguard.yml | 28 ++ xps.yml | 34 +++ 103 files changed, 782 insertions(+), 893 deletions(-) create mode 100644 default.yml create mode 100644 desktop.yml delete mode 100644 files/personal/all/gpg/gpg_key delete mode 100644 files/personal/all/gpg/gpg_pub rename files/{personal/desktop/wireguard/media/desktop.key => wireguard-media/desktop/fudiggity.key} (100%) rename files/{personal/desktop/wireguard/media/desktop.pub => wireguard-media/desktop/fudiggity.pub} (100%) rename files/{personal/desktop/wireguard/media => wireguard-media/desktop}/preshared.psk (100%) create mode 100644 files/wireguard-media/htpc/fudiggity.key create mode 100644 files/wireguard-media/htpc/fudiggity.pub create mode 100644 files/wireguard-media/htpc/preshared.psk rename files/{personal/desktop/wireguard/default/desktop.key => wireguard/desktop/fudiggity.key} (100%) rename files/{personal/desktop/wireguard/default/desktop.pub => wireguard/desktop/fudiggity.pub} (100%) rename files/{personal/desktop/wireguard/default => wireguard/desktop}/preshared.psk (100%) rename files/{personal/xps/wireguard/default/xps.key => wireguard/xps/fudiggity.key} (100%) rename files/{personal/xps/wireguard/default/xps.pub => wireguard/xps/fudiggity.pub} (100%) rename files/{personal/xps/wireguard/default => wireguard/xps}/preshared.psk (100%) delete mode 100644 group_vars/personal/gpg.yml delete mode 100644 group_vars/personal/system.yml delete mode 100644 host_vars/desktop/vpn.yml create mode 100644 host_vars/htpc/network.yml create mode 100644 host_vars/htpc/system.yml delete mode 100644 host_vars/xps/main.yml create mode 100644 host_vars/xps/pa-dlna.yml delete mode 100644 host_vars/xps/vpn.yml create mode 100644 htpc.yml delete mode 100644 playbook.yml rename tasks/{personal => }/desktop.yml (85%) rename tasks/{personal/all/mpd.yml => mpd.yaml} (86%) rename tasks/{personal/all => }/mpv.yml (80%) delete mode 100644 tasks/network.yml create mode 100644 tasks/network/desktop.yml create mode 100644 tasks/network/htpc.yml create mode 100644 tasks/network/main.yml create mode 100644 tasks/network/xps.yml delete mode 100644 tasks/personal/all/wireguard.yml rename tasks/{personal/all => }/syncthing.yml (90%) create mode 100644 tasks/wireguard-media.yml create mode 100644 tasks/wireguard.yml rename tasks/{personal => }/xps.yml (92%) rename templates/{personal => }/desktop/cmdline.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/linux.preset.j2 (100%) rename templates/{personal => }/desktop/modprobe/99-amdgpu.conf.j2 (100%) rename templates/{personal => }/desktop/network/enp1s0.link.j2 (100%) rename templates/{personal => }/desktop/network/enp1s0.network.j2 (100%) rename templates/{personal/xps => desktop}/network/wg0.netdev.j2 (66%) create mode 100644 templates/desktop/network/wg0.network.j2 rename templates/{personal => }/desktop/network/wg1.netdev.j2 (67%) create mode 100644 templates/desktop/network/wg1.network.j2 rename templates/{personal => }/desktop/nftables.j2 (100%) rename templates/{personal => }/desktop/xdg-desktop-portal.service.j2 (100%) create mode 100644 templates/htpc/cmdline.j2 create mode 100644 templates/htpc/mkinitcpio/1-modules.conf.j2 rename templates/{personal/xps => htpc}/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{personal/xps => htpc}/mkinitcpio/linux.preset.j2 (100%) create mode 100644 templates/htpc/network/enp1s0.link.j2 create mode 100644 templates/htpc/network/enp1s0.network.j2 rename templates/{personal/xps => htpc}/network/wg1.netdev.j2 (67%) create mode 100644 templates/htpc/network/wg1.network.j2 create mode 100644 templates/htpc/nftables.j2 rename templates/{personal/all => }/mpd/mpd.conf.j2 (100%) rename templates/{personal/all => }/mpd/ncmpc.j2 (100%) rename templates/{personal/all => }/mpd/ncmpcpp/bindings.j2 (100%) rename templates/{personal/all => }/mpd/ncmpcpp/config.j2 (100%) rename templates/{personal/all => }/mpd/service.j2 (100%) rename templates/{personal/all => }/mpd/socket.j2 (100%) rename templates/{personal/all => }/mpv/config.j2 (100%) rename templates/{personal/all => }/mpv/input.j2 (100%) delete mode 100644 templates/personal/desktop/network/wg0.network.j2 delete mode 100644 templates/personal/desktop/network/wg1.network.j2 delete mode 100644 templates/personal/xps/network/wg0.network.j2 delete mode 100644 templates/personal/xps/network/wg1.network.j2 rename templates/{syncthing.j2 => syncthing/config.j2} (100%) rename templates/{personal => }/xps/cmdline.j2 (100%) rename templates/{personal => }/xps/iwd.j2 (100%) rename templates/{personal => }/xps/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{personal => }/xps/mkinitcpio/2-hooks.conf.j2 (100%) create mode 100644 templates/xps/mkinitcpio/linux-lts.preset.j2 create mode 100644 templates/xps/mkinitcpio/linux.preset.j2 rename templates/{personal/desktop => xps}/network/wg0.netdev.j2 (66%) create mode 100644 templates/xps/network/wg0.network.j2 create mode 100644 templates/xps/network/wg1.netdev.j2 create mode 100644 templates/xps/network/wg1.network.j2 rename templates/{personal => }/xps/network/wlan0-frans.network.j2 (100%) rename templates/{personal => }/xps/network/wlan0-local.network.j2 (100%) rename templates/{personal => }/xps/network/wlan0.network.j2 (100%) rename templates/{personal => }/xps/nftables.j2 (100%) rename templates/{personal => }/xps/pa-dlna/config.j2 (100%) rename templates/{personal => }/xps/pa-dlna/service.j2 (100%) rename {group_vars/personal => vars}/mpd.yml (100%) create mode 100644 vars/wireguard-media.yml create mode 100644 vars/wireguard.yml create mode 100644 xps.yml diff --git a/default.yml b/default.yml new file mode 100644 index 0000000..16df3af --- /dev/null +++ b/default.yml @@ -0,0 +1,40 @@ +- name: Arch Linux provisioning + gather_facts: true + hosts: all + roles: + - common + tasks: + - name: Generic provisioning + ansible.builtin.import_tasks: 'tasks/setup.yml' + tags: setup + + # TODO: provision ssh client config with modern cyphers + - name: Network provisioning + ansible.builtin.import_tasks: 'tasks/network/main.yml' + tags: network + + # - name: Network host specific provisioning + # ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml' + # tags: network-specific + + - name: Systemd provisioning + ansible.builtin.import_tasks: 'tasks/systemd.yml' + tags: systemd + + - name: Systemd timer provisioning + ansible.builtin.import_tasks: 'tasks/timer.yml' + tags: timers + + # Note: Disable DoH in Firefox to fallback to system's default DNS + # resolver, see + # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/mpv.yml' + tags: mpv + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: 'handlers.yml' + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/desktop.yml b/desktop.yml new file mode 100644 index 0000000..ab87111 --- /dev/null +++ b/desktop.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: desktop + gather_facts: true + tasks: + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + # TODO: provision current macvlan setup + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/desktop.yml' + tags: desktop + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/files/personal/all/gpg/gpg_key b/files/personal/all/gpg/gpg_key deleted file mode 100644 index 5fcab22..0000000 --- a/files/personal/all/gpg/gpg_key +++ /dev/null @@ -1,264 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34663932363439393536333037386165353635363461356133643930373232633664343737396263 -6332613133646434333332356135336164346237383237360a643035653161363964333136346533 -37353332656361653662623137643735326532393234366165316234323364656261343132393831 -3034626136656162350a333362643166383138306136646331373439623232373532633130313262 -36356134386565343333353136616263623265623438653663336435376134346563663365373930 -30616435316364613139666661343633363436343635666661646635393661373739653765373363 -30343434396537666234306561353636323365666165333131623365383535396634623539626565 -39363138323638323234326433333066393933373839623834663632373438613339613963383333 -38333866386466303634363362323964653663613966333032633130613336366363326561363433 -30633737316535303366396563333532313036623236376430613234376637336131323666373762 -61383338303536316462616332613562636263343236616635656238653532336561623334356533 -30313662353662376530353933656464383039336664333935653834303833313230323838373838 -63643766303462306130386130333066336466313862366538383230366661373666306638353137 -62643466306435343739363138313433656336643538333133343764326238336137333939636336 -65613238396437623866616330393166363462666532373731613232393966323835346566306333 -32646432623833653761363839323237633863383666373862363761346665306265623366363635 -65326237363361353233646661646330386630653961363862363463326339633532346130396134 -31313730613134633133633362393464623663313031623862373937313763653838343935366335 -35626466346666633961363132343933393066303539353239653662373432623432336662343661 -31343434313461326263373264613538653937336336613031313637633564316134323335653638 -66353733386662616162303032363361393661653935633237323131613331613364333264353232 -30626637663366363630343764303863353035653535343931346636633636643365373237383030 -35393734663661323334373436323437393830636637383566366434663666366531323434653535 -38353064373038336362623735386532396433353063616337326636383065633035386134326533 -37323761393465303563306661646433646532643935323665636265323133623265383437336131 -31316366643932356538393932343238353165303565643663396363636135313561626132353635 -37613737356136623061353734353561653332363031613738636362363061646330303432326436 -62633334393066353835653430363561396131646534653138333263646436633038303135383564 -62386639663833346565356362633662626139666431323830323134613633343062626565653837 -37666366643631666639303131656264613665636631333335316462326431393866626131613962 -31393330663537356438623564313164316439313136333033666663303662633763363264346363 -32663634303131303939333639386536363835346539623835326530303334353463316261393665 -35613365316337363664623739323632333062393662336662323330363162636333623031323166 -37626166653166333136643764663161386434393838633566633835616235656666346464313733 -63636333666432666137373366313261656566646338626264633764633164376235326433646163 -35333935666563366631376366626335653261383033633031393631363435346233323230373266 -62333538616339333532353039343932636633363838376230336465303963663932396265613064 -30323034316232343562386261303264353238346262366639366561303931633563666134393632 -63376330663534346466363439393864373536643230316564373463356231393632666161626432 -61636330356330646432663636383764363431376364626331326664666361326636613031323161 -39633965373763326337646436653739643831376661353562663438333562306238613562326136 -64363231616362653965363039356463363735363231396566336562373762333534646430626534 -36643335663037643066656266636237636161336163326237613964393664666339333833393264 -34323235636431316537303964306165613636656465636131373037353530386136343864306466 -33386662613564646332343866313534316534303738366431626662376562346662663231383039 -30636363373336356438656636363966663563353734643230666233343539643838373065313361 -35336338303631333332646266303162383064626237623335663766613931363233366161663438 -64306236366432383663346639626162353365626137353239356531323662613163643635663262 -37666363393331336531653433323038626537336634326164356632373635303236613935643538 -31313064646136373862366535396266633430313338303533383463373933313836633066666535 -64643034316366656534393163633732323339356337616632383036646366656633303435386664 -65663831356432616538336565343639653062623937663766613361623566336463303165313832 -32353466373430386662343165306264333833656339623639383938663330333464616338343230 -34636433333130306635666633383961363366393036373465396432386534653065643231366166 -30643064353638653762363864313931616336386630356630623838373934346633356364386634 -61643632626636313461363862653532636634623563666237616632396233303338356162326536 -33376264383438376364306530653839303062313264366238343834343063363066383534373365 -61633863343939303433396461353963663331326363316333393339633637343933306563663034 -39356665663435336238326230633135383337306662393935353433623437343836376436613864 -31373136633434623130383436383737396232643033633638356536613932663166633461376633 -62623064623064396638343866663931323061383036313961316632636435653435346263323233 -66396465366266363462303165376133656262663664383963386438326635313161643861306237 -32346531303237343161333261323536386366666135386364316233643361366138363633333566 -37333838333433633336343639333134386233383738373563346536323138383733623831613635 -38663237303363386664373236373033623238373933313236383439346564363538613863633466 -33343166653136653264643130346438393238366637376337653835386539656133356361666430 -32373162363134326631333965646562353132623064623430366334616666636632623039623639 -64373334356334646561313031643331643463306566383163393534303936656532303064666235 -30373262373138383438316361653665393833653164346465323438396430343165393735316561 -62653034653565343239663838646362376538653033343863643339356532646238393362346133 -64613330653565623166636264373663623138313362393833353932653361363138623538343164 -38646666323065363034376536656431613936303133396232383166386534326339323061376337 -61396661313030376536363939346365343235616465633264643731316535313863303562353030 -32303530303762303466303262643537326531376264343634646534333932333136636238623138 -34616663643430303865353963633735333762356562373762333265616438313434393938323938 -66336235656530633838653331663263643432323763393963313661323731343365396364616361 -62346335353133383630613963323838323361333166346132323066616239633261613039666532 -32663365356330383438623863626334313962356431333730353264623337643239653465653037 -35316131336565393063656564353132313136366364376535613761326632396162633166313763 -63306562363061376261323064313465346231336539656430643165376337363434393163663238 -34613132316465663561623265313833643964323430376239646262653833633462396134343565 -31613837323362356464633739613464663435613734653432373566353461633366343836623233 -32346432363234343934653432383732346230323932373635643362633530333837313332383165 -37616231346163363734633030333464616438626138616163663161373362623961626362353234 -39353262323664663861663637386634623463626433386538386531653537616633326533323734 -66326530393537363538306337383738353164326161383736653465346265393837633831643732 -63623764393737653062623462626563363561386531386630336639316230633663356235653036 -30363439376637373364373331306564343135633864393934373365376361623937613133613435 -36373036313838373362656134323138346264303333326237356562313164353636396334316237 -31376136323037326139373930663635313864323061656132356239623763623233646562393939 -64636661666139633331343131633731336365623335353633313363346231396336346339346438 -62353266396566386539306132373636646134363962646131313938356135373632383437333865 -32373163616461373464613661623232623162643334646364333535373437333437666665623065 -33326366646338626662636134653965303866646463366630653939623031316564303664623862 -33393661316638663661646434393934313534623465313766643638373134383764333634376333 -30313263613539333638653439303038383835646137653435636338623165386539633463323663 -62323933653733346566666234333930343466613563653365386237373963636536666636393838 -31636266396236633336383434323131626464393061386566316132303064636434623838643039 -62303136373234623961333336323764643034613664653963366336356332393761633233646534 -66623464626165356432303633653338636264386462343233653139626431633466316330356538 -66393035623035653163343231316230316661666337643461633136306663663231313237643038 -65633366643238323162336166613662313536623866616262663965343565646237393861353263 -62653634653131303433353635656239666436623663306464396133656664383430323832336632 -33363066376237323661353330646233633865666439313964396462373733336465326434626336 -32363362393536356463666233633664306235633732626434623033633632636330663463336365 -66363631303836613332643566333930643333333536356234323666353130396230353630376263 -30353530303865636461356634336534633362363763353961383631343061656435623261616363 -36326132386432653065666163373430623435336666653366333065343334643832643730336331 -61386434326434323761323433343838306238643534376238623730613463396337323862303264 -33373966353033623064353562666639343732353965653366623533373034656135633065343463 -37616332663232613865333062383539633531613735653436323337643063653463333937353632 -62303364366134643830303363303633386266343137633134653537356633383832303932643863 -66356662306434346338333536623061333864376539663135383938323238393638656639623436 -39663930356363616138643736303062306136626239626434303062393035333762373933313638 -39646331626464626339663232326430613163663763316232663837633363343432633662393531 -38313462313830653863376637393765366239393734356334323765396632346138303038313834 -32353637343038363039643164646362313866376562633161343763316164393736663565393166 -66653462633936653364636530383333323636313230323030323131383736643262383561333938 -35393934333361383562373935363465373436356662396331633233633566346231323863346637 -38636631656364376335336638666563333466386437366533613564366132316430646562646232 -64393533333933626439313935373335643332326564333932366634316463343039633630616265 -65363162366634613763653061366138616663643630336430386661616564616264636263383932 -32343766373839356539663432643230386263343630326162633363326262663937646564343365 -61316564333365373230313463383731653337326263303935633438643934623135623763616564 -34376363393531353162303163653265386566396135313161393836336439393139646530623438 -31376631316233333234396533653061663461666632313839653531643432343530353132646132 -36373738643465643634316637373763666338666633623263666134346634373836313266613732 -35326539383534353437613962343732646533326139643263343236396462306666316165663665 -37643961623662663836383837303939613864373163303734623663646632376162356564663031 -31626334316565656464326537323163373938316562386166666137356632316363343237346531 -37656166343639343565653433616136353533353531336561633330313861326237343739316165 -39313232663630396136386137633039313561373930386233663862643734373532313632373538 -63353938663434653630633038323665333462663731646537353765323361353762653637613331 -35663331323831313865306664313131336633636264313061316164303137353836366266366261 -32626165646363623663613263633131396264623531386561336563393539363839393433393563 -64633762393838636338353566373864363364646538353536346332623662353034326638633038 -36336566626636666138353334363437363265653331343130653836636335663736653634313662 -38633135623732336166366136316531306565326435346235643563633932383637393236636666 -66616562393564623165646261646533313238346362353431306135653938636663663232323830 -62393333326135396636646662333332303434396235343639633939396664356463333533333430 -66383231616339353932613836666632303064393136366632663439353062356565343634386364 -64303736376639363762386237336630653132633063656363333136303631386430353662316463 -65363666666434346364333937636137343734636163303166653062396330343835616165386663 -35663563353134623336386363356632643138626135366137636563623532373764633966346437 -61353861326535663431623235653665633030626365333134383434626330313930343462353662 -32353965623662353637326562613266633866616334333563646430613763383739333637363034 -35616263393066383138336366353061386364613666633131646262383230393766393864393735 -64643633336136376132303065353630326465366336646435396663616364663036616639393637 -35386633303433616337396262336330376536356366653536363861616539343936323539373766 -65396638353163636664666333663139343762623335646366336564393036353932323561353931 -38373636636464373035663163356562636230616633636565353166663563616365363037656364 -64623861353164323262343532626232646264626164373536653531333938663734323866653636 -30326364333561353966323463623936333266663831383736386233633964613066356461303965 -33343730623936613036333266313533666530313261303765646536346134346331643935376463 -33326630313436653839303663336636373239633232353865366531663138666466306638653265 -34393664646636636366346438313133393961373231333561313366396538363634333264613166 -38353562663732613064396461346231633464626333663736356431323361616236343430613830 -66356361333135363236636434326534323466636531356539613462306533353336373363353330 -37633661303738363436366234633439383138363030323561333564616133306432383336646431 -37653364316165653666633539316539336465643832356133653736313239626466643162363939 -36323562383865633134393232343439353836306364646632636661363339393139386639356661 -63306232326431343532373737626233363036333763343933633832653766376432376235623534 -36323765666133353238393435376262343233633162633964363038643834636537396562333736 -38363935633134326461376530373630343937323036326563626364316335313839626665393837 -38313435323761343139386530346662326265626666353239356462326333333538346161313438 -36313430386332623365393835343862613338343666633930663634336263306361333861636337 -34313334613761386533636337306664613665643334396661316137376135613161353035383633 -31333664396638316465306635656139616265353639333164656666383733373433333762363435 -37666432326462393135616338633330343332383065356265653563346465343234383036316336 -39653438353839386337396530366364323235393463633464313239356333333163656561376330 -35613137636131306630363335343031633161613733376262636336313638326131343165383231 -64326566393536363937623539386235373561323935646366353165616463376237633964633464 -33353732376337323338316166643236303336393034356639623861333766303034353963396236 -38356338643634363765313664643862323061376331376232366165633830626263303163643433 -65626634343339303031653432663531366639613362613039653638383465353434333639333865 -64383030623538646465363363393161633762313135616432386130663164353033343466393132 -35633763636261616434313531663039363662653962333139303138623838363163653866613539 -36323031633230376632376533613435616239323231613635396435373833353064623834653863 -65663163393933323934323364366535383935303233323639373531646165663535356634393464 -34623532333831306563326237373933383832643637326464656666373339303237363232313938 -63373936393563386530646565346563373337383262616338383531396262626134376136303163 -31653839316339616439366135346337366231363630366264373936356538316564636330373766 -33373961636233383231333464663962666136396437373361666538343065366662623364323237 -64666237663236326661313866306336323564666263373334303266306562343239383866666365 -34313665633465353865333362666564336532663766393134363764653736653237653133313833 -63306463326161373639363362333538373263393564303065656236323363663939366638323762 -36663763313537643066623161313035616462343631336264656664643861643232383561636664 -36633836353435373161666662633838623336366161643365363136386466323937646633313731 -64373739623335353966333833316563386237373031633132353638663435646234666263633435 -34663365313863633236343936633865356166366430383339303138646163383237396239663132 -62353465623566613564333039653466666366396436386461326335373662343262386263356264 -30616538666665393561333630383037656131646239336437393737623862333532356463656435 -63623766373934393264613237653363636261333265613438373762353230393835313235633164 -62323335636333376236306261643931616230666465366666373230393438633365323135666233 -39653332643336313537396463623639646364356136303533623764376538353439303037316535 -61643961353364373638366232363461336238343363636230373834346464376261646630393866 -39376633393735646662613834626263333163383534366463333161396165343666626639326639 -32643064366565333432353430636235336238353836363331646166396533313966663664666666 -61626462653134643266353039653033383431626538346430356564353664633439356434383930 -66353736343839383165383064663039333061643363363265383030396333393762393763616638 -31386535653432323661656132343363646661656637313130353137313362373439373032613731 -65333463623961613138396633353837353061353166383837656333643836343635623363613366 -63346336636165326661363533306139643930393437666332386337373965373761393034616631 -63366632306539623633623731313233333966633735626665643562623639396537343434633835 -33383638613031356631643235326138383664376430623463323062663635623732326639396636 -38336331353336663831346530336439376634396338633664616562363135326430666238653261 -64653132613533383738663832316561613232366339316662633630366164393334356332386162 -64393965393534316136653234396162313631646332653539623362353662333337336634383736 -65616335656663393239643533623466656435383732333666396661663662306635313034306362 -38623137653464376431393731636463613866313166643165636630316364326433326132396161 -61343335336664366536656639653238313736633565343533643034646361653430396132616439 -64373231393232346163643262396233613231373561663835333065363461343263356565336530 -35333535646632303039636664306364623839306139343265666632383638333735613837316561 -33323733353937393831383565363436303638353362323432653963326562333532653864616634 -35616632646234343862643531613236636236616534623231643663393633363831663661626138 -35633763366530363339346132643163613739653532626263336565626261646264303334393834 -31663231326562663964643633316438363161653535396435646362383036656363356137663636 -31336163303766633236333465653864663539353633386664303038646663366363646566336466 -33303435393739636131636166656237323436636237353863646365326639636166363739333439 -64373139626465656264313837363233653334393033343663396563666530373538613036653064 -39396231393662396565313066616164353031613833396331666131653031623261663038336563 -36653835333538386561643033623865383338366463646465666431383833633939376565616230 -62643063333631643439643333316563303465383563393130303634333130303330663134363436 -66386132663065656464323034306132613531343037396561626234626438333063393433316633 -63636264306163636631653732396166643934643866393064353364316264333662646665636663 -66393265636230303536656535623962643934316138393532663262653966626536323233623737 -38353730343538323231623531336436333133326334343238616630656531613538316130623761 -34646233613139343231366232636565316232356365643164653933643132356432613761613636 -34363831353935656437633034333232653938613365613066333361393164623864373339313730 -62373537366466356162343663626561316530373365386437656264396433303433623134616464 -36616530363438366238393136663239623362326533636363353435653261386137616361346164 -38653636373063663932336435626361613934393432646139353833306436346662356539333131 -62326361366635643830356639326234656662316435383031343039653830393664373033653735 -61616233313138663438376632336162656139346430326562363231333430626166363031336435 -62333338623339613633313061656332613630383338306534623034316135393233616539376434 -38326234353963616234623232643839373038643933383631636635613538393262303431373364 -63376463656263313230653832626262363537363735336237306636373435616566613832316338 -64393361393064346432666539643364313433336361333262383934633066363535646562383262 -33383334376238653339323362316330303863653762306636373931633534303731336234636532 -34356361346436323363333430313231643732623461366236306338636431303632373264616139 -36376630323265623831636265633866366136316631396239646266666564313062646637636262 -35353165643464346564323937636463643832616331623036396636383133643731613033393432 -61393833656430333537653332313931663435663838646633303435626139306336623762636462 -32313934306531643662343163323630646562363134303266366530323766353138643266396633 -35396662303566343235653131613830323538363263643939666362656665313135306362363037 -36303238616634363337613935373435303931313866333565666638383835656637366464396136 -64303237646138373339376161666265303632626136353261383438386637616564616436306336 -33613164323037303530373431333565643734313636613838373638326234343531613136356566 -30636337393463396436303530653330323639386438353439613761643831316533353166333539 -30393161646239663935393438646334666530363565333964366364353530353861666633646563 -65626262643666656166306633326463363666633731363431626463616433643732353962633464 -39666533396232616130666131613232643762623562383662346366316466333339313836393737 -33353635396536333464663836366262356164666266663039623334666334343939313638346464 -63383664346635633365633962376238653365656331313362313536663138663464666436613132 -62656638396261613136393330623437383561386163653938323831373932353764623865306664 -35393130323464653266353563383663336233313361323133313435643564663063336335626266 -39396239643031666133656461393535663661643036326666663330656130313038636537386562 -39346439613333363061633364316166643135353832386432616362643337373363313931383135 -64613366373464363062386231303736336130613164366661363434346464383936646366613737 -38313730376436306165663466623335646533666138623564363466633938393139323836643865 -37373636653937343937303462663235353238656439353837663264663366396664386466646638 -34653266313135326130613531386239336538666364356234663164353662396565626361323238 -656463383063623064336666333062386432 diff --git a/files/personal/all/gpg/gpg_pub b/files/personal/all/gpg/gpg_pub deleted file mode 100644 index c38c90d..0000000 --- a/files/personal/all/gpg/gpg_pub +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES -AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp -nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI -W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy -a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot -vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF -3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ -vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9 -ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy -xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC -HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT -YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz -ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x -m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au -cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD -1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL -WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp -R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if -0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp -QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U -nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G -0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW -XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua -Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I -tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP -CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK -Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh -BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi -YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL -psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18 -Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU -8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/ -FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA -TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM -ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P -hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g== -=KJ2a ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/personal/desktop/wireguard/media/desktop.key b/files/wireguard-media/desktop/fudiggity.key similarity index 100% rename from files/personal/desktop/wireguard/media/desktop.key rename to files/wireguard-media/desktop/fudiggity.key diff --git a/files/personal/desktop/wireguard/media/desktop.pub b/files/wireguard-media/desktop/fudiggity.pub similarity index 100% rename from files/personal/desktop/wireguard/media/desktop.pub rename to files/wireguard-media/desktop/fudiggity.pub diff --git a/files/personal/desktop/wireguard/media/preshared.psk b/files/wireguard-media/desktop/preshared.psk similarity index 100% rename from files/personal/desktop/wireguard/media/preshared.psk rename to files/wireguard-media/desktop/preshared.psk diff --git a/files/wireguard-media/htpc/fudiggity.key b/files/wireguard-media/htpc/fudiggity.key new file mode 100644 index 0000000..118a8a6 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +30313239376562613332383265336333613266663264383636666437643436623462663861333639 +3830623835333263353863363535376532623262323535610a663330316133376131303465326665 +35663564623737636136306338623531653162633237636361643764343030353262616139623735 +3532626238316664310a336335633564396638303236333838363264613861616637343833363665 +39366264306438643662313130396135363461656466626436663339313337613830623364646637 +3735323933323563646563393532306237336165633534353735 diff --git a/files/wireguard-media/htpc/fudiggity.pub b/files/wireguard-media/htpc/fudiggity.pub new file mode 100644 index 0000000..cdbb114 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.pub @@ -0,0 +1 @@ +XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg= diff --git a/files/wireguard-media/htpc/preshared.psk b/files/wireguard-media/htpc/preshared.psk new file mode 100644 index 0000000..82ca126 --- /dev/null +++ b/files/wireguard-media/htpc/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +65363636336134323530333461393634666334383464356239613765396465373635353465323262 +3163343634336361323765623365633637663436616539340a376566313735316262366237366435 +33666634663966386434656363633136393565336134323465306264633630333131356539623862 +3666343633396634650a626263653632643333346564303065316634643763303036376332336333 +39323430306564346635393535313233363235316535656362363931323862303530363136663961 +6139326230353537643537346664623332383863323332633565 diff --git a/files/personal/desktop/wireguard/default/desktop.key b/files/wireguard/desktop/fudiggity.key similarity index 100% rename from files/personal/desktop/wireguard/default/desktop.key rename to files/wireguard/desktop/fudiggity.key diff --git a/files/personal/desktop/wireguard/default/desktop.pub b/files/wireguard/desktop/fudiggity.pub similarity index 100% rename from files/personal/desktop/wireguard/default/desktop.pub rename to files/wireguard/desktop/fudiggity.pub diff --git a/files/personal/desktop/wireguard/default/preshared.psk b/files/wireguard/desktop/preshared.psk similarity index 100% rename from files/personal/desktop/wireguard/default/preshared.psk rename to files/wireguard/desktop/preshared.psk diff --git a/files/personal/xps/wireguard/default/xps.key b/files/wireguard/xps/fudiggity.key similarity index 100% rename from files/personal/xps/wireguard/default/xps.key rename to files/wireguard/xps/fudiggity.key diff --git a/files/personal/xps/wireguard/default/xps.pub b/files/wireguard/xps/fudiggity.pub similarity index 100% rename from files/personal/xps/wireguard/default/xps.pub rename to files/wireguard/xps/fudiggity.pub diff --git a/files/personal/xps/wireguard/default/preshared.psk b/files/wireguard/xps/preshared.psk similarity index 100% rename from files/personal/xps/wireguard/default/preshared.psk rename to files/wireguard/xps/preshared.psk diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index fbc2f9b..9084ba3 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,34 +1,17 @@ -ansible_become_method: community.general.run0 - packages: - - firefox - - keepassxc - - gimp - nftables - - okular - - postgresql - - plasma-meta - - wezterm - tmux - unrar - vim - git - openssl - - kmail - iproute2 - curl - reflector - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - otf-monaspace-nerd - systemd-ukify - efibootmgr - git-delta - - aspell-nl - - aspell-en xdg_config_dir: '{{ ansible_env.HOME }}/.config' xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' diff --git a/group_vars/personal/gpg.yml b/group_vars/personal/gpg.yml deleted file mode 100644 index 542a8a9..0000000 --- a/group_vars/personal/gpg.yml +++ /dev/null @@ -1,8 +0,0 @@ -gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1' -gpg_passphrase: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61383265343062663836623033343538333562636433383735383862306465316439376333373563 - 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 - 36616636363134386333616137656333353439633832633731373834336239393337316366626462 - 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 - 3463 diff --git a/group_vars/personal/system.yml