From d5ca1ac81d5e031fdf5c88bcce4da9df5172e2c9 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 29 Jan 2021 21:05:40 +0100 Subject: [PATCH 001/131] Use simpler file structure --- .ansible-lint | 5 -- .gitignore | 2 + .gitlab-ci.yml | 26 ++---- .prettier.json | 9 -- .prettierrc.yml | 5 ++ .../files => files}/desktop/openvpn/ca.crt | 0 .../desktop/openvpn/desktop.crt | 0 .../desktop/openvpn/desktop.key | 0 .../files => files}/desktop/openvpn/ta.key | 0 {roles/arch/files => files}/gpg_key | 0 {roles/arch/files => files}/gpg_pub | 0 .../files => files}/laptop/openvpn/ca.crt | 0 .../files => files}/laptop/openvpn/laptop.crt | 0 .../files => files}/laptop/openvpn/laptop.key | 0 .../files => files}/laptop/openvpn/ta.key | 0 {roles/arch/files => files}/tmux_start | 0 roles/arch/handlers/main.yml => handlers.yml | 0 playbook.yml | 30 ++++++- roles/requirements.yml => requirements.yml | 4 - roles/.gitignore | 6 -- roles/arch/defaults/main/gpg.yml | 8 -- roles/arch/defaults/main/mpd.yml | 11 --- roles/arch/defaults/main/vpn.yml | 5 -- roles/arch/meta/main.yml | 13 --- roles/arch/tasks/git.yml | 30 ------- roles/arch/tasks/main.yml | 69 --------------- roles/arch/tasks/mpd.yml | 88 ------------------- roles/arch/tasks/mpv.yml | 20 ----- roles/arch/tasks/openvpn.yml | 82 ----------------- roles/arch/tasks/syncthing.yml | 11 --- roles/arch/tasks/systemd.yml | 25 ------ roles/arch/tasks/timer.yml | 54 ------------ tasks/git.yml | 26 ++++++ tasks/mpd.yml | 64 ++++++++++++++ tasks/mpv.yml | 20 +++++ {roles/arch/tasks => tasks}/network.yml | 18 ++-- tasks/openvpn.yml | 82 +++++++++++++++++ {roles/arch/tasks => tasks}/platform.yml | 8 +- tasks/setup.yml | 45 ++++++++++ tasks/syncthing.yml | 11 +++ tasks/systemd.yml | 25 ++++++ tasks/timer.yml | 45 ++++++++++ .../desktop/network.j2 | 0 .../desktop/nftables.j2 | 0 .../desktop/openvpn.j2 | 0 .../desktop/syncthing.j2 | 0 .../arch/templates => templates}/gitconfig.j2 | 0 .../templates => templates}/laptop/network.j2 | 0 .../laptop/nftables.j2 | 0 .../templates => templates}/laptop/openvpn.j2 | 0 .../laptop/powertop.j2 | 0 .../laptop/syncthing.j2 | 0 .../arch/templates => templates}/mpd/mpd.j2 | 0 .../mpd/music_mount.j2 | 0 .../mpd/music_umount.j2 | 0 .../templates => templates}/mpd/service.j2 | 0 .../templates => templates}/mpd/socket.j2 | 0 .../templates => templates}/mpv/config.j2 | 0 .../arch/templates => templates}/mpv/input.j2 | 0 {roles/arch/templates => templates}/pacman.j2 | 0 .../arch/templates => templates}/reflector.j2 | 0 .../arch/templates => templates}/ssh-agent.j2 | 0 .../arch/templates => templates}/sudoers.j2 | 0 .../timer/daily_target.j2 | 0 .../timer/daily_timer.j2 | 0 .../timer/weekly_target.j2 | 0 .../timer/weekly_timer.j2 | 0 {roles/arch/templates => templates}/tmux.j2 | 0 {roles/arch/vars => vars}/desktop.yml | 0 vars/gpg.yml | 8 ++ {roles/arch/vars => vars}/laptop.yml | 0 {roles/arch/defaults/main => vars}/main.yml | 4 +- vars/mpd.yml | 11 +++ vars/vpn.yml | 5 ++ 74 files changed, 398 insertions(+), 477 deletions(-) delete mode 100644 .ansible-lint delete mode 100644 .prettier.json create mode 100644 .prettierrc.yml rename {roles/arch/files => files}/desktop/openvpn/ca.crt (100%) rename {roles/arch/files => files}/desktop/openvpn/desktop.crt (100%) rename {roles/arch/files => files}/desktop/openvpn/desktop.key (100%) rename {roles/arch/files => files}/desktop/openvpn/ta.key (100%) rename {roles/arch/files => files}/gpg_key (100%) rename {roles/arch/files => files}/gpg_pub (100%) rename {roles/arch/files => files}/laptop/openvpn/ca.crt (100%) rename {roles/arch/files => files}/laptop/openvpn/laptop.crt (100%) rename {roles/arch/files => files}/laptop/openvpn/laptop.key (100%) rename {roles/arch/files => files}/laptop/openvpn/ta.key (100%) rename {roles/arch/files => files}/tmux_start (100%) rename roles/arch/handlers/main.yml => handlers.yml (100%) rename roles/requirements.yml => requirements.yml (51%) delete mode 100644 roles/.gitignore delete mode 100644 roles/arch/defaults/main/gpg.yml delete mode 100644 roles/arch/defaults/main/mpd.yml delete mode 100644 roles/arch/defaults/main/vpn.yml delete mode 100644 roles/arch/meta/main.yml delete mode 100644 roles/arch/tasks/git.yml delete mode 100644 roles/arch/tasks/main.yml delete mode 100644 roles/arch/tasks/mpd.yml delete mode 100644 roles/arch/tasks/mpv.yml delete mode 100644 roles/arch/tasks/openvpn.yml delete mode 100644 roles/arch/tasks/syncthing.yml delete mode 100644 roles/arch/tasks/systemd.yml delete mode 100644 roles/arch/tasks/timer.yml create mode 100644 tasks/git.yml create mode 100644 tasks/mpd.yml create mode 100644 tasks/mpv.yml rename {roles/arch/tasks => tasks}/network.yml (69%) create mode 100644 tasks/openvpn.yml rename {roles/arch/tasks => tasks}/platform.yml (76%) create mode 100644 tasks/setup.yml create mode 100644 tasks/syncthing.yml create mode 100644 tasks/systemd.yml create mode 100644 tasks/timer.yml rename {roles/arch/templates => templates}/desktop/network.j2 (100%) rename {roles/arch/templates => templates}/desktop/nftables.j2 (100%) rename {roles/arch/templates => templates}/desktop/openvpn.j2 (100%) rename {roles/arch/templates => templates}/desktop/syncthing.j2 (100%) rename {roles/arch/templates => templates}/gitconfig.j2 (100%) rename {roles/arch/templates => templates}/laptop/network.j2 (100%) rename {roles/arch/templates => templates}/laptop/nftables.j2 (100%) rename {roles/arch/templates => templates}/laptop/openvpn.j2 (100%) rename {roles/arch/templates => templates}/laptop/powertop.j2 (100%) rename {roles/arch/templates => templates}/laptop/syncthing.j2 (100%) rename {roles/arch/templates => templates}/mpd/mpd.j2 (100%) rename {roles/arch/templates => templates}/mpd/music_mount.j2 (100%) rename {roles/arch/templates => templates}/mpd/music_umount.j2 (100%) rename {roles/arch/templates => templates}/mpd/service.j2 (100%) rename {roles/arch/templates => templates}/mpd/socket.j2 (100%) rename {roles/arch/templates => templates}/mpv/config.j2 (100%) rename {roles/arch/templates => templates}/mpv/input.j2 (100%) rename {roles/arch/templates => templates}/pacman.j2 (100%) rename {roles/arch/templates => templates}/reflector.j2 (100%) rename {roles/arch/templates => templates}/ssh-agent.j2 (100%) rename {roles/arch/templates => templates}/sudoers.j2 (100%) rename {roles/arch/templates => templates}/timer/daily_target.j2 (100%) rename {roles/arch/templates => templates}/timer/daily_timer.j2 (100%) rename {roles/arch/templates => templates}/timer/weekly_target.j2 (100%) rename {roles/arch/templates => templates}/timer/weekly_timer.j2 (100%) rename {roles/arch/templates => templates}/tmux.j2 (100%) rename {roles/arch/vars => vars}/desktop.yml (100%) create mode 100644 vars/gpg.yml rename {roles/arch/vars => vars}/laptop.yml (100%) rename {roles/arch/defaults/main => vars}/main.yml (77%) create mode 100644 vars/mpd.yml create mode 100644 vars/vpn.yml diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index e99d805..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,5 +0,0 @@ -parseable: true -quiet: true -skip_list: - - '501' -use_default_rules: true diff --git a/.gitignore b/.gitignore index c17815f..ad2ea9f 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ node_modules/ .vaults/ vault vaults/ + +roles/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 369b1c8..d9ade6f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,40 +3,24 @@ stages: - test cache: - key: "$CI_COMMIT_REF_SLUG" + key: $CI_COMMIT_REF_SLUG paths: - .cache/pip - node_modules/ lint: - stage: lint - image: python:3.7 - before_script: - - pip install ansible ansible-lint --quiet - script: - - ansible-lint playbook.yml - only: - refs: - - development - - merge_requests - -pretty-lint: stage: lint image: node:12 before_script: - - npm install + - npm install prettier --no-save script: - - npx prettier "**/*.yml" --check - only: - refs: - - development - - merge_requests + - npx prettier '**/*.yml' --check syntax-test: stage: test image: python:3.7 before_script: - - pip install ansible ansible-lint --quiet - - ansible-galaxy install -r roles/requirements.yml + - pip install ansible --quiet + - ansible-galaxy install -r requirements.yml script: - ansible-playbook playbook.yml --syntax-check diff --git a/.prettier.json b/.prettier.json deleted file mode 100644 index 9c76f6b..0000000 --- a/.prettier.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "singleQuote": true, - "printWidth": 90, - "tabWidth": 2, - "useTabs": false, - "bracketSpacing": true, - "parser": "yaml" -} - diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/roles/arch/files/desktop/openvpn/ca.crt b/files/desktop/openvpn/ca.crt similarity index 100% rename from roles/arch/files/desktop/openvpn/ca.crt rename to files/desktop/openvpn/ca.crt diff --git a/roles/arch/files/desktop/openvpn/desktop.crt b/files/desktop/openvpn/desktop.crt similarity index 100% rename from roles/arch/files/desktop/openvpn/desktop.crt rename to files/desktop/openvpn/desktop.crt diff --git a/roles/arch/files/desktop/openvpn/desktop.key b/files/desktop/openvpn/desktop.key similarity index 100% rename from roles/arch/files/desktop/openvpn/desktop.key rename to files/desktop/openvpn/desktop.key diff --git a/roles/arch/files/desktop/openvpn/ta.key b/files/desktop/openvpn/ta.key similarity index 100% rename from roles/arch/files/desktop/openvpn/ta.key rename to files/desktop/openvpn/ta.key diff --git a/roles/arch/files/gpg_key b/files/gpg_key similarity index 100% rename from roles/arch/files/gpg_key rename to files/gpg_key diff --git a/roles/arch/files/gpg_pub b/files/gpg_pub similarity index 100% rename from roles/arch/files/gpg_pub rename to files/gpg_pub diff --git a/roles/arch/files/laptop/openvpn/ca.crt b/files/laptop/openvpn/ca.crt similarity index 100% rename from roles/arch/files/laptop/openvpn/ca.crt rename to files/laptop/openvpn/ca.crt diff --git a/roles/arch/files/laptop/openvpn/laptop.crt b/files/laptop/openvpn/laptop.crt similarity index 100% rename from roles/arch/files/laptop/openvpn/laptop.crt rename to files/laptop/openvpn/laptop.crt diff --git a/roles/arch/files/laptop/openvpn/laptop.key b/files/laptop/openvpn/laptop.key similarity index 100% rename from roles/arch/files/laptop/openvpn/laptop.key rename to files/laptop/openvpn/laptop.key diff --git a/roles/arch/files/laptop/openvpn/ta.key b/files/laptop/openvpn/ta.key similarity index 100% rename from roles/arch/files/laptop/openvpn/ta.key rename to files/laptop/openvpn/ta.key diff --git a/roles/arch/files/tmux_start b/files/tmux_start similarity index 100% rename from roles/arch/files/tmux_start rename to files/tmux_start diff --git a/roles/arch/handlers/main.yml b/handlers.yml similarity index 100% rename from roles/arch/handlers/main.yml rename to handlers.yml diff --git a/playbook.yml b/playbook.yml index b2f17e0..2f548ca 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,3 +1,31 @@ - hosts: localhost + pre_tasks: + - name: install shared packages + become: yes + pacman: + name: '{{ packages }}' + - name: detecting platform + import_tasks: 'tasks/platform.yml' + - name: install platform specific packages + become: yes + pacman: + name: '{{ platform_packages }}' roles: - - arch + - common + tasks: + - import_tasks: 'tasks/setup.yml' + - import_tasks: 'tasks/network.yml' + - import_tasks: 'tasks/systemd.yml' + - import_tasks: 'tasks/openvpn.yml' + - import_tasks: 'tasks/git.yml' + - import_tasks: 'tasks/mpv.yml' + - import_tasks: 'tasks/mpd.yml' + - import_tasks: 'tasks/syncthing.yml' + - import_tasks: 'tasks/timer.yml' + handlers: + - import_tasks: 'handlers.yml' + vars_files: + - 'vars/main.yml' + - 'vars/gpg.yml' + - 'vars/vpn.yml' + - 'vars/mpd.yml' diff --git a/roles/requirements.yml b/requirements.yml similarity index 51% rename from roles/requirements.yml rename to requirements.yml index 276b569..ba54c45 100644 --- a/roles/requirements.yml +++ b/requirements.yml @@ -2,7 +2,3 @@ name: common version: master scm: git -- src: git+https://git.fudiggity.nl/ansible/npm.git - name: npm - version: master - scm: git diff --git a/roles/.gitignore b/roles/.gitignore deleted file mode 100644 index d10cc33..0000000 --- a/roles/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -# ignore all external roles and files in the roles dir -/* - -!.gitignore -!requirements.yml -!arch*/ diff --git a/roles/arch/defaults/main/gpg.yml b/roles/arch/defaults/main/gpg.yml deleted file mode 100644 index 6fcb082..0000000 --- a/roles/arch/defaults/main/gpg.yml +++ /dev/null @@ -1,8 +0,0 @@ -gpg_pub_key: "82C21552D732C65C1A4FB340037103F03CA5CBA1" -gpg_passphrase: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61383265343062663836623033343538333562636433383735383862306465316439376333373563 - 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 - 36616636363134386333616137656333353439633832633731373834336239393337316366626462 - 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 - 3463 diff --git a/roles/arch/defaults/main/mpd.yml b/roles/arch/defaults/main/mpd.yml deleted file mode 100644 index 639171a..0000000 --- a/roles/arch/defaults/main/mpd.yml +++ /dev/null @@ -1,11 +0,0 @@ -mpd_listen_address: "127.0.0.1" -mpd_listen_port: "6600" - -mpd_database_address: "10.8.0.1" -mpd_database_port: "21000" - -mpd_configuration_dir: "{{ ansible_env.HOME }}/.config/mpd" -mpd_music_dir: "{{ ansible_env.HOME }}/music" -mpd_playlist_dir: "{{ mpd_configuration_dir }}/playlists" -mpd_state_path: "{{ mpd_configuration_dir }}/state" -mpd_sticker_path: "{{ mpd_configuration_dir }}/sticker.sql" diff --git a/roles/arch/defaults/main/vpn.yml b/roles/arch/defaults/main/vpn.yml deleted file mode 100644 index 2ff3851..0000000 --- a/roles/arch/defaults/main/vpn.yml +++ /dev/null @@ -1,5 +0,0 @@ -vpn_ip: "178.85.119.159" -vpn_port: "7531" -vpn_interface: "tun0" -vpn_protocol: "udp" -vpn_verbosity: "1" diff --git a/roles/arch/meta/main.yml b/roles/arch/meta/main.yml deleted file mode 100644 index 360c542..0000000 --- a/roles/arch/meta/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -dependencies: - - common - -galaxy_info: - author: sonny - description: "Sets up an arch environment" - license: "license GPLv3" - min_ansible_version: 2.7 - issue_tracker_url: "https://git.fudiggity.nl/ansible/arch-setup/issues" - platforms: - - name: Archlinux - galaxy_tags: - - system diff --git a/roles/arch/tasks/git.yml b/roles/arch/tasks/git.yml deleted file mode 100644 index 89f125e..0000000 --- a/roles/arch/tasks/git.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: copy git configuration - template: - src: "gitconfig.j2" - dest: "{{ ansible_env.HOME }}/.gitconfig" - -- name: copy keys - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - loop: - - { - src: "gpg_key", dest: "{{ ansible_env.HOME }}/gpg.key" - } - - { - src: "gpg_pub", dest: "{{ ansible_env.HOME }}/gpg.pub" - } - -- name: import secret key - command: "gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key" - -- name: import public key - command: "gpg --import ~/gpg.pub" - -- name: remove temp keys - file: - path: "{{ item }}" - state: absent - loop: - - "{{ ansible_env.HOME }}/gpg.key" - - "{{ ansible_env.HOME }}/gpg.pub" diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml deleted file mode 100644 index a729530..0000000 --- a/roles/arch/tasks/main.yml +++ /dev/null @@ -1,69 +0,0 @@ -- name: install shared packages - become: yes - pacman: - name: "{{ packages }}" - -- name: detecting platform - import_tasks: platform.yml - -- name: install platform specific packages - become: yes - pacman: - name: "{{ platform_packages }}" - -- name: configuring network - import_tasks: network.yml - -- name: copy reflector configuration - become: yes - template: - src: "reflector.j2" - dest: "/etc/xdg/reflector/reflector.conf" - owner: root - group: root - mode: "0600" - -# started by weekly timer -- name: disable reflector - become: true - systemd: - name: reflector - state: stopped - enabled: false - -- name: copy pacman configuration - become: yes - template: - src: "pacman.j2" - dest: "/etc/pacman.conf" - owner: root - group: root - mode: "0644" - -- name: create extra conf - become: yes - file: - path: "/etc/pacman.d/extra.conf" - owner: root - group: root - state: touch - mode: "0644" - -- name: copy powertop service - become: yes - template: - src: "{{ platform }}/powertop.j2" - dest: "/etc/systemd/system/powertop.service" - owner: root - group: root - mode: "0644" - notify: restart powertop - when: platform == "laptop" - -- import_tasks: systemd.yml -- import_tasks: openvpn.yml -- import_tasks: git.yml -- import_tasks: mpv.yml -- import_tasks: mpd.yml -- import_tasks: syncthing.yml -- import_tasks: timer.yml diff --git a/roles/arch/tasks/mpd.yml b/roles/arch/tasks/mpd.yml deleted file mode 100644 index 22b3f09..0000000 --- a/roles/arch/tasks/mpd.yml +++ /dev/null @@ -1,88 +0,0 @@ -- name: set up sudoers configuration - become: yes - template: - src: "sudoers.j2" - dest: "/etc/sudoers.d/10-sonny" - owner: root - group: root - mode: "0644" - -- name: copy systemd configuration files - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - loop: - - { - src: "mpd/service.j2", - dest: "{{ xdg_config_dir }}/systemd/user/mpd.service", - } - - { - src: "mpd/socket.j2", - dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket", - } - -- name: create mpd files - file: - path: "{{ item.path }}" - state: "{{ item.state }}" - loop: - - { - path: "{{ mpd_configuration_dir }}", - state: "directory", - } - - { - path: "{{ mpd_configuration_dir }}/playlists", - state: "directory", - } - - { - path: "{{ mpd_configuration_dir }}/log", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/database", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/sticker.sql", - state: "touch", - } - - { - path: "{{ mpd_configuration_dir }}/state", - state: "touch", - } - -- name: copy configuration file - template: - src: "mpd/mpd.j2" - dest: "{{ mpd_configuration_dir }}/mpd.conf" - -- name: copy nfs connection scripts - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "0755" - loop: - - { - src: "mpd/music_mount.j2", - dest: "{{ xdg_script_dir }}/music_mount", - } - - { - src: "mpd/music_umount.j2", - dest: "{{ xdg_script_dir }}/music_umount", - } - -- name: restart mpd service - systemd: - name: mpd.service - state: restarted - enabled: no - scope: user - when: platform == "desktop" - -- name: enable mpd socket - systemd: - name: mpd.socket - state: started - enabled: yes - scope: user - when: platform == "desktop" diff --git a/roles/arch/tasks/mpv.yml b/roles/arch/tasks/mpv.yml deleted file mode 100644 index 37f13ba..0000000 --- a/roles/arch/tasks/mpv.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: create configuration directory - file: - path: "{{ ansible_env.HOME }}/.config/mpv" - state: directory - mode: "0700" - -- name: copy configuration files - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "0644" - loop: - - { - src: "mpv/input.j2", - dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf", - } - - { - src: "mpv/config.j2", - dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf", - } diff --git a/roles/arch/tasks/openvpn.yml b/roles/arch/tasks/openvpn.yml deleted file mode 100644 index 78b7954..0000000 --- a/roles/arch/tasks/openvpn.yml +++ /dev/null @@ -1,82 +0,0 @@ -- name: create configuration directories - become: yes - file: - path: "{{ item }}" - state: directory - owner: openvpn - group: openvpn - mode: "0750" - loop: - - "/etc/openvpn/client" - - "/etc/openvpn/client/zeus" - - "/etc/openvpn/server" - -- name: copy configuration - become: yes - template: - src: "{{ platform }}/openvpn.j2" - dest: "/etc/openvpn/client/zeus.conf" - owner: openvpn - group: openvpn - mode: "0644" - -- name: copy desktop credentials - become: yes - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: openvpn - group: openvpn - mode: "0600" - loop: - - { - src: "{{ platform }}/openvpn/ca.crt", - dest: "/etc/openvpn/client/zeus/ca.crt", - } - - { - src: "{{ platform }}/openvpn/desktop.crt", - dest: "/etc/openvpn/client/zeus/desktop.crt", - } - - { - src: "{{ platform }}/openvpn/desktop.key", - dest: "/etc/openvpn/client/zeus/desktop.key", - } - - { - src: "{{ platform }}/openvpn/ta.key", - dest: "/etc/openvpn/client/zeus/ta.key", - } - when: platform == "desktop" - -- name: copy laptop credentials - become: yes - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: openvpn - group: openvpn - mode: "0600" - loop: - - { - src: "{{ platform }}/openvpn/ca.crt", - dest: "/etc/openvpn/client/zeus/ca.crt", - } - - { - src: "{{ platform }}/openvpn/laptop.crt", - dest: "/etc/openvpn/client/zeus/laptop.crt", - } - - { - src: "{{ platform }}/openvpn/laptop.key", - dest: "/etc/openvpn/client/zeus/laptop.key", - } - - { - src: "{{ platform }}/openvpn/ta.key", - dest: "/etc/openvpn/client/zeus/ta.key", - } - when: platform == "laptop" - -- name: restart vpn - become: true - systemd: - name: openvpn-client@zeus - state: restarted - enabled: true diff --git a/roles/arch/tasks/syncthing.yml b/roles/arch/tasks/syncthing.yml deleted file mode 100644 index c45e0cc..0000000 --- a/roles/arch/tasks/syncthing.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: create configuration dir - file: - path: "{{ xdg_config_dir }}/syncthing" - state: directory - -- name: copy configuration file - template: - src: "{{ platform }}/syncthing.j2" - dest: "{{ xdg_config_dir }}/syncthing/config.xml" - mode: "0600" - notify: restart syncthing diff --git a/roles/arch/tasks/systemd.yml b/roles/arch/tasks/systemd.yml deleted file mode 100644 index 996a099..0000000 --- a/roles/arch/tasks/systemd.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: setup systemd user service folder - file: - path: "{{ xdg_config_dir }}/systemd/user" - state: directory - mode: "0755" - -- name: add ssh-agent service - template: - src: "ssh-agent.j2" - dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service" - mode: "0644" - notify: restart user ssh-agent - -- name: copy tmux service - template: - src: "tmux.j2" - dest: "{{ xdg_config_dir }}/systemd/user/tmux.service" - mode: "0644" - -- name: copy tmux startup script - copy: - src: "tmux_start" - dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start" - mode: "0740" - force: false diff --git a/roles/arch/tasks/timer.yml b/roles/arch/tasks/timer.yml deleted file mode 100644 index f436939..0000000 --- a/roles/arch/tasks/timer.yml +++ /dev/null @@ -1,54 +0,0 @@ -- name: copy timer files - become: yes - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - mode: "0644" - loop: - - { - src: "timer/daily_timer.j2", - dest: "/etc/systemd/system/daily.timer", - } - - { - src: "timer/weekly_timer.j2", - dest: "/etc/systemd/system/weekly.timer", - } - notify: - - enable daily timer - - enable weekly timer - -- name: copy target files - become: yes - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - mode: "0644" - loop: - - { - src: "timer/daily_target.j2", - dest: "/etc/systemd/system/daily.target", - } - - { - src: "timer/weekly_target.j2", - dest: "/etc/systemd/system/weekly.target", - } - -- name: create target directories - become: yes - file: - path: "{{ item }}" - state: directory - owner: root - mode: "0755" - loop: - - "/etc/systemd/system/daily.target.wants" - - "/etc/systemd/system/weekly.target.wants" - -- name: add reflector to weekly timer - become: yes - file: - src: "/usr/lib/systemd/system/reflector.service" - dest: "/etc/systemd/system/weekly.target.wants/reflector.service" - state: link diff --git a/tasks/git.yml b/tasks/git.yml new file mode 100644 index 0000000..3b07f8f --- /dev/null +++ b/tasks/git.yml @@ -0,0 +1,26 @@ +- name: copy git configuration + template: + src: 'templates/gitconfig.j2' + dest: '{{ ansible_env.HOME }}/.gitconfig' + +- name: copy keys + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } + - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } + +- name: import secret key + command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' + +- name: import public key + command: 'gpg --import ~/gpg.pub' + +- name: remove temp keys + file: + path: '{{ item }}' + state: absent + loop: + - '{{ ansible_env.HOME }}/gpg.key' + - '{{ ansible_env.HOME }}/gpg.pub' diff --git a/tasks/mpd.yml b/tasks/mpd.yml new file mode 100644 index 0000000..9a24f3e --- /dev/null +++ b/tasks/mpd.yml @@ -0,0 +1,64 @@ +- name: set up sudoers configuration + become: yes + template: + src: 'templates/sudoers.j2' + dest: '/etc/sudoers.d/10-sonny' + owner: root + group: root + mode: '0644' + +- name: copy systemd configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/mpd/service.j2', + dest: '{{ xdg_config_dir }}/systemd/user/mpd.service', + } + - { + src: 'templates/mpd/socket.j2', + dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket', + } + +- name: create mpd files + file: + path: '{{ item.path }}' + state: '{{ item.state }}' + loop: + - { path: '{{ mpd_configuration_dir }}', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/log', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/database', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'touch' } + - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } + +- name: copy configuration file + template: + src: 'templates/mpd/mpd.j2' + dest: '{{ mpd_configuration_dir }}/mpd.conf' + +- name: copy nfs connection scripts + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - { src: 'templates/mpd/music_mount.j2', dest: '{{ xdg_script_dir }}/music_mount' } + - { src: 'templates/mpd/music_umount.j2', dest: '{{ xdg_script_dir }}/music_umount' } + +- name: restart mpd service + systemd: + name: mpd.service + state: restarted + enabled: no + scope: user + when: platform == "desktop" + +- name: enable mpd socket + systemd: + name: mpd.socket + state: started + enabled: yes + scope: user + when: platform == "desktop" diff --git a/tasks/mpv.yml b/tasks/mpv.yml new file mode 100644 index 0000000..c0e8a8a --- /dev/null +++ b/tasks/mpv.yml @@ -0,0 +1,20 @@ +- name: create configuration directory + file: + path: '{{ ansible_env.HOME }}/.config/mpv' + state: directory + mode: '0700' + +- name: copy configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0644' + loop: + - { + src: 'templates/mpv/input.j2', + dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf', + } + - { + src: 'templates/mpv/config.j2', + dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf', + } diff --git a/roles/arch/tasks/network.yml b/tasks/network.yml similarity index 69% rename from roles/arch/tasks/network.yml rename to tasks/network.yml index 5df08ff..76a32a8 100644 --- a/roles/arch/tasks/network.yml +++ b/tasks/network.yml @@ -1,22 +1,22 @@ - name: setup desktop systemd networkd become: yes template: - src: "desktop/network.j2" - dest: "/etc/systemd/network/20-wired.network" + src: 'templates/desktop/network.j2' + dest: '/etc/systemd/network/20-wired.network' owner: root group: root - mode: "0644" + mode: '0644' notify: restart systemd-networkd when: platform == "desktop" - name: setup laptop systemd networkd become: yes template: - src: "laptop/network.j2" - dest: "/etc/systemd/network/20-wireless.network" + src: 'templates/laptop/network.j2' + dest: '/etc/systemd/network/20-wireless.network' owner: root group: root - mode: "0644" + mode: '0644' notify: restart systemd-networkd when: platform == "laptop" @@ -38,9 +38,9 @@ - name: copy firewall template become: yes template: - src: "{{ platform }}/nftables.j2" - dest: "/etc/nftables.conf" + src: 'templates/{{ platform }}/nftables.j2' + dest: '/etc/nftables.conf' owner: root group: root - mode: "0600" + mode: '0600' notify: restart nftables diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml new file mode 100644 index 0000000..9fe4fbf --- /dev/null +++ b/tasks/openvpn.yml @@ -0,0 +1,82 @@ +- name: create configuration directories + become: