diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 369b1c8..6532692 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,40 +3,24 @@ stages: - test cache: - key: "$CI_COMMIT_REF_SLUG" + key: $CI_COMMIT_REF_SLUG paths: - .cache/pip - node_modules/ lint: - stage: lint - image: python:3.7 - before_script: - - pip install ansible ansible-lint --quiet - script: - - ansible-lint playbook.yml - only: - refs: - - development - - merge_requests - -pretty-lint: stage: lint image: node:12 before_script: - - npm install + - npm install prettier --no-save script: - - npx prettier "**/*.yml" --check - only: - refs: - - development - - merge_requests + - npx prettier '**/*.yml' --check syntax-test: stage: test image: python:3.7 before_script: - - pip install ansible ansible-lint --quiet + - pip install ansible --quiet - ansible-galaxy install -r roles/requirements.yml script: - ansible-playbook playbook.yml --syntax-check diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/roles/arch/files/desktop/openvpn/ca.crt b/files/desktop/openvpn/ca.crt similarity index 100% rename from roles/arch/files/desktop/openvpn/ca.crt rename to files/desktop/openvpn/ca.crt diff --git a/roles/arch/files/desktop/openvpn/desktop.crt b/files/desktop/openvpn/desktop.crt similarity index 100% rename from roles/arch/files/desktop/openvpn/desktop.crt rename to files/desktop/openvpn/desktop.crt diff --git a/roles/arch/files/desktop/openvpn/desktop.key b/files/desktop/openvpn/desktop.key similarity index 100% rename from roles/arch/files/desktop/openvpn/desktop.key rename to files/desktop/openvpn/desktop.key diff --git a/roles/arch/files/desktop/openvpn/ta.key b/files/desktop/openvpn/ta.key similarity index 100% rename from roles/arch/files/desktop/openvpn/ta.key rename to files/desktop/openvpn/ta.key diff --git a/roles/arch/files/gpg_key b/files/gpg_key similarity index 100% rename from roles/arch/files/gpg_key rename to files/gpg_key diff --git a/roles/arch/files/gpg_pub b/files/gpg_pub similarity index 100% rename from roles/arch/files/gpg_pub rename to files/gpg_pub diff --git a/roles/arch/files/laptop/openvpn/ca.crt b/files/laptop/openvpn/ca.crt similarity index 100% rename from roles/arch/files/laptop/openvpn/ca.crt rename to files/laptop/openvpn/ca.crt diff --git a/roles/arch/files/laptop/openvpn/laptop.crt b/files/laptop/openvpn/laptop.crt similarity index 100% rename from roles/arch/files/laptop/openvpn/laptop.crt rename to files/laptop/openvpn/laptop.crt diff --git a/roles/arch/files/laptop/openvpn/laptop.key b/files/laptop/openvpn/laptop.key similarity index 100% rename from roles/arch/files/laptop/openvpn/laptop.key rename to files/laptop/openvpn/laptop.key diff --git a/roles/arch/files/laptop/openvpn/ta.key b/files/laptop/openvpn/ta.key similarity index 100% rename from roles/arch/files/laptop/openvpn/ta.key rename to files/laptop/openvpn/ta.key diff --git a/roles/arch/files/tmux_start b/files/tmux_start similarity index 100% rename from roles/arch/files/tmux_start rename to files/tmux_start diff --git a/roles/arch/handlers/main.yml b/handlers.yml similarity index 100% rename from roles/arch/handlers/main.yml rename to handlers.yml diff --git a/playbook.yml b/playbook.yml index b2f17e0..2f548ca 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,3 +1,31 @@ - hosts: localhost + pre_tasks: + - name: install shared packages + become: yes + pacman: + name: '{{ packages }}' + - name: detecting platform + import_tasks: 'tasks/platform.yml' + - name: install platform specific packages + become: yes + pacman: + name: '{{ platform_packages }}' roles: - - arch + - common + tasks: + - import_tasks: 'tasks/setup.yml' + - import_tasks: 'tasks/network.yml' + - import_tasks: 'tasks/systemd.yml' + - import_tasks: 'tasks/openvpn.yml' + - import_tasks: 'tasks/git.yml' + - import_tasks: 'tasks/mpv.yml' + - import_tasks: 'tasks/mpd.yml' + - import_tasks: 'tasks/syncthing.yml' + - import_tasks: 'tasks/timer.yml' + handlers: + - import_tasks: 'handlers.yml' + vars_files: + - 'vars/main.yml' + - 'vars/gpg.yml' + - 'vars/vpn.yml' + - 'vars/mpd.yml' diff --git a/roles/.gitignore b/roles/.gitignore deleted file mode 100644 index d10cc33..0000000 --- a/roles/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -# ignore all external roles and files in the roles dir -/* - -!.gitignore -!requirements.yml -!arch*/ diff --git a/roles/arch/meta/main.yml b/roles/arch/meta/main.yml deleted file mode 100644 index 360c542..0000000 --- a/roles/arch/meta/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -dependencies: - - common - -galaxy_info: - author: sonny - description: "Sets up an arch environment" - license: "license GPLv3" - min_ansible_version: 2.7 - issue_tracker_url: "https://git.fudiggity.nl/ansible/arch-setup/issues" - platforms: - - name: Archlinux - galaxy_tags: - - system diff --git a/roles/arch/tasks/git.yml b/roles/arch/tasks/git.yml deleted file mode 100644 index 89f125e..0000000 --- a/roles/arch/tasks/git.