From 82c451aa4e5f39bf4a96758d84b8cf4f4339409c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 08:29:32 +0100 Subject: [PATCH 1/6] Add boot loader configuration file --- tasks/setup.yml | 9 ++++++++- templates/loader.j2 | 9 +++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 templates/loader.j2 diff --git a/tasks/setup.yml b/tasks/setup.yml index 2b7c5e7..681d2cd 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,11 +1,18 @@ --- -- name: Provision pollkit administrator configuration +- name: Provision polkit administrator configuration become: true ansible.builtin.template: src: "templates/polkit.j2" dest: "/etc/polkit-1/rules.d/49-nopasswd_global.rules" mode: "0755" +- name: Provision systemd-boot loader configuration + become: true + ansible.builtin.template: + src: "templates/loader.j2" + dest: "/boot/loader/loader.conf" + mode: "0755" + - name: Install shared packages become: true community.general.pacman: diff --git a/templates/loader.j2 b/templates/loader.j2 new file mode 100644 index 0000000..7ac0098 --- /dev/null +++ b/templates/loader.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} + +timeout 5 +editor yes +console-mode max +auto-entries yes +auto-firmware yes +auto-reboot yes +auto-poweroff yes From 429299f763fb21783760632994e4621939fa38eb Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 08:30:22 +0100 Subject: [PATCH 2/6] Re-enable host specific network configuration --- default.yml | 8 ++++---- tasks/systemd.yml | 1 - templates/polkit.j2 | 1 - 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/default.yml b/default.yml index 7c0dda6..9ecb181 100644 --- a/default.yml +++ b/default.yml @@ -14,9 +14,9 @@ ansible.builtin.import_tasks: "tasks/network/main.yml" tags: network - # - name: Network host specific provisioning - # ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml' - # tags: network-specific + - name: Network host specific provisioning + ansible.builtin.import_tasks: "tasks/network/{{ ansible_hostname }}.yml" + tags: network-specific - name: Systemd provisioning ansible.builtin.import_tasks: "tasks/systemd.yml" @@ -26,7 +26,7 @@ ansible.builtin.import_tasks: "tasks/timer.yml" tags: timers - # Note: Disable DoH in Firefox to fallback to system's default DNS + # Note: Disable DoH in Firefox to fallback to system's default DNS # resolver, see # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - name: MPV provisioning diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 3c399c0..673526b 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -27,4 +27,3 @@ dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start" mode: "0740" force: false -# setup systemd-boot pacman hook diff --git a/templates/polkit.j2 b/templates/polkit.j2 index 86a4b5f..d2f18eb 100644 --- a/templates/polkit.j2 +++ b/templates/polkit.j2 @@ -2,7 +2,6 @@ * * Allow members of the wheel group to execute any actions * without password authentication, similar to "sudo NOPASSWD:" - * without password authentication, similar to "sudo NOPASSWD:" */ polkit.addRule(function(action, subject) { if (subject.isInGroup("wheel")) { From c3ca04881b1aa2fcc95ce2fcc0231477d8a479e7 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 08:30:49 +0100 Subject: [PATCH 3/6] Remove unused packages --- host_vars/desktop/system.yml | 3 +-- host_vars/xps/system.yml | 7 ++----- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 114bc11..c8e2856 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -28,12 +28,11 @@ packages: - postgresql - plasma-meta - wezterm - - kmail + - thunderbird - pipewire - pipewire-pulse - pipewire-alsa - merkuro - - kmail - aspell-nl - aspell-en diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index dea1e54..a544fbe 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -14,6 +14,7 @@ packages: - efibootmgr - git-delta + # custom host packages - keepassxc - gimp - firefox @@ -27,16 +28,12 @@ packages: - postgresql - plasma-meta - wezterm - - kmail + - thunderbird - pipewire - pipewire-pulse - pipewire-alsa - - merkuro - - kmail - aspell-nl - aspell-en - - # custom host packages - iwd - nvidia - nvidia-prime From ce503c1f1c2150b9ac7e6afa83206cbcf5248a23 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 19:33:53 +0100 Subject: [PATCH 4/6] Rename mpd tasks --- tasks/{mpd.yaml => mpd.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tasks/{mpd.yaml => mpd.yml} (100%) diff --git a/tasks/mpd.yaml b/tasks/mpd.yml similarity index 100% rename from tasks/mpd.yaml rename to tasks/mpd.yml From d2fb469108ba571e8ac3d9038072d7e2b2423069 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 19:34:29 +0100 Subject: [PATCH 5/6] Move default tasks inside task block --- desktop.