yes + file: + path: '{{ item }}' + state: directory + owner: openvpn + group: openvpn + mode: '0750' + loop: + - '/etc/openvpn/client' + - '/etc/openvpn/client/zeus' + - '/etc/openvpn/server' + +- name: copy configuration + become: yes + template: + src: 'templates/{{ platform }}/openvpn.j2' + dest: '/etc/openvpn/client/zeus.conf' + owner: openvpn + group: openvpn + mode: '0644' + +- name: copy desktop credentials + become: yes + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: openvpn + group: openvpn + mode: '0600' + loop: + - { + src: 'files/{{ platform }}/openvpn/ca.crt', + dest: '/etc/openvpn/client/zeus/ca.crt', + } + - { + src: 'files/{{ platform }}/openvpn/desktop.crt', + dest: '/etc/openvpn/client/zeus/desktop.crt', + } + - { + src: 'files/{{ platform }}/openvpn/desktop.key', + dest: '/etc/openvpn/client/zeus/desktop.key', + } + - { + src: 'files/{{ platform }}/openvpn/ta.key', + dest: '/etc/openvpn/client/zeus/ta.key', + } + when: platform == "desktop" + +- name: copy laptop credentials + become: yes + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: openvpn + group: openvpn + mode: '0600' + loop: + - { + src: 'files/{{ platform }}/openvpn/ca.crt', + dest: '/etc/openvpn/client/zeus/ca.crt', + } + - { + src: 'files/{{ platform }}/openvpn/laptop.crt', + dest: '/etc/openvpn/client/zeus/laptop.crt', + } + - { + src: 'files/{{ platform }}/openvpn/laptop.key', + dest: '/etc/openvpn/client/zeus/laptop.key', + } + - { + src: 'files/{{ platform }}/openvpn/ta.key', + dest: '/etc/openvpn/client/zeus/ta.key', + } + when: platform == "laptop" + +- name: restart vpn + become: true + systemd: + name: openvpn-client@zeus + state: restarted + enabled: true diff --git a/roles/arch/tasks/platform.yml b/tasks/platform.yml similarity index 76% rename from roles/arch/tasks/platform.yml rename to tasks/platform.yml index c9a7dd2..287b9c7 100644 --- a/roles/arch/tasks/platform.yml +++ b/tasks/platform.yml @@ -5,18 +5,18 @@ - name: set platform (desktop) set_fact: - platform: "desktop" + platform: 'desktop' when: is_laptop.rc == 1 - name: set platform (laptop) set_fact: - platform: "laptop" + platform: 'laptop' when: is_laptop.rc == 0 - name: load desktop specific vars - include_vars: desktop.yml + include_vars: 'vars/desktop.yml' when: platform == "desktop" - name: load laptop specific vars - include_vars: laptop.yml + include_vars: 'vars/laptop.yml' when: platform == "laptop" diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..a39c4f3 --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,45 @@ +- name: copy reflector configuration + become: yes + template: + src: 'templates/reflector.j2' + dest: '/etc/xdg/reflector/reflector.conf' + owner: root + group: root + mode: '0600' + +# started by weekly timer +- name: disable reflector + become: true + systemd: + name: reflector + state: stopped + enabled: false + +- name: copy pacman configuration + become: yes + template: + src: 'templates/pacman.j2' + dest: '/etc/pacman.conf' + owner: root + group: root + mode: '0644' + +- name: create extra conf + become: yes + file: + path: '/etc/pacman.d/extra.conf' + owner: root + group: root + state: touch + mode: '0644' + +- name: copy powertop service + become: yes + template: + src: 'templates/{{ platform }}/powertop.j2' + dest: '/etc/systemd/system/powertop.service' + owner: root + group: root + mode: '0644' + notify: restart powertop + when: platform == "laptop" diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml new file mode 100644 index 0000000..5f9b44c --- /dev/null +++ b/tasks/syncthing.yml @@ -0,0 +1,11 @@ +- name: create configuration dir + file: + path: '{{ xdg_config_dir }}/syncthing' + state: directory + +- name: copy configuration file + template: + src: 'templates/{{ platform }}/syncthing.j2' + dest: '{{ xdg_config_dir }}/syncthing/config.xml' + mode: '0600' + notify: restart syncthing diff --git a/tasks/systemd.yml b/tasks/systemd.yml new file mode 100644 index 0000000..baee82e --- /dev/null +++ b/tasks/systemd.yml @@ -0,0 +1,25 @@ +- name: setup systemd user service folder + file: + path: '{{ xdg_config_dir }}/systemd/user' + state: directory + mode: '0755' + +- name: add ssh-agent service + template: + src: 'templates/ssh-agent.j2' + dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' + mode: '0644' + notify: restart user ssh-agent + +- name: copy tmux service + template: + src: 'templates/tmux.j2' + dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' + mode: '0644' + +- name: copy tmux startup script + copy: + src: 'files/tmux_start' + dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' + mode: '0740' + force: false diff --git a/tasks/timer.yml b/tasks/timer.yml new file mode 100644 index 0000000..14702b3 --- /dev/null +++ b/tasks/timer.yml @@ -0,0 +1,45 @@ +- name: copy timer files + become: yes + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + mode: '0644' + loop: + - { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' } + - { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' } + notify: + - enable daily timer + - enable weekly timer + +- name: copy target files + become: yes + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + mode: '0644' + loop: + - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } + - { + src: 'templates/timer/weekly_target.j2', + dest: '/etc/systemd/system/weekly.target', + } + +- name: create target directories + become: yes + file: + path: '{{ item }}' + state: directory + owner: root + mode: '0755' + loop: + - '/etc/systemd/system/daily.target.wants' + - '/etc/systemd/system/weekly.target.wants' + +- name: add reflector to weekly timer + become: yes + file: + src: '/usr/lib/systemd/system/reflector.service' + dest: '/etc/systemd/system/weekly.target.wants/reflector.service' + state: link diff --git a/roles/arch/templates/desktop/network.j2 b/templates/desktop/network.j2 similarity index 100% rename from roles/arch/templates/desktop/network.j2 rename to templates/desktop/network.j2 diff --git a/roles/arch/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 similarity index 100% rename from roles/arch/templates/desktop/nftables.j2 rename to templates/desktop/nftables.j2 diff --git a/roles/arch/templates/desktop/openvpn.j2 b/templates/desktop/openvpn.j2 similarity index 100% rename from roles/arch/templates/desktop/openvpn.j2 rename to templates/desktop/openvpn.j2 diff --git a/roles/arch/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 similarity index 100% rename from roles/arch/templates/desktop/syncthing.j2 rename to templates/desktop/syncthing.j2 diff --git a/roles/arch/templates/gitconfig.j2 b/templates/gitconfig.j2 similarity index 100% rename from roles/arch/templates/gitconfig.j2 rename to templates/gitconfig.j2 diff --git a/roles/arch/templates/laptop/network.j2 b/templates/laptop/network.j2 similarity index 100% rename from roles/arch/templates/laptop/network.j2 rename to templates/laptop/network.j2 diff --git a/roles/arch/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2 similarity index 100% rename from roles/arch/templates/laptop/nftables.j2 rename to templates/laptop/nftables.j2 diff --git a/roles/arch/templates/laptop/openvpn.j2 b/templates/laptop/openvpn.j2 similarity index 100% rename from roles/arch/templates/laptop/openvpn.j2 rename to templates/laptop/openvpn.j2 diff --git a/roles/arch/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 similarity index 100% rename from roles/arch/templates/laptop/powertop.j2 rename to templates/laptop/powertop.j2 diff --git a/roles/arch/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 similarity index 100% rename from roles/arch/templates/laptop/syncthing.j2 rename to templates/laptop/syncthing.j2 diff --git a/roles/arch/templates/mpd/mpd.j2 b/templates/mpd/mpd.j2 similarity index 100% rename from roles/arch/templates/mpd/mpd.j2 rename to templates/mpd/mpd.j2 diff --git a/roles/arch/templates/mpd/music_mount.j2 b/templates/mpd/music_mount.j2 similarity index 100% rename from roles/arch/templates/mpd/music_mount.j2 rename to templates/mpd/music_mount.j2 diff --git a/roles/arch/templates/mpd/music_umount.j2 b/templates/mpd/music_umount.j2 similarity index 100% rename from roles/arch/templates/mpd/music_umount.j2 rename to templates/mpd/music_umount.j2 diff --git a/roles/arch/templates/mpd/service.j2 b/templates/mpd/service.j2 similarity index 100% rename from roles/arch/templates/mpd/service.j2 rename to templates/mpd/service.j2 diff --git a/roles/arch/templates/mpd/socket.j2 b/templates/mpd/socket.j2 similarity index 100% rename from roles/arch/templates/mpd/socket.j2 rename to templates/mpd/socket.j2 diff --git a/roles/arch/templates/mpv/config.j2 b/templates/mpv/config.j2 similarity index 100% rename from roles/arch/templates/mpv/config.j2 rename to templates/mpv/config.j2 diff --git a/roles/arch/templates/mpv/input.j2 b/templates/mpv/input.j2 similarity index 100% rename from roles/arch/templates/mpv/input.j2 rename to templates/mpv/input.j2 diff --git a/roles/arch/templates/pacman.j2 b/templates/pacman.j2 similarity index 100% rename from roles/arch/templates/pacman.j2 rename to templates/pacman.j2 diff --git a/roles/arch/templates/reflector.j2 b/templates/reflector.j2 similarity index 100% rename from roles/arch/templates/reflector.j2 rename to templates/reflector.j2 diff --git a/roles/arch/templates/ssh-agent.j2 b/templates/ssh-agent.j2 similarity index 100% rename from roles/arch/templates/ssh-agent.j2 rename to templates/ssh-agent.j2 diff --git a/roles/arch/templates/sudoers.j2 b/templates/sudoers.j2 similarity index 100% rename from roles/arch/templates/sudoers.j2 rename to templates/sudoers.j2 diff --git a/roles/arch/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 similarity index 100% rename from roles/arch/templates/timer/daily_target.j2 rename to templates/timer/daily_target.j2 diff --git a/roles/arch/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 similarity index 100% rename from roles/arch/templates/timer/daily_timer.j2 rename to templates/timer/daily_timer.j2 diff --git a/roles/arch/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 similarity index 100% rename from roles/arch/templates/timer/weekly_target.j2 rename to templates/timer/weekly_target.j2 diff --git a/roles/arch/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 similarity index 100% rename from roles/arch/templates/timer/weekly_timer.j2 rename to templates/timer/weekly_timer.j2 diff --git a/roles/arch/templates/tmux.j2 b/templates/tmux.j2 similarity index 100% rename from roles/arch/templates/tmux.j2 rename to templates/tmux.j2 diff --git a/roles/arch/vars/desktop.yml b/vars/desktop.yml similarity index 100% rename from roles/arch/vars/desktop.yml rename to vars/desktop.yml diff --git a/vars/gpg.yml b/vars/gpg.yml new file mode 100644 index 0000000..542a8a9 --- /dev/null +++ b/vars/gpg.yml @@ -0,0 +1,8 @@ +gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1' +gpg_passphrase: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61383265343062663836623033343538333562636433383735383862306465316439376333373563 + 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 + 36616636363134386333616137656333353439633832633731373834336239393337316366626462 + 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 + 3463 diff --git a/roles/arch/vars/laptop.yml b/vars/laptop.yml similarity index 100% rename from roles/arch/vars/laptop.yml rename to vars/laptop.yml diff --git a/roles/arch/defaults/main/main.yml b/vars/main.yml similarity index 77% rename from roles/arch/defaults/main/main.yml rename to vars/main.yml index c96d116..8d3044e 100644 --- a/roles/arch/defaults/main/main.yml +++ b/vars/main.yml @@ -1,5 +1,5 @@ -xdg_config_dir: "{{ ansible_env.HOME }}/.config" -xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin" +xdg_config_dir: '{{ ansible_env.HOME }}/.config' +xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' packages: - firefox diff --git a/vars/mpd.yml b/vars/mpd.yml new file mode 100644 index 0000000..7247e78 --- /dev/null +++ b/vars/mpd.yml @@ -0,0 +1,11 @@ +mpd_listen_address: '127.0.0.1' +mpd_listen_port: '6600' + +mpd_database_address: '10.8.0.1' +mpd_database_port: '21000' + +mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' +mpd_music_dir: '{{ ansible_env.HOME }}/music' +mpd_playlist_dir: '{{ mpd_configuration_dir }}/playlists' +mpd_state_path: '{{ mpd_configuration_dir }}/state' +mpd_sticker_path: '{{ mpd_configuration_dir }}/sticker.sql' diff --git a/vars/vpn.yml b/vars/vpn.yml new file mode 100644 index 0000000..1cca5e3 --- /dev/null +++ b/vars/vpn.yml @@ -0,0 +1,5 @@ +vpn_ip: '178.85.119.159' +vpn_port: '7531' +vpn_interface: 'tun0' +vpn_protocol: 'udp' +vpn_verbosity: '1' From a1894c350dd57342f1010ab4435b5f5ad2ec0512 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 16:45:28 +0100 Subject: [PATCH 002/131] Update after common role update --- playbook.yml | 3 +++ vars/main.yml | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/playbook.yml b/playbook.yml index 2f548ca..d7685e0 100644 --- a/playbook.yml +++ b/playbook.yml @@ -24,6 +24,9 @@ - import_tasks: 'tasks/timer.yml' handlers: - import_tasks: 'handlers.yml' + - include_role: + name: common + tasks_from: 'handlers/user.yml' vars_files: - 'vars/main.yml' - 'vars/gpg.yml' diff --git a/vars/main.yml b/vars/main.yml index 8d3044e..b7b191f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -28,4 +28,3 @@ packages: - laptop-detect platform_packages: [] -skip_common_setup: true From b45c9e8c5747fa9dd1b2f90d89411e77122f2d7d Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 16:53:37 +0100 Subject: [PATCH 003/131] Import handlers through path --- playbook.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/playbook.yml b/playbook.yml index d7685e0..e351372 100644 --- a/playbook.yml +++ b/playbook.yml @@ -24,9 +24,7 @@ - import_tasks: 'tasks/timer.yml' handlers: - import_tasks: 'handlers.yml' - - include_role: - name: common - tasks_from: 'handlers/user.yml' + - import_tasks: 'roles/common/handlers/user.yml' vars_files: - 'vars/main.yml' - 'vars/gpg.yml' From 99635e1a026b56920d0f6d8f4ca865167bc1e643 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 4 Feb 2021 22:04:56 +0100 Subject: [PATCH 004/131] Formatting bits --- handlers.yml | 2 +- playbook.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/handlers.yml b/handlers.yml index 6ae7096..e613358 100644 --- a/handlers.yml +++ b/handlers.yml @@ -30,7 +30,7 @@ scope: user - name: restart powertop - become: yes + become: true systemd: name: powertop state: restarted diff --git a/playbook.yml b/playbook.yml index e351372..ca27f51 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,13 +1,13 @@ - hosts: localhost pre_tasks: - name: install shared packages - become: yes + become: true pacman: name: '{{ packages }}' - name: detecting platform import_tasks: 'tasks/platform.yml' - name: install platform specific packages - become: yes + become: true pacman: name: '{{ platform_packages }}' roles: From 838bcde0481b6db95a34ac2ac9ac2976dfdb6239 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 4 Jun 2021 22:16:48 +0200 Subject: [PATCH 005/131] Update pacman conf --- templates/pacman.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/pacman.j2 b/templates/pacman.j2 index 7b2a63b..683ec24 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -2,7 +2,7 @@ # # /etc/pacman.conf # -# Add platform specific settings in /etc/pacman.d/extra.conf +# Add environment specific settings in /etc/pacman.d/extra.conf # # See the pacman.conf(5) manpage for option and repository directives @@ -27,7 +27,7 @@ HoldPkg = pacman glibc Architecture = auto # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup -#IgnorePkg = +#IgnorePkg = #IgnoreGroup = #NoUpgrade = @@ -36,9 +36,11 @@ Architecture = auto # Misc options #UseSyslog #Color +#NoProgressBar #TotalDownload CheckSpace VerbosePkgLists +ParallelDownloads = 5 # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. From 1da6537ad8f205a4e56866f6429b3c721f34272d Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 22 Oct 2021 10:10:22 +0200 Subject: [PATCH 006/131] Add pipewire tasks --- playbook.yml | 1 + tasks/pipewire.yml | 27 +++++++++++++++++++++++++++ vars/main.yml | 3 +++ 3 files changed, 31 insertions(+) create mode 100644 tasks/pipewire.yml diff --git a/playbook.yml b/playbook.yml index ca27f51..912603f 100644 --- a/playbook.yml +++ b/playbook.yml @@ -21,6 +21,7 @@ - import_tasks: 'tasks/mpv.yml' - import_tasks: 'tasks/mpd.yml' - import_tasks: 'tasks/syncthing.yml' + - import_tasks: 'tasks/pipewire.yml' - import_tasks: 'tasks/timer.yml' handlers: - import_tasks: 'handlers.yml' diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml new file mode 100644 index 0000000..da096e2 --- /dev/null +++ b/tasks/pipewire.yml @@ -0,0 +1,27 @@ +- name: stop pulseaudio service + systemd: + name: pulseaudio.service + state: stopped + enabled: false + scope: user + +- name: stop pulseaudio socket + systemd: + name: pulseaudio.socket + state: stopped + enabled: false + scope: user + +- name: start pipewire socket + systemd: + name: pipewire.socket + state: started + enabled: true + scope: user + +- name: start pipewire-pulse socket + systemd: + name: pipewire-pulse.socket + state: started + enabled: true + scope: user diff --git a/vars/main.yml b/vars/main.yml index b7b191f..80107c3 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -26,5 +26,8 @@ packages: - cantata - reflector - laptop-detect + - pipewire + - pipewire-pulse + - pipewire-alsa platform_packages: [] From 470d8053bfdf7eebef792440321e5fb2456a5755 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 23 Oct 2021 17:03:46 +0200 Subject: [PATCH 007/131] Update pipewire tasks --- tasks/pipewire.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index da096e2..8f4cc53 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -1,16 +1,4 @@ -- name: stop pulseaudio service - systemd: - name: pulseaudio.service - state: stopped - enabled: false - scope: user - -- name: stop pulseaudio socket - systemd: - name: pulseaudio.socket - state: stopped - enabled: false - scope: user +# Note that pulsaudio should be removed by install pipewire-pulse manually - name: start pipewire socket systemd: From 00b7536f5edfd3febd63e48278146f9b93809b77 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 21 Nov 2021 16:58:56 +0100 Subject: [PATCH 008/131] Setup pulse audio for remote audio --- tasks/mpd.yml | 68 +++---------------- tasks/pipewire.yml | 33 +++++++-- templates/desktop/nftables.j2 | 6 +- templates/desktop/pulse-script.j2 | 5 ++ templates/laptop/pulse-script.j2 | 5 ++ templates/laptop/pulse.j2 | 8 +++ templates/mpd/mpd.j2 | 44 ------------ templates/mpd/music_mount.j2 | 5 -- templates/mpd/service.j2 | 14 ---- templates/mpd/socket.j2 | 11 --- .../music_umount.j2 => pipewire-pulse.j2} | 6 +- templates/sudoers.j2 | 4 -- 12 files changed, 62 insertions(+), 147 deletions(-) create mode 100644 templates/desktop/pulse-script.j2 create mode 100644 templates/laptop/pulse-script.j2 create mode 100644 templates/laptop/pulse.j2 delete mode 100644 templates/mpd/mpd.j2 delete mode 100644 templates/mpd/music_mount.j2 delete mode 100644 templates/mpd/service.j2 delete mode 100644 templates/mpd/socket.j2 rename templates/{mpd/music_umount.j2 => pipewire-pulse.j2} (58%) delete mode 100644 templates/sudoers.j2 diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 9a24f3e..53217f3 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -1,64 +1,14 @@ -- name: set up sudoers configuration - become: yes - template: - src: 'templates/sudoers.j2' - dest: '/etc/sudoers.d/10-sonny' - owner: root - group: root - mode: '0644' +# remote mpd server is used now -- name: copy systemd configuration files - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/mpd/service.j2', - dest: '{{ xdg_config_dir }}/systemd/user/mpd.service', - } - - { - src: 'templates/mpd/socket.j2', - dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket', - } +- name: check for mpd socket + stat: + path: '{{ xdg_config_dir }}/systemd/user/mpd.socket' + register: mpd_socket -- name: create mpd files - file: - path: '{{ item.path }}' - state: '{{ item.state }}' - loop: - - { path: '{{ mpd_configuration_dir }}', state: 'directory' } - - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } - - { path: '{{ mpd_configuration_dir }}/log', state: 'touch' } - - { path: '{{ mpd_configuration_dir }}/database', state: 'touch' } - - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'touch' } - - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } - -- name: copy configuration file - template: - src: 'templates/mpd/mpd.j2' - dest: '{{ mpd_configuration_dir }}/mpd.conf' - -- name: copy nfs connection scripts - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - { src: 'templates/mpd/music_mount.j2', dest: '{{ xdg_script_dir }}/music_mount' } - - { src: 'templates/mpd/music_umount.j2', dest: '{{ xdg_script_dir }}/music_umount' } - -- name: restart mpd service - systemd: - name: mpd.service - state: restarted - enabled: no - scope: user - when: platform == "desktop" - -- name: enable mpd socket +- name: disable mpd socket systemd: name: mpd.socket - state: started - enabled: yes + state: stopped + enabled: no scope: user - when: platform == "desktop" + when: mpd_socket.stat.exists diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index 8f4cc53..1a7e7f7 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -1,4 +1,23 @@ -# Note that pulsaudio should be removed by install pipewire-pulse manually +# Note that pulsaudio should be removed by installing pipewire-pulse manually + +- name: create pipewire-pulse override directory + file: + path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' + state: directory + +# sets up an post activation script to load the module-native-protocol-tcp +# with given parameters. This is not yet supported through pipewire-pulse's configuration, +# see https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp +- name: copy pipewire-pulse service override + template: + src: 'templates/pipewire-pulse.j2' + dest: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/override.conf' + +- name: copy pipewire-pulse script + template: + src: 'templates/{{ platform }}/pulse-script.j2' + dest: '{{ xdg_script_dir }}/pulse-script' + mode: 0755 - name: start pipewire socket systemd: @@ -7,9 +26,13 @@ enabled: true scope: user -- name: start pipewire-pulse socket +- name: restart pipewire-pulse systemd: - name: pipewire-pulse.socket - state: started - enabled: true + name: '{{ item.name }}' + state: restarted + enabled: '{{ item.enabled }}' scope: user + daemon-reload: true + loop: + - { name: 'pipewire-pulse.socket', enabled: true } + - { name: 'pipewire-pulse.service', enabled: false } diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index 5d3e23f..3adbb58 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -1,8 +1,9 @@ # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # -#!/usr/bin/nft -f # vim:set ts=2 sw=2 et: +flush ruleset + table inet filter { chain input { type filter hook input priority 0; @@ -26,6 +27,9 @@ table inet filter { # syncthing ip saddr 10.8.1.1 tcp dport 22000 accept + # allow remote pulse audio + ip saddr 10.8.1.1 tcp dport 4713 accept + # allow dhcp requests for bridget connections iifname "vmbr0" udp dport { 53, 67 } accept diff --git a/templates/desktop/pulse-script.j2 b/templates/desktop/pulse-script.j2 new file mode 100644 index 0000000..56cd152 --- /dev/null +++ b/templates/desktop/pulse-script.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/sh +# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.10 diff --git a/templates/laptop/pulse-script.j2 b/templates/laptop/pulse-script.j2 new file mode 100644 index 0000000..5e3b3aa --- /dev/null +++ b/templates/laptop/pulse-script.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/sh +# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.6 diff --git a/templates/laptop/pulse.j2 b/templates/laptop/pulse.j2 new file mode 100644 index 0000000..3ae1387 --- /dev/null +++ b/templates/laptop/pulse.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +# see /usr/share/pipewire/pipewire-pulse.conf for reference + +context.exec = [ + { path = "pactl" args = "module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.6" } +] diff --git a/templates/mpd/mpd.j2 b/templates/mpd/mpd.j2 deleted file mode 100644 index 24ec414..0000000 --- a/templates/mpd/mpd.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -music_directory "{{ mpd_music_dir }}" -playlist_directory "{{ mpd_playlist_dir }}" -state_file "{{ mpd_state_path }}" -sticker_file "{{ mpd_sticker_path }}" -log_level "secure" - -bind_to_address "{{ mpd_listen_address }}" -port "{{ mpd_listen_port }}" - -auto_update "yes" -filesystem_charset "UTF-8" - -samplerate_converter "1" - -database { - plugin "proxy" - host "{{ mpd_database_address }}" - port "{{ mpd_database_port }}" -} - -audio_output { - type "pulse" - name "mpd" - replay_gain_handler "software" - mixer_type "hardware" - format "96000:24:1" -} - -input { - enabled "no" - plugin "tidal" -} - -input { - enabled "no" - plugin "qobuz" -} - -decoder { - plugin "wildmidi" - enabled "no" -} diff --git a/templates/mpd/music_mount.j2 b/templates/mpd/music_mount.j2 deleted file mode 100644 index 615712b..0000000 --- a/templates/mpd/music_mount.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -sudo mount -t nfs -o vers=4,soft,async,proto=tcp,port=2049 10.8.0.1:/srv/nfs4/music {{ mpd_music_dir }} diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2 deleted file mode 100644 index dd79222..0000000 --- a/templates/mpd/service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Unit] -Description=Music Player Daemon -Documentation=man:mpd(1) man:mpd.conf(5) - -[Service] -Type=notify -ExecStartPre={{ xdg_script_dir }}/music_mount -ExecStart=/usr/bin/mpd --no-daemon {{ mpd_configuration_dir }}/mpd.conf -ExecStopPost={{ xdg_script_dir }}/music_umount -Restart=on-failure -RestartSec=15s -TimeoutStopSec=3 diff --git a/templates/mpd/socket.j2 b/templates/mpd/socket.j2 deleted file mode 100644 index 7188f2c..0000000 --- a/templates/mpd/socket.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Socket] -ListenStream=/run/user/1000/mpd.socket -ListenStream={{ mpd_listen_port }} -Backlog=5 -KeepAlive=true -PassCredentials=true - -[Install] -WantedBy=sockets.target diff --git a/templates/mpd/music_umount.j2 b/templates/pipewire-pulse.j2 similarity index 58% rename from templates/mpd/music_umount.j2 rename to templates/pipewire-pulse.j2 index 9bc55a2..a0aa782 100644 --- a/templates/mpd/music_umount.j2 +++ b/templates/pipewire-pulse.j2 @@ -1,6 +1,4 @@ -#!/bin/bash -# # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -pkill cantata -sudo umount {{ mpd_music_dir }} +[Service] +ExecStartPost={{ xdg_script_dir }}/pulse-script diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 deleted file mode 100644 index 5d41d4c..0000000 --- a/templates/sudoers.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -sonny ALL=(ALL) NOPASSWD: /usr/bin/mount -sonny ALL=(ALL) NOPASSWD: /usr/bin/umount From 2ec09dc63cc3d9da43f2abe8eaf3ddc2aa0e7633 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 23 Nov 2021 20:45:11 +0100 Subject: [PATCH 009/131] Enable fstrim timer To increase SSD livespan(s) --- tasks/setup.