b/group_vars/personal/system.yml deleted file mode 100644 index f3e9732..0000000 --- a/group_vars/personal/system.yml +++ /dev/null @@ -1,39 +0,0 @@ -packages: - - keepassxc - - gimp - - nftables - - okular - - postgresql - - plasma-meta - - wezterm - - tmux - - unrar - - vim - - git - - openssl - - kmail - - iproute2 - - curl - - reflector - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - - aspell-nl - - aspell-en - - # custom packages - - firefox - - mpv - - youtube-dl - - nfs-utils - - syncthing - - mpd - - wireguard-tools - -vpn_config_dir: '/etc/wireguard' diff --git a/handlers.yml b/handlers.yml index 0af528a..dae3fe5 100644 --- a/handlers.yml +++ b/handlers.yml @@ -44,7 +44,7 @@ state: restarted enabled: true -- name: start systemd-resolved service +- name: restart systemd-resolved become: true systemd: name: systemd-resolved diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml index 25eaf55..1010119 100644 --- a/host_vars/desktop/network.yml +++ b/host_vars/desktop/network.yml @@ -6,3 +6,8 @@ local_network_dns: 9.9.9.9 149.112.112.112 local_network_gateway: 192.168.2.254 hostname: desktop + +wireguard: + ip: 10.0.0.3 +wireguard_media: + ip: 10.0.1.3 diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 67054cd..93a9275 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -1,15 +1,53 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - aspell-nl + - aspell-en + modprobe_templates: - - src: 'templates/personal/desktop/modprobe/99-amdgpu.conf.j2' + - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' dest: '/etc/modprobe.d/99-amdgpu.conf' mkinitcpio_templates: - - src: 'templates/personal/desktop/mkinitcpio/1-modules.conf.j2' + - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - src: 'templates/personal/desktop/mkinitcpio/linux.preset.j2' + - src: 'templates/desktop/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/personal/desktop/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' boot_configuration: diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml deleted file mode 100644 index c738313..0000000 --- a/host_vars/desktop/vpn.yml +++ /dev/null @@ -1,51 +0,0 @@ -# TODO: scope variables to their destination file -vpn_default: - ip: 10.0.0.3 - prefix: 24 - interface: wg0 - dns: 10.0.0.1 - domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.0.0/24 - - 172.16.238.0/24 - - 172.32.238.0/24 - - 172.64.238.0/24 - - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' - public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk - -vpn_media: - ip: 10.0.1.3 - prefix: 24 - interface: wg1 - dns: 10.0.1.1 - domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: files/personal/desktop/wireguard/media/desktop.key - - peers: - - name: zeus-media - allowed_ips: - - 10.0.1.0/24 - - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' - public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml new file mode 100644 index 0000000..10fc32b --- /dev/null +++ b/host_vars/htpc/network.yml @@ -0,0 +1,11 @@ +lan_interface: enp1s0 +lan_interface_mac: bc:fc:e7:6e:73:53 + +local_network_address: 192.168.2.30/24 +local_network_dns: 9.9.9.9 149.112.112.112 +local_network_gateway: 192.168.2.254 + +hostname: htpc + +wireguard_media: + ip: 10.0.1.8 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml new file mode 100644 index 0000000..fa2d07a --- /dev/null +++ b/host_vars/htpc/system.yml @@ -0,0 +1,44 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - firefox + - mpv + - yt-dlp + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - pipewire + - pipewire-pulse + - pipewire-alsa + +modprobe_templates: [] + +mkinitcpio_templates: + - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/htpc/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +boot_configuration: + disk: /dev/sda + partition: 1 diff --git a/host_vars/xps/main.yml b/host_vars/xps/main.yml deleted file mode 100644 index 1224e3b..0000000 --- a/host_vars/xps/main.yml +++ /dev/null @@ -1 +0,0 @@ -wezterm_font_size: 10 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index 9150f86..864536b 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -13,3 +13,8 @@ frans_network_gateway: 192.168.2.254 default_network_dns: 9.9.9.9 149.112.112.112 hostname: xps + +wireguard: + ip: 10.0.0.2 +wireguard_media: # TODO: add missing credentials + ip: 10.0.1.2 diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml new file mode 100644 index 0000000..4361051 --- /dev/null +++ b/host_vars/xps/pa-dlna.yml @@ -0,0 +1,2 @@ +pa_dlna_version: 0.16 +pa_dlna_systemd_version: 0.0.9 diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index 23170ef..53ed97b 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -1,41 +1,40 @@ packages: - - keepassxc - - gimp - nftables - - okular - - postgresql - - plasma-meta - - wezterm - tmux - unrar - vim - git - openssl - - kmail - iproute2 - curl - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail - pipewire - pipewire-pulse - pipewire-alsa - merkuro - kmail - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - aspell-nl - aspell-en - # custom packages - - firefox - - mpv - - youtube-dl - - nfs-utils - - syncthing - - mpd - - wireguard-tools - # custom host packages - iwd - nvidia @@ -48,14 +47,16 @@ boot_configuration: partition: 1 mkinitcpio_templates: - - src: 'templates/personal/xps/mkinitcpio/1-modules.conf.j2' + - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - src: 'templates/personal/xps/mkinitcpio/2-hooks.conf.j2' + - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2' dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - src: 'templates/personal/xps/mkinitcpio/linux.preset.j2' + - src: 'templates/xps/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/personal/xps/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' + +wezterm_font_size: 10 diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml deleted file mode 100644 index 59ab2e1..0000000 --- a/host_vars/xps/vpn.yml +++ /dev/null @@ -1,52 +0,0 @@ -pa_dlna_version: 0.16 -pa_dlna_systemd_version: 0.0.9 - -vpn_default: - ip: 10.0.0.2 - prefix: 24 - interface: wg0 - dns: 10.0.0.1 - domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.0.0/24 - - 172.16.238.0/24 - - 172.32.238.0/24 - - 172.64.238.0/24 - - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk - -vpn_media: - ip: 10.0.1.2 - prefix: 24 - interface: wg1 - dns: 10.0.1.1 - domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' - - peers: - - name: fudiggity-media - allowed_ips: - - 10.0.1.0/24 - - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' - public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk diff --git a/htpc.yml b/htpc.yml new file mode 100644 index 0000000..28ffd78 --- /dev/null +++ b/htpc.yml @@ -0,0 +1,19 @@ +- hosts: htpc + gather_facts: true + +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: htpc + tasks: + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/inventory.yml b/inventory.yml index 6aab803..6e289f8 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,6 +1,11 @@ -personal: +all: hosts: xps: ansible_connection: local + ansible_become_method: community.general.run0 desktop: ansible_connection: local + ansible_become_method: community.general.run0 + htpc: + ansible_connection: local + ansible_become_method: community.general.run0 diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index a25464c..0000000 --- a/playbook.yml +++ /dev/null @@ -1,67 +0,0 @@ -- name: Arch Linux provisioning - hosts: personal - gather_facts: true - roles: - - common - tasks: - - name: Verifying that a limit is set - ansible.builtin.fail: - msg: 'This playbook cannot be run with no limit' - run_once: true - when: ansible_limit is not defined - - - name: Generic provisioning - ansible.builtin.import_tasks: 'tasks/setup.yml' - tags: setup - - # TODO: provision ssh client config with modern cyphers - - name: Network provisioning - ansible.builtin.import_tasks: 'tasks/network.yml' - tags: network - - - name: Systemd provisioning - ansible.builtin.import_tasks: 'tasks/systemd.yml' - tags: systemd - - - name: Systemd timer provisioning - ansible.builtin.import_tasks: 'tasks/timer.yml' - tags: timers - - - name: Personal provisiong - when: "'personal' in group_names" - block: - # Note: Disable DoH in Firefox to fallback to system's default DNS - # resolver, see - # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' - tags: wireguard - - - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/mpv.yml' - tags: mpv - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/syncthing.yml' - tags: syncthing - - # TODO: provision current macvlan setup - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/personal/desktop.yml' - when: ansible_hostname == 'desktop' - tags: desktop - - - name: XPS provisioning - ansible.builtin.import_tasks: 'tasks/personal/xps.yml' - when: ansible_hostname == 'xps' - tags: xps - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: 'handlers.yml' - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/tasks/personal/desktop.yml b/tasks/desktop.yml similarity index 85% rename from tasks/personal/desktop.yml rename to tasks/desktop.yml index 7ebea99..a5134cd 100644 --- a/tasks/personal/desktop.yml +++ b/tasks/desktop.yml @@ -6,7 +6,7 @@ - name: Copy xdg-desktop-portal.service drop-in ansible.builtin.template: - src: templates/personal/desktop/xdg-desktop-portal.service.j2 + src: templates/desktop/xdg-desktop-portal.service.j2 dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' mode: '0755' notify: user daemon-reload diff --git a/tasks/personal/all/mpd.yml b/tasks/mpd.yaml similarity index 86% rename from tasks/personal/all/mpd.yml rename to tasks/mpd.yaml index 41b1467..f3e29b7 100644 --- a/tasks/personal/all/mpd.yml +++ b/tasks/mpd.yaml @@ -1,13 +1,17 @@ +- name: Include mpd defaults + ansible.builtin.include_vars: + file: vars/mpd.yml + - name: Copy systemd configuration files ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/all/mpd/service.j2' + - src: 'templates/mpd/service.