sonny/arch-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: sonny:43d470edf34d9d7d9d4b88832c3b6682ff122c0c
Branches Tags
sonny:main
sonny:wireguard-refactor
sonny:file-structure
..
compare: sonny:da726a8ecfe888c5f32920e3c53a188ca5c3536b
Branches Tags
sonny:main
sonny:wireguard-refactor
sonny:file-structure

No commits in common. "43d470edf34d9d7d9d4b88832c3b6682ff122c0c" and "da726a8ecfe888c5f32920e3c53a188ca5c3536b" have entirely different histories.
43d470edf3 ... da726a8ecf

36 changed files with 402 additions and 400 deletions
Download patch file Download diff file Expand all files Collapse all files

15
default.yml
View file

@ -1,4 +1,3 @@
---
- name: Arch Linux provisioning
gather_facts: true
hosts: all
@ -6,12 +5,12 @@
- common
tasks:
- name: Generic provisioning
ansible.builtin.import_tasks: "tasks/setup.yml"
ansible.builtin.import_tasks: 'tasks/setup.yml'
tags: setup
# TODO: provision ssh client config with modern cyphers
- name: Network provisioning
ansible.builtin.import_tasks: "tasks/network/main.yml"
ansible.builtin.import_tasks: 'tasks/network/main.yml'
tags: network
# - name: Network host specific provisioning
@ -19,23 +18,23 @@
# tags: network-specific
- name: Systemd provisioning
ansible.builtin.import_tasks: "tasks/systemd.yml"
ansible.builtin.import_tasks: 'tasks/systemd.yml'
tags: systemd
- name: Systemd timer provisioning
ansible.builtin.import_tasks: "tasks/timer.yml"
ansible.builtin.import_tasks: 'tasks/timer.yml'
tags: timers
# Note: Disable DoH in Firefox to fallback to system's default DNS
# resolver, see
# https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings
- name: MPV provisioning
ansible.builtin.import_tasks: "tasks/mpv.yml"
ansible.builtin.import_tasks: 'tasks/mpv.yml'
tags: mpv
handlers:
- name: Import default handlers
ansible.builtin.import_tasks: "handlers.yml"
ansible.builtin.import_tasks: 'handlers.yml'
- name: Import common role handlers
ansible.builtin.import_tasks: "roles/common/handlers/user.yml"
ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'

13
desktop.yml
View file

@ -1,4 +1,3 @@
---
- name: Include default playbook
ansible.builtin.import_playbook: default.yml
@ -7,24 +6,24 @@
gather_facts: true
tasks:
- name: Wireguard provisioning
ansible.builtin.import_tasks: "tasks/wireguard.yml"
ansible.builtin.import_tasks: 'tasks/wireguard.yml'
tags: wireguard
- name: Wireguard media provisioning
ansible.builtin.import_tasks: "tasks/wireguard-media.yml"
ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
tags: wireguard-media
- name: MPD provisioning
ansible.builtin.import_tasks: "tasks/mpd.yml"
ansible.builtin.import_tasks: 'tasks/mpd.yml'
tags: mpd
- name: Syncthing provisioning
ansible.builtin.import_tasks: "tasks/syncthing.yml"
ansible.builtin.import_tasks: 'tasks/syncthing.yml'
tags: syncthing
# TODO: provision current macvlan setup
- name: Desktop provisioning
ansible.builtin.import_tasks: "tasks/desktop.yml"
ansible.builtin.import_tasks: 'tasks/desktop.yml'
tags: desktop
handlers:
@ -32,4 +31,4 @@
ansible.builtin.import_tasks: handlers.yml
- name: Import common role handlers
ansible.builtin.import_tasks: "roles/common/handlers/user.yml"
ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'

15
group_vars/all/main.yml
View file

@ -1,4 +1,3 @@
---
packages:
- nftables
- tmux
@ -9,17 +8,21 @@ packages:
- iproute2
- curl
- reflector
- ttf-ibm-plex
- otf-monaspace-nerd
- systemd-ukify
- efibootmgr
- git-delta
xdg_config_dir: "{{ ansible_env.HOME }}/.config"
xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin"
xdg_config_dir: '{{ ansible_env.HOME }}/.config'
xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
modprobe_templates: []
mkinitcpio_templates: []
boot_configuration:
server_domain: fudiggity.nl
wezterm_font: IBM Plex Mono Medm
wezterm_font_size: 12
register_uefi_entries: false
wezterm_font_size: 11

52
handlers.yml
View file

@ -1,91 +1,91 @@
---
- name: Enable daily timer
- name: enable daily timer
become: true
ansible.builtin.systemd:
systemd:
name: daily.timer
state: restarted
enabled: true
daemon-reload: true
- name: Enable weekly timer
- name: enable weekly timer
become: true
ansible.builtin.systemd:
systemd:
name: weekly.timer
state: restarted
enabled: true
daemon-reload: true
- name: Restart user ssh-agent
ansible.builtin.systemd:
- name: restart user ssh-agent
systemd:
name: ssh-agent
state: restarted
enabled: true
daemon-reload: true
scope: user
- name: Start syncthing
ansible.builtin.systemd:
- name: start syncthing
systemd:
name: syncthing
state: started
enabled: true
scope: user
- name: Restart powertop
- name: restart powertop
become: true
ansible.builtin.systemd:
systemd:
name: powertop
state: restarted
enabled: true
daemon-reload: true
- name: Restart systemd-networkd
- name: restart systemd-networkd
become: true
ansible.builtin.systemd:
systemd:
name: systemd-networkd
state: restarted
enabled: true
- name: Restart systemd-resolved
- name: restart systemd-resolved
become: true
ansible.builtin.systemd:
systemd:
name: systemd-resolved
state: started
enabled: true
- name: Restart iwd
- name: restart iwd
become: true
ansible.builtin.systemd:
systemd:
name: iwd
state: restarted
enabled: true
- name: Stop mpd service
ansible.builtin.systemd:
- name: stop mpd service
systemd:
name: mpd.service
state: stopped
enabled: false
scope: user
daemon-reload: true
- name: Restart mpd socket
ansible.builtin.systemd:
- name: restart mpd socket
systemd:
name: mpd
state: restarted
enabled: true
scope: user
daemon-reload: true
- name: Reload sysctl configuration
- name: reload sysctl configuration
become: true
ansible.builtin.command: "sysctl --system"
- name: Restart tmux service
ansible.builtin.systemd:
command: 'sysctl --system'
- name: restart tmux service
systemd:
name: tmux
state: restarted
enabled: true
scope: user
- name: User daemon-reload
- name: user daemon-reload
ansible.builtin.systemd:
daemon-reload: true
scope: user

