From d5883a2b1dce6e491247bd073d9a117247b63678 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 9 Dec 2025 10:32:50 +0100 Subject: [PATCH 1/5] Switch to Inconsolata font --- group_vars/all/main.yml | 4 ++-- host_vars/desktop/system.yml | 2 ++ templates/wezterm/includes/fonts.lua.j2 | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 9084ba3..e88b165 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -8,7 +8,7 @@ packages: - iproute2 - curl - reflector - - otf-monaspace-nerd + - ttf-inconsolata - systemd-ukify - efibootmgr - git-delta @@ -25,4 +25,4 @@ server_domain: fudiggity.nl register_uefi_entries: false -wezterm_font_size: 11 +wezterm_font_size: 12 diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 93a9275..5c5b1b5 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -53,3 +53,5 @@ mkinitcpio_templates: boot_configuration: disk: /dev/sdc partition: 1 + +wezterm_font_size: 13 diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 index fb2735d..1ca6637 100644 --- a/templates/wezterm/includes/fonts.lua.j2 +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -4,7 +4,7 @@ local wezterm = require 'wezterm'; return { font = wezterm.font( - 'MonaspiceNe Nerd Font Mono', + 'Inconsolata Medium', { weight = 'Regular', stretch = 'Normal', style = 'Normal' } ), @@ -21,6 +21,5 @@ return { 'ss06', 'ss07', 'ss08', - 'liga' } } From a51ba82d3262227baa2d4fb36ebca1f95c37ee74 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 18 Dec 2025 13:38:34 +0100 Subject: [PATCH 2/5] Rename sandbox options --- templates/pacman.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/pacman.j2 b/templates/pacman.j2 index 76ce942..67088f6 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -41,7 +41,8 @@ CheckSpace VerbosePkgLists ParallelDownloads = 5 DownloadUser = alpm -#DisableSandbox +##DisableSandboxFilesystem +#DisableSandboxSyscalls # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. From 09fbaf597c0b25bd263385cb1ea156ce28103427 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 18 Dec 2025 13:50:22 +0100 Subject: [PATCH 3/5] Remove uefi entry configuration & add systemd-boot pacman hook --- group_vars/all/main.yml | 4 - host_vars/desktop/system.yml | 4 - host_vars/htpc/system.yml | 8 +- host_vars/xps/system.yml | 4 - tasks/setup.yml | 93 ++++++++--------------- tasks/systemd.yml | 1 + templates/{pacman.j2 => pacman/config.j2} | 0 templates/pacman/hook.j2 | 11 +++ 8 files changed, 47 insertions(+), 78 deletions(-) rename templates/{pacman.j2 => pacman/config.j2} (100%) create mode 100644 templates/pacman/hook.j2 diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index e88b165..b08f525 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -19,10 +19,6 @@ xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' modprobe_templates: [] mkinitcpio_templates: [] -boot_configuration: - server_domain: fudiggity.nl -register_uefi_entries: false - wezterm_font_size: 12 diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 5c5b1b5..b7c0ff8 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -50,8 +50,4 @@ mkinitcpio_templates: - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' -boot_configuration: - disk: /dev/sdc - partition: 1 - wezterm_font_size: 13 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml index c26db07..a7622c4 100644 --- a/host_vars/htpc/system.yml +++ b/host_vars/htpc/system.yml @@ -39,9 +39,5 @@ mkinitcpio_templates: - src: 'templates/htpc/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - -boot_configuration: - disk: /dev/sda - partition: 1 + - src: "templates/htpc/mkinitcpio/linux-lts.preset.j2" + dest: "/etc/mkinitcpio.d/linux-lts.preset" diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index 53ed97b..c17ea8a 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -42,10 +42,6 @@ packages: - nvidia-utils - lib32-nvidia-utils -boot_configuration: - disk: /dev/nvme0n1 - partition: 1 - mkinitcpio_templates: - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-modules.conf' diff --git a/tasks/setup.yml b/tasks/setup.yml index e2c0d73..65f34fb 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -28,47 +28,56 @@ - name: Copy pacman configuration become: true ansible.builtin.template: - src: 'templates/pacman.j2' - dest: '/etc/pacman.conf' + src: "templates/pacman/config.j2" + dest: "/etc/pacman.conf" owner: root group: root - mode: '0644' + mode: "0644" - name: Create extra conf become: true ansible.builtin.file: - path: '/etc/pacman.d/extra.conf' + path: "/etc/pacman.d/extra.conf" owner: root group: root state: touch - mode: '0644' + mode: "0644" + +- name: Copy systemd-boot pacman hook + become: true + ansible.builtin.template: + src: "templates/pacman/hook.j2" + dest: "/etc/pacman.d/hooks/100-systemd-boot.hook" + owner: root + group: root + mode: "0644" - name: Setup Wezterm when: "'wezterm' in packages" block: - name: Create wezterm configuration dir ansible.builtin.file: - path: '{{ xdg_config_dir }}/wezterm/includes' + path: "{{ xdg_config_dir }}/wezterm/includes" state: directory - mode: '0755' + mode: "0755" - name: Copy wezterm configuration files ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" loop: - - src: 'templates/wezterm/wezterm.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + - src: "templates/wezterm/wezterm.lua.j2" + dest: "{{ xdg_config_dir }}/wezterm/wezterm.lua" - - src: 'templates/wezterm/includes/colors.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + - src: "templates/wezterm/includes/colors.lua.j2" + dest: "{{ xdg_config_dir }}/wezterm/includes/colors.lua" - - src: 'templates/wezterm/includes/fonts.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + - src: "templates/wezterm/includes/fonts.lua.j2" + dest: "{{ xdg_config_dir }}/wezterm/includes/fonts.lua" - - src: 'templates/wezterm/includes/window.