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - src: 'templates/personal/all/mpd/socket.j2' + - src: 'templates/mpd/socket.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service @@ -51,11 +55,11 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'templates/personal/all/mpd/mpd.conf.j2' + - src: 'templates/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/personal/all/mpd/ncmpcpp/config.j2' + - src: 'templates/mpd/ncmpcpp/config.j2' dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/personal/all/mpd/ncmpcpp/bindings.j2' + - src: 'templates/mpd/ncmpcpp/bindings.j2' dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service diff --git a/tasks/personal/all/mpv.yml b/tasks/mpv.yml similarity index 80% rename from tasks/personal/all/mpv.yml rename to tasks/mpv.yml index 5369c93..3b4c52a 100644 --- a/tasks/personal/all/mpv.yml +++ b/tasks/mpv.yml @@ -10,7 +10,7 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/all/mpv/input.j2' + - src: 'templates/mpv/input.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' - - src: 'templates/personal/all/mpv/config.j2' + - src: 'templates/mpv/config.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/network.yml b/tasks/network.yml deleted file mode 100644 index 0e35a82..0000000 --- a/tasks/network.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Note that Wireguard does DNS resolution only once during connection. -# When a client's IP changes, the server should be notified in some way, -# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` -# for example. - -- name: Set hostname - become: true - ansible.builtin.hostname: - name: '{{ hostname }}' - use: systemd - -- name: Copy hosts file - become: true - ansible.builtin.template: - src: templates/hosts.j2 - dest: /etc/hosts - mode: '0644' - owner: root - -- name: Copy firewall template - become: true - ansible.builtin.template: - src: "{{ lookup('ansible.builtin.first_found', paths) }}" - dest: /etc/nftables.conf - owner: root - group: root - mode: '0600' - vars: - paths: - - 'templates/{{ ansible_hostname }}/nftables.j2' - - 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2' - notify: restart nftables - -- name: Desktop configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - when: ansible_hostname == 'desktop' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/desktop/network/enp1s0.link.j2' - dest: '/etc/systemd/network/20-enp1s0.link' - - src: 'templates/personal/desktop/network/enp1s0.network.j2' - dest: '/etc/systemd/network/20-enp1s0.network' - - - name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' - -- name: XPS configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - - restart iwd - when: ansible_hostname == 'xps' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/xps/network/wlan0-local.network.j2' - dest: '/etc/systemd/network/10-wireless.network' - - - src: 'templates/personal/xps/network/wlan0-frans.network.j2' - dest: '/etc/systemd/network/11-wireless.network' - - - src: 'templates/personal/xps/network/wlan0.network.j2' - dest: '/etc/systemd/network/20-wireless.network' - - - name: Create iwd directory - become: true - ansible.builtin.template: - src: templates/personal/xps/iwd.j2 - dest: /etc/iwd - mode: '0644' - owner: root - - - name: Provision iwd configuration - become: true - ansible.builtin.template: - src: templates/personal/xps/iwd.j2 - dest: /etc/iwd/main.config - mode: '0755' - owner: root - - - name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - /etc/systemd/network/30-vmbr0.network - - /etc/systemd/network/30-vmbr0.netdev - - /etc/systemd/network/10-wlan0.link diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml new file mode 100644 index 0000000..4eb16d8 --- /dev/null +++ b/tasks/network/desktop.yml @@ -0,0 +1,27 @@ +- name: Desktop configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/desktop/network/enp1s0.link.j2' + dest: '/etc/systemd/network/20-enp1s0.link' + - src: 'templates/desktop//network/enp1s0.network.j2' + dest: '/etc/systemd/network/20-enp1s0.network' + + - name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' diff --git a/tasks/network/htpc.yml b/tasks/network/htpc.yml new file mode 100644 index 0000000..e69de29 diff --git a/tasks/network/main.yml b/tasks/network/main.yml new file mode 100644 index 0000000..f8586b1 --- /dev/null +++ b/tasks/network/main.yml @@ -0,0 +1,28 @@ +# Note that Wireguard does DNS resolution only once during connection. +# When a client's IP changes, the server should be notified in some way, +# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` +# for example. + +- name: Set hostname + become: true + ansible.builtin.hostname: + name: '{{ hostname }}' + use: systemd + +- name: Copy hosts file + become: true + ansible.builtin.template: + src: templates/hosts.j2 + dest: /etc/hosts + mode: '0644' + owner: root + +- name: Copy firewall template + become: true + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/nftables.j2' + dest: /etc/nftables.conf + owner: root + group: root + mode: '0600' + notify: restart nftables diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml new file mode 100644 index 0000000..0c99843 --- /dev/null +++ b/tasks/network/xps.yml @@ -0,0 +1,47 @@ +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/xps/network/wlan0-local.network.j2' + dest: '/etc/systemd/network/10-wireless.network' + + - src: 'templates/xps/network/wlan0-frans.network.j2' + dest: '/etc/systemd/network/11-wireless.network' + + - src: 'templates/xps/network/wlan0.network.j2' + dest: '/etc/systemd/network/20-wireless.network' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Create iwd directory + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd + mode: '0644' + owner: root + +- name: Provision iwd configuration + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd/main.config + mode: '0755' + owner: root + notify: restart iwd + +- name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/systemd/network/30-vmbr0.network + - /etc/systemd/network/30-vmbr0.netdev + - /etc/systemd/network/10-wlan0.link diff --git a/tasks/personal/all/wireguard.yml b/tasks/personal/all/wireguard.yml deleted file mode 100644 index 81657ea..0000000 --- a/tasks/personal/all/wireguard.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Note: Only compatible with personal group - -- name: Create Wireguard directories - become: true - ansible.builtin.file: - path: '{{ item }}' - owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ vpn_default.private_key_path | dirname }}' - - '{{ vpn_default.public_key_path | dirname }}' - - '{{ vpn_media.private_key_path | dirname }}' - - '{{ vpn_media.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ vpn_default.public_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub' - - - dest: '{{ vpn_default.private_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key' - - - dest: '{{ vpn_media.public_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub' - - - dest: '{{ vpn_media.private_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ vpn_default.peers + vpn_media.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Desktop configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - when: ansible_hostname == 'desktop' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/desktop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/personal/desktop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/personal/desktop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/personal/desktop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - -- name: XPS configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - - restart iwd - when: ansible_hostname == 'xps' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/xps/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/personal/xps/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/personal/xps/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/personal/xps/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' diff --git a/tasks/setup.yml b/tasks/setup.yml index 197cfb0..ed4fcf2 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -43,29 +43,32 @@ state: touch mode: '0644' -- name: Create wezterm configuration dir - ansible.builtin.file: - path: '{{ xdg_config_dir }}/wezterm/includes' - state: directory - mode: '0755' +- name: Setup Wezterm + when: "'wezterm' in packages" + block: + - name: Create wezterm configuration dir + ansible.builtin.file: + path: '{{ xdg_config_dir }}/wezterm/includes' + state: directory + mode: '0755' -- name: Copy wezterm configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/wezterm/wezterm.