1
host_vars/desktop/network.yml
View file

@ -1,4 +1,3 @@
---
lan_interface: enp1s0
lan_interface_mac: 00:d8:61:9f:52:65

21
host_vars/desktop/syncthing.yml
View file

@ -1,17 +1,16 @@
---
syncthing_listen_address: "0.0.0.0"
syncthing_listen_address: '0.0.0.0'
syncthing_protocol_port: 22000
syncthing_gui_port: 8384
syncthing_config_version: 37
syncthing_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
39643534383666343331666336356662333165633032356532323730316535616363393330376263
6164323430343961646635323739373363623764646361360a666566363736323739313533323562
34653032646230313063613265313836383033353336333461376432363530633632313234323733
6162646332623837370a646537336139336361666336363861353030633136373063333433643435
64666465356566313263376330643664313266646139663433663366316232613562663863366334
3061663839656563353663373135393233653130383735366538
$ANSIBLE_VAULT;1.1;AES256
39643534383666343331666336356662333165633032356532323730316535616363393330376263
6164323430343961646635323739373363623764646361360a666566363736323739313533323562
34653032646230313063613265313836383033353336333461376432363530633632313234323733
6162646332623837370a646537336139336361666336363861353030633136373063333433643435
64666465356566313263376330643664313266646139663433663366316232613562663863366334
3061663839656563353663373135393233653130383735366538
syncthing_devices:
- name: Desktop
@ -29,7 +28,7 @@ syncthing_devices:
syncthing_folders:
- id: default
label: Default
path: "{{ ansible_env.HOME }}/syncthing/default"
path: '{{ ansible_env.HOME }}/syncthing/default'
type: sendreceive
devices:
- *syncthing_desktop_id
@ -38,7 +37,7 @@ syncthing_folders:
- id: pictures
label: Pictures
path: "{{ ansible_env.HOME }}/syncthing/pictures"
path: '{{ ansible_env.HOME }}/syncthing/pictures'
type: sendreceive
devices:
- *syncthing_desktop_id

23
host_vars/desktop/system.yml
View file

@ -1,4 +1,3 @@
---
packages:
- nftables
- tmux
@ -9,7 +8,7 @@ packages:
- iproute2
- curl
- reflector
- ttf-ibm-plex
- otf-monaspace-nerd
- systemd-ukify
- efibootmgr
- git-delta
@ -38,17 +37,19 @@ packages:
- aspell-en
modprobe_templates:
- src: "templates/desktop/modprobe/99-amdgpu.conf.j2"
dest: "/etc/modprobe.d/99-amdgpu.conf"
- src: 'templates/desktop/modprobe/99-amdgpu.conf.j2'
dest: '/etc/modprobe.d/99-amdgpu.conf'
mkinitcpio_templates:
- src: "templates/desktop/mkinitcpio/1-modules.conf.j2"
dest: "/etc/mkinitcpio.conf.d/1-amdgpu.conf"
- src: 'templates/desktop/mkinitcpio/1-modules.conf.j2'
dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
- src: "templates/desktop/mkinitcpio/linux.preset.j2"
dest: "/etc/mkinitcpio.d/linux.preset"
- src: 'templates/desktop/mkinitcpio/linux.preset.j2'
dest: '/etc/mkinitcpio.d/linux.preset'
- src: "templates/desktop/mkinitcpio/linux-lts.preset.j2"
dest: "/etc/mkinitcpio.d/linux-lts.preset"
- src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2'
dest: '/etc/mkinitcpio.d/linux-lts.preset'
wezterm_font_size: 12
boot_configuration:
disk: /dev/sdc
partition: 1

1
host_vars/htpc/network.yml
View file

@ -1,4 +1,3 @@
---
lan_interface: enp1s0
lan_interface_mac: bc:fc:e7:6e:73:53

20
host_vars/htpc/system.yml
View file

@ -1,4 +1,3 @@
---
packages:
- nftables
- tmux
@ -9,7 +8,7 @@ packages:
- iproute2
- curl
- reflector
- ttf-ibm-plex
- otf-monaspace-nerd
- systemd-ukify
- efibootmgr
- git-delta
@ -32,12 +31,17 @@ wezterm_columns: 90
wezterm_rows: 18
modprobe_templates: []
mkinitcpio_templates:
- src: "templates/htpc/mkinitcpio/1-modules.conf.j2"
dest: "/etc/mkinitcpio.conf.d/1-amdgpu.conf"
- src: 'templates/htpc/mkinitcpio/1-modules.conf.j2'
dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
- src: "templates/htpc/mkinitcpio/linux.preset.j2"
dest: "/etc/mkinitcpio.d/linux.preset"
- src: 'templates/htpc/mkinitcpio/linux.preset.j2'
dest: '/etc/mkinitcpio.d/linux.preset'
- src: "templates/htpc/mkinitcpio/linux-lts.preset.j2"
dest: "/etc/mkinitcpio.d/linux-lts.preset"
- src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2'
dest: '/etc/mkinitcpio.d/linux-lts.preset'
boot_configuration:
disk: /dev/sda
partition: 1

