sonny/arch-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Layout refactor

Browse source 
Also included provisioning for htpc host
This commit is contained in:
Sonny Bakker 2025-10-12 15:33:37 +02:00
parent f90702c7b8
commit 970f7489fb
103 changed files with 782 additions and 893 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/personal/desktop.yml → tasks/desktop.yml
View file

@ -6,7 +6,7 @@
- name: Copy xdg-desktop-portal.service drop-in
ansible.builtin.template:
src: templates/personal/desktop/xdg-desktop-portal.service.j2
src: templates/desktop/xdg-desktop-portal.service.j2
dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf'
mode: '0755'
notify: user daemon-reload

14
tasks/personal/all/mpd.yml → tasks/mpd.yaml
View file

@ -1,13 +1,17 @@
- name: Include mpd defaults
ansible.builtin.include_vars:
file: vars/mpd.yml
- name: Copy systemd configuration files
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0644'
loop:
- src: 'templates/personal/all/mpd/service.j2'
- src: 'templates/mpd/service.j2'
dest: '{{ xdg_config_dir }}/systemd/user/mpd.service'
- src: 'templates/personal/all/mpd/socket.j2'
- src: 'templates/mpd/socket.j2'
dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
notify:
- stop mpd service
@ -51,11 +55,11 @@
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: 'templates/personal/all/mpd/mpd.conf.j2'
- src: 'templates/mpd/mpd.conf.j2'
dest: '{{ mpd_configuration_dir }}/mpd.conf'
- src: 'templates/personal/all/mpd/ncmpcpp/config.j2'
- src: 'templates/mpd/ncmpcpp/config.j2'
dest: '{{ ncmpcpp_configuration_dir }}/config'
- src: 'templates/personal/all/mpd/ncmpcpp/bindings.j2'
- src: 'templates/mpd/ncmpcpp/bindings.j2'
dest: '{{ ncmpcpp_configuration_dir }}/bindings'
notify:
- stop mpd service

4
tasks/personal/all/mpv.yml → tasks/mpv.yml
View file

@ -10,7 +10,7 @@
dest: '{{ item.dest }}'
mode: '0644'
loop:
- src: 'templates/personal/all/mpv/input.j2'
- src: 'templates/mpv/input.j2'
dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf'
- src: 'templates/personal/all/mpv/config.j2'
- src: 'templates/mpv/config.j2'
dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf'

112
tasks/network.yml
View file

@ -1,112 +0,0 @@
# Note that Wireguard does DNS resolution only once during connection.
# When a client's IP changes, the server should be notified in some way,
# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
# for example.
- name: Set hostname
become: true
ansible.builtin.hostname:
name: '{{ hostname }}'
use: systemd
- name: Copy hosts file
become: true
ansible.builtin.template:
src: templates/hosts.j2
dest: /etc/hosts
mode: '0644'
owner: root
- name: Copy firewall template
become: true
ansible.builtin.template:
src: "{{ lookup('ansible.builtin.first_found', paths) }}"
dest: /etc/nftables.conf
owner: root
group: root
mode: '0600'
vars:
paths:
- 'templates/{{ ansible_hostname }}/nftables.j2'
- 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2'
notify: restart nftables
- name: Desktop configuration
notify:
- restart systemd-networkd
- restart systemd-resolved
when: ansible_hostname == 'desktop'
block:
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/personal/desktop/network/enp1s0.link.j2'
dest: '/etc/systemd/network/20-enp1s0.link'
- src: 'templates/personal/desktop/network/enp1s0.network.j2'
dest: '/etc/systemd/network/20-enp1s0.network'
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- '/etc/systemd/network/30-vmbr0.network'
- '/etc/systemd/network/30-vmbr0.netdev'
- name: XPS configuration
notify:
- restart systemd-networkd
- restart systemd-resolved
- restart iwd
when: ansible_hostname == 'xps'
block:
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/personal/xps/network/wlan0-local.network.j2'
dest: '/etc/systemd/network/10-wireless.network'
- src: 'templates/personal/xps/network/wlan0-frans.network.j2'
dest: '/etc/systemd/network/11-wireless.network'
- src: 'templates/personal/xps/network/wlan0.network.j2'
dest: '/etc/systemd/network/20-wireless.network'
- name: Create iwd directory
become: true
ansible.builtin.template:
src: templates/personal/xps/iwd.j2
dest: /etc/iwd
mode: '0644'
owner: root
- name: Provision iwd configuration
become: true
ansible.builtin.template:
src: templates/personal/xps/iwd.j2
dest: /etc/iwd/main.config
mode: '0755'
owner: root
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/systemd/network/30-vmbr0.network
- /etc/systemd/network/30-vmbr0.netdev
- /etc/systemd/network/10-wlan0.link