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tasks/setup.yml b/tasks/setup.yml index a39c4f3..ff7a6f3 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,5 +1,5 @@ - name: copy reflector configuration - become: yes + become: true template: src: 'templates/reflector.j2' dest: '/etc/xdg/reflector/reflector.conf' @@ -16,7 +16,7 @@ enabled: false - name: copy pacman configuration - become: yes + become: true template: src: 'templates/pacman.j2' dest: '/etc/pacman.conf' @@ -25,7 +25,7 @@ mode: '0644' - name: create extra conf - become: yes + become: true file: path: '/etc/pacman.d/extra.conf' owner: root @@ -34,7 +34,7 @@ mode: '0644' - name: copy powertop service - become: yes + become: true template: src: 'templates/{{ platform }}/powertop.j2' dest: '/etc/systemd/system/powertop.service' @@ -43,3 +43,9 @@ mode: '0644' notify: restart powertop when: platform == "laptop" + +- name: enable fstrim timer + become: true + systemd: + name: fstrim.timer + enabled: true From 78e82f4baec7282d01d5f2be8d6c0cf12c40ece7 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 28 Dec 2021 11:58:54 +0100 Subject: [PATCH 010/131] Remove desktop openvpn files --- files/desktop/openvpn/ca.crt | 94 ---------- files/desktop/openvpn/desktop.crt | 282 ------------------------------ files/desktop/openvpn/desktop.key | 90 ---------- files/desktop/openvpn/ta.key | 37 ---- tasks/openvpn.yml | 82 --------- templates/desktop/openvpn.j2 | 93 ---------- 6 files changed, 678 deletions(-) delete mode 100644 files/desktop/openvpn/ca.crt delete mode 100644 files/desktop/openvpn/desktop.crt delete mode 100644 files/desktop/openvpn/desktop.key delete mode 100644 files/desktop/openvpn/ta.key delete mode 100644 tasks/openvpn.yml delete mode 100644 templates/desktop/openvpn.j2 diff --git a/files/desktop/openvpn/ca.crt b/files/desktop/openvpn/ca.crt deleted file mode 100644 index 4a6838c..0000000 --- a/files/desktop/openvpn/ca.crt +++ /dev/null @@ -1,94 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35316431316661643830656365393564343039396661666332333862643631313433373538306163 -6536346339356631396366396332316231643238643332390a623232366437666439346435643739 -36646366313930633635376364383265323330313063376333306263323366336361626638653730 -3464643262623264340a636163383230666539323461343066653030626239633934353362643233 -34303435653364346562316639366365343239396133313138636362613134396539353365656336 -64366236616436373839623735346163313539303032386638366537366330366634613064313534 -64393266393638663963376466383631316264316232653334656631613066376633633139646363 -61383539623261306236346466323039336137313437666639383533656136623339663564383566 -39303566346639643762303763333434383136333964643936623733313338353862656163333063 -64333866313837613536643231653062353930383862383965343462616264626164363564303835 -65346433356633663265613664323864663232646532626435656163393239343665376263663539 -61646130383635303238376431373732316437613135656664663136643636623530393766363633 -36643530363034626536316633666139653566336139653138356533366335623562356137646532 -39666337356362376165386239633264316536646535633132383438343933626339356236346437 -39663635373332396439396464306463323535333434626539373763373665623036653233366633 -65336134623835666536626431623739663839646562323965623433646364383034343963313839 -61333330383037636161336632303365386232663861346562633433323330633263663861343232 -34326136643330353061326464343138376463623863393562353731316262363537356234323663 -31613462383261623139356662623662383437623636303163363262306239666430633264646565 -37656164623930663034656536336231633035353133326237656562383162383339636235353166 -30643333393565313030366335346531366665626461346262663638326665333437396465343836 -39306331636633616463626430376634373832306135313131666562613438666532366432356332 -34646566306333656234383264373665313839633737356134323033643732646139373861646630 -34613061313464616633396266616364343462373437363561383662316639393339353863383664 -36383663633035663430656538643962646132333830353136666538613939633035666262356634 -38636637666234373339303465313435346131373036386463373430623432353864343730303535 -30643638643534383366386663393964313935383431356365633831386264326663346431316133 -35663232666337363765376435663064656138363561366630623838396464666136386636656635 -38393836666436306537376561613638366162613533373432386331393930373965353435353661 -35343635366264393364323561313638633938313039316164303464623238366137303663373932 -39383338323637656231356262303032663861393832326635616630636539303735316631386361 -33333731633762386338643032316563353736333130363734356235383031306463363536663061 -35393232383530373964363937336134376664336465333330356664323630623963346263643032 -33333436613233393837633462313465383339646164303064303733363461613237313430393433 -64366561313633626363353230376464663731346161373765366563353162373538666138383661 -31306362333933333732623563623364386363613135346661623664353163653731383339363834 -38356336386433383663393562393133303037313238323966333464636439653837306532646636 -62386564393132336431306236326136343535666565643139666539333461653631336166646431 -38373637303133343364636533643964353030346465633962333236303436396234346234633864 -34366232643231616361626337616234373766303739623266636531346537383539663166333434 -39393433346638356465376234353534636461383866313137353563626237633436313666656265 -33643437626535386364373030646363363137333530623164346661313039383066646263613231 -66663232623063366639306561633762303662333938626430393139653065353637323862613436 -62316165393531383034383934323136663538626137363031613936303232623362393666373536 -34333634366532326361613932623962343634663562316439313065343361376261323337643564 -34376532353164393430383031396439363234623666386437663037663562613433363332336633 -39613662666339303466376361306536646333613466393239393237363732353934623531636233 -61366230356362313636383432343033386566643337306634303932313438663662323436623230 -62373731356530353633326637306234323962663465336235333234643763316132616166383132 -30623765353566383932636265636265363735343736393761666134313438316635636361643136 -38303335386530396535653965616665646461363563373264353463616133626262356635366334 -35333134343934393561323261393434366261643639656135663439633932313162653063313830 -34326663356164653835376438653035336532393164646266663135643366343462303133613531 -31646632326562306163613735666330666462336132393263346332333031336431326531313361 -37363463373361626465363435396162393035383835656137363766336435373164313663623963 -30663139323636643738383036313561386639316334323861633338613038653331393030663366 -30643061363338646362643862613130313532383065353865623361623461626430356339626461 -30653630386439656237383632343865613736653662663962346234333866643663313538613437 -30323931643932653633313338613836396638366238323136643235303330633863626136616433 -65353130656530646239323461346363643863346136376638383562303938633737366236353731 -31333131326139353635386138386163643363393832383163356639396436366430383763636238 -66643933353839306139373365616466383364306464633164623632383734386339353664343063 -66663965643731353033306638343661616230373530636439646263613631376339623132383764 -64323430353366323733343962636536626161626461316234633435663032363165393032613034 -33646238313537666666343234663732333635383831333766333132663535346565303532633934 -33656232666366323561313266323636646538663361373263333566323064336132633232396637 -35633931313330393161353030653564626337386265643733646434393562653534353665306134 -62323761396136353439643764336636396162353732643639616563663566343239313433633038 -62313534316430356231323530363165373430336336343863343166313032636462356366366162 -34656534333065303265623331373531386465333633383239353731333961396431616163613165 -61323237303931663132656331663837346465306166623534656461336230313661303837326235 -37613465336132653336663134313061393037643631386232326536613337356362383561313333 -30333337643763316364383135326433313636623633316564343438623165353264626265383339 -33653436626133356661346265643537653137383262636239333039616364356365616435306166 -64633334393230373639346262383839623864343639643731396530353065363734386131336336 -62336464336262303036316537373930343733633061633031663764653238313162313762613663 -61326661386437343338653935663232376164343635373236323535323938353930313363346632 -62623536343936653637663162626662646539326265313738316532356439643839663662663865 -66323437373136376166316438373334663762386236643730386662653730653566653965343237 -30343766393739316465616239653430363139376337316364333536356136313230383637646630 -65343431623964633561656661613434313436646532616163636631316438366664633035333561 -65326236353533656666373539306436303038383962393664386235393862343936303739323733 -65643764376137333664623265393635386665343138623738313134346636376235366132626134 -36346366376634666461376137333532366331376463316431326533383462306461373634386536 -31636462663538633763303361646335313462313437616232333030333162633364653333636464 -31613235366363646639343032396163656264353539633166353765353734623031306162333738 -62653566333732633964643934383936656265353862383836626638353233363031316635393435 -37613061333730366230616135316431343833393963633832663536333036376338346264353636 -38633236666132343333383132303364356332636462373535646231343465343431303532376633 -32353830363632343338346230646531343761343731663731636331636438306335663964616364 -39336538316639623065393564326237316666366436306438663065336162646562393336333035 -63336530653739306330343963323235623165376663343839326261626461666566303635353939 -36623962356639343039633166373937343937353133366263313431646436646464 diff --git a/files/desktop/openvpn/desktop.crt b/files/desktop/openvpn/desktop.crt deleted file mode 100644 index 5814018..0000000 --- a/files/desktop/openvpn/desktop.crt +++ /dev/null @@ -1,282 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34366531613730666565633038666163666161636466326630613337633938326234383263653232 -3734616563343532623835623461376234356136646261640a353663356235646163613032663661 -66313461356639336433613734643863303538613631343963336535643231613930303666343632 -3561393861313837310a653763336336376333326361303031643437613537633664383333313566 -32663337363633353038343138356263613835306332373139386562336439393639623035613065 -31346639623735333832326561376433666565613831643133643539343430663231373032616662 -62646635623530336234343965353331346137626365633738363032383965653933653330653635 -63366164316166313761633536386161373066353630633532363064333837333636656138363138 -64376533643036363365323034663633666363363264313132366333643534326132373734626162 -61393365666361616632303162643130666662656361383638353439373938333437386666626561 -61333233313430636437373739633236306133626632333165346535336630663130343764633139 -66333030626665303264653732366537626631653834386433373631663365613331633133323261 -30623833633061373630336331386539616334343063303939383537316437306334336337663962 -36386533376334353834373635316361346663336437383231356564316562656331636132356536 -37376164316630663834303365366631393661333932326438396238643938356139306636306266 -38386566633639356131333863623562303536623164346133376533623461386334646138323133 -30643736326565323665313534656232393866636666363732303736343535333134383033643137 -31336539333736633235356635616366323861643961616562363535313937383439383765316661 -64613532666437396565326533663335333737333430386566313964653464326131653864623738 -61366138346262343239386634646137393838363064343664373235353231653738633036646536 -62343937623734396232663864323034353730656262313133316137376639316537386462336636 -64323738656661663032393231313233363930336236333335346639613565653937316364353332 -36623134643435396337326630303833663039303535356132323431623266613532326332366236 -66303239623531313130323765633266326631336531643033653432323263343039313166303633 -63386334373362386339643330623535333463366162343464313265656336616336653234313364 -31333439336263343462363531393364346331613362623533616662623166613563333230333839 -66306539386465376461643239366564666331376233616533383433366639316263326637333363 -38336631646639383133386630303336643264623637353461323737343561633363306332633365 -64303061303766633565643230373734646165643538386133343362306332333361346436356535 -30376537323238336238646361333764366135333036353764393638626138363333346138323539 -64396463623937636231663465333536663362353336323732333832376137363832613038323866 -30346230306133613138323262333761333334663763623035323261663166643034623461373163 -65313333333131646662656663626261376466653264373663313933633133386432333536303230 -61343432333830396535653562363732393434373738383137383965313863336362323436356435 -39306139303033323633626131343339313039633765336332363736636534393433663563663963 -62633430356162366530633364376633366462323932333134336139623631373664396233636134 -63336338326663663330326432636132386562373362336130656338356639346332333231613166 -32633139313630646139646434326461633861616266633933386237643831393738376434333436 -63623830303262356132333438643739636538383135656161366533646636356465316463616431 -64343437323363653630303230353461653031383735663630346232363932313566623131366331 -34346630326434323661353238366639343136623565643661313662363461663235363764643536 -32396338616138323931633266326334623034323065303163313662653836336262346130333766 -30616530376661353862386133633863393333353665333036363637663164346361613339333534 -63343165313335303433316632656165646635653830646633643731636536303933393261663861 -66653937343461643161373863336238613066306366633234343233356637373531646531353139 -63666264363734326162343637646662656436383331323332356166643932643763363563656236 -63646132396331363163663861383131326134366232373866306566663461376638343361343635 -61646435346262323739363739333630346662363062643039313034323463613337396530666431 -39323439373032653732393535313566333237393934316464343437336162363331306566396564 -34663634366661643538383836313239353937306639363235373132366633363162306630633963 -32656435653963396566633937343766633636663664373963326532663830383361323538306330 -39356330643839363730353963653033356535396263303237373338636630653562313731336235 -63366437393265313232636665623865643335343961376231393765366630306461656461613536 -66326431616237303730343361366137396532643738656665346265616538333231323230316237 -30336262396465343835613934633663613564323239346433343165616134303161663536353337 -62666466613237356230636435353164643538356465313162653763306663373066316538346530 -61373464383133323037643130353934346230376564616561346139633737663937383061383332 -32353461346366646265363563396632306661383433653435323735303936616631646362393961 -62306333346161393266343462666536643431653438636635653435306138613338663533393433 -64646334313965393162343665616335353132323364333433633534343066363662383863323134 -30666465633964313639646561396131323131663263313637333236663464316433393765623664 -39616439666636343836346564666231656133323332633765343530303135373766383538306335 -37646664373062363164303939343332336333356162303038383166323034343631326564306261 -38323138353263363037343864633266356162373237303461313534626537633938333939663431 -36316333373563326137353266326530636365363038353038363734346634623037313937373864 -30643763323731326130386230616339363634353536356561383334336630373133336534656536 -30313431616239616165333062626233393663633432363530386133636231333433653137316265 -65623164633063343931323461623638343038323034396336396237643563313764393166316539 -33613038323336366338666630653161626438353462363439323832353131613031336465663933 -39663733653237656531353864363230313633376165343933353062656330356231623662646638 -35303331313965663533396361626430373063623464386464323830623032363730333932343731 -37386365623734323434613366333730633232386235336436653031656133653739623364353538 -35373333383337363461623838323336383031363636346565643230663933653031333936363861 -61383835656538393030316331346466326466323133303637313438373463333734663464633164 -35316632306430666662303032663932326632663636343138336463333838386264356334666337 -63653832666533613965396532363937643662333563326164373765613363653537623137373666 -31366635653466663161663736396138643966343436666234333062333563656265396433643932 -35306639636261613131336536303564303964316462366661643961626430616335666165316133 -66633430373934376434306131373036626132363761393834333132383632643332643661376537 -32643136663361356335613366626232343864393639643736333263653439356534313336643737 -63386134613237373938333365666366636633386538303862313564383061373832393561653362 -63613062386563643438326166363737316233393233613831663165383137663166393966663566 -61663866633330306363306361623165616562366466303266333231323666383836616635333561 -61303163333866643361366663353166396638346332306136376239393130333965633538643266 -37613933633530323961653537633365626465656362363733356362633966633230333134383865 -31343863626331663061363664313934376539316433383163366663373736376562656230623661 -36346264636365353361363662313866643531356332363962323961373537633833356439333839 -38633163626462316166326363323735393361393233656634303334306437313032383232313037 -37333939643361353866646630356331663166373464636466656639643863653365663431356266 -61346437353637666263613764323864356234316662363937623334616430356363336633643463 -62646631663462316533356331353032366161303230353865316231333535316638626366316137 -39646634623738633438386561353235663636616565316163383530303533396635656363643131 -30663761626234343664663961353132396130653362383537356162373761366533376665623633 -38336166653134343532663231326365376265633533386333323734616636616237343339623364 -66333233663338663333636164656363333166376630366238643866643338633332376363623763 -31316133316236303162356461666537316163346431646336323231613236366538356635646338 -36306631616565666366613763616631333435373031633537373165613066336338616332323137 -37386432343164343933623562303937313734326337306138373966653563663031613561306361 -35323465393239666437373366356435396661383866386461346135313738363131653234646530 -31643038636336623763356533626266346638393234336634393666613139303564653261343433 -38333661623232336637336134303039643164333638636666353232316636323861373566343236 -32666165633032326362643436316161613365633039386635623632303533623462643830326135 -32383537666662643038393839633438633065393034323833393936343435383866383262373262 -37343936656465396435323036303363613634336238363365343165333035356335343430323434 -32363139393766323232663764306465643434643533316537623830356437656338613135643363 -32663836326639353830313330386330643563353336613531313136386666353135633335643832 -63333931396336366633633066623535383761396534656338643262623562363239646363323030 -64643234306531663763663535323332326465343234306334653439326365623237613335343739 -39633464363535336333306338616262353631323763613236666537333035383661393865636233 -32363838383936353532366430333762356334626465623563643736303834316534353531366465 -64643039366263303630346639333435333763313335333238373432333962356464633539663666 -36343837656265386531346264363134313966376161633563343538363163653561393536613932 -37393437313239363635373934386436663864633763333637626331316535306539306563646561 -36666232336435333164623737633635306536353362373832633136343639393863353463633131 -65636537303365383036396633313962333030653064333662373365366135363764633236646139 -65316334616335326532643764313235383964646463633137346236333337303861343833323034 -39643065323161653963336365666332376263643266633664656139646536333236303565376239 -36356530623563313434313362313838346663626431646462376136366433646265653232383163 -30386231323165383236383730646435373131326333363662663038613436643530346335356266 -63393236623231663930616661366235366365303238383739363633643637313164623031363134 -38346133326263323034626161646532666334323035313934386664326539623437376162363831 -36383437373936316236306635613862386138396630313637376632356238383534313638326538 -36333031616335336437653534326264356330383031663161316166646436653236383333653838 -36643733393363313036326633353561363862373339346665383635323066323861633863656138 -33306630306438306235626334313236666265366539346137363564613861326136636536666233 -30363936363231356539663864653230313538373935386232373437613764386438646231623431 -63663538393066646431376230376535366531396362373563656538643231613031376236343739 -37633736376132326139353530393933303065303533313164623334316439366334396330333030 -31396632653165326465336239373366623363636331366235323531643032333931396435653962 -37373862623737633037343339386538333639346564663431643537613931313366616365343762 -38393435343631326438383933343734333866336263636131323331633464343335633939656166 -33373834366465393066636337633665616334333565386661393633326539336334386538323361 -35323434396436366465323938333766383031326331376462393632343766623937363138326238 -66386565383763633336653031306335623839363839636635386633326135336233376630643366 -35383836666638613063333138306336306232393834656236663832313537666365323230343066 -62303536643262353737323964363366313361643032353736666531626632613733643338346534 -63383261373838663333666165653863326163336334373666363963386465303130323936386634 -34323961623662636535396264346533383531663164623735303266316566366561326530333561 -31643839393238613964396233646266346165623535353563663931386165376131623263346361 -66386261366330376566343363383631396233393966613232353832353035393338336435623034 -31353462313766343335613363663763626662663134653161653238396633313062353939656139 -35626365326166653734626435633839323565343663663633383966323136626331393134646261 -66393666643932666431326534646338353630366234656238313036613438363537613965623765 -37643631303131643033386633326531393232326533386539306263353964646264623431363634 -39333335306334663337363966323435333937373633326231383230636338353132653739356236 -36636366373461353065646536343436653631623439663837386235313566653762306662303764 -38643733323330346163346561306431303634623361663563306139646533316335613030303466 -66613863393965393031376530313766343733663463396361613237313435303262346234303766 -33313461333933666632383038316233386663386533653165383334613130643635383062623362 -66626138363835313037636132303565643737383735343761346533663765653864313362336366 -36383862333165336435373433613063396664643566613734633633373730626266646462373033 -62376233353533356430386665376135386337356237303364316230393336386264316537316437 -63393465376638303535666233373965363966383565666337646634366630343266653538626539 -39346364363133363831653334373933343937636131343631323836336338386235646435663138 -30393862333866323938386235316237346666323163653166373839643835623632336632313662 -30346130393563613038653938626130326439303365393036383633613431323938316430343036 -66626635643638636335666437373130333764663636353764393133373331373562383966346236 -37663437363639326239353434653336313436353862363737666564326138623931363661303263 -62656363396562303935343233353039626231313038343661333662313939646563376233653566 -38353233633632626165663130663566623839346430303235343637346566626139613336666561 -62633965653532363763393035333331303230343130393238376536303135343139363064353135 -39363734663365333936376137656666663564373663613931666633306632336462356439393265 -34653734613632353734333936393136323237653664643066376565643932393961306362616231 -32393532306331653266393763346163366239663239343566313834346633663038303231626366 -35376530653765643431613034656636626434646466663730666530323063656661383539316433 -62363533626335326238653135623435633463303230396462393332666438653834346633616561 -66393730633330343265343364626332323163656562383966333762383633336535643036326639 -35313733633032663434633439343430313437623561363261666362356461363835383637313733 -66363662653331313963656264663965353664336662393862383933636235303231663630326134 -38653738333930646336336563323531356436633132363933636437656161353231306365363531 -30653536386635623738663138636263383335663431636263623063303431333631663361336264 -37303262356565663632653466666664613331663036623766616562343765646136336562363365 -39613332383262306262633966323163653736396435373431653135653831383730316362636330 -64333632633938646533623436363134386463366233326639646436336532363065313738366162 -61393564326465313961646361346139396434613463613766663434646262326430343634326632 -38633461363034646536323163386132616665643166353931383035626463323265326434656563 -39636464366262326533323962336132623561306138373862333234383532353636333736396638 -37333436316564666665366137663365303764376136343531323834353435643264306639623666 -31333831336334646339636431653161616232383537363434396635623764393166643666623463 -65386337373930616562313233303630656266656436623139636463616230343266636362636233 -65613031323430323432316432323333633434656363613161323431643364626139356336363065 -34383963316665623763346464303137356564383463666233633134663932633364623763323966 -64396632633762396235323034633765323565333136366265626433366239363531373839333337 -30373937623663623734643264636532623962346636303833316163333832353138386565383930 -35383736613866663061396465363431636139653539373835666439366636383461336361353933 -63333130363538626239346166656431643762303362653861396464366437386639666532653766 -63313231393163643934343839613030656338306133373339333266373264383235373833626461 -63346230663566626561346561333539313662373737313033656130663134323433376533313464 -38623530326262353438333965656136356337643232333266656439656461343538643866613638 -34336437393539336237306463316261633964626261383133646131386638633930383266343965 -31643934326364346366623661396237376530633261636436646630336433393834393535643034 -38616466393635623362663631393932643565303636323565646162363762623966653433633737 -36333331303939396138633134396165646630376432626161366436393735303366616233313136 -62633834616539363537313330646362633930303761663463366561323338396230383139393536 -65636234303261313662363836623833396538663633393236323962666562623237393430343835 -63386466373230336536303639653366653262623336633838373462376235343034376638316336 -36393563383332313330626562646335646135623231313234613733666464623030616138396361 -32363736656132633538383430343531656135306562343537366438316435353962393962353336 -33383566343236663437613634393336316435313637656666313137663439663933626139643134 -63336365663966376438613737626461366566336462636130393465313030323634653361343437 -34343630326261643934323039383037373038636562376163353265616565373962373834626562 -65653361666433663231336261646464646263613034656638636332613462366335663538386535 -33383731613362363938626433643531656339313631633638613737356231376233636238336238 -32313836353961306136366337663231643565326633353534663239396361313130396662396632 -32313466366439313862383666323061396462313738656261346265616265663832626466333738 -32316463386565636462653132326164663561373863323636653163333662326134373337366366 -39333837376537316564303664623936303064643665303566343033303662393536306465396533 -37626162613834343430623037303133636532383238313262633333623131343735396463346663 -62313166393934383461303639376230346331333532313863363137303863656333613036373935 -65633361613039623331613834303830363736376332313035353639383365386136336566396337 -66366632373936653866613236363232393038666239386537633162333031316436326635333835 -32353466646234313834363439336134666132376535363939393661653733343936376665333564 -33663365326435663030353435623038653239386639633362383539393638646335363132383838 -66363562633863373437326532643739633734666538383161393934663238306335306433386335 -31383734326532356434396637303563373635336366336338366165393333616362386334326266 -66663530326339306561383739343866333332356566663662613433616366363938343864396434 -37396430623866643138313961373766303930366636306235393864663830343437646537363838 -64613837333639303965366464323461386364323835353465656238643062663434336132313530 -62366432643761323735663666316635616437303037303161346535623332356237366338356166 -35636365663961373434356430303665393161663631363135353466633131343563613865323961 -31343838653332313765626164353230663463386135336665663939336363383737646662623661 -38666463663035313966343134613733663339376637316232346432303237643333326133633338 -32613666323737313139313862663362323831616631373932376533323639333464323531663863 -61333538356463336639366636373739663332316236376238303963613436303033353636653434 -30353463303138646438646430373863396162653431633932323132336439373634636630303861 -37323262303765333365656336653564366566626261343461303761633433363034656537363931 -66353533623861343166383661303230333436386465633163643934343262373536626331666532 -64323361666661656336396130373031663365623733656537353137383536313366393534323263 -64353164623831346538363530333435613734653631336462333065333738636130316133376135 -33393761343065633765366434343265666539326131653061636136666263383534356462646332 -61303734626339343962613532336433346562636262396633616162343962616239653033376532 -65633439616230646339623861303662336133303437363331653431643964303235653937316437 -62333732373461333630336235303631333835666565363761636432386638356530636362343239 -35366237636262323364633563353866356464323462323965643832396566313233616331373863 -62386264363861623065643531316564346662623234366234373463633732333739393434383662 -30313635346535363163306465383438306665323735356535666339343131623734363863323161 -34633835326334336261343136353661666666623831313033353935626463333661656439383432 -33383135346336316364393137646663373666636363636363393132643637343135393763343766 -64323466613562303639393061643533633231326239376634663565323437646132646565626362 -30313132396536363734613562366266333839353637343066373238653835623165626232623766 -64366334663934633366636666663535656234313432353638386638316564386139366434313434 -32356162386366636666396162633839623862313030613338333436333535656430613964303262 -34363563646534373738376430363462386433366432326666623139396665623834363937396564 -32393131653862613736376631373235663064353739333039356330643533396533653838616333 -63343937303539316236326239636163613532366462636339333466646331353164643132636334 -66353930316465363430626236303635326366366234623837323435663039613536343439626430 -33663661343663633838656234343764613832366635373566646164653764373930643330336237 -36656532386364336262613231663239643863313131306636356530333961313731323138373532 -36633834346233336661663238386233623836656565386238613534643163323861656166313436 -33616364373739343965656439646331353031366630643630396537663561393861373237393966 -33613064373038616339626163616434323331326161303666353132643438353139346665336362 -36346339353762653037613432343039666339306239386239383933316562333163393433653566 -36623437316135656436363465316331336331383033366331343337313666383562333035323464 -37303535663762323162616235656437613063356634363865383661656465323839386539303863 -32393765386239343963613735643665343266373139363839313831373863613439616639636264 -34346637623932613736363433646530303933623532356236653238376364653465383963653138 -61303562303463326337303261326266316566636136656536613931373465663731313932663538 -65323838623536623961316334613839393333316637656135366237323430623630356137633663 -35306530616664323832383566306462313730643238616537373031653437643634333337643465 -33386464643339323736303239636431633037303633306261333361626234666562613661356435 -66613465366362383230373731346465363833313035653065353864373466356463376664613466 -32646131313033616366616637356435346438643731616234396563323931383830306466636532 -63613364383035643536316534616262643163643365376332383330343066306363343262646566 -32393762313031383437366239326166316434663437626563333936316365323532636265626631 -61613566663735376234333736383337316262646130346366343632303431623765383937616335 -31353036376664323361353261393865373232633535663635363964303431373139623031656339 -61626335656333393266666536356262393662383064346631653730343339313165396630636139 -63356633656236343164656636313937633266366137343132356137343338626262376633316661 -31633432313030666632633761666566323935363230663063356662393366643065363731333133 -32363263353531396564313063366338393736656632366539343131613865383062623166316163 -34623432336162363933383961643638653432663237616461313839643038386330656561386232 -65613132356166656261353761613633353038393464613064373839373265373834343366303936 -32653730373134653535353134363532633330653035643632643961386166663131343437643639 -35643035666434373437633934373630613833666137656263323138353765313836656338326534 -63343964336233663335646539303664663231353334313434393832353739366265326632316432 -34386236616631373563323030633335653739653437346536313566323465353035613739653461 -37373565313532653237646434343765316231333230663030666533353836613365316332343165 -35643331613164333632653332313765396662303766353937316231383738393634353930663361 -61623837303665396266396162396239663530613233633463666635363065386134373663393033 -61666133353239333231633636646263333838653130313836343566313864633161613863326362 -62303561306366343839343163643733613466646231353331363933376564333236 diff --git a/files/desktop/openvpn/desktop.key b/files/desktop/openvpn/desktop.key deleted file mode 100644 index 33260dd..0000000 --- a/files/desktop/openvpn/desktop.key +++ /dev/null @@ -1,90 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34333438393535353533333461636632616138326232376363653666363539383530303532643530 -6137346336616263653933336435393034366439633865650a636666343730646534626261666565 -39323434626333653033303166613338393035333738353665613230353834623566666233353663 -3131666130306161380a623532346661346630653636616334666463396364366234366561386264 -33393062663464306135363064303865383164343939616439343164646136303262366136303536 -38376339613139303162643165313231373931353938663838326661333438313661653732333731 -64623866323030396637653037343064316565376137633464636239333961303464356163313465 -32643537633261303438353330643862636336313564343464336630643933666265613765643366 -38313365353431613230306165326137393539363137343063356436666565306135363733376464 -30666364336338376433333962376161306334373366373639316562613237393935306230353862 -38333232393463653636643737366635613262653134626438616663313330333262326266653436 -61383938336337666563396238636563613966663666343736356663353737346538656637306438 -63326462383932336334333433343537363830303861313561303735393036386131666439643130 -34616161626166306331663235333336326537356463326166376637646563626365323566633164 -39656136343338363262346663613738336131623566343634623263646433663561323936356332 -34343564316561313535313964373738656531376265383632613966636637353766303137633337 -64386664323233316334343339333037353365613962616139613530316665306261343666633835 -61343631353963393332313662646630396635616332626438346266666363356664623333643964 -62653932613533636661313939386436313632616538643838373234613539313137346634383965 -31373532333533323132663266633139343839393165323463353434626332353439626634323561 -65643332323763383865643634313632353461326533633466323664353565653264303435303035 -64363939333430666162393662303465313333663466343134663030366361623833353961666661 -62383832376233383662343137643163326664343635333337666263663163323062643038373531 -35323733656631623536363636646239666339383738656135353634313465353733653864653965 -36663238396466363836646161313137633535626230666363623736366531376361353338383066 -34303134366366343738623139633636653932656265626331383732373462663361636431313862 -63326134616633646638653038343439303131613330306163383830353235613637353630396633 -39663161363264313138633963613130323036666662356337326463363862653264346263343139 -35656261376639326534653166326666313637613366626631623735313162373939316364333561 -39613935633934626538353630666462616238346538346537383864323562323736646231663038 -62646134656237653733343362303066306566626133616530376436393766363661306232356336 -30313265393539663938346239366263353534396563343462343334376134303264626435643364 -62333666633234643765323563373233333231386433363762353231616435383433303733393932 -33306536386538623564306665623031373633313035303836643339323537336239393663313530 -64366230313436363034366434383230623230663531363130636561613639623335643032646531 -62316361376631633836333866343939343539346332313030336665613635383462313937376666 -66613631626361303538623963623366313033363766356139306130663939346165643534373434 -62613430633034306138326439366134343930393765646162326261333461343833643431323836 -33316664313035373138313332396666626133363831643562313162303938613264383034623035 -38343365623333313862623435306534306533373035623631303638356233646262623161343739 -34376631663736633563333032666137366639626433306132326539333464636161386131363666 -30303636313038623464653330623066626431326162336463383831616333643334666531386365 -38306536376430393539356334313438643538343538303264376662633765396563626266346366 -65353230376534643739613838306161303238303230356433636466336239633563353737346236 -35343534633162323133333061383932663036643765343434356634333136666539356533326663 -37376663623065333839633338633637383237316337363434356637623339646534366435336164 -30356338313437646235616564656439663937383761363337363531663835303030616630306339 -37393237656532663264643133616537643264633731393866636462386263656537333232666139 -32623165653032363865653963383130613730323862656139323866393235666536643931323764 -33633031323537393631623163333866313333353538613734663665633539303432666635636565 -31646538633663313866636237383165303634653234366336323237646332333338376664326230 -30303431343131393863343636316463623864326535376663623161303061303639656264393830 -35306461666339623163656236356564306231633066613731323761343466663436323064393235 -39353036616330333934323365393539333963656134383736306634643533333130653835633731 -37373133313665396661656361393163306233333733313138623263326530663438356462623766 -64393830356630393364666531356163613634303234623663626637633863343437643730393337 -31333533626363346635626231336165303964633262623362323365383132356433663533613961 -63396631366132303538336532616336646238616665366235363364626166646464626665373336 -64653430393137636665306461346433303136383964333861656435363436366565363139346466 -31373864373761386463376162363765633533613833656163383830306332313365613433316536 -64643638343966383061616336356531613037353666316166363936646165323864643632363931 -32343230343230633338633864663331303236613664336135663466663038396463313465613639 -64366439303938366131333735643432663830313734356631363034616666316566633236373263 -66346564353137643064386138303264396138303430636333353732656530393434393234346261 -33303030336666313830653137343430343161343032353939376531326131646632313832666232 -37646364373537323961346666343535313338386539313530353438663562623064636434623263 -31646539363035383836316561626639623738306562383564383361373939303865633935343632 -65663033333162346662636430616634373464353266363466373137643162636634383337613263 -62396161643937623365613864353830376631383536646632376339666230663936656634366531 -30333630633066366636633330656537663836336136383235323964646532396138393831633033 -65663861363432303933393936383132663632373961653834363337656431376236346564373533 -62333462333233623530666138306333383162346565623838623534363762366533633739616530 -66303164343335623034336630383063316136393063383362313637386363616363333963616235 -63326133323264653161306237323263623632303237636132643633333561346665613933646330 -61313036613836396633613137306133383432666663663336373963383836343030633461323239 -34666135393537643438363261623631393561303336323033343062663430343638643834626131 -31396431323738653865386636383262393630613436346633656131323235643363623831366632 -35653064323538386537383737366338663062373135623331646364613531643537366163356564 -62343135326239616138326133623264663835343566646231653166336364613363346133326336 -30653134366633373035623162616663613264643438616133653739643264623964653463663539 -63303930613538373339373762313934393566633562613836376637356231356133306234626639 -36386233366636386164386362646133623862313161313732653833613263313833653866313535 -64303335333931356266613930366666363162383330353731613437373465633235333863643661 -66353034376263323331633365616137626361636465613831366466353238666533363830336530 -63396166333836616333363733393335343565616261356462373931356163663966366237383765 -33393831373331303062633065383638643539383634313763633064333234656261303730343235 -32346238633361303238333133663437316366663864613936623465363933653663636330323733 -62613530666264336239626363633239306638646133393762373763366437386364373264313136 -31383733343136643161636132313233383337623566396136393862343938613335 diff --git a/files/desktop/openvpn/ta.key b/files/desktop/openvpn/ta.key deleted file mode 100644 index 7f5298c..0000000 --- a/files/desktop/openvpn/ta.key +++ /dev/null @@ -1,37 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34623436623763346364643937653661393233633664383365633166613665316335313339326462 -3434346262633138393033343933666561343833346262620a333661656462343064633035613333 -30356265323663333266343665366536383235306664356666383964346261626533333633663966 -3839666562666363310a613662363636363961626530383966383438353939303036356132363030 -31336230633862653739396338373133366234386332333266393935363233393636343834306532 -66306333623261343131363832343662333931663830653565643133386237333062306531383238 -65396638323732306530363365346331386330666464303564663039333338343539363734613034 -39363463653662613430383765313839653636323631626237316261343330333633333761356430 -35336163336366663430326239333764373431373032323062656438393661636464396334663465 -37396537393466366238646663353066363938653932343831363932386532393764623262336236 -66363966666165393435656633386638303633623339396238633432636263303564393963396338 -30633130643133333530373436383862353862353136386431313131643561313434656166316265 -65336163343632373762653639663662366433313034313862313931393062343531383830643035 -36653132353135666563383031623766303237323861643664373936663762373961666231633662 -62356538376561336434633434326331666466623539633737303363663535656338663333303636 -35646635656437666266643562613537633065346231663066303336366665663662306361633636 -34383065393436616537323531323562616665616264656536353664643364323238343435313832 -34363536656634353062393835646661613966396430386338326432316263663638333566316131 -37366532343737666330323766636432613135613236356632346163383737393034633766333938 -37373764373339393434356262643665653137646635643734343265306334656461613835373438 -33393365393833326165643734306537663864316538373733623532336264313764313031653239 -37356436303763396330363366376265306139393834316436383333633030306632333364346439 -30343462313833633734653539333230623038363334366637396436316230623035316438313034 -64323765383266663831633435313566353464643262303636666636333663386138353832663639 -32633632653435393334346263343637646635373564353239643334366634643465303363366330 -34623036396430653137643535376462623563653535633837633961343065313964376235643837 -31313532316435376431373636396562626237366131656337663333343136306430323334623934 -33306633326139316131303535303064386531353839333834386536653965643530313331646363 -38616332633866643139343132316631356435393539303464653864353836326535333234636137 -35656634653964373866313634623231626434303331396163656664343431633461356237633937 -66326132333230383235613432326336323562303934323737653836656132616332653665353432 -35346565373566383963303337616434666536663638393637346566383163383466313636356131 -30373035306366633261306239373933363330306464363531653063333537313339343838636465 -32373165383835653035346432613761303861616565306339643131393963643033613866666166 -62643138623338336230383436633036376237386565393033623437613739373137623630666664 -32393230616531653632 diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml deleted file mode 100644 index 9fe4fbf..0000000 --- a/tasks/openvpn.yml +++ /dev/null @@ -1,82 +0,0 @@ -- name: create configuration directories - become: yes - file: - path: '{{ item }}' - state: directory - owner: openvpn - group: openvpn - mode: '0750' - loop: - - '/etc/openvpn/client' - - '/etc/openvpn/client/zeus' - - '/etc/openvpn/server' - -- name: copy configuration - become: yes - template: - src: 'templates/{{ platform }}/openvpn.j2' - dest: '/etc/openvpn/client/zeus.conf' - owner: openvpn - group: openvpn - mode: '0644' - -- name: copy desktop credentials - become: yes - copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: openvpn - group: openvpn - mode: '0600' - loop: - - { - src: 'files/{{ platform }}/openvpn/ca.crt', - dest: '/etc/openvpn/client/zeus/ca.crt', - } - - { - src: 'files/{{ platform }}/openvpn/desktop.crt', - dest: '/etc/openvpn/client/zeus/desktop.crt', - } - - { - src: 'files/{{ platform }}/openvpn/desktop.key', - dest: '/etc/openvpn/client/zeus/desktop.key', - } - - { - src: 'files/{{ platform }}/openvpn/ta.key', - dest: '/etc/openvpn/client/zeus/ta.key', - } - when: platform == "desktop" - -- name: copy laptop credentials - become: yes - copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: openvpn - group: openvpn - mode: '0600' - loop: - - { - src: 'files/{{ platform }}/openvpn/ca.crt', - dest: '/etc/openvpn/client/zeus/ca.crt', - } - - { - src: 'files/{{ platform }}/openvpn/laptop.crt', - dest: '/etc/openvpn/client/zeus/laptop.crt', - } - - { - src: 'files/{{ platform }}/openvpn/laptop.key', - dest: '/etc/openvpn/client/zeus/laptop.key', - } - - { - src: 'files/{{ platform }}/openvpn/ta.key', - dest: '/etc/openvpn/client/zeus/ta.key', - } - when: platform == "laptop" - -- name: restart vpn - become: true - systemd: - name: openvpn-client@zeus - state: restarted - enabled: true diff --git a/templates/desktop/openvpn.j2 b/templates/desktop/openvpn.j2 deleted file mode 100644 index 3e5ba0a..0000000 --- a/templates/desktop/openvpn.j2 +++ /dev/null @@ -1,93 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -############################################## -# Sample client-side OpenVPN 2.0 config file # -# for connecting to multi-client server. # -# # -# This configuration can be used by multiple # -# clients, however each client should have # -# its own cert and key files. # -# # -# On Windows, you might want to rename this # -# file so it has a .ovpn extension # -############################################## - -# Specify that we are a client and that we -# will be pulling certain config file directives -# from the server. -client - -# Use the same setting as you are using on -# the server. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -dev {{ vpn_interface }} - -# Are we connecting to a TCP or -# UDP server? Use the same setting as -# on the server. -proto {{ vpn_protocol }} - -# The hostname/IP and port of the server. -# You can have multiple remote entries -# to load balance between the servers. -remote {{ vpn_ip }} -port {{ vpn_port }} - -# Keep trying indefinitely to resolve the -# host name of the OpenVPN server. Very useful -# on machines which are not permanently connected -# to the internet such as laptops. -resolv-retry infinite - -# Ping every 30s - Inactivity restart 120s -keepalive 30 120 - -# Don't ping until connected to remote -ping-timer-rem - -# Most clients don't need to bind to -# a specific local port number. -nobind - -# Try to preserve some state across restarts. -persist-key -persist-tun - -# SSL/TLS parms. -# See the server config file for more -# description. It's best to use -# a separate .crt/.key file pair -# for each client. A single ca -# file can be used for all clients. -ca /etc/openvpn/client/zeus/ca.crt -cert /etc/openvpn/client/zeus/desktop.crt -key /etc/openvpn/client/zeus/desktop.key - -# Verify server certificate by checking that the -# certicate has the correct key usage set. -# This is an important precaution to protect against -# a potential attack discussed here: -# http://openvpn.net/howto.html#mitm -# -# To use this feature, you will need to generate -# your server certificates with the keyUsage set to -# digitalSignature, keyEncipherment -# and the extendedKeyUsage to -# serverAuth -# EasyRSA can do this for you. -remote-cert-tls server - -# If a tls-auth key is used on the server -# then every client must also have the key. -tls-auth /etc/openvpn/client/zeus/ta.key 1 -auth SHA512 - -# Select a cryptographic cipher. -# If the cipher option is used on the server -# then you must also specify it here. -cipher AES-256-CBC - -# Set log file verbosity. -verb {{ vpn_verbosity }} From c3cb8e1e8fb7057300ec2362736235565ceafa70 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 29 Dec 2021 11:57:31 +0100 Subject: [PATCH 011/131] Add wireguard configuration --- files/desktop/wireguard/desktop.key | 7 ++ files/desktop/wireguard/desktop.pub | 1 + files/desktop/wireguard/preshared.psk | 7 ++ playbook.yml | 1 - tasks/network.yml | 97 ++++++++++++++--- .../{network.j2 => network/enp.network.j2} | 0 templates/desktop/network/vmbr0.netdev.j2 | 5 + templates/desktop/network/vmbr0.network.j2 | 10 ++ templates/desktop/network/wg0.netdev.j2 | 24 +++++ templates/desktop/network/wg0.network.j2 | 7 ++ templates/desktop/nftables.j2 | 4 +- templates/desktop/pulse-script.j2 | 2 +- templates/desktop/syncthing.j2 | 2 +- templates/laptop/openvpn.j2 | 102 ------------------ vars/desktop.yml | 25 +++++ vars/laptop.yml | 2 + vars/main.yml | 2 +- vars/vpn.yml | 5 +- 18 files changed, 176 insertions(+), 127 deletions(-) create mode 100644 files/desktop/wireguard/desktop.key create mode 100644 files/desktop/wireguard/desktop.pub create mode 100644 files/desktop/wireguard/preshared.psk rename templates/desktop/{network.j2 => network/enp.network.j2} (100%) create mode 100644 templates/desktop/network/vmbr0.netdev.j2 create mode 100644 templates/desktop/network/vmbr0.network.j2 create mode 100644 templates/desktop/network/wg0.netdev.j2 create mode 100644 templates/desktop/network/wg0.network.j2 delete mode 100644 templates/laptop/openvpn.j2 diff --git a/files/desktop/wireguard/desktop.key b/files/desktop/wireguard/desktop.key new file mode 100644 index 0000000..2a4e787 --- /dev/null +++ b/files/desktop/wireguard/desktop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64386433373038346364353966343664623636623866656535326139353563396466653663613565 +3265323264623161653131663865343362323530643139340a383238383738303366333666326536 +32373330623636613863303636626536613736323565323632353263363531386339623636613965 +6232626334623437610a623236383763636431323332343237353835666432326439396361386139 +31383538613265633766316565313538663631383833383636376630326130393039623561666232 +3861343261303065363138616564666464653733353864386564 diff --git a/files/desktop/wireguard/desktop.pub b/files/desktop/wireguard/desktop.pub new file mode 100644 index 0000000..3045a86 --- /dev/null +++ b/files/desktop/wireguard/desktop.pub @@ -0,0 +1 @@ +izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= diff --git a/files/desktop/wireguard/preshared.psk b/files/desktop/wireguard/preshared.psk new file mode 100644 index 0000000..3ce2db6 --- /dev/null +++ b/files/desktop/wireguard/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +35306261646161313832376338646666383439366336396566366163646263346661373861326630 +3461373866323562356338323837653032346333323962310a353436613736353763373163306163 +63356435306132623264323361333863363038306132333832303035393863616562363833663038 +3265306165623435390a383464343539393964396430343932363364353363323337346565646335 +37373332306534303963386139613931396561643763663438303932373832633565643765353433 +6564326235623439363438626261346264393835636134383664 diff --git a/playbook.yml b/playbook.yml index 912603f..eada34f 100644 --- a/playbook.yml +++ b/playbook.yml @@ -16,7 +16,6 @@ - import_tasks: 'tasks/setup.yml' - import_tasks: 'tasks/network.yml' - import_tasks: 'tasks/systemd.yml' - - import_tasks: 'tasks/openvpn.yml' - import_tasks: 'tasks/git.yml' - import_tasks: 'tasks/mpv.yml' - import_tasks: 'tasks/mpd.yml' diff --git a/tasks/network.yml b/tasks/network.yml index 76a32a8..026d908 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -1,42 +1,109 @@ -- name: setup desktop systemd networkd - become: yes - template: - src: 'templates/desktop/network.j2' - dest: '/etc/systemd/network/20-wired.network' +- name: create wireguard directories + become: true + file: + path: '{{ item | dirname }}' owner: root - group: root + group: systemd-network mode: '0644' - notify: restart systemd-networkd + state: directory + loop: + - '{{ vpn_private_key_path }}' + - '{{ vpn_public_key_path }}' + +- name: copy wireguard credentials + become: true + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + dest: '{{ vpn_public_key_path }}', + src: 'files/{{ platform }}/wireguard/{{ platform }}.pub', + } + - { + dest: '{{ vpn_private_key_path }}', + src: 'files/{{ platform }}/wireguard/{{ platform }}.key', + } + +- name: copy wireguard preshared keys + become: true + copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ vpn_peers }}' + +- name: setup desktop network configuration + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/desktop/network/enp.network.j2', + dest: '/etc/systemd/network/20-wired.network', + } + - { + src: 'templates/desktop/network/vmbr0.network.j2', + dest: '/etc/systemd/network/30-vmbr0.network', + } + - { + src: 'templates/desktop/network/vmbr0.netdev.j2', + dest: '/etc/systemd/network/30-vmbr0.netdev', + } + - { + src: 'templates/desktop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/desktop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } when: platform == "desktop" -- name: setup laptop systemd networkd - become: yes +# TODO: update network configuration path +- name: setup laptop network configuration + become: true template: src: 'templates/laptop/network.j2' dest: '/etc/systemd/network/20-wireless.network' owner: root group: root mode: '0644' - notify: restart systemd-networkd when: platform == "laptop" +- name: restart systemd-networkd + become: true + systemd: + name: systemd-networkd + state: restarted + enabled: true + - name: start systemd-resolved service - become: yes + become: true systemd: name: systemd-resolved state: started - enabled: yes + enabled: true - name: start iwd service - become: yes + become: true systemd: name: iwd state: started - enabled: yes + enabled: true when: platform == "laptop" - name: copy firewall template - become: yes + become: true template: src: 'templates/{{ platform }}/nftables.j2' dest: '/etc/nftables.conf' diff --git a/templates/desktop/network.j2 b/templates/desktop/network/enp.network.j2 similarity index 100% rename from templates/desktop/network.j2 rename to templates/desktop/network/enp.network.j2 diff --git a/templates/desktop/network/vmbr0.netdev.j2 b/templates/desktop/network/vmbr0.netdev.j2 new file mode 100644 index 0000000..54f171b --- /dev/null +++ b/templates/desktop/network/vmbr0.netdev.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name=vmbr0 +Kind=bridge diff --git a/templates/desktop/network/vmbr0.network.j2 b/templates/desktop/network/vmbr0.network.j2 new file mode 100644 index 0000000..a3ca139 --- /dev/null +++ b/templates/desktop/network/vmbr0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=vmbr0 + +[Network] +Address=10.4.0.1/24 +DHCP=yes +IPForward=yes +ConfigureWithoutCarrier=yes diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 new file mode 100644 index 0000000..de4e81e --- /dev/null +++ b/templates/desktop/network/wg0.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name={{ vpn_interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_private_key }} + +{% for peer in vpn_peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 new file mode 100644 index 0000000..81fbe8a --- /dev/null +++ b/templates/desktop/network/wg0.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name={{ vpn_interface }} + +[Network] +Address={{ vpn_ip }}/{{ vpn_subnet }} diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index 3adbb58..502770a 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -25,10 +25,10 @@ table inet filter { tcp dport ssh accept # syncthing - ip saddr 10.8.1.1 tcp dport 22000 accept + ip saddr 10.0.0.1 tcp dport 22000 accept # allow remote pulse audio - ip saddr 10.8.1.1 tcp dport 4713 accept + ip saddr 10.0.0.1 tcp dport 4713 accept # allow dhcp requests for bridget connections iifname "vmbr0" udp dport { 53, 67 } accept diff --git a/templates/desktop/pulse-script.j2 b/templates/desktop/pulse-script.j2 index 56cd152..8bcc1ea 100644 --- a/templates/desktop/pulse-script.j2 +++ b/templates/desktop/pulse-script.j2 @@ -2,4 +2,4 @@ # # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.10 +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen={{ vpn_ip }} diff --git a/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 index dba711e..d9e59f9 100644 --- a/templates/desktop/syncthing.j2 +++ b/templates/desktop/syncthing.j2 @@ -71,7 +71,7 @@ 0 -