1
host_vars/xps/network.yml
View file

@ -1,4 +1,3 @@
---
wireless_interface: wlan0
local_network_ssid: KPNAE51C6

1
host_vars/xps/pa-dlna.yml
View file

@ -1,3 +1,2 @@
---
pa_dlna_version: 0.16
pa_dlna_systemd_version: 0.0.9

21
host_vars/xps/syncthing.yml
View file

@ -1,17 +1,16 @@
---
syncthing_listen_address: "0.0.0.0"
syncthing_listen_address: '0.0.0.0'
syncthing_protocol_port: 22000
syncthing_gui_port: 8384
syncthing_config_version: 37
syncthing_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
35346637623066636261633331343438313736356137633466306633613563343630363565643763
6631623461663330633537386539376435356338393537620a666234373932636162653830316339
65336339383630313837323137613137303862613061326131313437316637383637666638313235
6463333235646536620a316163666431323530353330356633393035663933613761313031656561
66333431636134366466373533616438326230323965333763316336393764303737663461363636
3061373832313462623765353130616237343966333332623262
$ANSIBLE_VAULT;1.1;AES256
35346637623066636261633331343438313736356137633466306633613563343630363565643763
6631623461663330633537386539376435356338393537620a666234373932636162653830316339
65336339383630313837323137613137303862613061326131313437316637383637666638313235
6463333235646536620a316163666431323530353330356633393035663933613761313031656561
66333431636134366466373533616438326230323965333763316336393764303737663461363636
3061373832313462623765353130616237343966333332623262
syncthing_devices:
- name: Desktop
@ -29,7 +28,7 @@ syncthing_devices:
syncthing_folders:
- id: default
label: Default
path: "{{ ansible_env.HOME }}/syncthing/default"
path: '{{ ansible_env.HOME }}/syncthing/default'
type: sendreceive
devices:
- *syncthing_desktop_id
@ -38,7 +37,7 @@ syncthing_folders:
- id: pictures
label: Pictures
path: "{{ ansible_env.HOME }}/syncthing/pictures"
path: '{{ ansible_env.HOME }}/syncthing/pictures'
type: sendreceive
devices:
- *syncthing_desktop_id

25
host_vars/xps/system.yml
View file

@ -1,4 +1,3 @@
---
packages:
- nftables
- tmux
@ -9,7 +8,7 @@ packages:
- iproute2
- curl
- reflector
- ttf-ibm-plex
- otf-monaspace-nerd
- systemd-ukify
- efibootmgr
- git-delta
@ -43,17 +42,21 @@ packages:
- nvidia-utils
- lib32-nvidia-utils
boot_configuration:
disk: /dev/nvme0n1
partition: 1
mkinitcpio_templates:
- src: "templates/xps/mkinitcpio/1-modules.conf.j2"
dest: "/etc/mkinitcpio.conf.d/1-modules.conf"
- src: 'templates/xps/mkinitcpio/1-modules.conf.j2'
dest: '/etc/mkinitcpio.conf.d/1-modules.conf'
- src: "templates/xps/mkinitcpio/2-hooks.conf.j2"
dest: "/etc/mkinitcpio.conf.d/2-hooks.conf"
- src: 'templates/xps/mkinitcpio/2-hooks.conf.j2'
dest: '/etc/mkinitcpio.conf.d/2-hooks.conf'
- src: "templates/xps/mkinitcpio/linux.preset.j2"
dest: "/etc/mkinitcpio.d/linux.preset"
- src: 'templates/xps/mkinitcpio/linux.preset.j2'
dest: '/etc/mkinitcpio.d/linux.preset'
- src: "templates/xps/mkinitcpio/linux-lts.preset.j2"
dest: "/etc/mkinitcpio.d/linux-lts.preset"
- src: 'templates/xps/mkinitcpio/linux-lts.preset.j2'
dest: '/etc/mkinitcpio.d/linux-lts.preset'
wezterm_font_size: 11
wezterm_font_size: 10

5
htpc.yml
View file

@ -1,4 +1,3 @@
---
- hosts: htpc
gather_facts: true
@ -9,7 +8,7 @@
hosts: htpc
tasks:
- name: Wireguard media provisioning
ansible.builtin.import_tasks: "tasks/wireguard-media.yml"
ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
tags: wireguard-media
handlers:
@ -17,4 +16,4 @@
ansible.builtin.import_tasks: handlers.yml
- name: Import common role handlers
ansible.builtin.import_tasks: "roles/common/handlers/user.yml"
ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'

1
inventory.yml
View file

@ -1,4 +1,3 @@
---
all:
hosts:
xps:

1
requirements.yml
View file

@ -1,4 +1,3 @@
---
- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git
name: common
version: master

9
tasks/desktop.yml
View file

@ -1,13 +1,12 @@
---
- name: Create xdg-desktop-portal.service.d directory
ansible.builtin.file:
path: "{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d"
path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d'
state: directory
mode: "0755"
mode: '0755'
- name: Copy xdg-desktop-portal.service drop-in
ansible.builtin.template:
src: templates/desktop/xdg-desktop-portal.service.j2
dest: "{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf"
mode: "0755"
dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf'
mode: '0755'
notify: user daemon-reload