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + - name: Copy wezterm configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - - src: 'templates/wezterm/includes/colors.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - - src: 'templates/wezterm/includes/fonts.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - - src: 'templates/wezterm/includes/window.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - name: Enable fstrim timer become: true @@ -88,7 +91,6 @@ - name: Copy sysctl files become: true - when: "'personal' not in group_names" ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -124,20 +126,11 @@ - name: Copy kernel parameters template become: true - when: "'personal' not in group_names" ansible.builtin.template: src: 'templates/{{ ansible_hostname }}/cmdline.j2' dest: '/etc/kernel/cmdline' mode: '0755' -- name: Copy kernel parameters template for personal group - become: true - when: "'personal' in group_names" - ansible.builtin.template: - src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2' - dest: '/etc/kernel/cmdline' - mode: '0755' - - name: Remove the mkinitcpio directories become: true ansible.builtin.file: @@ -164,7 +157,7 @@ dest: '{{ item.dest }}' mode: '0755' loop: '{{ mkinitcpio_templates }}' - when: mkinitcpio_templates + when: '{{ mkinitcpio_templates | length > 0 }}' - name: Regenerate initramfs images become: true diff --git a/tasks/personal/all/syncthing.yml b/tasks/syncthing.yml similarity index 90% rename from tasks/personal/all/syncthing.yml rename to tasks/syncthing.yml index 3c36b5e..c54fde5 100644 --- a/tasks/personal/all/syncthing.yml +++ b/tasks/syncthing.yml @@ -12,7 +12,7 @@ - name: Copy configuration file ansible.builtin.template: - src: 'templates/syncthing.j2' + src: 'templates/syncthing/config.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' mode: '0640' notify: start syncthing diff --git a/tasks/timer.yml b/tasks/timer.yml index f35bf46..7a2aa56 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -22,9 +22,9 @@ loop: - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } - { - src: 'templates/timer/weekly_target.j2', - dest: '/etc/systemd/system/weekly.target', - } + src: 'templates/timer/weekly_target.j2', + dest: '/etc/systemd/system/weekly.target', + } - name: create target directories become: true diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml new file mode 100644 index 0000000..b22e477 --- /dev/null +++ b/tasks/wireguard-media.yml @@ -0,0 +1,71 @@ +- name: Include wireguard media defaults + ansible.builtin.include_vars: + file: vars/wireguard-media.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_media_defaults.private_key_path | dirname }}' + - '{{ wireguard_media_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_media_defaults.public_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_media_defaults.private_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_media_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml new file mode 100644 index 0000000..bfd9418 --- /dev/null +++ b/tasks/wireguard.yml @@ -0,0 +1,71 @@ +- name: Include wireguard defaults + ansible.builtin.include_vars: + file: vars/wireguard.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_defaults.private_key_path | dirname }}' + - '{{ wireguard_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_defaults.public_key_path }}' + src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_defaults.private_key_path }}' + src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}" diff --git a/tasks/personal/xps.yml b/tasks/xps.yml similarity index 92% rename from tasks/personal/xps.yml rename to tasks/xps.yml index 8bef201..06aeb90 100644 --- a/tasks/personal/xps.yml +++ b/tasks/xps.yml @@ -14,13 +14,13 @@ - name: Copy configuration file ansible.builtin.template: - src: templates/personal/xps/pa-dlna/config.j2 + src: templates/xps/pa-dlna/config.j2 dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' mode: '0755' - name: Copy systemd service ansible.builtin.template: - src: templates/personal/xps/pa-dlna/service.j2 + src: templates/xps/pa-dlna/service.j2 dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' mode: '0755' diff --git a/templates/personal/desktop/cmdline.j2 b/templates/desktop/cmdline.j2 similarity index 100% rename from templates/personal/desktop/cmdline.j2 rename to templates/desktop/cmdline.j2 diff --git a/templates/personal/desktop/mkinitcpio/1-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/1-modules.conf.j2 rename to templates/desktop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 rename to templates/desktop/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/personal/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/linux.preset.j2 rename to templates/desktop/mkinitcpio/linux.preset.j2 diff --git a/templates/personal/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2 similarity index 100% rename from templates/personal/desktop/modprobe/99-amdgpu.conf.j2 rename to templates/desktop/modprobe/99-amdgpu.conf.j2 diff --git a/templates/personal/desktop/network/enp1s0.link.j2 b/templates/desktop/network/enp1s0.link.j2 similarity index 100% rename from templates/personal/desktop/network/enp1s0.link.j2 rename to templates/desktop/network/enp1s0.link.j2 diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/desktop/network/enp1s0.network.j2 similarity index 100% rename from templates/personal/desktop/network/enp1s0.network.j2 rename to templates/desktop/network/enp1s0.network.j2 diff --git a/templates/personal/xps/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 similarity index 66% rename from templates/personal/xps/network/wg0.netdev.j2 rename to templates/desktop/network/wg0.netdev.j2 index db08b4e..85ba97e 100644 --- a/templates/personal/xps/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_default.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_default.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_default.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_default.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/desktop/network/wg0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 similarity index 67% rename from templates/personal/desktop/network/wg1.netdev.j2 rename to templates/desktop/network/wg1.netdev.j2 index 5fbc9f9..85ba97e 100644 --- a/templates/personal/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_media.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_media.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_media.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_media.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/desktop/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/nftables.j2 b/templates/desktop/nftables.j2 similarity index 100% rename from templates/personal/desktop/nftables.j2 rename to templates/desktop/nftables.j2 diff --git a/templates/personal/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2 similarity index 100% rename from templates/personal/desktop/xdg-desktop-portal.service.j2 rename to templates/desktop/xdg-desktop-portal.service.j2 diff --git a/templates/htpc/cmdline.j2 b/templates/htpc/cmdline.j2 new file mode 100644 index 0000000..f1e2797 --- /dev/null +++ b/templates/htpc/cmdline.j2 @@ -0,0 +1 @@ +rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap diff --git a/templates/htpc/mkinitcpio/1-modules.conf.j2 b/templates/htpc/mkinitcpio/1-modules.conf.j2 new file mode 100644 index 0000000..82581fb --- /dev/null +++ b/templates/htpc/mkinitcpio/1-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(amdgpu) diff --git a/templates/personal/xps/mkinitcpio/linux-lts.preset.j2 b/templates/htpc/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/linux-lts.preset.j2 rename to templates/htpc/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/personal/xps/mkinitcpio/linux.preset.j2 b/templates/htpc/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/linux.preset.j2 rename to templates/htpc/mkinitcpio/linux.preset.j2 diff --git a/templates/htpc/network/enp1s0.link.j2 b/templates/htpc/network/enp1s0.link.j2 new file mode 100644 index 0000000..4ed6b79 --- /dev/null +++ b/templates/htpc/network/enp1s0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ lan_interface_mac }} + +[Link] +Name={{ lan_interface }} diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2 new file mode 100644 index 0000000..af57302 --- /dev/null +++ b/templates/htpc/network/enp1s0.network.