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + - src: "templates/wezterm/includes/window.lua.j2" + dest: "{{ xdg_config_dir }}/wezterm/includes/window.lua" - name: Enable fstrim timer become: true @@ -153,53 +162,17 @@ - name: Copy mkinitcpio configuration files become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: '{{ mkinitcpio_templates }}' - when: '{{ mkinitcpio_templates | length > 0 }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" + loop: "{{ mkinitcpio_templates }}" + when: "{{ mkinitcpio_templates | length > 0 }}" - name: Regenerate initramfs images become: true - ansible.builtin.command: 'mkinitcpio --allpresets' + ansible.builtin.command: "mkinitcpio --allpresets" register: mkinitcpio_stats - name: Log mkinitcpio stdout ansible.builtin.debug: var: mkinitcpio_stats.stdout_lines - -- name: Create a Linux UEFI boot entry - become: true - ansible.builtin.command: efibootmgr \ - --create \ - --disk '{{ boot_configuration.disk }}' \ - --part '{{ boot_configuration.partition }}' \ - --label 'Arch Linux' \ - --loader '\EFI\Linux\linux.efi'\ - --unicode - --index 0 - register: efi_linux_stats - when: register_uefi_entries - -- name: Log efibootmgr stdout - ansible.builtin.debug: - var: efi_linux_stats.stdout_lines - when: register_uefi_entries - -- name: Create a Linux LTS UEFI boot entry - become: true - ansible.builtin.command: efibootmgr \ - --create \ - --disk '{{ boot_configuration.disk }}' \ - --part '{{ boot_configuration.partition }}' \ - --label 'Arch Linux LTS' \ - --loader '\EFI\Linux\linux-lts.efi'\ - --unicode - --index 1 - register: efi_linux_lts_stats - when: register_uefi_entries - -- name: Log efibootmgr LTS stdout - ansible.builtin.debug: - var: efi_linux_lts_stats.stdout_lines - when: register_uefi_entries diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 4b6e6e5..4d196a7 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -26,3 +26,4 @@ dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' mode: '0740' force: false +# setup systemd-boot pacman hook diff --git a/templates/pacman.j2 b/templates/pacman/config.j2 similarity index 100% rename from templates/pacman.j2 rename to templates/pacman/config.j2 diff --git a/templates/pacman/hook.j2 b/templates/pacman/hook.j2 new file mode 100644 index 0000000..ebbec9c --- /dev/null +++ b/templates/pacman/hook.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +[Trigger] +Type = Package +Operation = Upgrade +Target = systemd + +[Action] +Description = Gracefully upgrading systemd-boot... +When = PostTransaction +Exec = /usr/bin/systemctl restart systemd-boot-update.service From 92f761f4bb14779c2a30e3cdfad5dba233494f3c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 18 Dec 2025 14:12:05 +0100 Subject: [PATCH 4/5] Update font configuration --- group_vars/all/main.yml | 3 ++- host_vars/desktop/system.yml | 4 ++-- host_vars/htpc/system.yml | 2 +- host_vars/xps/system.yml | 4 ++-- templates/wezterm/includes/fonts.lua.j2 | 2 +- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index b08f525..fe8c455 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -8,7 +8,7 @@ packages: - iproute2 - curl - reflector - - ttf-inconsolata + - ttf-ibm-plex - systemd-ukify - efibootmgr - git-delta @@ -21,4 +21,5 @@ mkinitcpio_templates: [] server_domain: fudiggity.nl +wezterm_font: IBM Plex Mono Medm wezterm_font_size: 12 diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index b7c0ff8..471eab2 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -8,7 +8,7 @@ packages: - iproute2 - curl - reflector - - otf-monaspace-nerd + - ttf-ibm-plex - systemd-ukify - efibootmgr - git-delta @@ -50,4 +50,4 @@ mkinitcpio_templates: - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' -wezterm_font_size: 13 +wezterm_font_size: 12 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml index a7622c4..624f260 100644 --- a/host_vars/htpc/system.yml +++ b/host_vars/htpc/system.yml @@ -8,7 +8,7 @@ packages: - iproute2 - curl - reflector - - otf-monaspace-nerd + - ttf-ibm-plex - systemd-ukify - efibootmgr - git-delta diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index c17ea8a..3630640 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -8,7 +8,7 @@ packages: - iproute2 - curl - reflector - - otf-monaspace-nerd + - ttf-ibm-plex - systemd-ukify - efibootmgr - git-delta @@ -55,4 +55,4 @@ mkinitcpio_templates: - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' -wezterm_font_size: 10 +wezterm_font_size: 11 diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 index 1ca6637..311da3c 100644 --- a/templates/wezterm/includes/fonts.lua.j2 +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -4,7 +4,7 @@ local wezterm = require 'wezterm'; return { font = wezterm.font( - 'Inconsolata Medium', + '{{ wezterm_font }}', { weight = 'Regular', stretch = 'Normal', style = 'Normal' } ), From 43d470edf34d9d7d9d4b88832c3b6682ff122c0c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 18 Dec 2025 15:00:37 +0100 Subject: [PATCH 5/5] Ran ansible-lint --- default.yml | 15 +++--- desktop.yml | 13 +++--- group_vars/all/main.yml | 6 +-- handlers.yml | 52 ++++++++++----------- host_vars/desktop/network.yml | 1 + host_vars/desktop/syncthing.yml | 21 +++++---- host_vars/desktop/system.yml | 17 +++---- host_vars/htpc/network.yml | 1 + host_vars/htpc/system.yml | 10 ++-- host_vars/xps/network.yml | 1 + host_vars/xps/pa-dlna.yml | 1 + host_vars/xps/syncthing.yml | 21 +++++---- host_vars/xps/system.yml | 17 +++---- htpc.yml | 5 +- inventory.yml | 1 + requirements.yml | 1 + tasks/desktop.yml | 9 ++-- tasks/mpd.yaml | 81 +++++++++++++++++---------------- tasks/mpv.yml | 19 ++++---- tasks/network/desktop.yml | 21 +++++---- tasks/network/main.yml | 9 ++-- tasks/network/xps.yml | 25 +++++----- tasks/setup.yml | 55 +++++++++++----------- tasks/syncthing.yml | 11 +++-- tasks/systemd.yml | 23 +++++----- tasks/timer.yml | 52 ++++++++++----------- tasks/wireguard-media.yml | 47 +++++++++---------- tasks/wireguard.yml | 47 +++++++++---------- tasks/xps.yml | 19 ++++---- vars/mpd.yml | 9 ++-- vars/wireguard-media.yml | 15 +++--- vars/wireguard.yml | 21 +++++---- xps.yml | 14 +++--- 33 files changed, 343 insertions(+), 317 deletions(-) diff --git a/default.yml b/default.yml index 16df3af..7c0dda6 100644 --- a/default.yml +++ b/default.yml @@ -1,3 +1,4 @@ +--- - name: Arch Linux provisioning gather_facts: true hosts: all @@ -5,12 +6,12 @@ - common tasks: - name: Generic provisioning - ansible.builtin.import_tasks: 'tasks/setup.yml' + ansible.builtin.import_tasks: "tasks/setup.yml" tags: setup # TODO: provision ssh client config with modern cyphers - name: Network provisioning - ansible.builtin.import_tasks: 'tasks/network/main.yml' + ansible.builtin.import_tasks: "tasks/network/main.yml" tags: network # - name: Network host specific provisioning @@ -18,23 +19,23 @@ # tags: network-specific - name: Systemd provisioning - ansible.builtin.import_tasks: 'tasks/systemd.yml' + ansible.builtin.import_tasks: "tasks/systemd.yml" tags: systemd - name: Systemd timer provisioning - ansible.builtin.import_tasks: 'tasks/timer.yml' + ansible.builtin.import_tasks: "tasks/timer.yml" tags: timers # Note: Disable DoH in Firefox to fallback to system's default DNS # resolver, see # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/mpv.yml' + ansible.builtin.import_tasks: "tasks/mpv.yml" tags: mpv handlers: - name: Import default handlers - ansible.builtin.import_tasks: 'handlers.yml' + ansible.builtin.import_tasks: "handlers.yml" - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' + ansible.builtin.import_tasks: "roles/common/handlers/user.yml" diff --git a/desktop.yml b/desktop.yml index ab87111..a2094b0 100644 --- a/desktop.yml +++ b/desktop.yml @@ -1,3 +1,4 @@ +--- - name: Include default playbook ansible.builtin.import_playbook: default.yml @@ -6,24 +7,24 @@ gather_facts: true tasks: - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/wireguard.yml' + ansible.builtin.import_tasks: "tasks/wireguard.yml" tags: wireguard - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + ansible.builtin.import_tasks: "tasks/wireguard-media.yml" tags: wireguard-media - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' + ansible.builtin.import_tasks: "tasks/mpd.yml" tags: mpd - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' + ansible.builtin.import_tasks: "tasks/syncthing.yml" tags: syncthing # TODO: provision current macvlan setup - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/desktop.yml' + ansible.builtin.import_tasks: "tasks/desktop.yml" tags: desktop handlers: @@ -31,4 +32,4 @@ ansible.builtin.import_tasks: handlers.yml - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' + ansible.builtin.import_tasks: "roles/common/handlers/user.yml" diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index fe8c455..1c18cd5 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,3 +1,4 @@ +--- packages: - nftables - tmux @@ -13,12 +14,11 @@ packages: - efibootmgr - git-delta -xdg_config_dir: '{{ ansible_env.HOME }}/.config' -xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' +xdg_config_dir: "{{ ansible_env.HOME }}/.config" +xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin" modprobe_templates: [] mkinitcpio_templates: [] - server_domain: fudiggity.nl wezterm_font: IBM Plex Mono Medm diff --git a/handlers.yml b/handlers.yml index dae3fe5..bbd4b4d 100644 --- a/handlers.yml +++ b/handlers.yml @@ -1,91 +1,91 @@ -- name: enable daily timer +--- +- name: Enable daily timer become: true - systemd: + ansible.builtin.systemd: name: daily.timer state: restarted enabled: true daemon-reload: true -- name: enable weekly timer +- name: Enable weekly timer become: true - systemd: + ansible.builtin.systemd: name: weekly.timer state: restarted enabled: true daemon-reload: true -- name: restart user ssh-agent - systemd: +- name: Restart user ssh-agent + ansible.builtin.systemd: name: ssh-agent state: restarted enabled: true daemon-reload: true scope: user -- name: start syncthing - systemd: +- name: Start syncthing + ansible.builtin.systemd: name: syncthing state: started enabled: true scope: user -- name: restart powertop +- name: Restart powertop become: true - systemd: + ansible.builtin.systemd: name: powertop state: restarted enabled: true daemon-reload: true -- name: restart systemd-networkd +- name: Restart systemd-networkd become: true - systemd: + ansible.builtin.systemd: name: systemd-networkd state: restarted enabled: true -- name: restart systemd-resolved +- name: Restart systemd-resolved become: true - systemd: + ansible.builtin.systemd: name: systemd-resolved state: started enabled: true -- name: restart iwd +- name: Restart iwd become: true - systemd: + ansible.builtin.systemd: name: iwd state: restarted enabled: true -- name: stop mpd service - systemd: +- name: Stop mpd service + ansible.builtin.systemd: name: mpd.service state: stopped enabled: false scope: user daemon-reload: true -- name: restart mpd socket - systemd: +- name: Restart mpd socket + ansible.builtin.systemd: name: mpd state: restarted enabled: true scope: user daemon-reload: true -- name: reload sysctl configuration +- name: Reload sysctl configuration become: true - command: 'sysctl --system' - -- name: restart tmux service - systemd: + ansible.builtin.command: "sysctl --system" +- name: Restart tmux service + ansible.builtin.systemd: name: tmux state: restarted enabled: true scope: user -- name: user daemon-reload +- name: User daemon-reload ansible.builtin.systemd: daemon-reload: true scope: user diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml index 1010119..76275fa 100644 --- a/host_vars/desktop/network.yml +++ b/host_vars/desktop/network.yml @@ -1,3 +1,4 @@ +--- lan_interface: enp1s0 lan_interface_mac: 00:d8:61:9f:52:65 diff --git a/host_vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml index a9f0bc0..9924820 100644 --- a/host_vars/desktop/syncthing.yml +++ b/host_vars/desktop/syncthing.yml @@ -1,16 +1,17 @@ -syncthing_listen_address: '0.0.0.0' +--- +syncthing_listen_address: "0.0.0.0" syncthing_protocol_port: 22000 syncthing_gui_port: 8384 syncthing_config_version: 37 syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39643534383666343331666336356662333165633032356532323730316535616363393330376263 - 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 - 34653032646230313063613265313836383033353336333461376432363530633632313234323733 - 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 - 64666465356566313263376330643664313266646139663433663366316232613562663863366334 - 3061663839656563353663373135393233653130383735366538 + $ANSIBLE_VAULT;1.1;AES256 + 39643534383666343331666336356662333165633032356532323730316535616363393330376263 + 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 + 34653032646230313063613265313836383033353336333461376432363530633632313234323733 + 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 + 64666465356566313263376330643664313266646139663433663366316232613562663863366334 + 3061663839656563353663373135393233653130383735366538 