README.md

@@ -1,86 +0,0 @@
-# Archlinux provisioning
-
-This repository contains several playbooks created to provision specific hosts.
-A playbook can be ran as follows:
-
-```
-$ ansible-playbook --limit desktop desktop.yml
-```
-
-The `--limit` parameter is required to run the playbook only for the specified host(s)
-as the default playbook that is included uses `hosts: all`.
-
-## Using systemd-nspawn
-
-Hosts with wired network devices can configure a MACVLAN device to allow networking 
-between systemd-nspawn containers and the host (or vice-versa) aswell as between containers
-and the outside world (through the hosts network device).
-
-### Creating a debian container
-
-First bootstrap a directory containing the files required for the container:
-
-```
-$ debootstrap --include=dbus,libpam-systemd,libnss-systemd,systemd-resolved stable /var/lib/machines/foo
-```
-
-Afterwards a root password can be set:
-
-```
-$ systemd-nspawn --directory /var/lib/machines/foo
-# passwd
-```
-
-To configure networking for the container, a configuration file can be made 
-in `/etc/systemd-nspawn/foo.nspawn` on the host. It should contain the following options:
-
-```
-[Exec]
-# Invokes the init program (usually systemd) when the container starts
-Boot=yes 
-Hostname=foo
-
-[Network]
-MACVLAN=enp1s0
-
-# Used for communication between containers in the same zone 
-Zone=test 
-```
-
-This allows the container to be managed with `machinectl` with the configured options
-in the nspawn configuration file without specifying these through commandline options.
-It is possible through skip this step, which can come in handy whenever a throwaway
-container is to be made, and specify these options through the commandline:
-
-```
-$ systemd-nspawn \
-  --boot \
-  --network-macvlan enp1s0 \
-  --network-zone test \
-  --hostname foo \
-  --directory /var/lib/machines/foo
-```
-
-See `man systemd.nspawn` for more configurable options for the `.nspawn` file. 
-
-Inside the container create a network configuration file for the MACVLAN device 
-in `/etc/systemd/network/10-mv-ensp1s0.network`:
-
-```
-[Match]
-Name=mv-enp1s0
-
-[Link]
-RequiredForOnline=routable
-
-[Network]
-DHCP=yes
-```
-
-Note that the example above can be adjusted to your likings. Afterwards enable (and start) the
-`systemd-networkd` service and verify the configuration is correctly applied.
-
-To setup DNS resolution don't forget to enable the `systemd-resolved` service inside
-the container.
-
-See the [Archlinux wiki](https://wiki.archlinux.org/title/Systemd-nspawn) for more information.

default.yml

@@ -15,7 +15,7 @@
       tags: network
 
     - name: Network host specific provisioning
-      ansible.builtin.import_tasks: "tasks/network/{{ hostname }}.yml"
+      ansible.builtin.import_tasks: "tasks/network/{{ ansible_hostname }}.yml"
       tags: network-specific
 
     - name: Systemd provisioning

desktop.yml

@@ -1,13 +1,10 @@
 ---
-- name: Include default playbook
-  ansible.builtin.import_playbook: default.yml
-  vars:
-    hostname: desktop
-
 - name: Arch Linux provisioning
   hosts: desktop
-  gather_facts: true
   tasks:
+    - name: Include default playbook
+      ansible.builtin.import_playbook: default.yml
+
     - name: Wireguard provisioning
       ansible.builtin.import_tasks: "tasks/wireguard.yml"
       tags: wireguard
@@ -24,6 +21,7 @@
       ansible.builtin.import_tasks: "tasks/syncthing.yml"
       tags: syncthing
 
+    # TODO: provision current macvlan setup
     - name: Desktop provisioning
       ansible.builtin.import_tasks: "tasks/desktop.yml"
       tags: desktop

host_vars/desktop/network.yml

@@ -1,7 +1,6 @@
 ---
 lan_interface: enp1s0
 lan_interface_mac: 00:d8:61:9f:52:65
-macvlan_interface: mv-0
 
 local_network_address: 192.168.2.15/24
 local_network_dns: 9.9.9.9 149.112.112.112

htpc.yml

@@ -1,12 +1,12 @@
 ---
+- hosts: htpc
+  gather_facts: true
+
 - name: Include default playbook
   ansible.builtin.import_playbook: default.yml
-  vars:
-    hostname: htpc
 