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Match] +Name={{ lan_interface }} + +[Network] +Address={{ local_network_address }} +Gateway={{ local_network_gateway }} +DNS={{ local_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no +RequiredForOnline=routable diff --git a/templates/personal/xps/network/wg1.netdev.j2 b/templates/htpc/network/wg1.netdev.j2 similarity index 67% rename from templates/personal/xps/network/wg1.netdev.j2 rename to templates/htpc/network/wg1.netdev.j2 index 5fbc9f9..85ba97e 100644 --- a/templates/personal/xps/network/wg1.netdev.j2 +++ b/templates/htpc/network/wg1.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_media.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_media.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_media.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_media.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/htpc/network/wg1.network.j2 b/templates/htpc/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/htpc/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/htpc/nftables.j2 b/templates/htpc/nftables.j2 new file mode 100644 index 0000000..9a8cb01 --- /dev/null +++ b/templates/htpc/nftables.j2 @@ -0,0 +1,29 @@ +#!/usr/bin/nft -f +# vim:set ts=2 sw=2 et: + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # allow established/related connections + ct state { established, related } accept + + # early drop of invalid connections + ct state invalid drop + + # allow from loopback + iifname lo accept + + # allow icmp + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # allow mDNS + udp dport 5353 accept + + # allow ssh + tcp dport ssh accept + } +} diff --git a/templates/personal/all/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 similarity index 100% rename from templates/personal/all/mpd/mpd.conf.j2 rename to templates/mpd/mpd.conf.j2 diff --git a/templates/personal/all/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpc.j2 rename to templates/mpd/ncmpc.j2 diff --git a/templates/personal/all/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpcpp/bindings.j2 rename to templates/mpd/ncmpcpp/bindings.j2 diff --git a/templates/personal/all/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpcpp/config.j2 rename to templates/mpd/ncmpcpp/config.j2 diff --git a/templates/personal/all/mpd/service.j2 b/templates/mpd/service.j2 similarity index 100% rename from templates/personal/all/mpd/service.j2 rename to templates/mpd/service.j2 diff --git a/templates/personal/all/mpd/socket.j2 b/templates/mpd/socket.j2 similarity index 100% rename from templates/personal/all/mpd/socket.j2 rename to templates/mpd/socket.j2 diff --git a/templates/personal/all/mpv/config.j2 b/templates/mpv/config.j2 similarity index 100% rename from templates/personal/all/mpv/config.j2 rename to templates/mpv/config.j2 diff --git a/templates/personal/all/mpv/input.j2 b/templates/mpv/input.j2 similarity index 100% rename from templates/personal/all/mpv/input.j2 rename to templates/mpv/input.j2 diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 deleted file mode 100644 index 4cb1039..0000000 --- a/templates/personal/desktop/network/wg0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_default.interface }} - -[Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} -DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 deleted file mode 100644 index 129cac1..0000000 --- a/templates/personal/desktop/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_media.interface }} - -[Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} -DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 deleted file mode 100644 index 3832085..0000000 --- a/templates/personal/xps/network/wg0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_default.interface }} - -[Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} -DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 deleted file mode 100644 index ae3f641..0000000 --- a/templates/personal/xps/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_media.interface }} - -[Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} -DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/syncthing.j2 b/templates/syncthing/config.j2 similarity index 100% rename from templates/syncthing.j2 rename to templates/syncthing/config.j2 diff --git a/templates/personal/xps/cmdline.j2 b/templates/xps/cmdline.j2 similarity index 100% rename from templates/personal/xps/cmdline.j2 rename to templates/xps/cmdline.j2 diff --git a/templates/personal/xps/iwd.j2 b/templates/xps/iwd.j2 similarity index 100% rename from templates/personal/xps/iwd.j2 rename to templates/xps/iwd.j2 diff --git a/templates/personal/xps/mkinitcpio/1-modules.conf.j2 b/templates/xps/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/1-modules.conf.j2 rename to templates/xps/mkinitcpio/1-modules.conf.j2 diff --git a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 b/templates/xps/mkinitcpio/2-hooks.conf.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/2-hooks.conf.j2 rename to templates/xps/mkinitcpio/2-hooks.conf.j2 diff --git a/templates/xps/mkinitcpio/linux-lts.preset.j2 b/templates/xps/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/xps/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/xps/mkinitcpio/linux.preset.j2 b/templates/xps/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/xps/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/personal/desktop/network/wg0.netdev.j2 b/templates/xps/network/wg0.netdev.j2 similarity index 66% rename from templates/personal/desktop/network/wg0.netdev.j2 rename to templates/xps/network/wg0.netdev.j2 index db08b4e..85ba97e 100644 --- a/templates/personal/desktop/network/wg0.netdev.j2 +++ b/templates/xps/network/wg0.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_default.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_default.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_default.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_default.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/xps/network/wg0.network.j2 b/templates/xps/network/wg0.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wg1.netdev.j2 b/templates/xps/network/wg1.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/xps/network/wg1.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/xps/network/wg1.network.j2 b/templates/xps/network/wg1.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/xps/network/wlan0-frans.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0-frans.network.j2 rename to templates/xps/network/wlan0-frans.network.j2 diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/xps/network/wlan0-local.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0-local.network.j2 rename to templates/xps/network/wlan0-local.network.j2 diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/xps/network/wlan0.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0.network.j2 rename to templates/xps/network/wlan0.network.j2 diff --git a/templates/personal/xps/nftables.j2 b/templates/xps/nftables.j2 similarity index 100% rename from templates/personal/xps/nftables.j2 rename to templates/xps/nftables.j2 diff --git a/templates/personal/xps/pa-dlna/config.j2 b/templates/xps/pa-dlna/config.j2 similarity index 100% rename from templates/personal/xps/pa-dlna/config.j2 rename to templates/xps/pa-dlna/config.j2 diff --git a/templates/personal/xps/pa-dlna/service.j2 b/templates/xps/pa-dlna/service.j2 similarity index 100% rename from templates/personal/xps/pa-dlna/service.j2 rename to templates/xps/pa-dlna/service.j2 diff --git a/group_vars/personal/mpd.yml b/vars/mpd.yml similarity index 100% rename from group_vars/personal/mpd.yml rename to vars/mpd.yml diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml new file mode 100644 index 0000000..71c9f9c --- /dev/null +++ b/vars/wireguard-media.yml @@ -0,0 +1,22 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_media_defaults: + prefix: 24 + interface: wg1 + dns: 10.0.1.1 + domains: + - '~media-vpn.{{ server_domain }}' + - '~jellyfin.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.1.0/24 + - 172.8.238.0/24 + endpoint: '{{ server_domain }}:51903' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk' + preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk diff --git a/vars/wireguard.yml b/vars/wireguard.yml new file mode 100644 index 0000000..4109b86 --- /dev/null +++ b/vars/wireguard.yml @@ -0,0 +1,28 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_defaults: + prefix: 24 + interface: wg0 + dns: 10.0.0.1 + domains: + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' + - '~mpd.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 + - 172.128.238.0/24 + endpoint: '{{ server_domain }}:51902' + public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk' + preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk diff --git a/xps.yml b/xps.yml new file mode 100644 index 0000000..ca3ab0d --- /dev/null +++ b/xps.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: xps + gather_facts: true + tasks: + + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/xps.yml' + tags: xps + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'