syncthing_devices: - name: Desktop @@ -28,7 +29,7 @@ syncthing_devices: syncthing_folders: - id: default label: Default - path: '{{ ansible_env.HOME }}/syncthing/default' + path: "{{ ansible_env.HOME }}/syncthing/default" type: sendreceive devices: - *syncthing_desktop_id @@ -37,7 +38,7 @@ syncthing_folders: - id: pictures label: Pictures - path: '{{ ansible_env.HOME }}/syncthing/pictures' + path: "{{ ansible_env.HOME }}/syncthing/pictures" type: sendreceive devices: - *syncthing_desktop_id diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 471eab2..114bc11 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -1,3 +1,4 @@ +--- packages: - nftables - tmux @@ -37,17 +38,17 @@ packages: - aspell-en modprobe_templates: - - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' - dest: '/etc/modprobe.d/99-amdgpu.conf' + - src: "templates/desktop/modprobe/99-amdgpu.conf.j2" + dest: "/etc/modprobe.d/99-amdgpu.conf" mkinitcpio_templates: - - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + - src: "templates/desktop/mkinitcpio/1-modules.conf.j2" + dest: "/etc/mkinitcpio.conf.d/1-amdgpu.conf" - - src: 'templates/desktop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' + - src: "templates/desktop/mkinitcpio/linux.preset.j2" + dest: "/etc/mkinitcpio.d/linux.preset" - - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' + - src: "templates/desktop/mkinitcpio/linux-lts.preset.j2" + dest: "/etc/mkinitcpio.d/linux-lts.preset" wezterm_font_size: 12 diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml index 10fc32b..234a1d6 100644 --- a/host_vars/htpc/network.yml +++ b/host_vars/htpc/network.yml @@ -1,3 +1,4 @@ +--- lan_interface: enp1s0 lan_interface_mac: bc:fc:e7:6e:73:53 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml index 624f260..05d7d53 100644 --- a/host_vars/htpc/system.yml +++ b/host_vars/htpc/system.yml @@ -1,3 +1,4 @@ +--- packages: - nftables - tmux @@ -31,13 +32,12 @@ wezterm_columns: 90 wezterm_rows: 18 modprobe_templates: [] - mkinitcpio_templates: - - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + - src: "templates/htpc/mkinitcpio/1-modules.conf.j2" + dest: "/etc/mkinitcpio.conf.d/1-amdgpu.conf" - - src: 'templates/htpc/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' + - src: "templates/htpc/mkinitcpio/linux.preset.j2" + dest: "/etc/mkinitcpio.d/linux.preset" - src: "templates/htpc/mkinitcpio/linux-lts.preset.j2" dest: "/etc/mkinitcpio.d/linux-lts.preset" diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index 864536b..f0eccca 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -1,3 +1,4 @@ +--- wireless_interface: wlan0 local_network_ssid: KPNAE51C6 diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml index 4361051..b38e132 100644 --- a/host_vars/xps/pa-dlna.yml +++ b/host_vars/xps/pa-dlna.yml @@ -1,2 +1,3 @@ +--- pa_dlna_version: 0.16 pa_dlna_systemd_version: 0.0.9 diff --git a/host_vars/xps/syncthing.yml b/host_vars/xps/syncthing.yml index a817845..01f40b3 100644 --- a/host_vars/xps/syncthing.yml +++ b/host_vars/xps/syncthing.yml @@ -1,16 +1,17 @@ -syncthing_listen_address: '0.0.0.0' +--- +syncthing_listen_address: "0.0.0.0" syncthing_protocol_port: 22000 syncthing_gui_port: 8384 syncthing_config_version: 37 syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35346637623066636261633331343438313736356137633466306633613563343630363565643763 - 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 - 65336339383630313837323137613137303862613061326131313437316637383637666638313235 - 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 - 66333431636134366466373533616438326230323965333763316336393764303737663461363636 - 3061373832313462623765353130616237343966333332623262 + $ANSIBLE_VAULT;1.1;AES256 + 35346637623066636261633331343438313736356137633466306633613563343630363565643763 + 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 + 65336339383630313837323137613137303862613061326131313437316637383637666638313235 + 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 + 66333431636134366466373533616438326230323965333763316336393764303737663461363636 + 3061373832313462623765353130616237343966333332623262 syncthing_devices: - name: Desktop @@ -28,7 +29,7 @@ syncthing_devices: syncthing_folders: - id: default label: Default - path: '{{ ansible_env.HOME }}/syncthing/default' + path: "{{ ansible_env.HOME }}/syncthing/default" type: sendreceive devices: - *syncthing_desktop_id @@ -37,7 +38,7 @@ syncthing_folders: - id: pictures label: Pictures - path: '{{ ansible_env.HOME }}/syncthing/pictures' + path: "{{ ansible_env.HOME }}/syncthing/pictures" type: sendreceive devices: - *syncthing_desktop_id diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index 3630640..dea1e54 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -1,3 +1,4 @@ +--- packages: - nftables - tmux @@ -43,16 +44,16 @@ packages: - lib32-nvidia-utils mkinitcpio_templates: - - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + - src: "templates/xps/mkinitcpio/1-modules.conf.j2" + dest: "/etc/mkinitcpio.conf.d/1-modules.conf" - - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2' - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + - src: "templates/xps/mkinitcpio/2-hooks.conf.j2" + dest: "/etc/mkinitcpio.conf.d/2-hooks.conf" - - src: 'templates/xps/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' + - src: "templates/xps/mkinitcpio/linux.preset.j2" + dest: "/etc/mkinitcpio.d/linux.preset" - - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' + - src: "templates/xps/mkinitcpio/linux-lts.preset.j2" + dest: "/etc/mkinitcpio.d/linux-lts.preset" wezterm_font_size: 11 diff --git a/htpc.yml b/htpc.yml index 28ffd78..5c44b81 100644 --- a/htpc.yml +++ b/htpc.yml @@ -1,3 +1,4 @@ +--- - hosts: htpc gather_facts: true @@ -8,7 +9,7 @@ hosts: htpc tasks: - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + ansible.builtin.import_tasks: "tasks/wireguard-media.yml" tags: wireguard-media handlers: @@ -16,4 +17,4 @@ ansible.builtin.import_tasks: handlers.yml - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' + ansible.builtin.import_tasks: "roles/common/handlers/user.yml" diff --git a/inventory.yml b/inventory.yml index 6e289f8..d0c95b4 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,3 +1,4 @@ +--- all: hosts: xps: diff --git a/requirements.yml b/requirements.yml index b20eeb6..7a0710c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,3 +1,4 @@ +--- - src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git name: common version: master diff --git a/tasks/desktop.yml b/tasks/desktop.yml index a5134cd..dd4dcae 100644 --- a/tasks/desktop.yml +++ b/tasks/desktop.yml @@ -1,12 +1,13 @@ +--- - name: Create xdg-desktop-portal.service.d directory ansible.builtin.file: - path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' + path: "{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d" state: directory - mode: '0755' + mode: "0755" - name: Copy xdg-desktop-portal.service drop-in ansible.builtin.template: src: templates/desktop/xdg-desktop-portal.service.j2 - dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' - mode: '0755' + dest: "{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf" + mode: "0755" notify: user daemon-reload diff --git a/tasks/mpd.yaml b/tasks/mpd.yaml index f3e29b7..cc81314 100644 --- a/tasks/mpd.yaml +++ b/tasks/mpd.yaml @@ -1,66 +1,67 @@ +--- - name: Include mpd defaults ansible.builtin.include_vars: file: vars/mpd.yml - name: Copy systemd configuration files ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0644' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0644" loop: - - src: 'templates/mpd/service.j2' - dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' + - src: "templates/mpd/service.j2" + dest: "{{ xdg_config_dir }}/systemd/user/mpd.service" - - src: 'templates/mpd/socket.j2' - dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' + - src: "templates/mpd/socket.j2" + dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket" notify: - stop mpd service - restart mpd socket - name: Create mpd files ansible.builtin.file: - path: '{{ item.path }}' - state: '{{ item.state }}' - mode: '0755' + path: "{{ item.path }}" + state: "{{ item.state }}" + mode: "0755" loop: - - path: '{{ mpd_configuration_dir }}' - state: 'directory' - - path: '{{ ncmpc_configuration_dir }}' - state: 'directory' - - path: '{{ ncmpcpp_configuration_dir }}' - state: 'directory' - - path: '{{ mpd_configuration_dir }}/playlists' - state: 'directory' - - path: '{{ mpd_configuration_dir }}/state' - state: 'touch' + - path: "{{ mpd_configuration_dir }}" + state: "directory" + - path: "{{ ncmpc_configuration_dir }}" + state: "directory" + - path: "{{ ncmpcpp_configuration_dir }}" + state: "directory" + - path: "{{ mpd_configuration_dir }}/playlists" + state: "directory" + - path: "{{ mpd_configuration_dir }}/state" + state: "touch" - name: Remove previous mpd files ansible.builtin.file: - path: '{{ item.path }}' - state: '{{ item.state }}' - mode: '0755' + path: "{{ item.path }}" + state: "{{ item.state }}" + mode: "0755" loop: - - path: '{{ mpd_configuration_dir }}/log' - state: 'absent' - - path: '{{ mpd_configuration_dir }}/database' - state: 'absent' - - path: '{{ mpd_configuration_dir }}/sticker.sql' - state: 'absent' - - path: '{{ ncmpc_configuration_dir }}' - state: 'absent' + - path: "{{ mpd_configuration_dir }}/log" + state: "absent" + - path: "{{ mpd_configuration_dir }}/database" + state: "absent" + - path: "{{ mpd_configuration_dir }}/sticker.sql" + state: "absent" + - path: "{{ ncmpc_configuration_dir }}" + state: "absent" - name: Copy configuration files ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" loop: - - src: 'templates/mpd/mpd.conf.j2' - dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/mpd/ncmpcpp/config.j2' - dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/mpd/ncmpcpp/bindings.j2' - dest: '{{ ncmpcpp_configuration_dir }}/bindings' + - src: "templates/mpd/mpd.conf.j2" + dest: "{{ mpd_configuration_dir }}/mpd.conf" + - src: "templates/mpd/ncmpcpp/config.j2" + dest: "{{ ncmpcpp_configuration_dir }}/config" + - src: "templates/mpd/ncmpcpp/bindings.j2" + dest: "{{ ncmpcpp_configuration_dir }}/bindings" notify: - stop mpd service diff --git a/tasks/mpv.yml b/tasks/mpv.yml index 3b4c52a..a7ba1bb 100644 --- a/tasks/mpv.yml +++ b/tasks/mpv.yml @@ -1,16 +1,17 @@ +--- - name: Create configuration directory ansible.builtin.file: - path: '{{ ansible_env.HOME }}/.config/mpv' + path: "{{ ansible_env.HOME }}/.config/mpv" state: directory - mode: '0700' + mode: "0700" - name: Copy configuration files ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0644' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0644" loop: - - src: 'templates/mpv/input.j2' - dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' - - src: 'templates/mpv/config.j2' - dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' + - src: "templates/mpv/input.j2" + dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf" + - src: "templates/mpv/config.j2" + dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf" diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml index 4eb16d8..dc1da43 100644 --- a/tasks/network/desktop.yml +++ b/tasks/network/desktop.yml @@ -1,3 +1,4 @@ +--- - name: Desktop configuration notify: - restart systemd-networkd @@ -6,22 +7,22 @@ - name: Setup network configuration become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - src: 'templates/desktop/network/enp1s0.link.j2' - dest: '/etc/systemd/network/20-enp1s0.link' - - src: 'templates/desktop//network/enp1s0.network.j2' - dest: '/etc/systemd/network/20-enp1s0.network' + - src: "templates/desktop/network/enp1s0.link.j2" + dest: "/etc/systemd/network/20-enp1s0.link" + - src: "templates/desktop//network/enp1s0.network.j2" + dest: "/etc/systemd/network/20-enp1s0.network" - name: Remove leftover configuration files become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: absent loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' + - "/etc/systemd/network/30-vmbr0.network" + - "/etc/systemd/network/30-vmbr0.netdev" diff --git a/tasks/network/main.yml b/tasks/network/main.yml index f8586b1..7e95b03 100644 --- a/tasks/network/main.yml +++ b/tasks/network/main.yml @@ -1,3 +1,4 @@ +--- # Note that Wireguard does DNS resolution only once during connection. # When a client's IP changes, the server should be notified in some way, # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` @@ -6,7 +7,7 @@ - name: Set hostname become: true