81
tasks/mpd.yaml
View file

@ -1,67 +1,66 @@
---
- name: Include mpd defaults
ansible.builtin.include_vars:
file: vars/mpd.yml
- name: Copy systemd configuration files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0644"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0644'
loop:
- src: "templates/mpd/service.j2"
dest: "{{ xdg_config_dir }}/systemd/user/mpd.service"
- src: 'templates/mpd/service.j2'
dest: '{{ xdg_config_dir }}/systemd/user/mpd.service'
- src: "templates/mpd/socket.j2"
dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket"
- src: 'templates/mpd/socket.j2'
dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
notify:
- stop mpd service
- restart mpd socket
- name: Create mpd files
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "0755"
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '0755'
loop:
- path: "{{ mpd_configuration_dir }}"
state: "directory"
- path: "{{ ncmpc_configuration_dir }}"
state: "directory"
- path: "{{ ncmpcpp_configuration_dir }}"
state: "directory"
- path: "{{ mpd_configuration_dir }}/playlists"
state: "directory"
- path: "{{ mpd_configuration_dir }}/state"
state: "touch"
- path: '{{ mpd_configuration_dir }}'
state: 'directory'
- path: '{{ ncmpc_configuration_dir }}'
state: 'directory'
- path: '{{ ncmpcpp_configuration_dir }}'
state: 'directory'
- path: '{{ mpd_configuration_dir }}/playlists'
state: 'directory'
- path: '{{ mpd_configuration_dir }}/state'
state: 'touch'
- name: Remove previous mpd files
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "0755"
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '0755'
loop:
- path: "{{ mpd_configuration_dir }}/log"
state: "absent"
- path: "{{ mpd_configuration_dir }}/database"
state: "absent"
- path: "{{ mpd_configuration_dir }}/sticker.sql"
state: "absent"
- path: "{{ ncmpc_configuration_dir }}"
state: "absent"
- path: '{{ mpd_configuration_dir }}/log'
state: 'absent'
- path: '{{ mpd_configuration_dir }}/database'
state: 'absent'
- path: '{{ mpd_configuration_dir }}/sticker.sql'
state: 'absent'
- path: '{{ ncmpc_configuration_dir }}'
state: 'absent'
- name: Copy configuration files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0755"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: "templates/mpd/mpd.conf.j2"
dest: "{{ mpd_configuration_dir }}/mpd.conf"
- src: "templates/mpd/ncmpcpp/config.j2"
dest: "{{ ncmpcpp_configuration_dir }}/config"
- src: "templates/mpd/ncmpcpp/bindings.j2"
dest: "{{ ncmpcpp_configuration_dir }}/bindings"
- src: 'templates/mpd/mpd.conf.j2'
dest: '{{ mpd_configuration_dir }}/mpd.conf'
- src: 'templates/mpd/ncmpcpp/config.j2'
dest: '{{ ncmpcpp_configuration_dir }}/config'
- src: 'templates/mpd/ncmpcpp/bindings.j2'
dest: '{{ ncmpcpp_configuration_dir }}/bindings'
notify:
- stop mpd service

19
tasks/mpv.yml
View file

@ -1,17 +1,16 @@
---
- name: Create configuration directory
ansible.builtin.file:
path: "{{ ansible_env.HOME }}/.config/mpv"
path: '{{ ansible_env.HOME }}/.config/mpv'
state: directory
mode: "0700"
mode: '0700'
- name: Copy configuration files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0644"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0644'
loop:
- src: "templates/mpv/input.j2"
dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf"
- src: "templates/mpv/config.j2"
dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf"
- src: 'templates/mpv/input.j2'
dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf'
- src: 'templates/mpv/config.j2'
dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf'

21
tasks/network/desktop.yml
View file

@ -1,4 +1,3 @@
---
- name: Desktop configuration
notify:
- restart systemd-networkd
@ -7,22 +6,22 @@
- name: Setup network configuration
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- src: "templates/desktop/network/enp1s0.link.j2"
dest: "/etc/systemd/network/20-enp1s0.link"
- src: "templates/desktop//network/enp1s0.network.j2"
dest: "/etc/systemd/network/20-enp1s0.network"
- src: 'templates/desktop/network/enp1s0.link.j2'
dest: '/etc/systemd/network/20-enp1s0.link'
- src: 'templates/desktop//network/enp1s0.network.j2'
dest: '/etc/systemd/network/20-enp1s0.network'
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
state: absent
loop:
- "/etc/systemd/network/30-vmbr0.network"
- "/etc/systemd/network/30-vmbr0.netdev"
- '/etc/systemd/network/30-vmbr0.network'
- '/etc/systemd/network/30-vmbr0.netdev'

9
tasks/network/main.yml
View file

@ -1,4 +1,3 @@
---
# Note that Wireguard does DNS resolution only once during connection.
# When a client's IP changes, the server should be notified in some way,
# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
@ -7,7 +6,7 @@
- name: Set hostname
become: true
ansible.builtin.hostname:
name: "{{ hostname }}"
name: '{{ hostname }}'
use: systemd
- name: Copy hosts file
@ -15,15 +14,15 @@
ansible.builtin.template:
src: templates/hosts.j2
dest: /etc/hosts
mode: "0644"
mode: '0644'
owner: root
- name: Copy firewall template
become: true
ansible.builtin.template:
src: "templates/{{ ansible_hostname }}/nftables.j2"
src: 'templates/{{ ansible_hostname }}/nftables.j2'
dest: /etc/nftables.conf
owner: root
group: root
mode: "0600"
mode: '0600'
notify: restart nftables