27
tasks/network/desktop.yml Normal file
View file

@ -0,0 +1,27 @@
- name: Desktop configuration
notify:
- restart systemd-networkd
- restart systemd-resolved
block:
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/desktop/network/enp1s0.link.j2'
dest: '/etc/systemd/network/20-enp1s0.link'
- src: 'templates/desktop//network/enp1s0.network.j2'
dest: '/etc/systemd/network/20-enp1s0.network'
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- '/etc/systemd/network/30-vmbr0.network'
- '/etc/systemd/network/30-vmbr0.netdev'

0
tasks/network/htpc.yml Normal file
View file

28
tasks/network/main.yml Normal file
View file

@ -0,0 +1,28 @@
# Note that Wireguard does DNS resolution only once during connection.
# When a client's IP changes, the server should be notified in some way,
# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
# for example.
- name: Set hostname
become: true
ansible.builtin.hostname:
name: '{{ hostname }}'
use: systemd
- name: Copy hosts file
become: true
ansible.builtin.template:
src: templates/hosts.j2
dest: /etc/hosts
mode: '0644'
owner: root
- name: Copy firewall template
become: true
ansible.builtin.template:
src: 'templates/{{ ansible_hostname }}/nftables.j2'
dest: /etc/nftables.conf
owner: root
group: root
mode: '0600'
notify: restart nftables

47
tasks/network/xps.yml Normal file
View file

@ -0,0 +1,47 @@
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/xps/network/wlan0-local.network.j2'
dest: '/etc/systemd/network/10-wireless.network'
- src: 'templates/xps/network/wlan0-frans.network.j2'
dest: '/etc/systemd/network/11-wireless.network'
- src: 'templates/xps/network/wlan0.network.j2'
dest: '/etc/systemd/network/20-wireless.network'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Create iwd directory
become: true
ansible.builtin.template:
src: templates/xps/iwd.j2
dest: /etc/iwd
mode: '0644'
owner: root
- name: Provision iwd configuration
become: true
ansible.builtin.template:
src: templates/xps/iwd.j2
dest: /etc/iwd/main.config
mode: '0755'
owner: root
notify: restart iwd
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/systemd/network/30-vmbr0.network
- /etc/systemd/network/30-vmbr0.netdev
- /etc/systemd/network/10-wlan0.link

112
tasks/personal/all/wireguard.yml
View file

@ -1,112 +0,0 @@
# Note: Only compatible with personal group
- name: Create Wireguard directories
become: true
ansible.builtin.file:
path: '{{ item }}'
owner: root
group: systemd-network
mode: '0750'
state: directory
recurse: true
loop:
- '{{ vpn_config_dir }}'
- '{{ vpn_default.private_key_path | dirname }}'
- '{{ vpn_default.public_key_path | dirname }}'
- '{{ vpn_media.private_key_path | dirname }}'
- '{{ vpn_media.public_key_path | dirname }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- dest: '{{ vpn_default.public_key_path }}'
src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub'
- dest: '{{ vpn_default.private_key_path }}'
src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key'
- dest: '{{ vpn_media.public_key_path }}'
src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub'
- dest: '{{ vpn_media.private_key_path }}'
src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard preshared keys
become: true
ansible.builtin.copy:
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: '0640'
loop: '{{ vpn_default.peers + vpn_media.peers }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Desktop configuration
notify:
- restart systemd-networkd
- restart systemd-resolved
when: ansible_hostname == 'desktop'
block:
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/personal/desktop/network/wg0.network.j2'
dest: '/etc/systemd/network/40-wg0.network'
- src: 'templates/personal/desktop/network/wg0.netdev.j2'
dest: '/etc/systemd/network/40-wg0.netdev'
- src: 'templates/personal/desktop/network/wg1.network.j2'
dest: '/etc/systemd/network/40-wg1.network'
- src: 'templates/personal/desktop/network/wg1.netdev.j2'
dest: '/etc/systemd/network/40-wg1.netdev'
- name: XPS configuration
notify:
- restart systemd-networkd
- restart systemd-resolved
- restart iwd
when: ansible_hostname == 'xps'
block:
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/personal/xps/network/wg0.network.j2'
dest: '/etc/systemd/network/40-wg0.network'
- src: 'templates/personal/xps/network/wg0.netdev.j2'
dest: '/etc/systemd/network/40-wg0.netdev'
- src: 'templates/personal/xps/network/wg1.network.j2'
dest: '/etc/systemd/network/40-wg1.network'
- src: 'templates/personal/xps/network/wg1.netdev.j2'
dest: '/etc/systemd/network/40-wg1.netdev'