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: copy git configuration - template: - src: "gitconfig.j2" - dest: "{{ ansible_env.HOME }}/.gitconfig" - -- name: copy keys - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - loop: - - { - src: "gpg_key", dest: "{{ ansible_env.HOME }}/gpg.key" - } - - { - src: "gpg_pub", dest: "{{ ansible_env.HOME }}/gpg.pub" - } - -- name: import secret key - command: "gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key" - -- name: import public key - command: "gpg --import ~/gpg.pub" - -- name: remove temp keys - file: - path: "{{ item }}" - state: absent - loop: - - "{{ ansible_env.HOME }}/gpg.key" - - "{{ ansible_env.HOME }}/gpg.pub" diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml deleted file mode 100644 index a729530..0000000 --- a/roles/arch/tasks/main.yml +++ /dev/null @@ -1,69 +0,0 @@ -- name: install shared packages - become: yes - pacman: - name: "{{ packages }}" - -- name: detecting platform - import_tasks: platform.yml - -- name: install platform specific packages - become: yes - pacman: - name: "{{ platform_packages }}" - -- name: configuring network - import_tasks: network.yml - -- name: copy reflector configuration - become: yes - template: - src: "reflector.j2" - dest: "/etc/xdg/reflector/reflector.conf" - owner: root - group: root - mode: "0600" - -# started by weekly timer -- name: disable reflector - become: true - systemd: - name: reflector - state: stopped - enabled: false - -- name: copy pacman configuration - become: yes - template: - src: "pacman.j2" - dest: "/etc/pacman.conf" - owner: root - group: root - mode: "0644" - -- name: create extra conf - become: yes - file: - path: "/etc/pacman.d/extra.conf" - owner: root - group: root - state: touch - mode: "0644" - -- name: copy powertop service - become: yes - template: - src: "{{ platform }}/powertop.j2" - dest: "/etc/systemd/system/powertop.service" - owner: root - group: root - mode: "0644" - notify: restart powertop - when: platform == "laptop" - -- import_tasks: systemd.yml -- import_tasks: openvpn.yml -- import_tasks: git.yml -- import_tasks: mpv.yml -- import_tasks: mpd.yml -- import_tasks: syncthing.yml -- import_tasks: timer.yml diff --git a/roles/arch/tasks/mpd.yml b/roles/arch/tasks/mpd.yml deleted file mode 100644 index 22b3f09..0000000 --- a/roles/arch/tasks/mpd.yml +++ /dev/null @@ -1,88 +0,0 @@ -- name: set up sudoers configuration - become: yes - template: - src: "sudoers.j2" - dest: "/etc/sudoers.d/10-sonny" - owner: root - group: root - mode: "0644" - -- name: copy systemd configuration files - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - loop: - - { - src: "mpd/service.j2", - dest: "{{ xdg_config_dir }}/systemd/user/mpd.service", - } - - { - src: "mpd/socket.j2", - dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket", - } - -- name: create mpd files - file: - path: "{{ item.path }}" - state: "{{ item.state }}" - loop: - - { - path: "{{ mpd_configuration_dir }}", - state: "directory", - } - - { - path: "{{ mpd_configuration_dir }}/playlists", - state: "directory", - } - - { - path: "{{ mpd_configuration_dir }}/log", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/database", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/sticker.sql", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/state", - state: "touch", - } - -- name: copy configuration file - template: - src: "mpd/mpd.j2" - dest: "{{ mpd_configuration_dir }}/mpd.conf" - -- name: copy nfs connection scripts - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "0755" - loop: - - { - src: "mpd/music_mount.j2", - dest: "{{ xdg_script_dir }}/music_mount", - } - - { - src: "mpd/music_umount.j2", - dest: "{{ xdg_script_dir }}/music_umount", - } - -- name: restart mpd service - systemd: - name: mpd.service - state: restarted - enabled: no - scope: user - when: platform == "desktop" - -- name: enable mpd socket - systemd: - name: mpd.socket - state: started - enabled: yes - scope: user - when: platform == "desktop" diff --git a/roles/arch/tasks/mpv.yml b/roles/arch/tasks/mpv.yml deleted file mode 100644 index 37f13ba..0000000 --- a/roles/arch/tasks/mpv.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: create configuration directory - file: - path: "{{ ansible_env.HOME }}/.config/mpv" - state: directory - mode: "0700" - -- name: copy configuration files - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "0644" - loop: - - { - src: "mpv/input.j2", - dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf", - } - - { - src: "mpv/config.j2", - dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf", - } diff --git a/roles/arch/tasks/openvpn.yml b/roles/arch/tasks/openvpn.yml deleted file mode 100644 index 78b7954..0000000 --- a/roles/arch/tasks/openvpn.yml +++ /dev/null @@ -1,82 +0,0 @@ -- name: create configuration directories - become: yes - file: - path: "{{ item }}" - state: directory - owner: openvpn - group: openvpn - mode: "0750" - loop: - - "/etc/openvpn/client" - - "/etc/openvpn/client/zeus" - - "/etc/openvpn/server" - -- name: copy configuration - become: yes - template: - src: "{{ platform }}/openvpn.j2" - dest: "/etc/openvpn/client/zeus.conf" - owner: openvpn - group: openvpn - mode: "0644" - -- name: copy desktop credentials - become: yes - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: openvpn - group: openvpn - mode: "0600" - loop: - - { - src: "{{ platform }}/openvpn/ca.crt", - dest: "/etc/openvpn/client/zeus/ca.crt", - } - - { - src: "{{ platform }}/openvpn/desktop.crt", - dest: "/etc/openvpn/client/zeus/desktop.crt", - } - - { - src: "{{ platform }}/openvpn/desktop.key", - dest: "/etc/openvpn/client/zeus/desktop.key", - } - - { - src: "{{ platform }}/openvpn/ta.key", - dest: "/etc/openvpn/client/zeus/ta.key", - } - when: platform == "desktop" - -- name: copy laptop credentials - become: yes - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: openvpn - group: openvpn - mode: "0600" - loop: - - { - src: "{{ platform }}/openvpn/ca.crt", - dest: "/etc/openvpn/client/zeus/ca.crt", - } - - { - src: "{{ platform }}/openvpn/laptop.crt", - dest: "/etc/openvpn/client/zeus/laptop.crt", - } - - { - src: "{{ platform }}/openvpn/laptop.key", - dest: "/etc/openvpn/client/zeus/laptop.key", - } - - { - src: "{{ platform }}/openvpn/ta.key", - dest: "/etc/openvpn/client/zeus/ta.key", - } - when: platform == "laptop" - -- name: restart vpn - become: true - systemd: - name: openvpn-client@zeus - state: restarted - enabled: true diff --git a/roles/arch/tasks/syncthing.yml b/roles/arch/tasks/syncthing.yml deleted file mode 100644 index c45e0cc..0000000 --- a/roles/arch/tasks/syncthing.