25
tasks/network/xps.yml
View file

@ -1,21 +1,20 @@
---
- name: Setup network configuration
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- src: "templates/xps/network/wlan0-local.network.j2"
dest: "/etc/systemd/network/10-wireless.network"
- src: 'templates/xps/network/wlan0-local.network.j2'
dest: '/etc/systemd/network/10-wireless.network'
- src: "templates/xps/network/wlan0-frans.network.j2"
dest: "/etc/systemd/network/11-wireless.network"
- src: 'templates/xps/network/wlan0-frans.network.j2'
dest: '/etc/systemd/network/11-wireless.network'
- src: "templates/xps/network/wlan0.network.j2"
dest: "/etc/systemd/network/20-wireless.network"
- src: 'templates/xps/network/wlan0.network.j2'
dest: '/etc/systemd/network/20-wireless.network'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -25,7 +24,7 @@
ansible.builtin.template:
src: templates/xps/iwd.j2
dest: /etc/iwd
mode: "0644"
mode: '0644'
owner: root
- name: Provision iwd configuration
@ -33,14 +32,14 @@
ansible.builtin.template:
src: templates/xps/iwd.j2
dest: /etc/iwd/main.config
mode: "0755"
mode: '0755'
owner: root
notify: restart iwd
- name: Remove leftover configuration files
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
state: absent
loop:
- /etc/systemd/network/30-vmbr0.network

146
tasks/setup.yml
View file

@ -1,22 +1,21 @@
---
- name: Provision pollkit administrator configuration
become: true
ansible.builtin.template:
src: "templates/polkit.j2"
dest: "/etc/polkit-1/rules.d/49-nopasswd_global.rules"
mode: "0755"
src: 'templates/polkit.j2'
dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules'
mode: '0755'
- name: Install shared packages
become: true
community.general.pacman:
name: "{{ packages }}"
name: '{{ packages }}'
- name: Copy reflector configuration
become: true
ansible.builtin.template:
src: "templates/reflector.j2"
dest: "/etc/xdg/reflector/reflector.conf"
mode: "0600"
src: 'templates/reflector.j2'
dest: '/etc/xdg/reflector/reflector.conf'
mode: '0600'
# started by weekly timer
- name: Disable reflector
@ -29,56 +28,47 @@
- name: Copy pacman configuration
become: true
ansible.builtin.template:
src: "templates/pacman/config.j2"
dest: "/etc/pacman.conf"
src: 'templates/pacman.j2'
dest: '/etc/pacman.conf'
owner: root
group: root
mode: "0644"
mode: '0644'
- name: Create extra conf
become: true
ansible.builtin.file:
path: "/etc/pacman.d/extra.conf"
path: '/etc/pacman.d/extra.conf'
owner: root
group: root
state: touch
mode: "0644"
- name: Copy systemd-boot pacman hook
become: true
ansible.builtin.template:
src: "templates/pacman/hook.j2"
dest: "/etc/pacman.d/hooks/100-systemd-boot.hook"
owner: root
group: root
mode: "0644"
mode: '0644'
- name: Setup Wezterm
when: "'wezterm' in packages"
block:
- name: Create wezterm configuration dir
ansible.builtin.file:
path: "{{ xdg_config_dir }}/wezterm/includes"
path: '{{ xdg_config_dir }}/wezterm/includes'
state: directory
mode: "0755"
mode: '0755'
- name: Copy wezterm configuration files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0755"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: "templates/wezterm/wezterm.lua.j2"
dest: "{{ xdg_config_dir }}/wezterm/wezterm.lua"
- src: 'templates/wezterm/wezterm.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
- src: "templates/wezterm/includes/colors.lua.j2"
dest: "{{ xdg_config_dir }}/wezterm/includes/colors.lua"
- src: 'templates/wezterm/includes/colors.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
- src: "templates/wezterm/includes/fonts.lua.j2"
dest: "{{ xdg_config_dir }}/wezterm/includes/fonts.lua"
- src: 'templates/wezterm/includes/fonts.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
- src: "templates/wezterm/includes/window.lua.j2"
dest: "{{ xdg_config_dir }}/wezterm/includes/window.lua"
- src: 'templates/wezterm/includes/window.lua.j2'
dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
- name: Enable fstrim timer
become: true
@ -97,19 +87,19 @@
ansible.builtin.file:
path: /etc/sysctl.d
state: directory
mode: "0755"
mode: '0755'
- name: Copy sysctl files
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0755"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop:
- src: "templates/sysctl/99-sysrq.conf.j2"
dest: "/etc/sysctl.d/99-sysrq.conf"
- src: "templates/sysctl/98-forward.conf.j2"
dest: "/etc/sysctl.d/98-foward.conf"
- src: 'templates/sysctl/99-sysrq.conf.j2'
dest: '/etc/sysctl.d/99-sysrq.conf'
- src: 'templates/sysctl/98-forward.conf.j2'
dest: '/etc/sysctl.d/98-foward.conf'
notify: reload sysctl configuration
- name: Remove the modprobe.d directory
@ -123,28 +113,28 @@
ansible.builtin.file:
path: /etc/modprobe.d
state: directory
mode: "0755"
mode: '0755'
- name: Copy modprobe configuration files
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0755"
loop: "{{ modprobe_templates }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop: '{{ modprobe_templates }}'
when: modprobe_templates
- name: Copy kernel parameters template
become: true
ansible.builtin.template:
src: "templates/{{ ansible_hostname }}/cmdline.j2"
dest: "/etc/kernel/cmdline"
mode: "0755"
src: 'templates/{{ ansible_hostname }}/cmdline.j2'
dest: '/etc/kernel/cmdline'
mode: '0755'
- name: Remove the mkinitcpio directories
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
state: absent
loop:
- /etc/mkinitcpio.conf.d
@ -153,9 +143,9 @@
- name: Recreate the mkinitcpio directories
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
state: directory
mode: "0755"
mode: '0755'
loop:
- /etc/mkinitcpio.conf.d
- /etc/mkinitcpio.d
@ -163,17 +153,53 @@
- name: Copy mkinitcpio configuration files
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0755"
loop: "{{ mkinitcpio_templates }}"
when: "mkinitcpio_templates | length > 0"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0755'
loop: '{{ mkinitcpio_templates }}'
when: '{{ mkinitcpio_templates | length > 0 }}'
- name: Regenerate initramfs images
become: true
ansible.builtin.command: "mkinitcpio --allpresets"
ansible.builtin.command: 'mkinitcpio --allpresets'
register: mkinitcpio_stats
- name: Log mkinitcpio stdout
ansible.builtin.debug:
var: mkinitcpio_stats.stdout_lines
- name: Create a Linux UEFI boot entry
become: true
ansible.builtin.command: efibootmgr \
--create \
--disk '{{ boot_configuration.disk }}' \
--part '{{ boot_configuration.partition }}' \
--label 'Arch Linux' \
--loader '\EFI\Linux\linux.efi'\
--unicode
--index 0
register: efi_linux_stats
when: register_uefi_entries
- name: Log efibootmgr stdout
ansible.builtin.debug:
var: efi_linux_stats.stdout_lines
when: register_uefi_entries
- name: Create a Linux LTS UEFI boot entry
become: true
ansible.builtin.command: efibootmgr \
--create \
--disk '{{ boot_configuration.disk }}' \
--part '{{ boot_configuration.partition }}' \
--label 'Arch Linux LTS' \
--loader '\EFI\Linux\linux-lts.efi'\
--unicode
--index 1
register: efi_linux_lts_stats
when: register_uefi_entries
- name: Log efibootmgr LTS stdout
ansible.builtin.debug:
var: efi_linux_lts_stats.stdout_lines
when: register_uefi_entries