ansible.builtin.hostname: - name: '{{ hostname }}' + name: "{{ hostname }}" use: systemd - name: Copy hosts file @@ -14,15 +15,15 @@ ansible.builtin.template: src: templates/hosts.j2 dest: /etc/hosts - mode: '0644' + mode: "0644" owner: root - name: Copy firewall template become: true ansible.builtin.template: - src: 'templates/{{ ansible_hostname }}/nftables.j2' + src: "templates/{{ ansible_hostname }}/nftables.j2" dest: /etc/nftables.conf owner: root group: root - mode: '0600' + mode: "0600" notify: restart nftables diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml index 0c99843..753ae43 100644 --- a/tasks/network/xps.yml +++ b/tasks/network/xps.yml @@ -1,20 +1,21 @@ +--- - name: Setup network configuration become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - src: 'templates/xps/network/wlan0-local.network.j2' - dest: '/etc/systemd/network/10-wireless.network' + - src: "templates/xps/network/wlan0-local.network.j2" + dest: "/etc/systemd/network/10-wireless.network" - - src: 'templates/xps/network/wlan0-frans.network.j2' - dest: '/etc/systemd/network/11-wireless.network' + - src: "templates/xps/network/wlan0-frans.network.j2" + dest: "/etc/systemd/network/11-wireless.network" - - src: 'templates/xps/network/wlan0.network.j2' - dest: '/etc/systemd/network/20-wireless.network' + - src: "templates/xps/network/wlan0.network.j2" + dest: "/etc/systemd/network/20-wireless.network" notify: - restart systemd-networkd - restart systemd-resolved @@ -24,7 +25,7 @@ ansible.builtin.template: src: templates/xps/iwd.j2 dest: /etc/iwd - mode: '0644' + mode: "0644" owner: root - name: Provision iwd configuration @@ -32,14 +33,14 @@ ansible.builtin.template: src: templates/xps/iwd.j2 dest: /etc/iwd/main.config - mode: '0755' + mode: "0755" owner: root notify: restart iwd - name: Remove leftover configuration files become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: absent loop: - /etc/systemd/network/30-vmbr0.network diff --git a/tasks/setup.yml b/tasks/setup.yml index 65f34fb..2b7c5e7 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,21 +1,22 @@ +--- - name: Provision pollkit administrator configuration become: true ansible.builtin.template: - src: 'templates/polkit.j2' - dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules' - mode: '0755' + src: "templates/polkit.j2" + dest: "/etc/polkit-1/rules.d/49-nopasswd_global.rules" + mode: "0755" - name: Install shared packages become: true community.general.pacman: - name: '{{ packages }}' + name: "{{ packages }}" - name: Copy reflector configuration become: true ansible.builtin.template: - src: 'templates/reflector.j2' - dest: '/etc/xdg/reflector/reflector.conf' - mode: '0600' + src: "templates/reflector.j2" + dest: "/etc/xdg/reflector/reflector.conf" + mode: "0600" # started by weekly timer - name: Disable reflector @@ -96,19 +97,19 @@ ansible.builtin.file: path: /etc/sysctl.d state: directory - mode: '0755' + mode: "0755" - name: Copy sysctl files become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" loop: - - src: 'templates/sysctl/99-sysrq.conf.j2' - dest: '/etc/sysctl.d/99-sysrq.conf' - - src: 'templates/sysctl/98-forward.conf.j2' - dest: '/etc/sysctl.d/98-foward.conf' + - src: "templates/sysctl/99-sysrq.conf.j2" + dest: "/etc/sysctl.d/99-sysrq.conf" + - src: "templates/sysctl/98-forward.conf.j2" + dest: "/etc/sysctl.d/98-foward.conf" notify: reload sysctl configuration - name: Remove the modprobe.d directory @@ -122,28 +123,28 @@ ansible.builtin.file: path: /etc/modprobe.d state: directory - mode: '0755' + mode: "0755" - name: Copy modprobe configuration files become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: '{{ modprobe_templates }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" + loop: "{{ modprobe_templates }}" when: modprobe_templates - name: Copy kernel parameters template become: true ansible.builtin.template: - src: 'templates/{{ ansible_hostname }}/cmdline.j2' - dest: '/etc/kernel/cmdline' - mode: '0755' + src: "templates/{{ ansible_hostname }}/cmdline.j2" + dest: "/etc/kernel/cmdline" + mode: "0755" - name: Remove the mkinitcpio directories become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: absent loop: - /etc/mkinitcpio.conf.d @@ -152,9 +153,9 @@ - name: Recreate the mkinitcpio directories become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: directory - mode: '0755' + mode: "0755" loop: - /etc/mkinitcpio.conf.d - /etc/mkinitcpio.d @@ -166,7 +167,7 @@ dest: "{{ item.dest }}" mode: "0755" loop: "{{ mkinitcpio_templates }}" - when: "{{ mkinitcpio_templates | length > 0 }}" + when: "mkinitcpio_templates | length > 0" - name: Regenerate initramfs images become: true diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index c54fde5..409c53b 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,8 +1,9 @@ +--- - name: Create configuration dir ansible.builtin.file: - path: '{{ xdg_config_dir }}/syncthing' + path: "{{ xdg_config_dir }}/syncthing" state: directory - mode: '0755' + mode: "0755" - name: Stop syncthing service ansible.builtin.systemd: @@ -12,7 +13,7 @@ - name: Copy configuration file ansible.builtin.template: - src: 'templates/syncthing/config.j2' - dest: '{{ xdg_config_dir }}/syncthing/config.xml' - mode: '0640' + src: "templates/syncthing/config.j2" + dest: "{{ xdg_config_dir }}/syncthing/config.xml" + mode: "0640" notify: start syncthing diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 4d196a7..3c399c0 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,29 +1,30 @@ +--- - name: Setup systemd user service folder ansible.builtin.file: - path: '{{ xdg_config_dir }}/systemd/user' + path: "{{ xdg_config_dir }}/systemd/user" state: directory - mode: '0755' + mode: "0755" - name: Add ssh-agent service ansible.builtin.template: - src: 'templates/ssh-agent.j2' - dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' - mode: '0644' + src: "templates/ssh-agent.j2" + dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service" + mode: "0644" notify: restart user ssh-agent - name: Copy tmux service ansible.builtin.template: - src: 'templates/tmux.j2' - dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' - mode: '0644' + src: "templates/tmux.j2" + dest: "{{ xdg_config_dir }}/systemd/user/tmux.service" + mode: "0644" notify: - user