 - name: Arch Linux provisioning
   hosts: htpc
-  gather_facts: true
   tasks:
     - name: Wireguard media provisioning
       ansible.builtin.import_tasks: "tasks/wireguard-media.yml"

tasks/mpd.yml

@@ -18,7 +18,6 @@
     - stop mpd service
     - restart mpd socket
 
-# TODO: replace ncmpcpp with rmpc
 - name: Create mpd files
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -65,6 +64,7 @@
       dest: "{{ ncmpcpp_configuration_dir }}/bindings"
   notify:
     - stop mpd service
+
 # TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR
 # Use mpc to control local mpd server.
 # Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }}

tasks/network/desktop.yml

@@ -1,8 +1,8 @@
 ---
 - name: Desktop configuration
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
   block:
     - name: Setup network configuration
       become: true
@@ -15,12 +15,8 @@
       loop:
         - src: "templates/desktop/network/enp1s0.link.j2"
           dest: "/etc/systemd/network/20-enp1s0.link"
-        - src: "templates/desktop/network/enp1s0.network.j2"
+        - src: "templates/desktop//network/enp1s0.network.j2"
           dest: "/etc/systemd/network/20-enp1s0.network"
-        - src: "templates/desktop/network/mv-0.netdev.j2"
-          dest: "/etc/systemd/network/10-mv-0.netdev.j2"
-        - src: "templates/desktop/network/mv-0.network.j2"
-          dest: "/etc/systemd/network/30-mv-0.network.j2"
 
     - name: Remove leftover configuration files
       become: true

tasks/network/xps.yml

@@ -17,8 +17,8 @@
     - src: "templates/xps/network/wlan0.network.j2"
       dest: "/etc/systemd/network/20-wireless.network"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Create iwd directory
   become: true

tasks/setup.yml

@@ -117,7 +117,7 @@
       dest: "/etc/sysctl.d/99-sysrq.conf"
     - src: "templates/sysctl/98-forward.conf.j2"
       dest: "/etc/sysctl.d/98-foward.conf"
-  notify: Reload sysctl configuration
+  notify: reload sysctl configuration
 
 - name: Remove the modprobe.d directory
   become: true
@@ -139,12 +139,12 @@
     dest: "{{ item.dest }}"
     mode: "0755"
   loop: "{{ modprobe_templates }}"
-  when: "modprobe_templates | length > 0"
+  when: modprobe_templates
 
 - name: Copy kernel parameters template
   become: true
   ansible.builtin.template:
-    src: "templates/{{ ansible_facts['hostname'] }}/cmdline.j2"
+    src: "templates/{{ ansible_hostname }}/cmdline.j2"
     dest: "/etc/kernel/cmdline"
     mode: "0755"
 

tasks/wireguard-media.yml

@@ -17,8 +17,8 @@
     - "{{ wireguard_media_defaults.private_key_path | dirname }}"
     - "{{ wireguard_media_defaults.public_key_path | dirname }}"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Copy Wireguard credentials
   become: true
@@ -35,8 +35,8 @@
     - dest: "{{ wireguard_media_defaults.private_key_path }}"
       src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Copy Wireguard preshared keys
   become: true
@@ -48,8 +48,8 @@
     mode: "0640"
   loop: "{{ wireguard_media_defaults.peers }}"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Setup network configuration
   become: true
@@ -66,7 +66,7 @@
     - src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2"
       dest: "/etc/systemd/network/40-wg1.netdev"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
   vars:
     wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"

tasks/wireguard.yml

@@ -17,8 +17,8 @@
     - "{{ wireguard_defaults.private_key_path | dirname }}"
     - "{{ wireguard_defaults.public_key_path | dirname }}"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Copy Wireguard credentials
   become: true
@@ -35,8 +35,8 @@
     - dest: "{{ wireguard_defaults.private_key_path }}"
       src: "files/wireguard/{{ ansible_hostname }}/fudiggity.key"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Copy Wireguard preshared keys
   become: true
@@ -48,8 +48,8 @@
     mode: "0640"
   loop: "{{ wireguard_defaults.peers }}"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
 
 - name: Setup network configuration
   become: true
@@ -66,7 +66,7 @@
     - src: "templates/{{ ansible_hostname }}/network/wg0.netdev.j2"
       dest: "/etc/systemd/network/40-wg0.netdev"
   notify:
-    - Restart systemd-networkd
+    - restart systemd-networkd
-    - Restart systemd-resolved
+    - restart systemd-resolved
   vars:
     wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"

templates/desktop/network/mv-0.netdev.j2

@@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-
-[NetDev]
-Name={{ macvlan_interface }}
-Kind=macvlan
-
-[MACVLAN]
-Mode=bridge

templates/desktop/network/mv-0.network.j2

@@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-
-[Match]
-Name={{ macvlan_interface }}
-
-[Network]
-DHCP=yes
-BindCarrier={{ lan_interface }}

templates/htpc/network/enp1s0.network.j2

@@ -15,4 +15,3 @@ LinkLocalAddressing=no
 IPv6AcceptRA=no
 IPv6SendRA=no
 RequiredForOnline=routable
-MACVLAN={{ macvlan_interface }}

xps.yml

@@ -1,8 +1,6 @@
 ---
 - name: Include default playbook
   ansible.builtin.import_playbook: default.yml
-  vars:
-    hostname: xps
 
 - name: Arch Linux provisioning
   hosts: xps