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: create configuration dir - file: - path: "{{ xdg_config_dir }}/syncthing" - state: directory - -- name: copy configuration file - template: - src: "{{ platform }}/syncthing.j2" - dest: "{{ xdg_config_dir }}/syncthing/config.xml" - mode: "0600" - notify: restart syncthing diff --git a/roles/arch/tasks/systemd.yml b/roles/arch/tasks/systemd.yml deleted file mode 100644 index 996a099..0000000 --- a/roles/arch/tasks/systemd.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: setup systemd user service folder - file: - path: "{{ xdg_config_dir }}/systemd/user" - state: directory - mode: "0755" - -- name: add ssh-agent service - template: - src: "ssh-agent.j2" - dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service" - mode: "0644" - notify: restart user ssh-agent - -- name: copy tmux service - template: - src: "tmux.j2" - dest: "{{ xdg_config_dir }}/systemd/user/tmux.service" - mode: "0644" - -- name: copy tmux startup script - copy: - src: "tmux_start" - dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start" - mode: "0740" - force: false diff --git a/roles/arch/tasks/timer.yml b/roles/arch/tasks/timer.yml deleted file mode 100644 index f436939..0000000 --- a/roles/arch/tasks/timer.yml +++ /dev/null @@ -1,54 +0,0 @@ -- name: copy timer files - become: yes - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - mode: "0644" - loop: - - { - src: "timer/daily_timer.j2", - dest: "/etc/systemd/system/daily.timer", - } - - { - src: "timer/weekly_timer.j2", - dest: "/etc/systemd/system/weekly.timer", - } - notify: - - enable daily timer - - enable weekly timer - -- name: copy target files - become: yes - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - mode: "0644" - loop: - - { - src: "timer/daily_target.j2", - dest: "/etc/systemd/system/daily.target", - } - - { - src: "timer/weekly_target.j2", - dest: "/etc/systemd/system/weekly.target", - } - -- name: create target directories - become: yes - file: - path: "{{ item }}" - state: directory - owner: root - mode: "0755" - loop: - - "/etc/systemd/system/daily.target.wants" - - "/etc/systemd/system/weekly.target.wants" - -- name: add reflector to weekly timer - become: yes - file: - src: "/usr/lib/systemd/system/reflector.service" - dest: "/etc/systemd/system/weekly.target.wants/reflector.service" - state: link diff --git a/.ansible-lint b/roles/common/.ansible-lint similarity index 100% rename from .ansible-lint rename to roles/common/.ansible-lint diff --git a/roles/common/.gitignore b/roles/common/.gitignore new file mode 100644 index 0000000..c17815f --- /dev/null +++ b/roles/common/.gitignore @@ -0,0 +1,14 @@ +*.retry +*.swp + +.venv +.env +env +venv + +node_modules/ + +.vault +.vaults/ +vault +vaults/ diff --git a/roles/common/.gitlab-ci.yml b/roles/common/.gitlab-ci.yml new file mode 100644 index 0000000..a629be7 --- /dev/null +++ b/roles/common/.gitlab-ci.yml @@ -0,0 +1,33 @@ +stages: + - lint + - test + +cache: + key: "$CI_COMMIT_REF_SLUG" + paths: + - .cache/pip + - node_modules/ + +lint: + stage: lint + image: python:3.7 + before_script: + - pip install ansible ansible-lint --quiet + script: + - ansible-lint playbook.yml + only: + refs: + - development + - merge_requests + +pretty-lint: + stage: lint + image: node:12 + before_script: + - npm install + script: + - npx prettier "**/*.yml" --check + only: + refs: + - development + - merge_requests diff --git a/.prettier.json b/roles/common/.prettier.json similarity index 100% rename from .prettier.json rename to roles/common/.prettier.json diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml new file mode 100644 index 0000000..d2d3c30 --- /dev/null +++ b/roles/common/defaults/main.yml @@ -0,0 +1,3 @@ +poetry_url: "https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py" +poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}" +poetry_dir: "{{ ansible_env.HOME }}/.poetry" diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..2ed56a7 --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,81 @@ +- name: reload ssh + become: yes + systemd: + name: ssh + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart nftables + become: yes + systemd: + name: nftables + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart nginx + become: yes + systemd: + name: nginx + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart docker + become: yes + systemd: + name: docker + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart rabbitmq + become: yes + systemd: + name: rabbitmq-server + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart memcached + become: yes + systemd: + name: memcached + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart postfix + become: yes + systemd: + name: postfix + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart postgres + become: yes + systemd: + name: postgresql@11-main + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart systemd-networkd + become: yes + systemd: + name: systemd-networkd + state: restarted + enabled: yes + daemon-reload: yes + +- name: restart systemd-resolved + become: yes + systemd: + name: systemd-resolved + state: restarted + enabled: yes + daemon-reload: yes + +- include: user.yml diff --git a/roles/common/handlers/user.yml b/roles/common/handlers/user.yml new file mode 100644 index 0000000..8cf4b1a --- /dev/null +++ b/roles/common/handlers/user.yml @@ -0,0 +1,19 @@ +- name: start user tmux service + become_user: "{{ default_user }}" + become: yes + systemd: + daemon-reload: yes + name: tmux + state: started + enabled: yes + scope: user + +- name: restart user tmux service + become_user: "{{ default_user }}" + become: yes + systemd: + daemon-reload: yes + name: tmux + state: restarted + enabled: yes + scope: user diff --git a/roles/common/meta/.galaxy_install_info b/roles/common/meta/.galaxy_install_info new file mode 100644 index 0000000..9bc5b1c --- /dev/null +++ b/roles/common/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Fri Jan 29 19:51:44 2021 +version: master diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml new file mode 100644 index 0000000..1e19aa6 --- /dev/null +++ b/roles/common/meta/main.yml @@ -0,0 +1,15 @@ +dependencies: [] + +galaxy_info: + author: sonny + description: "Common tasks" + license: "license GPLv3" + min_ansible_version: 2.7 + issue_tracker_url: "https://git.fudiggity.nl/ansible/common/-/issues" + platforms: + - name: Debian + versions: + - buster + galaxy_tags: + - development + - system diff --git a/roles/common/tasks/host.yml b/roles/common/tasks/host.yml new file mode 100644 index 0000000..818e7c2 --- /dev/null +++ b/roles/common/tasks/host.yml @@ -0,0 +1,15 @@ +- name: copy hostname + template: + src: "hostname.j2" + dest: "/etc/hostname" + owner: root + group: root + mode: "0644" + +- name: copy hosts + template: + src: "hosts.j2" + dest: "/etc/hosts" + owner: root + group: root + mode: "0644" diff --git a/roles/common/tasks/known_hosts.yml b/roles/common/tasks/known_hosts.yml new file mode 100644 index 0000000..d8abe99 --- /dev/null +++ b/roles/common/tasks/known_hosts.yml @@ -0,0 +1,39 @@ +- name: load OS specific vars + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml" + - "{{ ansible_distribution|lower }}.yml" + - "{{ ansible_os_family|lower }}.yml" + paths: + - "{{ role_path }}/vars" + +- name: install packages + become: yes + package: + name: "{{ item }}" + state: present + loop: "{{ known_hosts_packages }}" + +- name: retrieve user $HOME + shell: "echo $HOME" # noqa 301 + become_user: "{{ user }}" + register: home_stats + +- name: set user $HOME + set_fact: + user_home: "{{ home_stats.stdout }}" + +- name: create local ssh directory + become_user: "{{ user }}" + file: + path: "{{ user_home }}/.ssh" + state: directory + mode: "0755" + +- name: add items to known hosts + become_user: "{{ user }}" + known_hosts: + name: "{{ item.domain }}" + key: "{{ item.key }}" + loop: "{{ items }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..9079cfa --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,2 @@ +- include_tasks: "setup.yml" + when: skip_common_setup is not defined or not skip_common_setup diff --git a/roles/common/tasks/network.yml b/roles/common/tasks/network.yml new file mode 100644 index 0000000..f9ff775 --- /dev/null +++ b/roles/common/tasks/network.yml @@ -0,0 +1,27 @@ +- name: check old network configuration + stat: path=/etc/network/interfaces + register: old_config + +- name: move old network configuration + command: mv /etc/network/interfaces /etc/network/interfaces.save + when: old_config.stat.exists + +- name: copy network configuration + template: + src: "network.j2" + dest: "/etc/systemd/network/50-default.network" + owner: root + group: root + mode: "0644" + notify: restart systemd-networkd + +- name: copy dns configuration + file: + src: "/run/systemd/resolve/resolv.conf" + dest: "/etc/resolv.conf" + owner: root + group: root + state: link + force: yes + mode: "0644" + notify: restart systemd-resolved diff --git a/roles/common/tasks/nginx.yml b/roles/common/tasks/nginx.yml new file mode 100644 index 0000000..965ef2a --- /dev/null +++ b/roles/common/tasks/nginx.yml @@ -0,0 +1,18 @@ +- name: install nginx + apt: + name: nginx + state: present + +- name: copy nginx config + template: + src: "nginx.conf.j2" + dest: "/etc/nginx/nginx.conf" + owner: root + group: root + mode: "0644" + +- name: remove default site + file: + path: "/etc/nginx/sites-enabled/default" + state: absent + notify: restart nginx diff --git a/roles/common/tasks/poetry.yml b/roles/common/tasks/poetry.yml new file mode 100644 index 0000000..8649337 --- /dev/null +++ b/roles/common/tasks/poetry.yml @@ -0,0 +1,73 @@ +- name: retrieve user $HOME # noqa 301 + shell: "echo $HOME" + become_user: "{{ poetry_user }}" + register: home_stats + +- name: retrieve user $PATH # noqa 301 + shell: "echo $PATH" + become_user: "{{ poetry_user }}" + register: path_stats + +- name: set poetry user variables + set_fact: + poetry_user_home: "{{ home_stats.stdout }}" + poetry_user_path: "{{ path_stats.stdout }}" + +- name: create user folder for binaries + become_user: "{{ poetry_user }}" + file: + state: directory + mode: "0755" + path: "{{ poetry_user_home }}/.local/bin" + +- name: set default python binary # noqa 208 + become: true + file: + state: link + src: "/usr/bin/python3" + dest: "/usr/bin/python" + when: ansible_distribution == "Ubuntu" + +- name: setup poetry for Ubuntu/Debian derived distro's + block: + - name: check poetry existence + become_user: "{{ poetry_user }}" + stat: + path: "{{ poetry_dir }}" + register: poetry_stats + + - name: download poetry installer + become_user: "{{ poetry_user }}" + get_url: + url: "{{ poetry_url }}" + dest: /tmp/ + mode: "0750" + when: poetry_stats.stat.isdir is not defined + + - name: install poetry + become_user: "{{ poetry_user }}" + command: "python /tmp/get-poetry.py --yes" # noqa 305 + environment: + POETRY_HOME: "{{ poetry_dir }}" + when: poetry_stats.stat.isdir