11
tasks/syncthing.yml
View file

@ -1,9 +1,8 @@
---
- name: Create configuration dir
ansible.builtin.file:
path: "{{ xdg_config_dir }}/syncthing"
path: '{{ xdg_config_dir }}/syncthing'
state: directory
mode: "0755"
mode: '0755'
- name: Stop syncthing service
ansible.builtin.systemd:
@ -13,7 +12,7 @@
- name: Copy configuration file
ansible.builtin.template:
src: "templates/syncthing/config.j2"
dest: "{{ xdg_config_dir }}/syncthing/config.xml"
mode: "0640"
src: 'templates/syncthing/config.j2'
dest: '{{ xdg_config_dir }}/syncthing/config.xml'
mode: '0640'
notify: start syncthing

24
tasks/systemd.yml
View file

@ -1,30 +1,28 @@
---
- name: Setup systemd user service folder
ansible.builtin.file:
path: "{{ xdg_config_dir }}/systemd/user"
path: '{{ xdg_config_dir }}/systemd/user'
state: directory
mode: "0755"
mode: '0755'
- name: Add ssh-agent service
ansible.builtin.template:
src: "templates/ssh-agent.j2"
dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service"
mode: "0644"
src: 'templates/ssh-agent.j2'
dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service'
mode: '0644'
notify: restart user ssh-agent
- name: Copy tmux service
ansible.builtin.template:
src: "templates/tmux.j2"
dest: "{{ xdg_config_dir }}/systemd/user/tmux.service"
mode: "0644"
src: 'templates/tmux.j2'
dest: '{{ xdg_config_dir }}/systemd/user/tmux.service'
mode: '0644'
notify:
- user daemon-reload
- restart tmux service
- name: Copy tmux startup script
ansible.builtin.copy:
src: "files/tmux_start"
dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start"
mode: "0740"
src: 'files/tmux_start'
dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start'
mode: '0740'
force: false
# setup systemd-boot pacman hook

52
tasks/timer.yml
View file

@ -1,43 +1,45 @@
---
- name: Copy timer files
- name: copy timer files
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
mode: "0644"
mode: '0644'
loop:
- { src: "templates/timer/daily_timer.j2", dest: "/etc/systemd/system/daily.timer" }
- { src: "templates/timer/weekly_timer.j2", dest: "/etc/systemd/system/weekly.timer" }
- { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' }
- { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' }
notify:
- enable daily timer
- enable weekly timer
- name: Copy target files
- name: copy target files
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
mode: "0644"
mode: '0644'
loop:
- { src: "templates/timer/daily_target.j2", dest: "/etc/systemd/system/daily.target" }
- { src: "templates/timer/weekly_target.j2", dest: "/etc/systemd/system/weekly.target" }
- { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' }
- {
src: 'templates/timer/weekly_target.j2',
dest: '/etc/systemd/system/weekly.target',
}
- name: Create target directories
- name: create target directories
become: true
ansible.builtin.file:
path: "{{ item }}"
file:
path: '{{ item }}'
state: directory
owner: root
mode: "0755"
mode: '0755'
loop:
- "/etc/systemd/system/daily.target.wants"
- "/etc/systemd/system/weekly.target.wants"
- '/etc/systemd/system/daily.target.wants'
- '/etc/systemd/system/weekly.target.wants'
- name: Add reflector to weekly timer
- name: add reflector to weekly timer
become: true
ansible.builtin.file:
src: "/usr/lib/systemd/system/reflector.service"
dest: "/etc/systemd/system/weekly.target.wants/reflector.service"
file:
src: '/usr/lib/systemd/system/reflector.service'
dest: '/etc/systemd/system/weekly.target.wants/reflector.service'
state: link