53
tasks/setup.yml
View file

@ -43,29 +43,32 @@
state: touch
mode: '0644'
- name: Create wezterm configuration dir
ansible.builtin.file:
path: '{{ xdg_config_dir }}/wezterm/includes'
state: directory
mode: '0755'
- name: Setup Wezterm
when: "'wezterm' in packages"
block:
- name: Create wezterm configuration dir
ansible.builtin.file:
path: '{{ xdg_config_dir }}/wezterm/includes'
state: directory
mode: '0755'
- name: Copy wezterm configuration files
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: 'templates/wezterm/wezterm.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
- name: Copy wezterm configuration files
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: 'templates/wezterm/wezterm.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
- src: 'templates/wezterm/includes/colors.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
- src: 'templates/wezterm/includes/colors.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
- src: 'templates/wezterm/includes/fonts.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
- src: 'templates/wezterm/includes/fonts.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
- src: 'templates/wezterm/includes/window.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
- src: 'templates/wezterm/includes/window.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
- name: Enable fstrim timer
become: true
@ -88,7 +91,6 @@
- name: Copy sysctl files
become: true
when: "'personal' not in group_names"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
@ -124,20 +126,11 @@
- name: Copy kernel parameters template
become: true
when: "'personal' not in group_names"
ansible.builtin.template:
src: 'templates/{{ ansible_hostname }}/cmdline.j2'
dest: '/etc/kernel/cmdline'
mode: '0755'
- name: Copy kernel parameters template for personal group
become: true
when: "'personal' in group_names"
ansible.builtin.template:
src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2'
dest: '/etc/kernel/cmdline'
mode: '0755'
- name: Remove the mkinitcpio directories
become: true
ansible.builtin.file:
@ -164,7 +157,7 @@
dest: '{{ item.dest }}'
mode: '0755'
loop: '{{ mkinitcpio_templates }}'
when: mkinitcpio_templates
when: '{{ mkinitcpio_templates | length > 0 }}'
- name: Regenerate initramfs images
become: true

2
tasks/personal/all/syncthing.yml → tasks/syncthing.yml
View file

@ -12,7 +12,7 @@
- name: Copy configuration file
ansible.builtin.template:
src: 'templates/syncthing.j2'
src: 'templates/syncthing/config.j2'
dest: '{{ xdg_config_dir }}/syncthing/config.xml'
mode: '0640'
notify: start syncthing

6
tasks/timer.yml
View file

@ -22,9 +22,9 @@
loop:
- { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' }
- {
src: 'templates/timer/weekly_target.j2',
dest: '/etc/systemd/system/weekly.target',
}
src: 'templates/timer/weekly_target.j2',
dest: '/etc/systemd/system/weekly.target',
}
- name: create target directories
become: true

71
tasks/wireguard-media.yml Normal file
View file

@ -0,0 +1,71 @@
- name: Include wireguard media defaults
ansible.builtin.include_vars:
file: vars/wireguard-media.yml
- name: Create Wireguard directories
become: true
ansible.builtin.file:
path: '{{ item }}'
owner: root
group: systemd-network
mode: '0750'
state: directory
recurse: true
loop:
- '{{ vpn_config_dir }}'
- '{{ wireguard_media_defaults.private_key_path | dirname }}'
- '{{ wireguard_media_defaults.public_key_path | dirname }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- dest: '{{ wireguard_media_defaults.public_key_path }}'
src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub'
- dest: '{{ wireguard_media_defaults.private_key_path }}'
src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard preshared keys
become: true
ansible.builtin.copy:
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: '0640'
loop: '{{ wireguard_media_defaults.peers }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2'
dest: '/etc/systemd/network/40-wg1.network'
- src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2'
dest: '/etc/systemd/network/40-wg1.netdev'
notify:
- restart systemd-networkd
- restart systemd-resolved
vars:
wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"

71
tasks/wireguard.yml Normal file
View file

@ -0,0 +1,71 @@
- name: Include wireguard defaults
ansible.builtin.include_vars:
file: vars/wireguard.yml
- name: Create Wireguard directories
become: true
ansible.builtin.file:
path: '{{ item }}'
owner: root
group: systemd-network
mode: '0750'
state: directory
recurse: true
loop:
- '{{ vpn_config_dir }}'
- '{{ wireguard_defaults.private_key_path | dirname }}'
- '{{ wireguard_defaults.public_key_path | dirname }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- dest: '{{ wireguard_defaults.public_key_path }}'
src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub'
- dest: '{{ wireguard_defaults.private_key_path }}'
src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Copy Wireguard preshared keys
become: true
ansible.builtin.copy:
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: '0640'
loop: '{{ wireguard_defaults.peers }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
- name: Setup network configuration
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: '0640'
loop:
- src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2'
dest: '/etc/systemd/network/40-wg0.network'
- src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2'
dest: '/etc/systemd/network/40-wg0.netdev'
notify:
- restart systemd-networkd
- restart systemd-resolved
vars:
wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"

4
tasks/personal/xps.yml → tasks/xps.yml
View file

@ -14,13 +14,13 @@
- name: Copy configuration file
ansible.builtin.template:
src: templates/personal/xps/pa-dlna/config.j2
src: templates/xps/pa-dlna/config.j2
dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf'
mode: '0755'
- name: Copy systemd service
ansible.builtin.template:
src: templates/personal/xps/pa-dlna/service.j2
src: templates/xps/pa-dlna/service.j2
dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service'
mode: '0755'