tcp://10.8.0.1:22000
+
tcp://10.0.0.1:22000
false false 0 diff --git a/templates/laptop/openvpn.j2 b/templates/laptop/openvpn.j2 deleted file mode 100644 index 8e329e6..0000000 --- a/templates/laptop/openvpn.j2 +++ /dev/null @@ -1,102 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -############################################## -# Sample client-side OpenVPN 2.0 config file # -# for connecting to multi-client server. # -# # -# This configuration can be used by multiple # -# clients, however each client should have # -# its own cert and key files. # -# # -# On Windows, you might want to rename this # -# file so it has a .ovpn extension # -############################################## - -# Specify that we are a client and that we -# will be pulling certain config file directives -# from the server. -client - -# Use the same setting as you are using on -# the server. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -dev {{ vpn_interface }} - -# Use unprivileged ip command -#iproute /usr/local/sbin/unpriv-ip - -# Are we connecting to a TCP or -# UDP server? Use the same setting as -# on the server. -proto {{ vpn_protocol }} - -# The hostname/IP and port of the server. -# You can have multiple remote entries -# to load balance between the servers. -remote {{ vpn_ip }} -port {{ vpn_port }} - -# Keep trying indefinitely to resolve the -# host name of the OpenVPN server. Very useful -# on machines which are not permanently connected -# to the internet such as laptops. -resolv-retry infinite - -# Ping every 30s - Inactivity restart 120s -keepalive 30 120 - -# Don't ping until connected to remote -ping-timer-rem - -# Most clients don't need to bind to -# a specific local port number. -nobind - -# Try to preserve some state across restarts. -persist-key -persist-tun - -# SSL/TLS parms. -# See the server config file for more -# description. It's best to use -# a separate .crt/.key file pair -# for each client. A single ca -# file can be used for all clients. -ca /etc/openvpn/client/zeus/ca.crt -cert /etc/openvpn/client/zeus/laptop.crt -key /etc/openvpn/client/zeus/laptop.key - -# Verify server certificate by checking that the -# certicate has the correct key usage set. -# This is an important precaution to protect against -# a potential attack discussed here: -# http://openvpn.net/howto.html#mitm -# -# To use this feature, you will need to generate -# your server certificates with the keyUsage set to -# digitalSignature, keyEncipherment -# and the extendedKeyUsage to -# serverAuth -# EasyRSA can do this for you. -remote-cert-tls server - -# If a tls-auth key is used on the server -# then every client must also have the key. -tls-auth ta.key 1 -auth SHA512 - -# Select a cryptographic cipher. -# If the cipher option is used on the server -# then you must also specify it here. -cipher AES-256-CBC - -# Enable compression on the VPN link. -# Don't enable this unless it is also -# enabled in the server config file. -# Disabled as advised on https://openvpn.net/security-advisories/ -#compress lz4 - -# Set log file verbosity. -verb {{ vpn_verbosity }} diff --git a/vars/desktop.yml b/vars/desktop.yml index 28d4ccb..7cf4afa 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -1 +1,26 @@ platform_packages: [] + +vpn_ip: '10.0.0.3' +vpn_subnet: '24' + +vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' +vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' +vpn_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65386334366166306164363464633364383935313739373730373139663139373964336665636264 + 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 + 63366239333230663531306333383962353937353736663336343434663633303232386531353832 + 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 + 62303035386634636333353664373231633434656538303866386262353139363439363435346637 + 6637363334623133376134306165626564343864633032613763 + +vpn_peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: '178.85.119.159:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', + preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263" + } diff --git a/vars/laptop.yml b/vars/laptop.yml index 3ea944c..0f6cd7f 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -1,3 +1,5 @@ platform_packages: - iwd - powertop + +vpn_ip: '10.0.0.2' diff --git a/vars/main.yml b/vars/main.yml index 80107c3..b8c5488 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -10,7 +10,6 @@ packages: - nftables - mpd - nfs-utils - - openvpn - okular - postgresql - plasma-meta @@ -29,5 +28,6 @@ packages: - pipewire - pipewire-pulse - pipewire-alsa + - wireguard-tools platform_packages: [] diff --git a/vars/vpn.yml b/vars/vpn.yml index 1cca5e3..194c351 100644 --- a/vars/vpn.yml +++ b/vars/vpn.yml @@ -1,5 +1,2 @@ -vpn_ip: '178.85.119.159' -vpn_port: '7531' -vpn_interface: 'tun0' +vpn_interface: 'wg0' vpn_protocol: 'udp' -vpn_verbosity: '1' From b914c1bdcf41c8926e64c2f126bad30a04d8106b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 30 Dec 2021 14:29:56 +0100 Subject: [PATCH 012/131] Add laptop wireguard configuration --- files/laptop/openvpn/ca.crt | 94 ------ files/laptop/openvpn/laptop.crt | 282 ------------------ files/laptop/openvpn/laptop.key | 90 ------ files/laptop/openvpn/ta.key | 37 --- files/laptop/wireguard/laptop.key | 7 + files/laptop/wireguard/laptop.pub | 1 + files/laptop/wireguard/preshared.psk | 7 + tasks/network.yml | 30 +- templates/laptop/network/vmbr0.netdev.j2 | 5 + templates/laptop/network/vmbr0.network.j2 | 10 + templates/laptop/network/wg0.netdev.j2 | 24 ++ templates/laptop/network/wg0.network.j2 | 7 + .../wireless.network.j2} | 0 templates/laptop/nftables.j2 | 2 +- templates/laptop/pulse-script.j2 | 2 +- templates/laptop/pulse.j2 | 8 - templates/laptop/syncthing.j2 | 2 +- vars/laptop.yml | 24 ++ 18 files changed, 113 insertions(+), 519 deletions(-) delete mode 100644 files/laptop/openvpn/ca.crt delete mode 100644 files/laptop/openvpn/laptop.crt delete mode 100644 files/laptop/openvpn/laptop.key delete mode 100644 files/laptop/openvpn/ta.key create mode 100644 files/laptop/wireguard/laptop.key create mode 100644 files/laptop/wireguard/laptop.pub create mode 100644 files/laptop/wireguard/preshared.psk create mode 100644 templates/laptop/network/vmbr0.netdev.j2 create mode 100644 templates/laptop/network/vmbr0.network.j2 create mode 100644 templates/laptop/network/wg0.netdev.j2 create mode 100644 templates/laptop/network/wg0.network.j2 rename templates/laptop/{network.j2 => network/wireless.network.j2} (100%) delete mode 100644 templates/laptop/pulse.j2 diff --git a/files/laptop/openvpn/ca.crt b/files/laptop/openvpn/ca.crt deleted file mode 100644 index 940cad0..0000000 --- a/files/laptop/openvpn/ca.crt +++ /dev/null @@ -1,94 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34366165366430333835356532303930396235316235376130653233396465383830346638636432 -3632333561616530636135336138313535396134666264300a646161353132346335326438356266 -61333234313366363466303738653265366462333933373139333035616363656231613266663035 -6631613830356466640a376335376561613863323933366137616664336338666330313931326439 -35343765373339386531636637323635373665316533616235383037343466326332313538363438 -32393733313865376363336666666333643834316262306630343235666661303830613935326638 -37326637376564616166396132376436646338653132623964306536323435363931333765363762 -31633934363465393932356632343232353863656461613931323733626234383266376466353635 -31303039343264353837643739656163626236613061666166366261353235643437323933663634 -39376235373862663632313163323164393131303430376337363333393535323132386565623532 -31363934353763613063616637303433343862396565643737366663336266393634336532353061 -33396133656463646235666263646636336464636563623732373036666135383161343965323364 -37616431343764333865386663656435386564336463613862303162626134386539623061623865 -62633135363961653365393230623735663537336134623837663434646136333463373637666361 -31383432306533633766633163363765336665616133663335643464313235363136323738323862 -35363530666238373865643036393535393036373230383838393635653164636333323130366662 -39313966633866306266333735356431623763393432303132323132383761343932386139383563 -62616438666638653730646236653033333761346639353134623538666362303165646631396233 -37303936343437663561376336373032393865333733343066343434393764323030353465353433 -39633031373161333162353630613062356661336261316463666638656436336631353931323731 -32346662376136613863336464366230303732313731333031666265393133376339663963353430 -65386265626632646463373732316636343061633662393434613162303634636339313635653465 -62336331336264333532366133363066636565623566333730323430656431646330386337316434 -34373538643563363766366133396533363865613235633233303039633330313134363963343565 -39306539333339393062636333373965356536633864623938383433616631393061646630306364 -35643539636235653738363236316534373330346231343164613631653562663261613165666163 -62636230396662393164323036393866313161623330626232626364623665656430656534666130 -39383764326139336535656233376264313439653634643465323366653766313831396334363438 -35343263623566396331653665643766613265643833323262373866346438313331326637353461 -66333561616234663637326565336366623130363534383763386333386136323733643361626534 -39343138613966343163383630353461316366393938646331653831353465623262613837303862 -63316563313938326263633834333062666233613733343839663632393231373933613162633763 -33343738363937303234313931343131373032373061323563323463383065336431306366643130 -63313333646234626330356164633336663166363735626130346565633236616139396139636363 -34346634366130653262396336356461366631663963306266623866393561323131326366653836 -64623530346365323966623836666637643231646336653839383061393439623639373635633862 -64303430313662653633613336366663643838323066613935613532656239396566303634393464 -36363661656264396335653233656537626535373339353764616234656339343738346366626162 -66346163396633313530346366316530643335663536653864653631323463306634393264643431 -61636532613563623536373964356234653630323237633163643038373934353339353230393636 -35653763646166353966613139356330323437623066313334623130353034336362623737616534 -61303932336531613862643539663661643564383332323435396561643161316436306566373166 -30373666323032306566363930393535323137313530363736386265616633636433643434376639 -36346461363639643231303536663964303864653733343462613664613630353561626265376235 -36303463666364306531663566646139373166643538386235333266633730383165616164326334 -39343637336330333132356539666363346664306632363038616334643831396634313238356134 -64333666356236616562306237613933306134363664343664636666323032323836636333303762 -31626164363437623632373562366261326263393665633261323331303966306432386632393039 -33376638373538373962366138383036356535353231336433323365643230633261633135323166 -36386230313938656631626561623936333633366137663335616130333330303765323362303364 -65613664366138303331323763366139613337366633363336626262353436636435326662623238 -66306365636539643632316539636635343865306136666638393839633432356136663034373364 -36373139663538346130616138303036306334663234663733333736616263643364613935353162 -32353933356666363561323631333661373566633133653461653239653966646130383632326162 -62393335343561313836343036333136333737666361626630636563666235386533306532346666 -61346531306331356131363934613335646636623666313332353964653161343237663862663264 -36616239363032363330393238666464656463316534303163633861616138363935383135643234 -34363364653139363339656666353535363061353538623936313332313138363636633039306639 -35363237346535376336386664373061373534383234393762613030346236623365326137323833 -34316236623261616563653439303363396435306162306564623933623838326238386164656564 -38303664373231623836663239393061393936393538313462366131326532336336663335323732 -61316261646635326138333566663839373037393034616266386133363933656130373635633530 -65633433616334396636303935636435346430656462386661376562316438666436306131373461 -66343439663337366636626138363536663231663739636661323037326138643232643861373135 -32646264376538626362643038616266663963613033633539376536373365306266623737313833 -30373537646637656533666561373162353566636238333464333130623562336164333366396466 -37336134663635633962353163343665653438643434363630393837623239326663353930653862 -63356533616336626633626636323236353232306466653133333430646539643063396561313135 -35646234363461373136333839353662343766383330636134303266663833323233626535373330 -64376362333032636139313234353833373263626461383830343033313937666637366632313037 -30613134376362333465306163303839333165333063333930383437346630363261363264363336 -65623835396466323030333939663330313135373665306430306433366634383834353065383962 -39393564633737633366633862346665653965643132323934373365623932366163343061326538 -38306239343637643833633633376561393662323964663835366166653762363534366338613834 -36653634643236383737636566373564343830383731653566343132333433643334323461343732 -65643736393937353434643730623939643661396433646339303633383831353862363538626561 -32346362366163333438616136316539366239303233336139383265633338386335323032653632 -66346466313938316339316463313133313366643262636361623465666665396639616163646265 -33343965666362333836303235373330623231306163386536633165633536623039393633643561 -63343435626566653863336238303338353130346538666438333933636465383531306364616665 -31393138623237383937373230633235346331663738666336316233643436376337396330323639 -33333663656130343634663138646636333636323338366239643161376239623039613732383364 -65343632616134353136323062653738373933643663383362653935393336626466663430306532 -31366662363863663963666464633530383837326436666531383336643161663337333333393861 -66363964366231356436656363356162316566366630663662663335313136643362383364303962 -32643034316164313165623834653162376339366631626564386536326139346132343234376663 -38636339336130633339363537313364613063383834313036356464323837653832633332356231 -37636166353366343865616161336665646138386536616235383233616330353131633862616634 -38313330346437316163373036613434653634313233383337323039373934316463363565373464 -64633633326665376665306236326662363263653133333737626336363362633030383631366539 -38373335613636656466636561366563633161393534663236383165336166613466346133356464 -62643265666133373736343937303162616135623465323262356665386536366134626362633331 -61636530613337656531646662316332666332613062316531643466336230353861 diff --git a/files/laptop/openvpn/laptop.crt b/files/laptop/openvpn/laptop.crt deleted file mode 100644 index a5b70cd..0000000 --- a/files/laptop/openvpn/laptop.crt +++ /dev/null @@ -1,282 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34636361336132646336326263323032623539326461306565663534373733663135376665656534 -6437343766653937613463333133363635623261326632660a323131373563313338623961373462 -30323139633137336566633535393439626638386130336133373138343963316634613164663531 -3162623561666566620a646538613963333737303032366465646232386261613962666362613366 -36333533346331343562333436376435383433323134393063653231363766636664373830393331 -62363237633662333661306333666464393331393631653861343936323433653037333765396163 -65323338363538663635356264356638346637393138623132663431313262343630373936356366 -62653839626332323332383935363566363334363464376538633631393430346138646262613061 -62303134376165346438333935656537363338393831323936306562383565303932643335643037 -34326538356630633839346335363863643633323165343136393738613065656437386638333066 -31356331366635653135376539316237383365333533373465336334373138646538326331626237 -36383463623165376330383637623264333832616332383330386231323637333465666464303664 -38633764623139363339663736303163336666383232333135373764666361366538313638356163 -35363163383932393037383539386339643531326138336261666139353433333763353034383862 -64346132306461666635333461366366656238386434333036306435383066363130613330363364 -39343461616133316461306664316366323530323261613430346462383637353630363936353964 -32613030323030636662316237616661626335346565326337316465643034306336376138373333 -32633463623665313938663663336632353362363635396631623561313865303933303735366230 -36393664306533336435373232393833363331616664353164313264313835363734666662646661 -30663037323032396539326165663564373064323235626663376137393063626261373563663636 -30643239323031316631373532623739663231623331366263333664396337313065316130626333 -30343165656163653461343266613834333335333637303865636137346433653639356137626164 -66626462646563363930383930333635363365306137663435343937656439313664336466353635 -63393132366337383234616161306138633331383638303230356632383731376230316433653364 -38633264666239383530343637643265313464376135636666366530643137373335313330396163 -39326535643535313032623338353964363737313130316232383433633430663938313366306662 -33623739643536623262343139383739356134333363363236616165393339653134363030666132 -66313464323563386562636362373561656437303932656430656637666130383966643632356539 -62643533383938646334333961373863366434313861306437323836376663616537663964653330 -39663930366666653634383936373136393063356661663463623062613765326537366464326533 -66633463326530663531656563393366373731623862336134616339323434643961323865373961 -63633031366335336165336433343034303861653537363830643332393230326333343161356265 -33333331616464633564363731356237633965303130623534643766323338663630353239663234 -33326137303830636564663164653836656238303964646234323161663034623435333334363538 -30623137343632376261336265363736363861383835353736623835613134373565646133316637 -63356663666238383733346137333832373134373233383939656465363631666439386364396564 -61366639373933393461396631306261366535383737363532653038336461613462313466656435 -34386563313037346430353439613234333931333538323132646262336366303263383966383261 -38663733633530323734383665643639383762666438663862613365393736323363323133633133 -62343062663266663362346135333932363161333066623032653365303763336564303636663534 -39386632643866613338646331383337343839323361633837363935663536636338333335316261 -63376662393431663165383961313165393338346333353136326538386436356565626631616163 -33623635633031626437313066613132616463396261663736373036653362363234613135346333 -66643930343165366563306533346133366262613033383763346265633134653337633330646564 -38626337313466663232636261633330643733353466613234383064336638333039623331393962 -65346463646464653234326432383465386437613464383934303461643862663766633566653265 -31303631353438356334316464303065663965393439396336663138326234326261353366303235 -62613238623165376262353661343164636166636565613663633563336435313136383565343135 -33393539316430396133333835623230616135393135346164656661613533663065613037343061 -38336462346436316262373336336439636437356530366265626363323638653764646164323936 -64663061366363386236393661623733323331366663396237316161633964353438646138623831 -39663765326161376663333037306630383338623465333362633431643339383737373661616536 -66633437653531383663653030346662356162323931393231666462383338626633396430313236 -65643566333738613161636333303133653864663031643632306561366338373662326162353163 -33376239383334373661353761636264626561346238656665353930663734366366343936363338 -64356132373231313864366364396464323132623136303032373432323733303364313732336330 -30336636646362646565306364333437393963393462636465623261663938343065373232663538 -36653930373763613564656431666536616636383339313332353337393530613131326231393335 -34333030633437333334386537336133613237326361313032313432633534346164333861666138 -64316331346666363932656633643539643636353363616636376139626532636263336535383866 -66646438626565316535346464653263623631643634666633303731613139663532646432613131 -37386562313338316263336464353165393236626633666563623633633934643235343432643238 -66343633373130343965313338653338303536373731393230643161613636646332396566383032 -33666335333762626239313536613736383537323764653838306239323132356366613365626666 -32643938393862613464636634633831353634346263393261303736633666363961363531643162 -34616131323433323838653339356337303836646662616230373765373237666631386564663936 -61626530383831313036343261316537396462353665356534666135363365623361303861633662 -35326530613133646232303538343131663266396265633638646139626538666134343632376135 -63343132323933373837356463343336353439373065353863613833363266633365393432343565 -66376161623235303734633630663434356338646161343565623961656365303064313966623866 -61663162326339623962323737636537613662636333363061343036396331643265346561336664 -61636232316634623535633763613538643131386535623938376366623330616632633135363837 -64623466653434656136333937666461393330616331623030663863376561323761393833393233 -36613438656432306430633963623634373939313462393166646530343864616665326162303731 -62376566393633636365316464346632373234336331663838346238363537613233323430383864 -37306465663635366165373133303637373066356539623239333034633739383838336432376533 -66353735373766393862336330396333303832363532316532386334393166653431616562633266 -36643737376334393365376530356262636333663631303164323964313331633433333931653033 -61653338353565613363623033343233303166326662383338396364383564326366396265313039 -39303530356638373865383038646232393766653664623639333933303463376266346461313062 -37313036613639663466643934386630326434613730346530316664393636343865666263353732 -64663731663939383832626165323863373061393437333764326266356531633332313637643631 -66313963313761373337636139363036306530626166333462636336313636346336326234646561 -39336336656664653038643066383166663032653538353532323731306364663061303738643135 -31386666663234386538363438653532313432396636643739346331643630643231313135353539 -65323037616263356639333863373562346361666461623033306261346637356638383462373331 -36356530636434633664336664613961373266323266366465626231373365643431633364663536 -62343532366230346536663139366536396236363337373737623562316335656530613935643839 -66393862373263333938613764613336653561353432366332383366333236663437313531333166 -37656335383365393434326330396261626639343966326365366230333537353263336365323231 -61376561326135653339376136633233633164306236663030353566313233313538366537336638 -37626337653566346661623963623761393831626138383230633864346465623065376233373133 -32623932633564346232336639666638326235366436313564386465663864356665343162616537 -30636462383064616363633266313164383362633636346437323061333366303731643036303933 -33306131656430663933343934333765326163653532633334313164613262643230666239363266 -61383566393733376262646132303465663864656133636562393737356532633631643132656166 -62376631666636663739656132393136383739643539333261666337316136396363653762373332 -66396666396462396262646361663930666635626631646237316666343135343263616139396333 -66656566363063663363313566366138613933656333656337336437343430666133336361663137 -61636330386562396132363861633535386335353464613334336235333763353264616266656465 -31383139373037316432303662626531626664616236343936383538313235376439336362623334 -62633935393465326461323935336530633034613932316237353164306237316433373862313539 -36633031653531333438633265633863643930633936393063616439616238656662356238383834 -37343332383936656335326330333636313936336135366464346135626532353430663831646637 -35306663656434343062313361333135346635383936646237313630396266663331396466343864 -39393837633433343638626336393336616164653639623631386532616436666135356366626436 -36666138363864666466393732656663353830376335343139666233626265383366633461393034 -66346635343364366135396162306137613230386631373931643165353439346237643330353938 -31323433326437643964306430376230656563643234393537633035366661306338663462396336 -34656238353565626231333838363163636235663230356439373930666635393134303132623665 -62616266386630633037613561333662666232303265626239396264616132613735303134393730 -39633630363934383637353564316363336362346236633237313062643965303762393130343366 -34343863663430386265643838613133326362613863366631353635363563383363303734396638 -38323861353466353131643336356431363537346636626630643264623530316437333364616133 -62646266356166643430613563386335313037346339666366376636653838336262336537343863 -61393461336438363837333438343734376132656533363331363566326564373465366533343933 -63663238656635303538363236646166306664383864333866333331626163376635353461633462 -65323537393534386339366336386166326665366332656135643630373766653632623339343139 -66383330303862313532633735336564646361366562383733663139366335663530336430316631 -62333339366364383364373637616435653733363438353938353430353132376439353461336436 -63363030373364383664346537663130616530656161323134313536313033623032333430393031 -33346339303566636230363937393362393565643430663265326437616166326535663663626631 -31393539316630303139336438343039393833613531343935373765386437343738663064323361 -61333762626363336138356532313834656363373735376262616337323131393464336364376530 -61343062663162663965663832656239313534616366653338633864633139633535663730623031 -64336136656631303038366233623432346165343833396163306335333465336661333533393533 -34613433326434356634303238323736653338313332393134653161353731313762643631613133 -38393130306363663831323034353036366362373962363233333337373033636236313964643333 -39313134343366653861626138346366343432333832396561366565643665646634333432373437 -66353965393832396535383765303431323532613861303865356231646132646538623737313937 -33626638306561663439333334336539653963373335656239336334313436343739626661346638 -66656532633864303264393833656339613530326230373233383466643163326635626466313861 -65626432396636343265313235363134363465316234646638356636666231336433353864333332 -38623238343736353937626564303732356137346238323864323066616330336464646636356638 -34653033316232613765343964363762303065343434613639383261313130323664633361663663 -39633961663432626334643565636631346139363333636363333035613961373336303937313738 -37363339333766313534336133343535613430633762626231663965366337316133636437323935 -64353731656231636233353232663331646163393866326131373739303739393833613161616564 -38613833333233373735633764353236643835346638333936613335396339316465653466326239 -37653565303332613565356433646365633039653639666230373132313561316136323465383033 -64366630636162323032653138373133643530303365656334663539393533346131626439613431 -30393064633234636136303532303064373362643463343839383733393937363030653733346262 -62306239376135393534343963313537373839373134313065316137653831386634656565393763 -35326430613561643133313863356332303330663237343031373533626138653835333961373331 -65666263383562373262626464366261333738343433386138353035663366376135643237366231 -32626362316365353436623137663566616432393338336535393164633538303233323439666633 -62653765643337623066326334326232323136313435313161316637393737373136383736353931 -64623430323934303937343264326663313262626135613932633832306230383966643635383763 -31663364336233383738646230353963623930646366363537633162363837633138313166343232 -34666630373763336637646138376135356638656230613866626531363265616239333034623966 -36613963613362326136313134663862636134313766666138393934363264666435333463373531 -38386262666538663133323237386439626634306439343165353938306533623537333862373138 -64383165383337316666653532366132363037336563633431316339353938393666666637626337 -63663634373665626131663464326138323265626237613066363539353466303031373433313461 -31623165393564346334396362366235306634363331393233356332373736643162663165636166 -37356463353735613331663630363235303037306561623032633233363833353036653739643932 -35303432373861316637623233383238313835316635616532636239316166396164336162343135 -39653636303461373663393862343537316439356131376339376261323338323038623236613138 -66303037613339343638613665373539306661353332636535616631353865343432633433616132 -61363562346535313837326138623235396330626663393436373565323162646566643832313337 -35326463333666303930323037383036343636343631636265303336306135303064383762643237 -30323234623739613739333065303361313062663461303639303665303434643830656166656437 -61623438653934316635313562333862613361313437376330326465313932646531383763633838 -37633637346663343335343033343134323931663862653438386138363766386161383238356161 -35393430646130386166626338333466386132353930326138333261656332346165333937343534 -30396265336336643133313637386566336330343465336236396366316430373334383735383534 -65643330656166353939663030666331323737313236383639383363376461393333376164336338 -36386162373838396537363136353432613232383235316136643062353662663735363738613835 -32303633316663656531326362326433353236323934663532333731393532616438313230666362 -36336531633133393037323839383632366561333936326663386262626131373433333032356331 -37633261353336393536643461336534646134306134376436333735363561313066633935386662 -63646138643131396632383139363566653330663232373366626239363035613539656438396364 -65656336326436366139316536623131303634383532303461386461316236333739636633613635 -30323036633433393630313361373464353538333866323536383533653765356538663764663263 -39653237643134346432663536383364383036663236613361653037326134343633353032356434 -37623033353036396366313465316439623338393738326230306664663633376232316533366163 -62623235373837313761636433376230633762313834366639356439303039663535633463643439 -33333331626236643331326263343730396261623736323137393565343464633865363135653566 -39353938333662343939663833646566313136376535613030626264343563653231343239356166 -37333266326234323030323431653662383130383239346339633437306562323033396634373734 -37626338613533323864353537616538343238613338633261666639656435393337393230373166 -34313365633736663964316435313531663064356239636666633763393665663633633762373830 -61643935393964346466333662346562383834393561376363626538353530623466323831383935 -62396434663365653939373263343936346431303061323263623837633334613066646361396434 -38306163623933306338336433356234383031356639623339363962386436653338653834303832 -37623261373033626431363230323965666635376562646237663765356465323833616366323331 -62343936643561623834613937313162306366363736393461663631336163396334663236336663 -66613731323266393765336264346261646533303532306430623336373361333730353136376330 -63383330323861313763363833326635643039363238303832303435396232633864363963653639 -35363632373730333637396263373762356263623438633163356333393066663038663065333230 -66653662393864393565326232363361366164396136356161663561616639626464303963373038 -31636432623665386164656361663261626162336264336537383561303765346638363064633830 -63386261626537353237333136666265373464313066346438643733636366643038386664306232 -64316136343039626534306666346263613032383236326637383163376238333632346233626230 -62656364373339636632663535636535646661646532303763373662356362666332376233653437 -32666663666334333362313233343462643735643931613764376264303233653438353833376539 -66333161363130653935303236323863616164333139346230333064333231396433373631393533 -38313233376563653265393738636538646431646633313061383334343234356564653135323436 -66346631316433393538383936636334353038633230393535616333633932383966323937313130 -36633133316261643037363336303830643138383135346239373861346266383630643338303236 -33323337363134323730623565343463353964353035343737376365373039353738623466303964 -64653134303836636463333134613162386131373764633935383165353133666433373763316633 -36386231316163643666343561346335646638353631623739383664303364363731663761313666 -37363035326365623638353730393066363834656464316465623038653431663337643938663134 -38343334323932366461653234376161313135636331663765323730623063343666356439343136 -61316365333661353833643662623565333036656439326437623230653833353938323737336264 -31373433326566393436396262373031653065313933663534323366333935376462643532623135 -33353133666432353537343037643333656136303866306162623064336132376330316134363032 -63343765303466393966656133333263653633306435313966303662333139323032346462396661 -62623961343035366162343537383164663964333237386538656539323134323939356131613630 -36306161666534393263343364336235343864313865313437613838643862306535623438656131 -66616539306132393035623434666539623639316263323030303965303432366361343766313032 -35363533613135366461366362663736396334313665666230626430313163366539303763376134 -30636435303736623131656130376239646539666138666532343835616635313835396431633530 -36333134393063303065373362616430356536356464636432623130396536616137663534383135 -31333362343966633563356130633261306438323238306130616363373633613432343565653766 -35376231366636383031653439303064336439333962323865313761633232306234316136623962 -32363635346137316237613864316536393065626430393236336262656532346534633936363361 -38376231636365646166613164383136333561393936663732633931353762653434366561626261 -61396435356330303537366437656662393361653665383263376536383866623234373661313034 -66393235303536633362343933393566303036316130363031313164323037656532376464313061 -39663237323362353539333937383962333534393036653365613239386334323061306231646239 -35393731356234303262353338333230623465363566616264303166366462366136333966616161 -31373766356538356132396132386431333332626164343261303731373834613437356361353064 -61643261636166663062633834643631306163373030633831393338663938653962393032323734 -35363632396566336265643963383935643239343434316666636133313931363432643737656238 -31353231666166376463303666393730653563373565323166653165396236353733393830626633 -62346138383466323862306166336663643138313663346666393738666638386566316265346533 -64373362363032396430353132373832326231376631666638393536373135356462376230623732 -66623436626133656334663934656430336137383238663639363763646330663537633836383734 -32653535383561393337366362393731653364643330353331626636616535613862646536643463 -62376436613263363864316638613035323436326133636639393261373235313837326339343438 -36623766356561316633653565663663303631666664373061353338323232363263313535653637 -65626462383035386238313331343633326338336332386236323165313639336332376265356631 -31356665643463633135346565343066666262313135643038363835336139353466376536633263 -65353037383739633233313062653230626435666465666164336261343461646262353665373239 -35643462393330323739366430306233633765663062616531343032303364623865346334323530 -37656661613866353662343663623463613861613238393565623563306639633638366462623933 -64663762393862613430303731316330663837616131333330623363363730306666333333383063 -36393464303161616539313034613339363062646661373831663336396462393534343632373634 -35613437346637393464353964663332333830306233613232316464333239663637386361326638 -35623862306366376664613935653365613137616264383235363532303666316535363938323963 -62653565646433656634353333346566306431396366363061373830386533323733303630373863 -37333465303663383631336433303461623464376263623031383538326466313339636237626334 -62626139383637356432346264323161373330336463373336336436333264313961666265363964 -34613831383639343333353138643761653439373862306439393333656631316166373938396234 -33656466646365613734343566666661656635663738623061393137336562346339643537663732 -34343330373532653232653638623663336664636561643139316264346234323036306564343236 -31336535663762643263633231313265623661303439623566623533623166393335363866663463 -39663761613463646165313664326465303964626266613837333262323339643134306135636536 -34323130663437383937636339626237366234353633336532613665666331353266383239363530 -62613732623863653062373130346230616261613838643539366130336133643261383165626266 -38616138386561623665633434633439333030326165653765313139626534656466663431396363 -33303061623266626136383439613266353565303863396239373238386261366636333034333038 -38366331323231663933663462396266376264633539666536666432383634323364666532643766 -37393936303765343966306366353334646332666265393066616661633638346165626234313131 -65373236333264656566373538303061363463616338323764313030643463333637393738363362 -62303366383635376666306334393166623639356361346635316438393339343562396234373330 -35363339666461373536393134623233313532303531373630313864346236343536343531366430 -35613434356263646336323832616665313164626264353864346330353863643065663333653436 -62326265346630383264656565643665626638656637323435656132323965656565633664333139 -36626532643237653139666163626464356563336663363237336632346331343133656630643063 -64306137333765336230666138383837653436616136356436346462613961616266626336336339 -39303361336666323336313632663134373432346263376439353966653061653839333934356532 -36636531613734353736626531646338666630326166393561323038653066363933353932363837 -65636663343339363932326636386434623861613062353939306535313362343937376237396563 -39393739303364376130663262613337346133653338373431303237653238373131653032616535 -36393362353337306666383930383031333433663965346362343964343632356665333934626534 -39376637366235313132623931386536376562626138643630633632323637613938383631336263 -66343634666165633765313930366365306135316663373964333131656135633565643063386335 -34326634313937646235326130346234633365663664316536663138663037396233666530626238 -63613862666237663133396337653939633430393330623766373364316632383634303066343733 -66323732623466636137353833646431633262646336656637343137653663363632383135346163 -38613539303731663036616265303361616536363234393437376636316237623632306564613637 -30366534373134393166343233636266306330306362613931663638346233633266386239396266 -32663663396531656239363865326236663561343135326435663161353438363931613939333565 -36333138633130363166663761396334346436616465386465303830373362643937316563363235 -66396433326332363030356338323235613466626333313837366134323861623661316361376562 -64396261636632326234633565326463663264316166356533376639613232373161363165613463 -33366362393930356264343133303334623662663236616438376337386563666363333837326438 -65353436386466616463386636343432613766643530373761353330356566643339 diff --git a/files/laptop/openvpn/laptop.key b/files/laptop/openvpn/laptop.key deleted file mode 100644 index 1538db3..0000000 --- a/files/laptop/openvpn/laptop.key +++ /dev/null @@ -1,90 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63366334653464393538623464646135313830663361633335623836333234306236323462363063 -3432393439326438326533346635653630653261623164340a633032366435636636616337646334 -61313062333539353332376263626436616333356461303730633064633437636634643737303137 -3466356534663330330a383636366564326135636330393363613431363764663132323064353339 -65333662353831393238666665363663326333346536303438616537303238346234363732323335 -39636230333765336334326334636334663766383261376464383032643136613937313237653566 -65363136663137393539643131613834396135646564656166616361303930306133623938376134 -65376431336632373964343366306132663465343036636135323961616531643437646430386564 -33336530346134386534613261633762643933306132386433376334366233353331636434316332 -36323066613961656131303038336632376632396535343564343930643338336435396236356263 -32643331363963636138613134373134663138366138633463636166623930626566666430613733 -61636137313639366537353861613539656262373439386235353362306266643630366166333731 -30346438313036343561396532353537336237333161366638336364643139343135633538383762 -37343537316531393932646661646365336638386164353562303363346562363530646166636233 -66646265313134623866376365646531363565356261653836393563396635393332663039313139 -65363830356261346637303237316138623230303335323331316661333037663062313237653430 -31663062333139633434623931396230356561346430623037616632643961643333396131306238 -62366636656432356538343338326363383930323539363138623265656234323964356365373138 -63616337373939353836333736313562653735346662633831663430616436363164313761613731 -31383830653833663131653834313530353266633039633534656330633138313064376666613664 -63306335663933653531333836326665346435613939376333356436623133373036353266616334 -64353762663632636631646262333239383237376333653235303963633931333230376432633165 -33373962333036633965393830333831616663353664313263633030643433643934646237353036 -37303738623263323365633833373237633266343161613235666132346631316537333937303765 -30626361656139666663373864353931663630303462613239316562376262303364363937666363 -35313832363830373734613037646262366562626661623664316430313062626664613432353939 -38613264643138613631323332336538386562343039333763636264373064363036316663383430 -38653836393566346532343837343338393834633166356138386130633262356266663430366431 -35393537363531333036316564653738343935393333666361643666396239386238386435663735 -32313666333134376162386532303030646561396666393339623439633665373739616439353536 -31353333323331663337663966343535333832386133363932666164636337373662396138303665 -65363861633539353963363731656431383633656661663932626134386630363239323663386532 -61386662303062383265373536373833383731333034383436313363623739333365633133333063 -62656137623565396438353033333835646161653834383032373136663937623237386264666236 -62653366303564343636363431393332316335666136353530343030356433653634656233633663 -31363566353232303864656161333535663439306538653134383365333139646236646164376331 -30366565636162633265633962653162333636633431376566363665323937386661383038636438 -63376166396361366533363063613037306231306263353036326331323431373434643431343730 -62313135616634333463333632666137383163333838643934373264366532373964363835363732 -66646130613064643966613933646135643434643433353332653237316464353165613737623034 -35383836313237323732343136303739613231663062303435313434613836613235633639393466 -39356232333866623965363763316536313330613130303838633765346232623833623364346462 -64643833353064626232343437346239646532313665396635366465393666363261393864363432 -66643830323132346233343366646639393465376664326165393433393832366165326137386130 -33353336613733333965313437666131313637366536626235336433326134336532643731656165 -30373737323963346134323737366631386462393533623265646530626365366262646664636437 -34313731343863363766353336323965303234383665376139646261636433653061383632323937 -66643765353239363031393132656432636436373130373439303066313130386134306234353933 -37623638363132373462393561633334343164333635313561353965663937633864633938663739 -38666663323564306130313532306230303535316539383438656631356335373134313862393032 -36633162303065663063333832376639303137636466386265653431383133353931386439343864 -33303063353162346366363838313932343438316464306166326239356333323166336365333861 -35633266663836633162626366623231613034653338353033633165626361303738666364613631 -33313837353430656561316463336563623836343330313066633037356531336266656461663263 -33613166346238646130353665386331326635383162653163663061336466323865303536633735 -38653930343738373662376364333035616162636232383466633030613037633039333462616430 -66663731383663343061616438383631623364343937336532303632616666633532613835353339 -38316334653163633235666536346636616565643135373265663031353463313035383961343132 -36323063653334323366636666636236396563616562636536313034663936356665303066396362 -61623762316138333638643766386637383364366437666433613838376337633266633438356637 -35663731623834306461623666643265343330396238613039633762373431383663313761363561 -64623831363637303435633736643834356261383833616664393936343937313265323537353962 -30333136666633333231653863623366393562643232633962653362393836633837353831643138 -31326631663035663238326330396335366333393664343637643838633639376636356630626531 -38396363316137653166356531313033363237326264366435633865663962326362636566333930 -31343262333365303734636364626263323764343533333432336332653761306464313937353061 -31343138393064303662383234393532303136656365626136356434363132663334373163623734 -36636230663633386131323533623734626664333062323961646561306136626266303366626461 -38663838643164396530366566356432366266316539323838616330303235306431376236653937 -38313761323161353237396265336562353365663965656137326562653462376636313335303162 -64323463383630386530363265323132306563323630366662383638616538313630386435393434 -34343365653138613632366665366632653937626162373134653133323337363262626133323164 -66376337306333636261613538373831326631363134633833633362333963336439333236393561 -34653563643433646232613064336562356639303763653537326562303038386561616365373862 -36383561323032333565306536653966333537353435623636313931373838346336376332343038 -64636637353730363833393631313735393432626163323663663737633464383938343134616438 -37326431623039323864616365646638613436383166333634633235313838376632663964343062 -35346338643163313832316636326231313933626332313366393136656263613966653838326539 -61316430343962333661313835626562316638313039306461393837623531626335656564613636 -30306364323231343135333332373534363335643734313765343535366630343336376264653836 -33363935336164613536376230316136616231303034376361663664333733323134316536346235 -36646535636232343136613766363339316138366238626338623366616262616338613030343631 -64633866313631346162386433343365636337346230396330623034346563646539393736393561 -31396638333165333234616361636639646261343766356337346361623065646565613930636533 -38653831613735303436363632666231306262623765333234663539353031396534356564396362 -65643862396639366462326337336131356539363739656163346538303861653931333535366235 -64303636303935313861333366366165646365323863643432616361623933373332613362356135 -36656666633830613365383434613032393435326362316637396434363137383766636237383638 -30306631393563306131363538323932363333363730356630633764343662313833 diff --git a/files/laptop/openvpn/ta.key b/files/laptop/openvpn/ta.key deleted file mode 100644 index bd04e87..0000000 --- a/files/laptop/openvpn/ta.key +++ /dev/null @@ -1,37 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31346264386665653537646639613235373635376563666638653735353936633961383230363963 -3931633464666465316334343266316433633638396437300a613861393966643935346361386133 -66663231316163613937346633383635663533313861663961393431333164636534303662656532 -3933623033333430640a376266323565373433386661386433626265636264306431623739353862 -37323436373366396135623436646232666236653265343630313865653234323639343161306533 -37376261653162353661343164346433613938376237303031316434643162333639333438613962 -33313132373663393935326361363766316630643962333938376662303561353337386533656538 -34623565353731356461356134306637366264633361613463613036313731316663353563616333 -63356533656138386338303839313163666132653538353930636530383430386338616534663830 -39646533303365613065656439663866356339633863653930353836633632316331663662353939 -33376532323037303363323035336561376230303732386336623136336265386133613639393934 -30363331316538366538366130656466333739306536393430396535663732633334396461323239 -62396261616336383834356165623264396136353632633239383534313139656436343065303032 -30393666376432626436326462616364663635666330366634326130306562343535653964643932 -37653235643237383332643365633066383734306538373966303966623930613961653934616130 -32326265313164363866643865356439653434366635616336306537303834613232653731656662 -35326263616564663137363132346536633838326134353733313662653561303232626331643363 -36343730386537383261373762646531666666613730303631623335393962313630373862653562 -32343435346464336363323532636636616231323361633936616266386263653634316266383633 -66663836336163373336393830326335306636383130373832303434626130346266313038313631 -36623331336537376666643561316664623762323766663531363335323761383338663365343463 -33393461363661636263303466323631613061366563303965623237623731396232363066656361 -33346264653963306165633131623533646361396466326632396366623063646466613331313864 -62613330656363326266333938346139393731653265656630623839636532373830376330653965 -66623638613138646339316536646433346639383962316136616633623364386432636138323839 -39373231636566663333616431393433653666643365653633396634663964323032626137376661 -38386333663335336237316563376466316232613465313863313633306237626633393134623236 -34353431613937323539333362306334383433633430363638323463306236336434613863663736 -64306339383737336165393562313539353033663534383037343532663563326432626632356666 -65646237623537333333383162626664376136363134613763613936376333313965356136633338 -64303830363330626561303838383062303734643064653134663361643330316635636561336635 -37383233353866343535363930386131383538623437656161656530333735373330396562326161 -37626231333065363235386433306565653330306231316539633563316236643737336637323364 -38356537326231643165313333623530663737623666376234376432626133356239623732616537 -35623765386239386636343439616265386137633534333130613866343366376437356234383835 -31636238383661643939 diff --git a/files/laptop/wireguard/laptop.key b/files/laptop/wireguard/laptop.key new file mode 100644 index 0000000..bb2588a --- /dev/null +++ b/files/laptop/wireguard/laptop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +36393066313764386361376662376266623331313765373666616334356362656332653838346330 +3435643261333262653139636537326164356164373566310a633233623031336437303236636266 +61616165376631353433353463313532643564343664346335363835306430386364303635343432 +3864343464666566310a363563613039333465336164323833316436393236666433333163666137 +33656632343262373463306438333764393031623666393161356539636663346331613539396637 +3631363333623539636561366436613861363932323966666238 diff --git a/files/laptop/wireguard/laptop.pub b/files/laptop/wireguard/laptop.pub new file mode 100644 index 0000000..ff9ddcd --- /dev/null +++ b/files/laptop/wireguard/laptop.pub @@ -0,0 +1 @@ +EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw= diff --git a/files/laptop/wireguard/preshared.psk b/files/laptop/wireguard/preshared.psk new file mode 100644 index 0000000..f638877 --- /dev/null +++ b/files/laptop/wireguard/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +37646336633937663937323736363236383665326635353434333133383164636637343033316338 +3838313835613565646466653139666337626237313737300a333761383466626637336164363235 +64386164386565353666343337376234363730333461386237366362666361613833396438633337 +3633643431326233370a386664366238633533356235613332373630353731306233623364623239 +35356431363137306139353533653239343934343237343533653866633466633563373763303038 +6438616566376131646662316464333765636331343262663437 diff --git a/tasks/network.yml b/tasks/network.yml index 026d908..bb6c4eb 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -69,15 +69,35 @@ } when: platform == "desktop" -# TODO: update network configuration path - name: setup laptop network configuration become: true template: - src: 'templates/laptop/network.j2' - dest: '/etc/systemd/network/20-wireless.network' + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root - group: root - mode: '0644' + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/laptop/network/wireless.network.j2', + dest: '/etc/systemd/network/20-wireless.network', + } + - { + src: 'templates/laptop/network/vmbr0.network.j2', + dest: '/etc/systemd/network/30-vmbr0.network', + } + - { + src: 'templates/laptop/network/vmbr0.netdev.j2', + dest: '/etc/systemd/network/30-vmbr0.netdev', + } + - { + src: 'templates/laptop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/laptop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } when: platform == "laptop" - name: restart systemd-networkd diff --git a/templates/laptop/network/vmbr0.netdev.j2 b/templates/laptop/network/vmbr0.netdev.j2 new file mode 100644 index 0000000..54f171b --- /dev/null +++ b/templates/laptop/network/vmbr0.netdev.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name=vmbr0 +Kind=bridge diff --git a/templates/laptop/network/vmbr0.network.j2 b/templates/laptop/network/vmbr0.network.j2 new file mode 100644 index 0000000..4bbbfa2 --- /dev/null +++ b/templates/laptop/network/vmbr0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=vmbr0 + +[Network] +Address=10.5.0.1/24 +DHCP=ipv4 +IPForward=ipv4 +ConfigureWithoutCarrier=yes diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 new file mode 100644 index 0000000..de4e81e --- /dev/null +++ b/templates/laptop/network/wg0.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name={{ vpn_interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_private_key }} + +{% for peer in vpn_peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 new file mode 100644 index 0000000..81fbe8a --- /dev/null +++ b/templates/laptop/network/wg0.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name={{ vpn_interface }} + +[Network] +Address={{ vpn_ip }}/{{ vpn_subnet }} diff --git a/templates/laptop/network.j2 b/templates/laptop/network/wireless.network.j2 similarity index 100% rename from templates/laptop/network.j2 rename to templates/laptop/network/wireless.network.j2 diff --git a/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2 index 8d6dcf3..7d01d39 100644 --- a/templates/laptop/nftables.j2 +++ b/templates/laptop/nftables.j2 @@ -26,7 +26,7 @@ table inet filter { tcp dport ssh accept # syncthing - ip saddr 10.8.1.1 tcp dport 22000 accept + ip saddr 10.0.0.1 tcp dport 22000 accept # allow dhcp requests for bridged connections iifname "vmbr0" udp dport { 53, 67 } accept diff --git a/templates/laptop/pulse-script.j2 b/templates/laptop/pulse-script.j2 index 5e3b3aa..6d9e623 100644 --- a/templates/laptop/pulse-script.j2 +++ b/templates/laptop/pulse-script.j2 @@ -2,4 +2,4 @@ # # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.6 +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.0.0.2 diff --git a/templates/laptop/pulse.j2 b/templates/laptop/pulse.j2 deleted file mode 100644 index 3ae1387..0000000 --- a/templates/laptop/pulse.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# -# see /usr/share/pipewire/pipewire-pulse.conf for reference - -context.exec = [ - { path = "pactl" args = "module-native-protocol-tcp auth-anonymous=1 listen=10.8.1.6" } -] diff --git a/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 index 6c1117b..e653f67 100644 --- a/templates/laptop/syncthing.j2 +++ b/templates/laptop/syncthing.j2 @@ -63,7 +63,7 @@ true -
tcp://10.8.0.1:22000
+
tcp://10.0.0.1:22000