47
tasks/wireguard-media.yml
View file

@ -1,4 +1,3 @@
---
- name: Include wireguard media defaults
ansible.builtin.include_vars:
file: vars/wireguard-media.yml
@ -6,16 +5,16 @@
- name: Create Wireguard directories
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
owner: root
group: systemd-network
mode: "0750"
mode: '0750'
state: directory
recurse: true
loop:
- "{{ vpn_config_dir }}"
- "{{ wireguard_media_defaults.private_key_path | dirname }}"
- "{{ wireguard_media_defaults.public_key_path | dirname }}"
- '{{ vpn_config_dir }}'
- '{{ wireguard_media_defaults.private_key_path | dirname }}'
- '{{ wireguard_media_defaults.public_key_path | dirname }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -23,17 +22,17 @@
- name: Copy Wireguard credentials
become: true
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- dest: "{{ wireguard_media_defaults.public_key_path }}"
src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub"
- dest: '{{ wireguard_media_defaults.public_key_path }}'
src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub'
- dest: "{{ wireguard_media_defaults.private_key_path }}"
src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key"
- dest: '{{ wireguard_media_defaults.private_key_path }}'
src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -41,12 +40,12 @@
- name: Copy Wireguard preshared keys
become: true
ansible.builtin.copy:
src: "{{ item.preshared_key_source_path }}"
dest: "{{ item.preshared_key_path }}"
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: "0640"
loop: "{{ wireguard_media_defaults.peers }}"
mode: '0640'
loop: '{{ wireguard_media_defaults.peers }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -54,17 +53,17 @@
- name: Setup network configuration
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- src: "templates/{{ ansible_hostname }}/network/wg1.network.j2"
dest: "/etc/systemd/network/40-wg1.network"
- src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2'
dest: '/etc/systemd/network/40-wg1.network'
- src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2"
dest: "/etc/systemd/network/40-wg1.netdev"
- src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2'
dest: '/etc/systemd/network/40-wg1.netdev'
notify:
- restart systemd-networkd
- restart systemd-resolved

47
tasks/wireguard.yml
View file

@ -1,4 +1,3 @@
---
- name: Include wireguard defaults
ansible.builtin.include_vars:
file: vars/wireguard.yml
@ -6,16 +5,16 @@
- name: Create Wireguard directories
become: true
ansible.builtin.file:
path: "{{ item }}"
path: '{{ item }}'
owner: root
group: systemd-network
mode: "0750"
mode: '0750'
state: directory
recurse: true
loop:
- "{{ vpn_config_dir }}"
- "{{ wireguard_defaults.private_key_path | dirname }}"
- "{{ wireguard_defaults.public_key_path | dirname }}"
- '{{ vpn_config_dir }}'
- '{{ wireguard_defaults.private_key_path | dirname }}'
- '{{ wireguard_defaults.public_key_path | dirname }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -23,17 +22,17 @@
- name: Copy Wireguard credentials
become: true
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- dest: "{{ wireguard_defaults.public_key_path }}"
src: "files/wireguard/{ ansible_hostname }}/fudiggity.pub"
- dest: '{{ wireguard_defaults.public_key_path }}'
src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub'
- dest: "{{ wireguard_defaults.private_key_path }}"
src: "files/wireguard/{{ ansible_hostname }}/fudiggity.key"
- dest: '{{ wireguard_defaults.private_key_path }}'
src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -41,12 +40,12 @@
- name: Copy Wireguard preshared keys
become: true
ansible.builtin.copy:
src: "{{ item.preshared_key_source_path }}"
dest: "{{ item.preshared_key_path }}"
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: "0640"
loop: "{{ wireguard_defaults.peers }}"
mode: '0640'
loop: '{{ wireguard_defaults.peers }}'
notify:
- restart systemd-networkd
- restart systemd-resolved
@ -54,17 +53,17 @@
- name: Setup network configuration
become: true
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: '{{ item.src }}'
dest: '{{ item.dest }}'
owner: root
group: systemd-network
mode: "0640"
mode: '0640'
loop:
- src: "templates/{{ ansible_hostname }}/network/wg0.network.j2"
dest: "/etc/systemd/network/40-wg0.network"
- src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2'
dest: '/etc/systemd/network/40-wg0.network'
- src: "templates/{{ ansible_hostname }}/network/wg0.netdev.j2"
dest: "/etc/systemd/network/40-wg0.netdev"
- src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2'
dest: '/etc/systemd/network/40-wg0.netdev'
notify:
- restart systemd-networkd
- restart systemd-resolved

19
tasks/xps.yml
View file

@ -1,4 +1,3 @@
---
- name: Provision powertop systemd service
become: true
ansible.builtin.file:
@ -9,21 +8,21 @@
block:
- name: Create configuration directory
ansible.builtin.file:
path: "{{ xdg_config_dir }}/pa-dlna"
path: '{{ xdg_config_dir }}/pa-dlna'
state: directory
mode: "0755"
mode: '0755'
- name: Copy configuration file
ansible.builtin.template:
src: templates/xps/pa-dlna/config.j2
dest: "{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf"
mode: "0755"
dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf'
mode: '0755'
- name: Copy systemd service
ansible.builtin.template:
src: templates/xps/pa-dlna/service.j2
dest: "{{ xdg_config_dir }}/systemd/user/pa-dlna.service"
mode: "0755"
dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service'
mode: '0755'
- name: Create virtualenv directory
become: true
@ -32,16 +31,16 @@
state: directory
owner: sonny
group: sonny
mode: "0755"
mode: '0755'
- name: Install pa-dlna
ansible.builtin.pip:
name: "pa-dlna=={{ pa_dlna_version }}"
name: 'pa-dlna=={{ pa_dlna_version }}'
virtualenv: /opt/virtualenv/pa-dlna
virtualenv_command: python3.13 -m venv
- name: Install python-systemd
ansible.builtin.pip:
name: "python-systemd=={{ pa_dlna_systemd_version }}"
name: 'python-systemd=={{ pa_dlna_systemd_version }}'
virtualenv: /opt/virtualenv/pa-dlna
virtualenv_command: python3.13 -m venv

3
templates/pacman/config.j2 → templates/pacman.j2
View file

@ -41,8 +41,7 @@ CheckSpace
VerbosePkgLists
ParallelDownloads = 5
DownloadUser = alpm
##DisableSandboxFilesystem
#DisableSandboxSyscalls
#DisableSandbox
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.