is not defined + + - name: add poetry to user binaries # noqa 208 + become_user: "{{ poetry_user }}" + file: + state: link + src: "{{ poetry_dir }}/bin/poetry" + dest: "{{ poetry_user_home }}/.local/bin/poetry" + when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + +- name: setup poetry for Archlinux + become: true + pacman: + name: poetry + state: present + when: ansible_facts['os_family'] == "Archlinux" + +- name: update poetry config + become_user: "{{ poetry_user }}" + command: "poetry config virtualenvs.in-project true" # noqa 301 + environment: + PATH: "{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}" diff --git a/roles/common/tasks/setup.yml b/roles/common/tasks/setup.yml new file mode 100644 index 0000000..2811ac4 --- /dev/null +++ b/roles/common/tasks/setup.yml @@ -0,0 +1,51 @@ +- include_tasks: "sudoers.yml" + loop: + - { src: "sudoers.j2", dest: "/etc/sudoers.d/20-ansible-extra" } + +- name: copy ssh template + template: + src: "sshd_config.j2" + dest: "/etc/ssh/sshd_config" + owner: root + group: root + mode: "0644" + notify: reload ssh + +- name: viva la hollande + locale_gen: + name: nl_NL.UTF-8 + state: present + +- name: ensure basic tooling is installed + apt: + name: + - acl + - man + - apt-transport-https + - ca-certificates + - software-properties-common + - policykit-1 + - libpolkit-agent-1-0 + - nftables + - openssh-client + - bash-completion + - git + - vim + - curl + - tree + - haveged + - rsync + state: present + +- name: copy firewall template + template: + src: "nftables.j2" + dest: "/etc/nftables.conf" + owner: root + group: root + mode: "0600" + notify: restart nftables + +# see https://wiki.debian.org/systemd#Orphaned_processes +- name: enable loginctl user-linger + command: "loginctl enable-linger {{ default_user|quote }}" # noqa 301 diff --git a/roles/common/tasks/ssl.yml b/roles/common/tasks/ssl.yml new file mode 100644 index 0000000..a1cb905 --- /dev/null +++ b/roles/common/tasks/ssl.yml @@ -0,0 +1,39 @@ +- name: install SSL packages + apt: + name: + - python3-openssl + - python3-crypto + - python3-cryptography + - python-openssl + - python-crypto + - python-cryptography + state: present + +- name: create ssl directory + file: + path: "/etc/ssl/{{ app_name }}" + state: directory + owner: "{{ app_user }}" + group: "{{ app_user }}" + mode: 0750 + +- name: generate an OpenSSL private key with the default values (4096 bits, RSA) + become_user: "{{ app_user }}" + openssl_privatekey: + path: "/etc/ssl/{{ app_name }}/local.pem" + +- name: generate an OpenSSL certificate signing request + become_user: "{{ app_user }}" + openssl_csr: + path: "/etc/ssl/{{ app_name }}/local.csr" + privatekey_path: "/etc/ssl/{{ app_name }}/local.pem" + common_name: fudiggity.nl + +- name: generate a self signed OpenSSL certificate + become_user: "{{ app_user }}" + openssl_certificate: + force: yes + path: "/etc/ssl/{{ app_name }}/{{ app_name }}.crt" + privatekey_path: "/etc/ssl/{{ app_name }}/local.pem" + csr_path: "/etc/ssl/{{ app_name }}/local.csr" + provider: selfsigned diff --git a/roles/common/tasks/sudoers.yml b/roles/common/tasks/sudoers.yml new file mode 100644 index 0000000..c3c3bec --- /dev/null +++ b/roles/common/tasks/sudoers.yml @@ -0,0 +1,7 @@ +- name: copy extra sudoers file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "0644" diff --git a/roles/common/templates/hostname.j2 b/roles/common/templates/hostname.j2 new file mode 100644 index 0000000..5154983 --- /dev/null +++ b/roles/common/templates/hostname.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +{{ hostname }} diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..7f5beb2 --- /dev/null +++ b/roles/common/templates/hosts.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +127.0.0.1 localhost +127.0.1.1 {{ hostname }} + +# The following lines are desirable for IPv6 capable hosts +# ::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/roles/common/templates/network.j2 b/roles/common/templates/network.j2 new file mode 100644 index 0000000..526a790 --- /dev/null +++ b/roles/common/templates/network.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +[Match] +Name={{ host_interface }} + +[Network] +Address={{ host_ip }}/{{ host_subnet }} +Gateway={{ host_gateway }} +DNS={{ host_dns }} diff --git a/roles/common/templates/nftables.j2 b/roles/common/templates/nftables.j2 new file mode 100644 index 0000000..c755ea9 --- /dev/null +++ b/roles/common/templates/nftables.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +# vim:set ts=2 sw=2 et: + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # accept any localhost traffic + iif lo accept + + # accept traffic originated from us + ct state { established, related } accept + + tcp dport 22 accept + } +} diff --git a/roles/common/templates/nginx.conf.j2 b/roles/common/templates/nginx.conf.j2 new file mode 100644 index 0000000..ecac8dd --- /dev/null +++ b/roles/common/templates/nginx.conf.j2 @@ -0,0 +1,51 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; +} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers HIGH:!aNULL:!MD5; + + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 1d; + + ## + # Logging Settings + ## + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + gzip off; + + ## + # Virtual Host Configs + ## + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/roles/common/templates/sshd_config.j2 b/roles/common/templates/sshd_config.j2 new file mode 100644 index 0000000..cd03e07 --- /dev/null +++ b/roles/common/templates/sshd_config.j2 @@ -0,0 +1,123 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +MaxAuthTries 6 +#MaxSessions 10 + +PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/roles/common/templates/sudoers.j2 b/roles/common/templates/sudoers.j2 new file mode 100644 index 0000000..ac3bc08 --- /dev/null +++ b/roles/common/templates/sudoers.