false false 0 diff --git a/vars/laptop.yml b/vars/laptop.yml index 0f6cd7f..f07a3b4 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -3,3 +3,27 @@ platform_packages: - powertop vpn_ip: '10.0.0.2' +vpn_subnet: '24' + +vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' +vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' + +vpn_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36393066313764386361376662376266623331313765373666616334356362656332653838346330 + 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 + 61616165376631353433353463313532643564343664346335363835306430386364303635343432 + 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 + 33656632343262373463306438333764393031623666393161356539636663346331613539396637 + 3631363333623539636561366436613861363932323966666238 + +vpn_peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: '178.85.119.159:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437" + } From bb518f51e1a3dcae936593cae8ee833b334ba8a5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 21 Mar 2022 20:09:17 +0100 Subject: [PATCH 013/131] Add notes about Wireguard --- tasks/network.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tasks/network.yml b/tasks/network.yml index bb6c4eb..4ebaa73 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -1,3 +1,8 @@ +# Note that Wireguard does DNS resolution only once during connection. +# When a client's IP changes, the server should be notified in some way, +# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` +# for example. + - name: create wireguard directories become: true file: From 24a13b689cf919ba7f54b33b260d4f06b4eba38a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 22 Apr 2022 22:13:05 +0200 Subject: [PATCH 014/131] Update server ip --- vars/desktop.yml | 18 +++++++++--------- vars/laptop.yml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/vars/desktop.yml b/vars/desktop.yml index 7cf4afa..e32b17c 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -6,21 +6,21 @@ vpn_subnet: '24' vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386334366166306164363464633364383935313739373730373139663139373964336665636264 - 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 - 63366239333230663531306333383962353937353736663336343434663633303232386531353832 - 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 - 62303035386634636333353664373231633434656538303866386262353139363439363435346637 - 6637363334623133376134306165626564343864633032613763 + $ANSIBLE_VAULT;1.1;AES256 + 65386334366166306164363464633364383935313739373730373139663139373964336665636264 + 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 + 63366239333230663531306333383962353937353736663336343434663633303232386531353832 + 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 + 62303035386634636333353664373231633434656538303866386262353139363439363435346637 + 6637363334623133376134306165626564343864633032613763 vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '178.85.119.159:51902', + endpoint: '178.84.5.195:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263" + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", } diff --git a/vars/laptop.yml b/vars/laptop.yml index f07a3b4..30fea63 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -9,21 +9,21 @@ vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36393066313764386361376662376266623331313765373666616334356362656332653838346330 - 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 - 61616165376631353433353463313532643564343664346335363835306430386364303635343432 - 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 - 33656632343262373463306438333764393031623666393161356539636663346331613539396637 - 3631363333623539636561366436613861363932323966666238 + $ANSIBLE_VAULT;1.1;AES256 + 36393066313764386361376662376266623331313765373666616334356362656332653838346330 + 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 + 61616165376631353433353463313532643564343664346335363835306430386364303635343432 + 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 + 33656632343262373463306438333764393031623666393161356539636663346331613539396637 + 3631363333623539636561366436613861363932323966666238 vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '178.85.119.159:51902', + endpoint: '178.84.5.195:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437" + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", } From 75f0383ba560ed07e27cacf4d79041efe3ab0fe9 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 23 Apr 2022 10:12:37 +0200 Subject: [PATCH 015/131] Update pipewire pulse configuration --- tasks/pipewire.yml | 25 ++++---- templates/desktop/pipewire-pulse.j2 | 95 +++++++++++++++++++++++++++++ templates/desktop/pulse-script.j2 | 5 -- templates/laptop/pipewire-pulse.j2 | 95 +++++++++++++++++++++++++++++ templates/laptop/pulse-script.j2 | 5 -- templates/pipewire-pulse.j2 | 4 -- vars/desktop.yml | 3 + vars/laptop.yml | 2 + 8 files changed, 207 insertions(+), 27 deletions(-) create mode 100644 templates/desktop/pipewire-pulse.j2 delete mode 100644 templates/desktop/pulse-script.j2 create mode 100644 templates/laptop/pipewire-pulse.j2 delete mode 100644 templates/laptop/pulse-script.j2 delete mode 100644 templates/pipewire-pulse.j2 diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index 1a7e7f7..5d89433 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -1,23 +1,22 @@ # Note that pulsaudio should be removed by installing pipewire-pulse manually -- name: create pipewire-pulse override directory +- name: remove previous configurations file: path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' + state: absent + loop: + - { path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' } + - { path: '{{ xdg_script_dir }}/pulse-script' } + +- name: create pipewire configuration dir + file: state: directory + path: '{{ xdg_config_dir }}/pipewire' -# sets up an post activation script to load the module-native-protocol-tcp -# with given parameters. This is not yet supported through pipewire-pulse's configuration, -# see https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp -- name: copy pipewire-pulse service override +- name: copy pipewire-pulse configuration template: - src: 'templates/pipewire-pulse.j2' - dest: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/override.conf' - -- name: copy pipewire-pulse script - template: - src: 'templates/{{ platform }}/pulse-script.j2' - dest: '{{ xdg_script_dir }}/pulse-script' - mode: 0755 + src: 'templates/{{ platform }}/pipewire-pulse.j2' + dest: '{{ xdg_config_dir }}/pipewire/pipewire-pulse.conf' - name: start pipewire socket systemd: diff --git a/templates/desktop/pipewire-pulse.j2 b/templates/desktop/pipewire-pulse.j2 new file mode 100644 index 0000000..bf26dab --- /dev/null +++ b/templates/desktop/pipewire-pulse.j2 @@ -0,0 +1,95 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +# PulseAudio config file for PipeWire version "0.3.48" # +# +# Copy and edit this file in /etc/pipewire for system-wide changes +# or in ~/.config/pipewire for local changes. +# +# It is also possible to place a file with an updated section in +# /etc/pipewire/pipewire-pulse.conf.d/ for system-wide changes or in +# ~/.config/pipewire/pipewire-pulse.conf.d/ for local changes. +# + +context.properties = {} + +context.spa-libs = { + audio.convert.* = audioconvert/libspa-audioconvert + support.* = support/libspa-support +} + +context.modules = [ + { name = libpipewire-module-rt + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } + { name = libpipewire-module-metadata } + + { name = libpipewire-module-protocol-pulse + args = { + server.address = [ + "unix:native" + { address = "tcp:{{ vpn_ip }}:{{ pulse_port }}" + max-clients = 64 + listen-backlog = 32 + client.access = "allowed" + } + ] + # These overrides are only applied when running in a vm. + vm.overrides = { + pulse.min.quantum = 1024/48000 # 22ms + } + } + } + + { name = libpipewire-module-access + args = { + access.allowed = [ + /usr/bin/pipewire-media-session + /usr/bin/mpd + ] + + access.rejected = [ + ] + } + } +] + +# Extra modules can be loaded here. Setup in default.pa can be moved here +context.exec = [ + { path = "pactl" args = "load-module module-always-sink" } +] + +stream.properties = {} + +# client/stream specific properties +pulse.rules = [ + { + # skype does not want to use devices that don't have an S16 sample format. + matches = [ + { application.process.binary = "teams" } + { application.process.binary = "skypeforlinux" } + ] + actions = { quirks = [ force-s16-info ] } + } + { + # firefox marks the capture streams as don't move and then they + # can't be moved with pavucontrol or other tools. + matches = [ { application.process.binary = "firefox" } ] + actions = { quirks = [ remove-capture-dont-move ] } + } + { + # speech dispatcher asks for too small latency and then underruns. + matches = [ { application.name = "~speech-dispatcher*" } ] + actions = { + update-props = { + pulse.min.req = 1024/48000 # 21ms + pulse.min.quantum = 1024/48000 # 21ms + } + } + } +] diff --git a/templates/desktop/pulse-script.j2 b/templates/desktop/pulse-script.j2 deleted file mode 100644 index 8bcc1ea..0000000 --- a/templates/desktop/pulse-script.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/sh -# -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen={{ vpn_ip }} diff --git a/templates/laptop/pipewire-pulse.j2 b/templates/laptop/pipewire-pulse.j2 new file mode 100644 index 0000000..bf26dab --- /dev/null +++ b/templates/laptop/pipewire-pulse.j2 @@ -0,0 +1,95 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# +# PulseAudio config file for PipeWire version "0.3.48" # +# +# Copy and edit this file in /etc/pipewire for system-wide changes +# or in ~/.config/pipewire for local changes. +# +# It is also possible to place a file with an updated section in +# /etc/pipewire/pipewire-pulse.conf.d/ for system-wide changes or in +# ~/.config/pipewire/pipewire-pulse.conf.d/ for local changes. +# + +context.properties = {} + +context.spa-libs = { + audio.convert.* = audioconvert/libspa-audioconvert + support.* = support/libspa-support +} + +context.modules = [ + { name = libpipewire-module-rt + args = { + nice.level = -11 + } + flags = [ ifexists nofail ] + } + { name = libpipewire-module-protocol-native } + { name = libpipewire-module-client-node } + { name = libpipewire-module-adapter } + { name = libpipewire-module-metadata } + + { name = libpipewire-module-protocol-pulse + args = { + server.address = [ + "unix:native" + { address = "tcp:{{ vpn_ip }}:{{ pulse_port }}" + max-clients = 64 + listen-backlog = 32 + client.access = "allowed" + } + ] + # These overrides are only applied when running in a vm. + vm.overrides = { + pulse.min.quantum = 1024/48000 # 22ms + } + } + } + + { name = libpipewire-module-access + args = { + access.allowed = [ + /usr/bin/pipewire-media-session + /usr/bin/mpd + ] + + access.rejected = [ + ] + } + } +] + +# Extra modules can be loaded here. Setup in default.pa can be moved here +context.exec = [ + { path = "pactl" args = "load-module module-always-sink" } +] + +stream.properties = {} + +# client/stream specific properties +pulse.rules = [ + { + # skype does not want to use devices that don't have an S16 sample format. + matches = [ + { application.process.binary = "teams" } + { application.process.binary = "skypeforlinux" } + ] + actions = { quirks = [ force-s16-info ] } + } + { + # firefox marks the capture streams as don't move and then they + # can't be moved with pavucontrol or other tools. + matches = [ { application.process.binary = "firefox" } ] + actions = { quirks = [ remove-capture-dont-move ] } + } + { + # speech dispatcher asks for too small latency and then underruns. + matches = [ { application.name = "~speech-dispatcher*" } ] + actions = { + update-props = { + pulse.min.req = 1024/48000 # 21ms + pulse.min.quantum = 1024/48000 # 21ms + } + } + } +] diff --git a/templates/laptop/pulse-script.j2 b/templates/laptop/pulse-script.j2 deleted file mode 100644 index 6d9e623..0000000 --- a/templates/laptop/pulse-script.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/sh -# -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.0.0.2 diff --git a/templates/pipewire-pulse.j2 b/templates/pipewire-pulse.j2 deleted file mode 100644 index a0aa782..0000000 --- a/templates/pipewire-pulse.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Service] -ExecStartPost={{ xdg_script_dir }}/pulse-script diff --git a/vars/desktop.yml b/vars/desktop.yml index e32b17c..9c74926 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -5,6 +5,7 @@ vpn_subnet: '24' vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' + vpn_private_key: !vault | $ANSIBLE_VAULT;1.1;AES256 65386334366166306164363464633364383935313739373730373139663139373964336665636264 @@ -24,3 +25,5 @@ vpn_peers: preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", } + +pulse_port: 20808 diff --git a/vars/laptop.yml b/vars/laptop.yml index 30fea63..84d65de 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -27,3 +27,5 @@ vpn_peers: preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", } + +pulse_port: 20808 From 2865e059d77439a01db69065b0f2894d818302b9 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 23 Apr 2022 17:39:54 +0200 Subject: [PATCH 016/131] Loop over defined items --- tasks/pipewire.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index 5d89433..74fe100 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -2,11 +2,11 @@ - name: remove previous configurations file: - path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' + path: '{{ item }}' state: absent loop: - - { path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' } - - { path: '{{ xdg_script_dir }}/pulse-script' } + - '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' + - '{{ xdg_script_dir }}/pulse-script' - name: create pipewire configuration dir file: From 2e4f525e956ae3b47b04249382aa4ef9924f139d Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 15 May 2022 20:58:06 +0200 Subject: [PATCH 017/131] Pin prettier version & set role path in CI --- .gitlab-ci.yml | 4 ++-- package-lock.json | 33 +++++++++++++++++++++++++++++++++ package.json | 5 +++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 package-lock.json create mode 100644 package.json diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d9ade6f..214e100 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,7 @@ lint: stage: lint image: node:12 before_script: - - npm install prettier --no-save + - npm install script: - npx prettier '**/*.yml' --check @@ -21,6 +21,6 @@ syntax-test: image: python:3.7 before_script: - pip install ansible --quiet - - ansible-galaxy install -r requirements.yml + - ansible-galaxy install --role-file requirements.yml --roles-path ./roles script: - ansible-playbook playbook.yml --syntax-check diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..0db7ba2 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,33 @@ +{ + "name": "development", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "dependencies": { + "prettier": "^2.6.2" + } + }, + "node_modules/prettier": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", + "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==", + "bin": { + "prettier": "bin-prettier.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + } + }, + "dependencies": { + "prettier": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", + "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==" + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..e1f5891 --- /dev/null +++ b/package.json @@ -0,0 +1,5 @@ +{ + "dependencies": { + "prettier": "^2.6.2" + } +} From 630f380b25544ba6c637aad5c5e13ae063cc0e4a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 26 May 2022 20:55:45 +0200 Subject: [PATCH 018/131] Use neovim when editing with git --- templates/gitconfig.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 00bfd77..4b97063 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -6,5 +6,8 @@ email = sonny871@hotmail.com name = Sonny Bakker signingkey = {{ gpg_pub_key }} +[core] +editor = nvim + [pull] rebase = false From c02574906921dcf56b365ae499e065d09ef71900 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 29 Jun 2022 21:43:27 +0200 Subject: [PATCH 019/131] Add laptop configuration to disable discrete GPU --- tasks/setup.yml | 18 ++++++++++++++++++ templates/laptop/nouveau-blacklist.j2 | 4 ++++ templates/laptop/udev.j2 | 4 ++++ 3 files changed, 26 insertions(+) create mode 100644 templates/laptop/nouveau-blacklist.j2 create mode 100644 templates/laptop/udev.j2 diff --git a/tasks/setup.yml b/tasks/setup.yml index ff7a6f3..48f428b 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -49,3 +49,21 @@ systemd: name: fstrim.timer enabled: true + +- name: disable nvidia GPU + block: + - name: create udev rule + become: true + template: + src: 'templates/{{ platform }}/udev.j2' + dest: '/etc/udev/rules.d/00-remove-nvidia.rules' + owner: root + group: root + - name: blacklist kernel module + become: true + template: + src: 'templates/{{ platform }}/nouveau-blacklist.j2' + dest: '/etc/modprobe.d/blacklist-nouveau.conf' + owner: root + group: root + when: platform == "laptop" diff --git a/templates/laptop/nouveau-blacklist.j2 b/templates/laptop/nouveau-blacklist.j2 new file mode 100644 index 0000000..0a4edd5 --- /dev/null +++ b/templates/laptop/nouveau-blacklist.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +blacklist nouveau +options nouveau modeset=0 diff --git a/templates/laptop/udev.j2 b/templates/laptop/udev.j2 new file mode 100644 index 0000000..8283502 --- /dev/null +++ b/templates/laptop/udev.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +# Remove NVIDIA VGA/3D controller devices +ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1" From 8b9fbe9b4e92055b622da3040f7cc8d3221e1b78 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 30 Jun 2022 20:53:27 +0200 Subject: [PATCH 020/131] Switch to wireplumber --- tasks/pipewire.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index 74fe100..2efa001 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -18,6 +18,18 @@ src: 'templates/{{ platform }}/pipewire-pulse.j2' dest: '{{ xdg_config_dir }}/pipewire/pipewire-pulse.conf' +- name: gather the package facts + package_facts: + manager: pacman + +- name: replace pipewire-media-session + become: true + pacman: + name: wireplumber + state: present + extra_args: --noconfirm --ask=4 + when: "'pipewire-media-session' in ansible_facts.packages or not 'wireplumber' in ansible_facts.packages" + - name: start pipewire socket systemd: name: pipewire.socket From 1d4bb97fcfd8d5146f90f4e55d2ecd3efd688fcf Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 8 Mar 2024 07:57:56 +0100 Subject: [PATCH 021/131] Disable vulkan `gpu-api` for now --- templates/mpv/config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index 706daf1..c8ad07d 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -2,7 +2,7 @@ volume=100 sub-auto=fuzzy -gpu-api=vulkan +gpu-api=opengl vo=gpu hwdec=vaapi From 7a57636bdb2bfb6057ae449ab9f96cd523fe9663 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 8 Mar 2024 08:05:49 +0100 Subject: [PATCH 022/131] Remove bridged network setup --- tasks/network.yml | 120 +++++++++++---------- templates/desktop/network/vmbr0.netdev.j2 | 5 - templates/desktop/network/vmbr0.network.j2 | 10 -- templates/desktop/nftables.j2 | 28 +---- templates/laptop/network/vmbr0.netdev.j2 | 5 - templates/laptop/network/vmbr0.network.j2 | 10 -- templates/laptop/nftables.j2 | 21 ---- templates/pacman.j2 | 1 + 8 files changed, 65 insertions(+), 135 deletions(-) delete mode 100644 templates/desktop/network/vmbr0.netdev.j2 delete mode 100644 templates/desktop/network/vmbr0.network.j2 delete mode 100644 templates/laptop/network/vmbr0.netdev.j2 delete mode 100644 templates/laptop/network/vmbr0.network.j2 diff --git a/tasks/network.yml b/tasks/network.yml index 4ebaa73..1163846 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -43,66 +43,70 @@ mode: '0640' loop: '{{ vpn_peers }}' -- name: setup desktop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/desktop/network/enp.network.j2', - dest: '/etc/systemd/network/20-wired.network', - } - - { - src: 'templates/desktop/network/vmbr0.network.j2', - dest: '/etc/systemd/network/30-vmbr0.network', - } - - { - src: 'templates/desktop/network/vmbr0.netdev.j2', - dest: '/etc/systemd/network/30-vmbr0.netdev', - } - - { - src: 'templates/desktop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/desktop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } +- block: + - name: setup desktop network configuration + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/desktop/network/enp.network.j2', + dest: '/etc/systemd/network/20-wired.network', + } + - { + src: 'templates/desktop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/desktop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } + - name: remove leftover configuration files + become: true + file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' when: platform == "desktop" -- name: setup laptop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/laptop/network/wireless.network.j2', - dest: '/etc/systemd/network/20-wireless.network', - } - - { - src: 'templates/laptop/network/vmbr0.network.j2', - dest: '/etc/systemd/network/30-vmbr0.network', - } - - { - src: 'templates/laptop/network/vmbr0.netdev.j2', - dest: '/etc/systemd/network/30-vmbr0.netdev', - } - - { - src: 'templates/laptop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/laptop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } +- block: + - name: setup laptop network configuration + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/laptop/network/wireless.network.j2', + dest: '/etc/systemd/network/20-wireless.network', + } + - { + src: 'templates/laptop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/laptop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } + + - name: remove leftover configuration files + become: true + file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' + when: platform == "laptop" - name: restart systemd-networkd diff --git a/templates/desktop/network/vmbr0.netdev.j2 b/templates/desktop/network/vmbr0.netdev.j2 deleted file mode 100644 index 54f171b..0000000 --- a/templates/desktop/network/vmbr0.netdev.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name=vmbr0 -Kind=bridge diff --git a/templates/desktop/network/vmbr0.network.j2 b/templates/desktop/network/vmbr0.network.j2 deleted file mode 100644 index a3ca139..0000000 --- a/templates/desktop/network/vmbr0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=vmbr0 - -[Network] -Address=10.4.0.1/24 -DHCP=yes -IPForward=yes -ConfigureWithoutCarrier=yes diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index 502770a..cdea740 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -1,12 +1,13 @@ # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # +#!/usr/bin/nft -f # vim:set ts=2 sw=2 et: flush ruleset table inet filter { chain input { - type filter hook input priority 0; + type filter hook input priority 0; policy drop; # allow established/related connections ct state { established, related } accept @@ -26,15 +27,6 @@ table inet filter { # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept - - # allow remote pulse audio - ip saddr 10.0.0.1 tcp dport 4713 accept - - # allow dhcp requests for bridget connections - iifname "vmbr0" udp dport { 53, 67 } accept - - # everything else - reject with icmpx type port-unreachable } chain forward { @@ -43,9 +35,6 @@ table inet filter { ct state { established, related } accept; mark 1 accept - - iifname "vmbr0" oifname "enp34s0" accept - iifname "enp34s0" oifname "vmbr0" accept } } @@ -54,16 +43,3 @@ table ip filter { mark set 1 } } - -table ip nat { - chain prerouting { - type nat hook prerouting priority 0; policy accept; - - # iifname "enp34s0" tcp dport { http } dnat to 10.4.0.243 - } - - chain postrouting { - type nat hook postrouting priority 0; policy accept; - oifname "enp34s0" masquerade - } -} diff --git a/templates/laptop/network/vmbr0.netdev.j2 b/templates/laptop/network/vmbr0.netdev.j2 deleted file mode 100644 index 54f171b..0000000 --- a/templates/laptop/network/vmbr0.netdev.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name=vmbr0 -Kind=bridge diff --git a/templates/laptop/network/vmbr0.network.j2 b/templates/laptop/network/vmbr0.network.j2 deleted file mode 100644 index 4bbbfa2..0000000 --- a/templates/laptop/network/vmbr0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=vmbr0 - -[Network] -Address=10.5.0.1/24 -DHCP=ipv4 -IPForward=ipv4 -ConfigureWithoutCarrier=yes diff --git a/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2 index 7d01d39..8c01f2a 100644 --- a/templates/laptop/nftables.j2 +++ b/templates/laptop/nftables.j2 @@ -27,9 +27,6 @@ table inet filter { # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept - - # allow dhcp requests for bridged connections - iifname "vmbr0" udp dport { 53, 67 } accept } chain forward { @@ -38,9 +35,6 @@ table inet filter { ct state { established, related } accept; mark 1 accept - - iifname "vmbr0" oifname "wlan0" accept - iifname "wlan0" oifname "vmbr0" accept } } @@ -49,18 +43,3 @@ table ip filter { mark set 1 } } - -table ip nat { - chain prerouting { - type nat hook prerouting priority 0; policy accept; - - # iifname "wlan0" tcp dport { http } dnat to 10.4.0.243 - } - - chain postrouting { - type nat hook postrouting priority 0; policy accept; - - oifname "wlan0" masquerade - } -} - diff --git a/templates/pacman.j2 b/templates/pacman.j2 index 683ec24..becd0db 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -1,3 +1,4 @@ +# TODO: update testing libraries according to new config # {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # # /etc/pacman.conf From 8e7d6db56ba2f513674565454ce51ae31438bc84 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 10:36:59 +0100 Subject: [PATCH 023/131] Remove template timestamps & move tasks to handlers These changes will prevent services from being restarted without any changes whenever no changes have been made --- handlers.yml | 33 ++++++++++++++++++++ tasks/network.yml | 30 +++++------------- tasks/pipewire.yml | 13 ++------ templates/desktop/network/enp.network.j2 | 2 -- templates/desktop/network/wg0.netdev.j2 | 2 -- templates/desktop/network/wg0.network.j2 | 2 -- templates/desktop/nftables.j2 | 2 -- templates/desktop/pipewire-pulse.j2 | 2 -- templates/desktop/syncthing.j2 | 2 -- templates/gitconfig.j2 | 3 -- templates/laptop/network/wg0.netdev.j2 | 2 -- templates/laptop/network/wg0.network.j2 | 2 -- templates/laptop/network/wireless.network.j2 | 2 -- templates/laptop/nftables.j2 | 2 -- templates/laptop/nouveau-blacklist.j2 | 2 -- templates/laptop/pipewire-pulse.j2 | 2 -- templates/laptop/powertop.j2 | 2 -- templates/laptop/syncthing.j2 | 2 -- templates/laptop/udev.j2 | 2 -- templates/mpv/config.j2 | 4 +-- templates/mpv/input.j2 | 2 -- templates/pacman.j2 | 10 ++---- templates/reflector.j2 | 2 -- templates/ssh-agent.j2 | 2 -- templates/timer/daily_target.j2 | 2 -- templates/timer/daily_timer.j2 | 3 -- templates/timer/weekly_target.j2 | 2 -- templates/timer/weekly_timer.j2 | 3 -- templates/tmux.j2 | 2 -- 29 files changed, 46 insertions(+), 95 deletions(-) diff --git a/handlers.yml b/handlers.yml index e613358..dccba92 100644 --- a/handlers.yml +++ b/handlers.yml @@ -36,3 +36,36 @@ state: restarted enabled: true daemon-reload: true + +- name: restart systemd-networkd + become: true + systemd: + name: systemd-networkd + state: restarted + enabled: true + +- name: start systemd-resolved service + become: true + systemd: + name: systemd-resolved + state: started + enabled: true + +- name: start iwd service + become: true + systemd: + name: iwd + state: started + enabled: true + when: platform == "laptop" + +- name: restart pipewire-pulse + systemd: + name: '{{ item.name }}' + state: restarted + enabled: '{{ item.enabled }}' + scope: user + daemon-reload: true + loop: + - { name: 'pipewire-pulse.socket', enabled: true } + - { name: 'pipewire-pulse.service', enabled: false } diff --git a/tasks/network.yml b/tasks/network.yml index 1163846..9cda432 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -73,6 +73,10 @@ loop: - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' + + notify: + - restart systemd-networkd + - restart systemd-resolved when: platform == "desktop" - block: @@ -107,28 +111,10 @@ - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' - when: platform == "laptop" - -- name: restart systemd-networkd - become: true - systemd: - name: systemd-networkd - state: restarted - enabled: true - -- name: start systemd-resolved service - become: true - systemd: - name: systemd-resolved - state: started - enabled: true - -- name: start iwd service - become: true - systemd: - name: iwd - state: started - enabled: true + notify: + - restart systemd-networkd + - restart systemd-resolved + - restart iwd when: platform == "laptop" - name: copy firewall template diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml index 2efa001..5a5b905 100644 --- a/tasks/pipewire.yml +++ b/tasks/pipewire.yml @@ -17,6 +17,7 @@ template: src: 'templates/{{ platform }}/pipewire-pulse.j2' dest: '{{ xdg_config_dir }}/pipewire/pipewire-pulse.conf' + notify: restart pipewire-pulse - name: gather the package facts package_facts: @@ -29,6 +30,7 @@ state: present extra_args: --noconfirm --ask=4 when: "'pipewire-media-session' in ansible_facts.packages or not 'wireplumber' in ansible_facts.packages" + notify: restart pipewire-pulse - name: start pipewire socket systemd: @@ -36,14 +38,3 @@ state: started enabled: true scope: user - -- name: restart pipewire-pulse - systemd: - name: '{{ item.name }}' - state: restarted - enabled: '{{ item.enabled }}' - scope: user - daemon-reload: true - loop: - - { name: 'pipewire-pulse.socket', enabled: true } - - { name: 'pipewire-pulse.service', enabled: false } diff --git a/templates/desktop/network/enp.network.j2 b/templates/desktop/network/enp.network.j2 index 3329399..252cbe9 100644 --- a/templates/desktop/network/enp.network.j2 +++ b/templates/desktop/network/enp.network.