11
templates/pacman/hook.j2
View file

@ -1,11 +0,0 @@
# {{ ansible_managed }}
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd
[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service

3
templates/wezterm/includes/fonts.lua.j2
View file

@ -4,7 +4,7 @@ local wezterm = require 'wezterm';
return {
font = wezterm.font(
'{{ wezterm_font }}',
'MonaspiceNe Nerd Font Mono',
{ weight = 'Regular', stretch = 'Normal', style = 'Normal' }
),
@ -21,5 +21,6 @@ return {
'ss06',
'ss07',
'ss08',
'liga'
}
}

9
vars/mpd.yml
View file

@ -1,11 +1,10 @@
---
mpd_listen_address: 127.0.0.1
mpd_listen_port: 6600
mpd_remote_address: "mpd.{{ server_domain }}"
mpd_remote_address: 'mpd.{{ server_domain }}'
mpd_remote_port: 21000
mpd_remote_stream_port: 8000
mpd_configuration_dir: "{{ ansible_env.HOME }}/.config/mpd"
ncmpc_configuration_dir: "{{ ansible_env.HOME }}/.config/ncmpc"
ncmpcpp_configuration_dir: "{{ ansible_env.HOME }}/.config/ncmpcpp"
mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd'
ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc'
ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp'

15
vars/wireguard-media.yml
View file

@ -1,23 +1,22 @@
---
vpn_config_dir: "/etc/wireguard"
vpn_config_dir: '/etc/wireguard'
wireguard_media_defaults:
prefix: 24
interface: wg1
dns: 10.0.1.1
domains:
- "~media-vpn.{{ server_domain }}"
- "~jellyfin.{{ server_domain }}"
- '~media-vpn.{{ server_domain }}'
- '~jellyfin.{{ server_domain }}'
public_key_path: "{{ vpn_config_dir }}/keys/public/media/fudiggity.pub"
private_key_path: "{{ vpn_config_dir }}/keys/private/media/fudiggity.key"
public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub'
private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key'
peers:
- name: fudiggity
allowed_ips:
- 10.0.1.0/24
- 172.8.238.0/24
endpoint: "{{ server_domain }}:51903"
endpoint: '{{ server_domain }}:51903'
public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
preshared_key_path: "{{ vpn_config_dir }}/keys/private/media/fudiggity.psk"
preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk'
preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk

21
vars/wireguard.yml
View file

@ -1,19 +1,18 @@
---
vpn_config_dir: "/etc/wireguard"
vpn_config_dir: '/etc/wireguard'
wireguard_defaults:
prefix: 24
interface: wg0
dns: 10.0.0.1
domains:
- "~vpn.{{ server_domain }}"
- "~transmission.{{ server_domain }}"
- "~syncthing.{{ server_domain }}"
- "~radicale.{{ server_domain }}"
- "~mpd.{{ server_domain }}"
- '~vpn.{{ server_domain }}'
- '~transmission.{{ server_domain }}'
- '~syncthing.{{ server_domain }}'
- '~radicale.{{ server_domain }}'
- '~mpd.{{ server_domain }}'
public_key_path: "{{ vpn_config_dir }}/keys/public/default/fudiggity.pub"
private_key_path: "{{ vpn_config_dir }}/keys/private/default/fudiggity.key"
public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub'
private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key'
peers:
- name: fudiggity
@ -23,7 +22,7 @@ wireguard_defaults:
- 172.32.238.0/24
- 172.64.238.0/24
- 172.128.238.0/24
endpoint: "{{ server_domain }}:51902"
endpoint: '{{ server_domain }}:51902'
public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=
preshared_key_path: "{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk"
preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk'
preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk

14
xps.yml
View file

@ -1,4 +1,3 @@
---
- name: Include default playbook
ansible.builtin.import_playbook: default.yml
@ -6,24 +5,25 @@
hosts: xps
gather_facts: true
tasks:
- name: Wireguard provisioning
ansible.builtin.import_tasks: "tasks/wireguard.yml"
ansible.builtin.import_tasks: 'tasks/wireguard.yml'
tags: wireguard
- name: Wireguard media provisioning
ansible.builtin.import_tasks: "tasks/wireguard-media.yml"
ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
tags: wireguard-media
- name: MPD provisioning
ansible.builtin.import_tasks: "tasks/mpd.yml"
ansible.builtin.import_tasks: 'tasks/mpd.yml'
tags: mpd
- name: Syncthing provisioning
ansible.builtin.import_tasks: "tasks/syncthing.yml"
ansible.builtin.import_tasks: 'tasks/syncthing.yml'
tags: syncthing
- name: Desktop provisioning
ansible.builtin.import_tasks: "tasks/xps.yml"
ansible.builtin.import_tasks: 'tasks/xps.yml'
tags: xps
handlers:
@ -31,4 +31,4 @@
ansible.builtin.import_tasks: handlers.yml
- name: Import common role handlers
ansible.builtin.import_tasks: "roles/common/handlers/user.yml"
ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'