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +ansible ALL = ({{ default_user }}:{{ default_user }}) NOPASSWD: ALL diff --git a/roles/common/vars/archlinux.yml b/roles/common/vars/archlinux.yml new file mode 100644 index 0000000..acad597 --- /dev/null +++ b/roles/common/vars/archlinux.yml @@ -0,0 +1,2 @@ +known_hosts_packages: + - openssh diff --git a/roles/common/vars/debian-buster.yml b/roles/common/vars/debian-buster.yml new file mode 100644 index 0000000..64df6d3 --- /dev/null +++ b/roles/common/vars/debian-buster.yml @@ -0,0 +1 @@ +known_hosts_packages: [] diff --git a/roles/common/vars/ubuntu-focal.yml b/roles/common/vars/ubuntu-focal.yml new file mode 100644 index 0000000..64df6d3 --- /dev/null +++ b/roles/common/vars/ubuntu-focal.yml @@ -0,0 +1 @@ +known_hosts_packages: [] diff --git a/roles/requirements.yml b/roles/requirements.yml index 276b569..ba54c45 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -2,7 +2,3 @@ name: common version: master scm: git -- src: git+https://git.fudiggity.nl/ansible/npm.git - name: npm - version: master - scm: git diff --git a/tasks/git.yml b/tasks/git.yml new file mode 100644 index 0000000..3b07f8f --- /dev/null +++ b/tasks/git.yml @@ -0,0 +1,26 @@ +- name: copy git configuration + template: + src: 'templates/gitconfig.j2' + dest: '{{ ansible_env.HOME }}/.gitconfig' + +- name: copy keys + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } + - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } + +- name: import secret key + command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' + +- name: import public key + command: 'gpg --import ~/gpg.pub' + +- name: remove temp keys + file: + path: '{{ item }}' + state: absent + loop: + - '{{ ansible_env.HOME }}/gpg.key' + - '{{ ansible_env.HOME }}/gpg.pub' diff --git a/tasks/mpd.yml b/tasks/mpd.yml new file mode 100644 index 0000000..3eca3e5 --- /dev/null +++ b/tasks/mpd.yml @@ -0,0 +1,58 @@ +- name: set up sudoers configuration + become: yes + template: + src: 'templates/sudoers.j2' + dest: '/etc/sudoers.d/10-sonny' + owner: root + group: root + mode: '0644' + +- name: copy systemd configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { src: 'templates/mpd/service.j2', dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' } + - { src: 'templates/mpd/socket.j2', dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' } + +- name: create mpd files + file: + path: '{{ item.path }}' + state: '{{ item.state }}' + loop: + - { path: '{{ mpd_configuration_dir }}', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/log', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/database', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } + +- name: copy configuration file + template: + src: 'templates/mpd/mpd.j2' + dest: '{{ mpd_configuration_dir }}/mpd.conf' + +- name: copy nfs connection scripts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - { src: 'templates/mpd/music_mount.j2', dest: '{{ xdg_script_dir }}/music_mount' } + - { src: 'templates/mpd/music_umount.j2', dest: '{{ xdg_script_dir }}/music_umount' } + +- name: restart mpd service + systemd: + name: mpd.service + state: restarted + enabled: no + scope: user + when: platform == "desktop" + +- name: enable mpd socket + systemd: + name: mpd.socket + state: started + enabled: yes + scope: user + when: platform == "desktop" diff --git a/tasks/mpv.yml b/tasks/mpv.yml new file mode 100644 index 0000000..f5215a4 --- /dev/null +++ b/tasks/mpv.yml @@ -0,0 +1,14 @@ +- name: create configuration directory + file: + path: '{{ ansible_env.HOME }}/.config/mpv' + state: directory + mode: '0700' + +- name: copy configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0644' + loop: + - { src: 'templates/mpv/input.j2', dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' } + - { src: 'templates/mpv/config.j2', dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' } diff --git a/roles/arch/tasks/network.yml b/tasks/network.yml similarity index 69% rename from roles/arch/tasks/network.yml rename to tasks/network.yml index 5df08ff..76a32a8 100644 --- a/roles/arch/tasks/network.yml +++ b/tasks/network.yml @@ -1,22 +1,22 @@ - name: setup desktop systemd networkd become: yes template: - src: "desktop/network.j2" - dest: "/etc/systemd/network/20-wired.network" + src: 'templates/desktop/network.j2' + dest: '/etc/systemd/network/20-wired.network' owner: root group: root - mode: "0644" + mode: '0644' notify: restart systemd-networkd when: platform == "desktop" - name: setup laptop systemd networkd become: yes template: - src: "laptop/network.j2" - dest: "/etc/systemd/network/20-wireless.network" + src: 'templates/laptop/network.j2' + dest: '/etc/systemd/network/20-wireless.network' owner: root group: root - mode: "0644" + mode: '0644' notify: restart systemd-networkd when: platform == "laptop" @@ -38,9 +38,9 @@ - name: copy firewall template become: yes template: - src: "{{ platform }}/nftables.j2" - dest: "/etc/nftables.conf" + src: 'templates/{{ platform }}/nftables.j2' + dest: '/etc/nftables.conf' owner: root group: root - mode: "0600" + mode: '0600' notify: restart nftables diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml new file mode 100644 index 0000000..ec602bb --- /dev/null +++ b/tasks/openvpn.yml @@ -0,0 +1,70 @@ +- name: create configuration directories + become: yes + file: + path: '{{ item }}' + state: directory + owner: openvpn + group: openvpn + mode: '0750' + loop: + - '/etc/openvpn/client' + - '/etc/openvpn/client/zeus' + - '/etc/openvpn/server' + +- name: copy configuration + become: yes + template: + src: 'templates/{{ platform }}/openvpn.j2' + dest: '/etc/openvpn/client/zeus.conf' + owner: openvpn + group: openvpn + mode: '0644' + +- name: copy desktop credentials + become: yes + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: openvpn + group: openvpn + mode: '0600' + loop: + - { src: 'files/{{ platform }}/openvpn/ca.crt', dest: '/etc/openvpn/client/zeus/ca.crt' } + - { + src: 'files/{{ platform }}/openvpn/desktop.crt', + dest: '/etc/openvpn/client/zeus/desktop.crt', + } + - { + src: 'files/{{ platform }}/openvpn/desktop.key', + dest: '/etc/openvpn/client/zeus/desktop.key', + } + - { src: 'files/{{ platform }}/openvpn/ta.key', dest: '/etc/openvpn/client/zeus/ta.key' } + when: platform == "desktop" + +- name: copy laptop credentials + become: yes + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: openvpn + group: openvpn + mode: '0600' + loop: + - { src: 'files/{{ platform }}/openvpn/ca.crt', dest: '/etc/openvpn/client/zeus/ca.crt' } + - { + src: 'files/{{ platform }}/openvpn/laptop.crt', + dest: '/etc/openvpn/client/zeus/laptop.crt', + } + - { + src: 'files/{{ platform }}/openvpn/laptop.key', + dest: '/etc/openvpn/client/zeus/laptop.key', + } + - { src: 'files/{{ platform }}/openvpn/ta.key', dest: '/etc/openvpn/client/zeus/ta.key' } + when: platform == "laptop" + +- name: restart vpn + become: true + systemd: + name: openvpn-client@zeus + state: restarted + enabled: true diff --git a/roles/arch/tasks/platform.yml b/tasks/platform.yml similarity index 76% rename from roles/arch/tasks/platform.yml rename to tasks/platform.yml index c9a7dd2..287b9c7 100644 --- a/roles/arch/tasks/platform.yml +++ b/tasks/platform.yml @@ -5,18 +5,18 @@ - name: set platform (desktop) set_fact: - platform: "desktop" + platform: 'desktop' when: is_laptop.rc == 1 - name: set platform (laptop) set_fact: - platform: "laptop" + platform: 'laptop' when: is_laptop.rc == 0 - name: load desktop specific vars - include_vars: desktop.yml + include_vars: 'vars/desktop.yml' when: platform == "desktop" - name: load laptop specific vars - include_vars: laptop.yml + include_vars: 'vars/laptop.yml' when: platform == "laptop" diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..a39c4f3 --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,45 @@ +- name: copy reflector configuration + become: yes + template: + src: 'templates/reflector.j2' + dest: '/etc/xdg/reflector/reflector.conf' + owner: root + group: root + mode: '0600' + +# started by weekly timer +- name: disable reflector + become: true + systemd: + name: reflector + state: stopped + enabled: false + +- name: copy pacman configuration + become: yes + template: + src: 'templates/pacman.j2' + dest: '/etc/pacman.conf' + owner: root + group: root + mode: '0644' + +- name: create extra conf + become: yes + file: + path: '/etc/pacman.d/extra.conf' + owner: root + group: root + state: touch + mode: '0644' + +- name: copy powertop service + become: yes + template: + src: 'templates/{{ platform }}/powertop.j2' + dest: '/etc/systemd/system/powertop.service' + owner: root + group: root + mode: '0644' + notify: restart powertop + when: platform == "laptop" diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml new file mode 100644 index 0000000..5f9b44c --- /dev/null +++ b/tasks/syncthing.yml @@ -0,0 +1,11 @@ +- name: create configuration dir + file: + path: '{{ xdg_config_dir }}/syncthing' + state: directory + +- name: copy configuration file + template: + src: 'templates/{{ platform }}/syncthing.j2' + dest: '{{ xdg_config_dir }}/syncthing/config.xml' + mode: '0600' + notify: restart syncthing diff --git a/tasks/systemd.yml b/tasks/systemd.yml new file mode 100644 index 0000000..baee82e --- /dev/null +++ b/tasks/systemd.yml @@ -0,0 +1,25 @@ +- name: setup systemd user service folder + file: + path: '{{ xdg_config_dir }}/systemd/user' + state: directory + mode: '0755' + +- name: add ssh-agent service + template: + src: 'templates/ssh-agent.j2' + dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' + mode: '0644' + notify: restart user ssh-agent + +- name: copy tmux service + template: + src: 'templates/tmux.j2' + dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' + mode: '0644' + +- name: copy tmux startup script + copy: + src: 'files/tmux_start' + dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' + mode: '0740' + force: false diff --git a/tasks/timer.yml b/tasks/timer.yml new file mode 100644 index 0000000..a0ed44a --- /dev/null +++ b/tasks/timer.yml @@ -0,0 +1,42 @@ +- name: copy timer files + become: yes + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + mode: '0644' + loop: + - { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' } + - { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' } + notify: + - enable daily timer + - enable weekly timer + +- name: copy target files + become: yes + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + mode: '0644' + loop: + - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } + - { src: 'templates/timer/weekly_target.j2', dest: '/etc/systemd/system/weekly.target' } + +- name: create target directories + become: yes + file: + path: '{{ item }}' + state: directory + owner: root + mode: '0755' + loop: + - '/etc/systemd/system/daily.target.wants' + - '/etc/systemd/system/weekly.target.wants' + +- name: add reflector to weekly timer + become: yes + file: + src: '/usr/lib/systemd/system/reflector.service' + dest: '/etc/systemd/system/weekly.target.wants/reflector.service' + state: link diff --git a/roles/arch/templates/desktop/network.j2 