daemon-reload - restart tmux service - name: Copy tmux startup script ansible.builtin.copy: - src: 'files/tmux_start' - dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' - mode: '0740' + src: "files/tmux_start" + dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start" + mode: "0740" force: false # setup systemd-boot pacman hook diff --git a/tasks/timer.yml b/tasks/timer.yml index 7a2aa56..f68a50a 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -1,45 +1,43 @@ -- name: copy timer files +--- +- name: Copy timer files become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root - mode: '0644' + mode: "0644" loop: - - { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' } - - { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' } + - { src: "templates/timer/daily_timer.j2", dest: "/etc/systemd/system/daily.timer" } + - { src: "templates/timer/weekly_timer.j2", dest: "/etc/systemd/system/weekly.timer" } notify: - enable daily timer - enable weekly timer -- name: copy target files +- name: Copy target files become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root - mode: '0644' + mode: "0644" loop: - - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } - - { - src: 'templates/timer/weekly_target.j2', - dest: '/etc/systemd/system/weekly.target', - } + - { src: "templates/timer/daily_target.j2", dest: "/etc/systemd/system/daily.target" } + - { src: "templates/timer/weekly_target.j2", dest: "/etc/systemd/system/weekly.target" } -- name: create target directories +- name: Create target directories become: true - file: - path: '{{ item }}' + ansible.builtin.file: + path: "{{ item }}" state: directory owner: root - mode: '0755' + mode: "0755" loop: - - '/etc/systemd/system/daily.target.wants' - - '/etc/systemd/system/weekly.target.wants' + - "/etc/systemd/system/daily.target.wants" + - "/etc/systemd/system/weekly.target.wants" -- name: add reflector to weekly timer +- name: Add reflector to weekly timer become: true - file: - src: '/usr/lib/systemd/system/reflector.service' - dest: '/etc/systemd/system/weekly.target.wants/reflector.service' + ansible.builtin.file: + src: "/usr/lib/systemd/system/reflector.service" + dest: "/etc/systemd/system/weekly.target.wants/reflector.service" state: link diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml index b22e477..348befb 100644 --- a/tasks/wireguard-media.yml +++ b/tasks/wireguard-media.yml @@ -1,3 +1,4 @@ +--- - name: Include wireguard media defaults ansible.builtin.include_vars: file: vars/wireguard-media.yml @@ -5,16 +6,16 @@ - name: Create Wireguard directories become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" owner: root group: systemd-network - mode: '0750' + mode: "0750" state: directory recurse: true loop: - - '{{ vpn_config_dir }}' - - '{{ wireguard_media_defaults.private_key_path | dirname }}' - - '{{ wireguard_media_defaults.public_key_path | dirname }}' + - "{{ vpn_config_dir }}" + - "{{ wireguard_media_defaults.private_key_path | dirname }}" + - "{{ wireguard_media_defaults.public_key_path | dirname }}" notify: - restart systemd-networkd - restart systemd-resolved @@ -22,17 +23,17 @@ - name: Copy Wireguard credentials become: true ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - dest: '{{ wireguard_media_defaults.public_key_path }}' - src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub' + - dest: "{{ wireguard_media_defaults.public_key_path }}" + src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub" - - dest: '{{ wireguard_media_defaults.private_key_path }}' - src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key' + - dest: "{{ wireguard_media_defaults.private_key_path }}" + src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key" notify: - restart systemd-networkd - restart systemd-resolved @@ -40,12 +41,12 @@ - name: Copy Wireguard preshared keys become: true ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' + src: "{{ item.preshared_key_source_path }}" + dest: "{{ item.preshared_key_path }}" owner: root group: systemd-network - mode: '0640' - loop: '{{ wireguard_media_defaults.peers }}' + mode: "0640" + loop: "{{ wireguard_media_defaults.peers }}" notify: - restart systemd-networkd - restart systemd-resolved @@ -53,17 +54,17 @@ - name: Setup network configuration become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' + - src: "templates/{{ ansible_hostname }}/network/wg1.network.j2" + dest: "/etc/systemd/network/40-wg1.network" - - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' + - src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2" + dest: "/etc/systemd/network/40-wg1.netdev" notify: - restart systemd-networkd - restart systemd-resolved diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index bfd9418..06b5479 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -1,3 +1,4 @@ +--- - name: Include wireguard defaults ansible.builtin.include_vars: file: vars/wireguard.yml @@ -5,16 +6,16 @@ - name: Create Wireguard directories become: true ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" owner: root group: systemd-network - mode: '0750' + mode: "0750" state: directory recurse: true loop: - - '{{ vpn_config_dir }}' - - '{{ wireguard_defaults.private_key_path | dirname }}' - - '{{ wireguard_defaults.public_key_path | dirname }}' + - "{{ vpn_config_dir }}" + - "{{ wireguard_defaults.private_key_path | dirname }}" + - "{{ wireguard_defaults.public_key_path | dirname }}" notify: - restart systemd-networkd - restart systemd-resolved @@ -22,17 +23,17 @@ - name: Copy Wireguard credentials become: true ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - dest: '{{ wireguard_defaults.public_key_path }}' - src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub' + - dest: "{{ wireguard_defaults.public_key_path }}" + src: "files/wireguard/{ ansible_hostname }}/fudiggity.pub" - - dest: '{{ wireguard_defaults.private_key_path }}' - src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key' + - dest: "{{ wireguard_defaults.private_key_path }}" + src: "files/wireguard/{{ ansible_hostname }}/fudiggity.key" notify: - restart systemd-networkd - restart systemd-resolved @@ -40,12 +41,12 @@ - name: Copy Wireguard preshared keys become: true ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' + src: "{{ item.preshared_key_source_path }}" + dest: "{{ item.preshared_key_path }}" owner: root group: systemd-network - mode: '0640' - loop: '{{ wireguard_defaults.peers }}' + mode: "0640" + loop: "{{ wireguard_defaults.peers }}" notify: - restart systemd-networkd - restart systemd-resolved @@ -53,17 +54,17 @@ - name: Setup network configuration become: true ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: systemd-network - mode: '0640' + mode: "0640" loop: - - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' + - src: "templates/{{ ansible_hostname }}/network/wg0.network.j2" + dest: "/etc/systemd/network/40-wg0.network" - - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' + - src: "templates/{{ ansible_hostname }}/network/wg0.netdev.j2" + dest: "/etc/systemd/network/40-wg0.netdev" notify: - restart systemd-networkd - restart systemd-resolved diff --git a/tasks/xps.yml b/tasks/xps.yml index 06aeb90..42640dc 100644 --- a/tasks/xps.yml +++ b/tasks/xps.yml @@ -1,3 +1,4 @@ +--- - name: Provision powertop systemd service become: true ansible.builtin.file: @@ -8,21 +9,21 @@ block: - name: Create configuration directory ansible.builtin.file: - path: '{{ xdg_config_dir }}/pa-dlna' + path: "{{ xdg_config_dir }}/pa-dlna" state: directory - mode: '0755' + mode: "0755" - name: Copy configuration file ansible.builtin.template: src: templates/xps/pa-dlna/config.j2 - dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' - mode: '0755' + dest: "{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf" + mode: "0755" - name: Copy systemd service ansible.builtin.template: src: templates/xps/pa-dlna/service.j2 - dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' - mode: '0755' + dest: "{{ xdg_config_dir }}/systemd/user/pa-dlna.service" + mode: "0755" - name: Create virtualenv directory become: true @@ -31,16 +32,16 @@ state: directory owner: sonny group: sonny - mode: '0755' + mode: "0755" - name: Install pa-dlna ansible.builtin.pip: - name: 'pa-dlna=={{ pa_dlna_version }}' + name: "pa-dlna=={{ pa_dlna_version }}" virtualenv: /opt/virtualenv/pa-dlna virtualenv_command: python3.13 -m venv - name: Install python-systemd ansible.builtin.pip: - name: 'python-systemd=={{ pa_dlna_systemd_version }}' + name: "python-systemd=={{ pa_dlna_systemd_version }}" virtualenv: /opt/virtualenv/pa-dlna virtualenv_command: python3.13 -m venv diff --git a/vars/mpd.yml b/vars/mpd.yml index f28520a..c9e8541 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,10 +1,11 @@ +--- mpd_listen_address: 127.0.0.1 mpd_listen_port: 6600 -mpd_remote_address: 'mpd.{{ server_domain }}' +mpd_remote_address: "mpd.{{ server_domain }}" mpd_remote_port: 21000 mpd_remote_stream_port: 8000 -mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' -ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' -ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp' +mpd_configuration_dir: "{{ ansible_env.HOME }}/.config/mpd" +ncmpc_configuration_dir: "{{ ansible_env.HOME }}/.config/ncmpc" +ncmpcpp_configuration_dir: "{{ ansible_env.HOME }}/.config/ncmpcpp" diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml index 71c9f9c..1bf75b7 100644 --- a/vars/wireguard-media.yml +++ b/vars/wireguard-media.yml @@ -1,22 +1,23 @@ -vpn_config_dir: '/etc/wireguard' +--- +vpn_config_dir: "/etc/wireguard" wireguard_media_defaults: prefix: 24 interface: wg1 dns: 10.0.1.1 domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' + - "~media-vpn.{{ server_domain }}" + - "~jellyfin.{{ server_domain }}" - public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key' + public_key_path: "{{ vpn_config_dir }}/keys/public/media/fudiggity.pub" + private_key_path: "{{ vpn_config_dir }}/keys/private/media/fudiggity.key" peers: - name: fudiggity allowed_ips: - 10.0.1.0/24 - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' + endpoint: "{{ server_domain }}:51903" public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk' + preshared_key_path: "{{ vpn_config_dir }}/keys/private/media/fudiggity.psk" preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk diff --git a/vars/wireguard.yml b/vars/wireguard.yml index 4109b86..6ce6d24 100644 --- a/vars/wireguard.yml +++ b/vars/wireguard.yml @@ -1,18 +1,19 @@ -vpn_config_dir: '/etc/wireguard' +--- +vpn_config_dir: "/etc/wireguard" wireguard_defaults: prefix: 24 interface: wg0 dns: 10.0.0.1 domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' + - "~vpn.{{ server_domain }}" + - "~transmission.{{ server_domain }}" + - "~syncthing.{{ server_domain }}" + - "~radicale.{{ server_domain }}" + - "~mpd.{{ server_domain }}" - public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key' + public_key_path: "{{ vpn_config_dir }}/keys/public/default/fudiggity.pub" + private_key_path: "{{ vpn_config_dir }}/keys/private/default/fudiggity.key" peers: - name: fudiggity @@ -22,7 +23,7 @@ wireguard_defaults: - 172.32.238.0/24 - 172.64.238.0/24 - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' + endpoint: "{{ server_domain }}:51902" public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk' + preshared_key_path: "{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk" preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk diff --git a/xps.yml b/xps.yml index ca3ab0d..976e7ac 100644 --- a/xps.yml +++ b/xps.yml @@ -1,3 +1,4 @@ +--- - name: Include default playbook ansible.builtin.import_playbook: default.yml @@ -5,25 +6,24 @@ hosts: xps gather_facts: true tasks: - - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/wireguard.yml' + ansible.builtin.import_tasks: "tasks/wireguard.yml" tags: wireguard - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + ansible.builtin.import_tasks: "tasks/wireguard-media.yml" tags: wireguard-media - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' + ansible.builtin.import_tasks: "tasks/mpd.yml" tags: mpd - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' + ansible.builtin.import_tasks: "tasks/syncthing.yml" tags: syncthing - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/xps.yml' + ansible.builtin.import_tasks: "tasks/xps.yml" tags: xps handlers: @@ -31,4 +31,4 @@ ansible.builtin.import_tasks: handlers.yml - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' + ansible.builtin.import_tasks: "roles/common/handlers/user.yml"