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/desktop.yml b/desktop.yml index a2094b0..71b58d0 100644 --- a/desktop.yml +++ b/desktop.yml @@ -1,11 +1,10 @@ --- -- name: Include default playbook - ansible.builtin.import_playbook: default.yml - - name: Arch Linux provisioning hosts: desktop - gather_facts: true tasks: + - name: Include default playbook + ansible.builtin.import_playbook: default.yml + - name: Wireguard provisioning ansible.builtin.import_tasks: "tasks/wireguard.yml" tags: wireguard From b9c33d66ceac07ce636feef17fdab267ae522847 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 8 Jan 2026 19:34:55 +0100 Subject: [PATCH 6/6] Update syncthing configuration --- group_vars/all/main.yml | 1 + host_vars/desktop/syncthing.yml | 10 +-- host_vars/xps/syncthing.yml | 10 +-- tasks/syncthing.yml | 6 +- templates/syncthing/config.j2 | 112 -------------------------------- 5 files changed, 6 insertions(+), 133 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 1c18cd5..02c0dd1 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -16,6 +16,7 @@ packages: xdg_config_dir: "{{ ansible_env.HOME }}/.config" xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin" +xdg_state_dir: "{{ ansible_env.HOME }}/.local/state" modprobe_templates: [] mkinitcpio_templates: [] diff --git a/host_vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml index 9924820..0fad759 100644 --- a/host_vars/desktop/syncthing.yml +++ b/host_vars/desktop/syncthing.yml @@ -3,15 +3,7 @@ syncthing_listen_address: "0.0.0.0" syncthing_protocol_port: 22000 syncthing_gui_port: 8384 -syncthing_config_version: 37 -syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39643534383666343331666336356662333165633032356532323730316535616363393330376263 - 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 - 34653032646230313063613265313836383033353336333461376432363530633632313234323733 - 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 - 64666465356566313263376330643664313266646139663433663366316232613562663863366334 - 3061663839656563353663373135393233653130383735366538 +syncthing_config_version: 51 syncthing_devices: - name: Desktop diff --git a/host_vars/xps/syncthing.yml b/host_vars/xps/syncthing.yml index 01f40b3..e61f412 100644 --- a/host_vars/xps/syncthing.yml +++ b/host_vars/xps/syncthing.yml @@ -3,15 +3,7 @@ syncthing_listen_address: "0.0.0.0" syncthing_protocol_port: 22000 syncthing_gui_port: 8384 -syncthing_config_version: 37 -syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35346637623066636261633331343438313736356137633466306633613563343630363565643763 - 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 - 65336339383630313837323137613137303862613061326131313437316637383637666638313235 - 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 - 66333431636134366466373533616438326230323965333763316336393764303737663461363636 - 3061373832313462623765353130616237343966333332623262 +syncthing_config_version: 51 syncthing_devices: - name: Desktop diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index 409c53b..95a4a18 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,7 +1,7 @@ --- - name: Create configuration dir ansible.builtin.file: - path: "{{ xdg_config_dir }}/syncthing" + path: "{{ xdg_state_dir }}/syncthing" state: directory mode: "0755" @@ -14,6 +14,6 @@ - name: Copy configuration file ansible.builtin.template: src: "templates/syncthing/config.j2" - dest: "{{ xdg_config_dir }}/syncthing/config.xml" + dest: "{{ xdg_state_dir }}/syncthing/config.xml" mode: "0640" - notify: start syncthing + notify: Start syncthing diff --git a/templates/syncthing/config.j2 b/templates/syncthing/config.j2 index c48c0d8..372a48a 100644 --- a/templates/syncthing/config.j2 +++ b/templates/syncthing/config.j2 @@ -14,39 +14,7 @@ {%- endfor %} - basic 20 - - 3600 - - basic - - - 0 - 0 - 0 - random - false - 0 - 0 - -1 - false - false - false - 25 - .stfolder - false - 0 - 2 - false - standard - standard - false - false - false - false - false - false {%- endfor %} @@ -56,20 +24,12 @@ name="{{ device.name }}" compression="metadata">
{{ device.address }}
- false - false - 0 - 0 - 0 false - 0 - 0 {%- endfor %}
{{ syncthing_listen_address }}:{{ syncthing_gui_port }}
- {{ syncthing_api_key }} default true @@ -77,76 +37,4 @@ tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }} - - - - - basic - - - - - - 1 - - - 3600 - - basic - - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 2 - false - standard - standard - false - false - - - -
dynamic
- false - false - 0 - 0 - 0 - false - 0 - 0 - - - - (?d).DS_Store - -