b/templates/desktop/network.j2 similarity index 100% rename from roles/arch/templates/desktop/network.j2 rename to templates/desktop/network.j2 diff --git a/roles/arch/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 similarity index 100% rename from roles/arch/templates/desktop/nftables.j2 rename to templates/desktop/nftables.j2 diff --git a/roles/arch/templates/desktop/openvpn.j2 b/templates/desktop/openvpn.j2 similarity index 100% rename from roles/arch/templates/desktop/openvpn.j2 rename to templates/desktop/openvpn.j2 diff --git a/roles/arch/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 similarity index 100% rename from roles/arch/templates/desktop/syncthing.j2 rename to templates/desktop/syncthing.j2 diff --git a/roles/arch/templates/gitconfig.j2 b/templates/gitconfig.j2 similarity index 100% rename from roles/arch/templates/gitconfig.j2 rename to templates/gitconfig.j2 diff --git a/roles/arch/templates/laptop/network.j2 b/templates/laptop/network.j2 similarity index 100% rename from roles/arch/templates/laptop/network.j2 rename to templates/laptop/network.j2 diff --git a/roles/arch/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2 similarity index 100% rename from roles/arch/templates/laptop/nftables.j2 rename to templates/laptop/nftables.j2 diff --git a/roles/arch/templates/laptop/openvpn.j2 b/templates/laptop/openvpn.j2 similarity index 100% rename from roles/arch/templates/laptop/openvpn.j2 rename to templates/laptop/openvpn.j2 diff --git a/roles/arch/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 similarity index 100% rename from roles/arch/templates/laptop/powertop.j2 rename to templates/laptop/powertop.j2 diff --git a/roles/arch/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 similarity index 100% rename from roles/arch/templates/laptop/syncthing.j2 rename to templates/laptop/syncthing.j2 diff --git a/roles/arch/templates/mpd/mpd.j2 b/templates/mpd/mpd.j2 similarity index 100% rename from roles/arch/templates/mpd/mpd.j2 rename to templates/mpd/mpd.j2 diff --git a/roles/arch/templates/mpd/music_mount.j2 b/templates/mpd/music_mount.j2 similarity index 100% rename from roles/arch/templates/mpd/music_mount.j2 rename to templates/mpd/music_mount.j2 diff --git a/roles/arch/templates/mpd/music_umount.j2 b/templates/mpd/music_umount.j2 similarity index 100% rename from roles/arch/templates/mpd/music_umount.j2 rename to templates/mpd/music_umount.j2 diff --git a/roles/arch/templates/mpd/service.j2 b/templates/mpd/service.j2 similarity index 100% rename from roles/arch/templates/mpd/service.j2 rename to templates/mpd/service.j2 diff --git a/roles/arch/templates/mpd/socket.j2 b/templates/mpd/socket.j2 similarity index 100% rename from roles/arch/templates/mpd/socket.j2 rename to templates/mpd/socket.j2 diff --git a/roles/arch/templates/mpv/config.j2 b/templates/mpv/config.j2 similarity index 100% rename from roles/arch/templates/mpv/config.j2 rename to templates/mpv/config.j2 diff --git a/roles/arch/templates/mpv/input.j2 b/templates/mpv/input.j2 similarity index 100% rename from roles/arch/templates/mpv/input.j2 rename to templates/mpv/input.j2 diff --git a/roles/arch/templates/pacman.j2 b/templates/pacman.j2 similarity index 100% rename from roles/arch/templates/pacman.j2 rename to templates/pacman.j2 diff --git a/roles/arch/templates/reflector.j2 b/templates/reflector.j2 similarity index 100% rename from roles/arch/templates/reflector.j2 rename to templates/reflector.j2 diff --git a/roles/arch/templates/ssh-agent.j2 b/templates/ssh-agent.j2 similarity index 100% rename from roles/arch/templates/ssh-agent.j2 rename to templates/ssh-agent.j2 diff --git a/roles/arch/templates/sudoers.j2 b/templates/sudoers.j2 similarity index 100% rename from roles/arch/templates/sudoers.j2 rename to templates/sudoers.j2 diff --git a/roles/arch/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 similarity index 100% rename from roles/arch/templates/timer/daily_target.j2 rename to templates/timer/daily_target.j2 diff --git a/roles/arch/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 similarity index 100% rename from roles/arch/templates/timer/daily_timer.j2 rename to templates/timer/daily_timer.j2 diff --git a/roles/arch/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 similarity index 100% rename from roles/arch/templates/timer/weekly_target.j2 rename to templates/timer/weekly_target.j2 diff --git a/roles/arch/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 similarity index 100% rename from roles/arch/templates/timer/weekly_timer.j2 rename to templates/timer/weekly_timer.j2 diff --git a/roles/arch/templates/tmux.j2 b/templates/tmux.j2 similarity index 100% rename from roles/arch/templates/tmux.j2 rename to templates/tmux.j2 diff --git a/roles/arch/vars/desktop.yml b/vars/desktop.yml similarity index 100% rename from roles/arch/vars/desktop.yml rename to vars/desktop.yml diff --git a/roles/arch/defaults/main/gpg.yml b/vars/gpg.yml similarity index 100% rename from roles/arch/defaults/main/gpg.yml rename to vars/gpg.yml diff --git a/roles/arch/vars/laptop.yml b/vars/laptop.yml similarity index 100% rename from roles/arch/vars/laptop.yml rename to vars/laptop.yml diff --git a/roles/arch/defaults/main/main.yml b/vars/main.yml similarity index 100% rename from roles/arch/defaults/main/main.yml rename to vars/main.yml diff --git a/roles/arch/defaults/main/mpd.yml b/vars/mpd.yml similarity index 100% rename from roles/arch/defaults/main/mpd.yml rename to vars/mpd.yml diff --git a/roles/arch/defaults/main/vpn.yml b/vars/vpn.yml similarity index 100% rename from roles/arch/defaults/main/vpn.yml rename to vars/vpn.yml