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Match] Name=enp* diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index de4e81e..2397e90 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [NetDev] Name={{ vpn_interface }} Kind=wireguard diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 81fbe8a..4a5a6e2 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Match] Name={{ vpn_interface }} diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index cdea740..2f37138 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# #!/usr/bin/nft -f # vim:set ts=2 sw=2 et: diff --git a/templates/desktop/pipewire-pulse.j2 b/templates/desktop/pipewire-pulse.j2 index bf26dab..56d29e3 100644 --- a/templates/desktop/pipewire-pulse.j2 +++ b/templates/desktop/pipewire-pulse.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # PulseAudio config file for PipeWire version "0.3.48" # # # Copy and edit this file in /etc/pipewire for system-wide changes diff --git a/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 index d9e59f9..f4f290f 100644 --- a/templates/desktop/syncthing.j2 +++ b/templates/desktop/syncthing.j2 @@ -1,5 +1,3 @@ - - basic diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 4b97063..3c1e9d9 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -1,6 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# - [user] email = sonny871@hotmail.com name = Sonny Bakker diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index de4e81e..2397e90 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [NetDev] Name={{ vpn_interface }} Kind=wireguard diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 81fbe8a..4a5a6e2 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Match] Name={{ vpn_interface }} diff --git a/templates/laptop/network/wireless.network.j2 b/templates/laptop/network/wireless.network.j2 index 894c5db..3c23fc2 100644 --- a/templates/laptop/network/wireless.network.j2 +++ b/templates/laptop/network/wireless.network.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Match] Name=wlan0 diff --git a/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2 index 8c01f2a..b54a534 100644 --- a/templates/laptop/nftables.j2 +++ b/templates/laptop/nftables.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# #!/usr/bin/nft -f # vim:set ts=2 sw=2 et: diff --git a/templates/laptop/nouveau-blacklist.j2 b/templates/laptop/nouveau-blacklist.j2 index 0a4edd5..c9b9bfc 100644 --- a/templates/laptop/nouveau-blacklist.j2 +++ b/templates/laptop/nouveau-blacklist.j2 @@ -1,4 +1,2 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - blacklist nouveau options nouveau modeset=0 diff --git a/templates/laptop/pipewire-pulse.j2 b/templates/laptop/pipewire-pulse.j2 index bf26dab..56d29e3 100644 --- a/templates/laptop/pipewire-pulse.j2 +++ b/templates/laptop/pipewire-pulse.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # PulseAudio config file for PipeWire version "0.3.48" # # # Copy and edit this file in /etc/pipewire for system-wide changes diff --git a/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 index 6b15cc7..d30f4ce 100644 --- a/templates/laptop/powertop.j2 +++ b/templates/laptop/powertop.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Unit] Description=Powertop tunings diff --git a/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 index e653f67..4112f18 100644 --- a/templates/laptop/syncthing.j2 +++ b/templates/laptop/syncthing.j2 @@ -1,5 +1,3 @@ - - basic diff --git a/templates/laptop/udev.j2 b/templates/laptop/udev.j2 index 8283502..e9a40ab 100644 --- a/templates/laptop/udev.j2 +++ b/templates/laptop/udev.j2 @@ -1,4 +1,2 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - # Remove NVIDIA VGA/3D controller devices ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1" diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index c8ad07d..332f251 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -1,6 +1,4 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -volume=100 +olume=100 sub-auto=fuzzy gpu-api=opengl vo=gpu diff --git a/templates/mpv/input.j2 b/templates/mpv/input.j2 index b63757d..b2cfeb4 100644 --- a/templates/mpv/input.j2 +++ b/templates/mpv/input.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# ## Seek units are in seconds, but note that these are limited by keyframes RIGHT seek 5 LEFT seek -5 diff --git a/templates/pacman.j2 b/templates/pacman.j2 index becd0db..a77bbeb 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -1,6 +1,3 @@ -# TODO: update testing libraries according to new config -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # /etc/pacman.conf # # Add environment specific settings in /etc/pacman.d/extra.conf @@ -82,13 +79,10 @@ LocalFileSigLevel = Optional [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/templates/reflector.j2 b/templates/reflector.j2 index fbd1a42..97b701b 100644 --- a/templates/reflector.j2 +++ b/templates/reflector.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # Reflector configuration file for the systemd service. # # Empty lines and lines beginning with "#" are ignored. All other lines should diff --git a/templates/ssh-agent.j2 b/templates/ssh-agent.j2 index 67fdbea..9428410 100644 --- a/templates/ssh-agent.j2 +++ b/templates/ssh-agent.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Unit] Description=SSH key agent diff --git a/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 index bf4d594..c1eb670 100644 --- a/templates/timer/daily_target.j2 +++ b/templates/timer/daily_target.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # Add the following to your service unit to make use of this target: # Wants=daily.target # diff --git a/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 index cdc47f0..08ebc1a 100644 --- a/templates/timer/daily_timer.j2 +++ b/templates/timer/daily_timer.j2 @@ -1,6 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# - [Unit] Description=Timer which runs all services on a daily basis inside the daily.target.wants directory diff --git a/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 index 7e944cb..606a319 100644 --- a/templates/timer/weekly_target.j2 +++ b/templates/timer/weekly_target.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# # Add the following to your service unit to make use of this target: # Wants=weekly.target # diff --git a/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 index e4c33f4..2a5ad77 100644 --- a/templates/timer/weekly_timer.j2 +++ b/templates/timer/weekly_timer.j2 @@ -1,6 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# - [Unit] Description=Timer which runs all services on a weekly basis inside the weekly.target.wants directory diff --git a/templates/tmux.j2 b/templates/tmux.j2 index 8fa1473..0b1f6dd 100644 --- a/templates/tmux.j2 +++ b/templates/tmux.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - [Unit] Description=Tmux startup script From aa9dd18eefb2dfc0731b9a016ffd4d16749e7df5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 14:39:13 +0100 Subject: [PATCH 024/131] Use node's lts version for CI --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 214e100..2a8b491 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,7 +10,7 @@ cache: lint: stage: lint - image: node:12 + image: node:lts before_script: - npm install script: From 066464fcca8464be5d56899b12e7479de60c59bc Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 14:39:34 +0100 Subject: [PATCH 025/131] Remove pulse/pipewire related files --- playbook.yml | 1 - tasks/pipewire.yml | 40 ------------- templates/desktop/pipewire-pulse.j2 | 93 ----------------------------- templates/laptop/pipewire-pulse.j2 | 93 ----------------------------- 4 files changed, 227 deletions(-) delete mode 100644 tasks/pipewire.yml delete mode 100644 templates/desktop/pipewire-pulse.j2 delete mode 100644 templates/laptop/pipewire-pulse.j2 diff --git a/playbook.yml b/playbook.yml index eada34f..d1c2aff 100644 --- a/playbook.yml +++ b/playbook.yml @@ -20,7 +20,6 @@ - import_tasks: 'tasks/mpv.yml' - import_tasks: 'tasks/mpd.yml' - import_tasks: 'tasks/syncthing.yml' - - import_tasks: 'tasks/pipewire.yml' - import_tasks: 'tasks/timer.yml' handlers: - import_tasks: 'handlers.yml' diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml deleted file mode 100644 index 5a5b905..0000000 --- a/tasks/pipewire.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Note that pulsaudio should be removed by installing pipewire-pulse manually - -- name: remove previous configurations - file: - path: '{{ item }}' - state: absent - loop: - - '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' - - '{{ xdg_script_dir }}/pulse-script' - -- name: create pipewire configuration dir - file: - state: directory - path: '{{ xdg_config_dir }}/pipewire' - -- name: copy pipewire-pulse configuration - template: - src: 'templates/{{ platform }}/pipewire-pulse.j2' - dest: '{{ xdg_config_dir }}/pipewire/pipewire-pulse.conf' - notify: restart pipewire-pulse - -- name: gather the package facts - package_facts: - manager: pacman - -- name: replace pipewire-media-session - become: true - pacman: - name: wireplumber - state: present - extra_args: --noconfirm --ask=4 - when: "'pipewire-media-session' in ansible_facts.packages or not 'wireplumber' in ansible_facts.packages" - notify: restart pipewire-pulse - -- name: start pipewire socket - systemd: - name: pipewire.socket - state: started - enabled: true - scope: user diff --git a/templates/desktop/pipewire-pulse.j2 b/templates/desktop/pipewire-pulse.j2 deleted file mode 100644 index 56d29e3..0000000 --- a/templates/desktop/pipewire-pulse.j2 +++ /dev/null @@ -1,93 +0,0 @@ -# PulseAudio config file for PipeWire version "0.3.48" # -# -# Copy and edit this file in /etc/pipewire for system-wide changes -# or in ~/.config/pipewire for local changes. -# -# It is also possible to place a file with an updated section in -# /etc/pipewire/pipewire-pulse.conf.d/ for system-wide changes or in -# ~/.config/pipewire/pipewire-pulse.conf.d/ for local changes. -# - -context.properties = {} - -context.spa-libs = { - audio.convert.* = audioconvert/libspa-audioconvert - support.* = support/libspa-support -} - -context.modules = [ - { name = libpipewire-module-rt - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } - { name = libpipewire-module-metadata } - - { name = libpipewire-module-protocol-pulse - args = { - server.address = [ - "unix:native" - { address = "tcp:{{ vpn_ip }}:{{ pulse_port }}" - max-clients = 64 - listen-backlog = 32 - client.access = "allowed" - } - ] - # These overrides are only applied when running in a vm. - vm.overrides = { - pulse.min.quantum = 1024/48000 # 22ms - } - } - } - - { name = libpipewire-module-access - args = { - access.allowed = [ - /usr/bin/pipewire-media-session - /usr/bin/mpd - ] - - access.rejected = [ - ] - } - } -] - -# Extra modules can be loaded here. Setup in default.pa can be moved here -context.exec = [ - { path = "pactl" args = "load-module module-always-sink" } -] - -stream.properties = {} - -# client/stream specific properties -pulse.rules = [ - { - # skype does not want to use devices that don't have an S16 sample format. - matches = [ - { application.process.binary = "teams" } - { application.process.binary = "skypeforlinux" } - ] - actions = { quirks = [ force-s16-info ] } - } - { - # firefox marks the capture streams as don't move and then they - # can't be moved with pavucontrol or other tools. - matches = [ { application.process.binary = "firefox" } ] - actions = { quirks = [ remove-capture-dont-move ] } - } - { - # speech dispatcher asks for too small latency and then underruns. - matches = [ { application.name = "~speech-dispatcher*" } ] - actions = { - update-props = { - pulse.min.req = 1024/48000 # 21ms - pulse.min.quantum = 1024/48000 # 21ms - } - } - } -] diff --git a/templates/laptop/pipewire-pulse.j2 b/templates/laptop/pipewire-pulse.j2 deleted file mode 100644 index 56d29e3..0000000 --- a/templates/laptop/pipewire-pulse.j2 +++ /dev/null @@ -1,93 +0,0 @@ -# PulseAudio config file for PipeWire version "0.3.48" # -# -# Copy and edit this file in /etc/pipewire for system-wide changes -# or in ~/.config/pipewire for local changes. -# -# It is also possible to place a file with an updated section in -# /etc/pipewire/pipewire-pulse.conf.d/ for system-wide changes or in -# ~/.config/pipewire/pipewire-pulse.conf.d/ for local changes. -# - -context.properties = {} - -context.spa-libs = { - audio.convert.* = audioconvert/libspa-audioconvert - support.* = support/libspa-support -} - -context.modules = [ - { name = libpipewire-module-rt - args = { - nice.level = -11 - } - flags = [ ifexists nofail ] - } - { name = libpipewire-module-protocol-native } - { name = libpipewire-module-client-node } - { name = libpipewire-module-adapter } - { name = libpipewire-module-metadata } - - { name = libpipewire-module-protocol-pulse - args = { - server.address = [ - "unix:native" - { address = "tcp:{{ vpn_ip }}:{{ pulse_port }}" - max-clients = 64 - listen-backlog = 32 - client.access = "allowed" - } - ] - # These overrides are only applied when running in a vm. - vm.overrides = { - pulse.min.quantum = 1024/48000 # 22ms - } - } - } - - { name = libpipewire-module-access - args = { - access.allowed = [ - /usr/bin/pipewire-media-session - /usr/bin/mpd - ] - - access.rejected = [ - ] - } - } -] - -# Extra modules can be loaded here. Setup in default.pa can be moved here -context.exec = [ - { path = "pactl" args = "load-module module-always-sink" } -] - -stream.properties = {} - -# client/stream specific properties -pulse.rules = [ - { - # skype does not want to use devices that don't have an S16 sample format. - matches = [ - { application.process.binary = "teams" } - { application.process.binary = "skypeforlinux" } - ] - actions = { quirks = [ force-s16-info ] } - } - { - # firefox marks the capture streams as don't move and then they - # can't be moved with pavucontrol or other tools. - matches = [ { application.process.binary = "firefox" } ] - actions = { quirks = [ remove-capture-dont-move ] } - } - { - # speech dispatcher asks for too small latency and then underruns. - matches = [ { application.name = "~speech-dispatcher*" } ] - actions = { - update-props = { - pulse.min.req = 1024/48000 # 21ms - pulse.min.quantum = 1024/48000 # 21ms - } - } - } -] From 61eb8c3de47255ed72b6b5f62c9507e3712c0f18 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 14:51:55 +0100 Subject: [PATCH 026/131] Remove deprecated package --- vars/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/main.yml b/vars/main.yml index b8c5488..7cbac85 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -22,7 +22,6 @@ packages: - kmail - iproute2 - curl - - cantata - reflector - laptop-detect - pipewire From 29104cad7e02982923ebef97db620973d7992792 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 14:55:56 +0100 Subject: [PATCH 027/131] Update zeus IP --- vars/desktop.yml | 2 +- vars/laptop.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/desktop.yml b/vars/desktop.yml index 9c74926..0c5cc3d 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -19,7 +19,7 @@ vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '178.84.5.195:51902', + endpoint: '37.251.96.245:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', diff --git a/vars/laptop.yml b/vars/laptop.yml index 84d65de..2563d76 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -21,7 +21,7 @@ vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '178.84.5.195:51902', + endpoint: '37.251.96.245:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', From 7ef566a8c78e0698721800a4fa506b8d31bafddb Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 16 Mar 2024 14:57:39 +0100 Subject: [PATCH 028/131] Add TODO --- playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbook.yml b/playbook.yml index d1c2aff..5f1314e 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,3 +1,4 @@ +# TODO: update laptop configuration? - hosts: localhost pre_tasks: - name: install shared packages From 8672afe60a10b767d0f46b4648aa8a54edf0f7b3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 3 May 2024 19:08:10 +0200 Subject: [PATCH 029/131] Fix typo in mpv config --- templates/mpv/config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index 332f251..141c56d 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -1,4 +1,4 @@ -olume=100 +volume=100 sub-auto=fuzzy gpu-api=opengl vo=gpu From a43f931f2af7839aca6f0318de5e1b69c6d1e8f2 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 23 May 2024 20:56:04 +0200 Subject: [PATCH 030/131] Remove fixed IP for wireguard configs --- vars/desktop.yml | 2 +- vars/laptop.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/desktop.yml b/vars/desktop.yml index 0c5cc3d..7893c37 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -19,7 +19,7 @@ vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '37.251.96.245:51902', + endpoint: 'fudiggity.nl:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', diff --git a/vars/laptop.yml b/vars/laptop.yml index 2563d76..68d8975 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -21,7 +21,7 @@ vpn_peers: - { name: 'zeus', allowd_ips: '10.0.0.1/32', - endpoint: '37.251.96.245:51902', + endpoint: 'fudiggity.nl:51902', public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', From a93901cc471c39761b248bc26b2e6d7a62de1f5a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 23 May 2024 20:56:20 +0200 Subject: [PATCH 031/131] Add TODO & add alacritty --- playbook.yml | 1 - tasks/setup.yml | 1 + vars/main.yml | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/playbook.yml b/playbook.yml index 5f1314e..d1c2aff 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,4 +1,3 @@ -# TODO: update laptop configuration? - hosts: localhost pre_tasks: - name: install shared packages diff --git a/tasks/setup.yml b/tasks/setup.yml index 48f428b..85440f0 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -50,6 +50,7 @@ name: fstrim.timer enabled: true +# TODO: setup discrete GPU and remove this configuration - name: disable nvidia GPU block: - name: create udev rule diff --git a/vars/main.yml b/vars/main.yml index 7cbac85..547dbde 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -14,6 +14,7 @@ packages: - postgresql - plasma-meta - syncthing + - alacritty - tmux - unrar - vim From d320ba7ee1ec69a2b4e50bec7bccecfd43b6af8c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 24 May 2024 07:53:22 +0200 Subject: [PATCH 032/131] Install platform packages whenever it has items to do so --- playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbook.yml b/playbook.yml index d1c2aff..4c280b9 100644 --- a/playbook.yml +++ b/playbook.yml @@ -10,6 +10,7 @@ become: true pacman: name: '{{ platform_packages }}' + when: platform_packages | length > 0 roles: - common tasks: From abcd234b3dd54b06f8605aa3f1c61ff71ed9dfc5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 31 May 2024 08:00:05 +0200 Subject: [PATCH 033/131] Refactor MPD setup --- handlers.yml | 16 +++++++++++ tasks/mpd.yml | 58 +++++++++++++++++++++++++++++++-------- templates/mpd/mpd.conf.j2 | 33 ++++++++++++++++++++++ templates/mpd/ncmpc.j2 | 30 ++++++++++++++++++++ templates/mpd/service.j2 | 10 +++++++ templates/mpd/socket.j2 | 9 ++++++ vars/desktop.yml | 2 -- vars/laptop.yml | 2 -- vars/main.yml | 2 +- vars/mpd.yml | 10 +++---- 10 files changed, 149 insertions(+), 23 deletions(-) create mode 100644 templates/mpd/mpd.conf.j2 create mode 100644 templates/mpd/ncmpc.j2 create mode 100644 templates/mpd/service.j2 create mode 100644 templates/mpd/socket.j2 diff --git a/handlers.yml b/handlers.yml index dccba92..ab48d05 100644 --- a/handlers.yml +++ b/handlers.yml @@ -69,3 +69,19 @@ loop: - { name: 'pipewire-pulse.socket', enabled: true } - { name: 'pipewire-pulse.service', enabled: false } + +- name: stop mpd service + systemd: + name: mpd.service + state: stopped + enabled: false + scope: user + daemon-reload: true + +- name: restart mpd socket + systemd: + name: mpd + state: restarted + enabled: true + scope: user + daemon-reload: true diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 53217f3..6d4f556 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -1,14 +1,48 @@ -# remote mpd server is used now +- name: copy systemd configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/mpd/service.j2', + dest: '{{ xdg_config_dir }}/systemd/user/mpd.service', + } + - { + src: 'templates/mpd/socket.j2', + dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket', + } + notify: + - stop mpd service + - restart mpd socket -- name: check for mpd socket - stat: - path: '{{ xdg_config_dir }}/systemd/user/mpd.socket' - register: mpd_socket +- name: create mpd files + file: + path: '{{ item.path }}' + state: '{{ item.state }}' + loop: + - { path: '{{ mpd_configuration_dir }}', state: 'directory' } + - { path: '{{ ncmpc_configuration_dir }}', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } -- name: disable mpd socket - systemd: - name: mpd.socket - state: stopped - enabled: no - scope: user - when: mpd_socket.stat.exists +- name: remove previous mpd files + file: + path: '{{ item.path }}' + state: '{{ item.state }}' + loop: + - { path: '{{ mpd_configuration_dir }}/log', state: 'absent' } + - { path: '{{ mpd_configuration_dir }}/database', state: 'absent' } + - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'absent' } + +- name: copy configuration files + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { src: 'templates/mpd/mpd.conf.j2', dest: '{{ mpd_configuration_dir }}/mpd.conf' } + - { src: 'templates/mpd/ncmpc.j2', dest: '{{ ncmpc_configuration_dir }}/config' } + notify: + - stop mpd service +# Use mpc to control local mpd server. +# Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }} +# to add the HTTP stream to the playlist. +# Use nmcpc to control remote mpd server. diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 new file mode 100644 index 0000000..8f9b5a8 --- /dev/null +++ b/templates/mpd/mpd.conf.j2 @@ -0,0 +1,33 @@ +bind_to_address "{{ mpd_listen_address }}" +port "{{ mpd_listen_port }}" + +playlist_directory "{{ mpd_configuration_dir }}/playlists" + +database { + plugin "proxy" + host "{{ mpd_remote_address }}" + port "{{ mpd_remote_port }}" +} + +audio_output { + type "pulse" + name "mpd" + replay_gain_handler "software" + mixer_type "hardware" + format "96000:24:1" +} + +input { + enabled "no" + plugin "tidal" +} + +input { + enabled "no" + plugin "qobuz" +} + +decoder { + enabled "no" + plugin "wildmidi" +} diff --git a/templates/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 new file mode 100644 index 0000000..449f49e --- /dev/null +++ b/templates/mpd/ncmpc.j2 @@ -0,0 +1,30 @@ +## +## Configuration file for ncmpc (~/.config/ncmpc/config) +## + +############## Connection ################### +## Connect to mpd running on a specified host +host = {{ mpd_remote_address }} + +## Connect to mpd on the specified port. +port = {{ mpd_remote_port }} + +############## Theme ################### +# Topbar +color title = 0/254 +color line = 0/254 + +# Main window +color background = 15 +color list = 239/15 +color browser-directory = 239/15 +color browser-playlist = 239/15 + +# Selected +color list-bold = 147/255 + +# Bottombar +color progressbar = 0 +color status-state = 0/255 +color status-song = 0/255 +color status-time = 0/255 diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2 new file mode 100644 index 0000000..985c13f --- /dev/null +++ b/templates/mpd/service.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Music Player Daemon +Documentation=man:mpd(1) man:mpd.conf(5) + +[Service] +Type=notify +ExecStart=/usr/bin/mpd --systemd +Restart=on-failure +RestartSec=15s +TimeoutStopSec=3 diff --git a/templates/mpd/socket.j2 b/templates/mpd/socket.j2 new file mode 100644 index 0000000..d479add --- /dev/null +++ b/templates/mpd/socket.j2 @@ -0,0 +1,9 @@ +[Socket] +ListenStream=/run/user/1000/mpd.socket +ListenStream={{ mpd_listen_port }} +Backlog=5 +KeepAlive=true +PassCredentials=true + +[Install] +WantedBy=sockets.target diff --git a/vars/desktop.yml b/vars/desktop.yml index 7893c37..5ef0d4a 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -25,5 +25,3 @@ vpn_peers: preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", } - -pulse_port: 20808 diff --git a/vars/laptop.yml b/vars/laptop.yml index 68d8975..3bf6e7d 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -27,5 +27,3 @@ vpn_peers: preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", } - -pulse_port: 20808 diff --git a/vars/main.yml b/vars/main.yml index 547dbde..bdd9a05 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -14,7 +14,7 @@ packages: - postgresql - plasma-meta - syncthing - - alacritty + - alacritty # TODO: add configuration file - tmux - unrar - vim diff --git a/vars/mpd.yml b/vars/mpd.yml index 7247e78..8e2e696 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,11 +1,9 @@ mpd_listen_address: '127.0.0.1' mpd_listen_port: '6600' -mpd_database_address: '10.8.0.1' -mpd_database_port: '21000' +mpd_remote_address: '10.0.0.1' +mpd_remote_port: '21000' +mpd_remote_stream_port: '8000' # note that this is not used (yet) mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' -mpd_music_dir: '{{ ansible_env.HOME }}/music' -mpd_playlist_dir: '{{ mpd_configuration_dir }}/playlists' -mpd_state_path: '{{ mpd_configuration_dir }}/state' -mpd_sticker_path: '{{ mpd_configuration_dir }}/sticker.sql' +ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' From 60308c55332d1325b7cb2794ecd3a61c9a639761 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 31 May 2024 08:03:31 +0200 Subject: [PATCH 034/131] Update `become` syntax --- tasks/timer.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/timer.yml b/tasks/timer.yml index 14702b3..f35bf46 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -1,5 +1,5 @@ - name: copy timer files - become: yes + become: true template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -13,7 +13,7 @@ - enable weekly timer - name: copy target files - become: yes + become: true template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -27,7 +27,7 @@ } - name: create target directories - become: yes + become: true file: path: '{{ item }}' state: directory @@ -38,7 +38,7 @@ - '/etc/systemd/system/weekly.target.wants' - name: add reflector to weekly timer - become: yes + become: true file: src: '/usr/lib/systemd/system/reflector.service' dest: '/etc/systemd/system/weekly.target.wants/reflector.service' From 850b6a38e0a189a51837078d3ce258e6490c014b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 31 May 2024 08:10:55 +0200 Subject: [PATCH 035/131] Add alacritty configuration --- files/alacritty.toml | 58 ++++++++++++++++++++++++++++++++++++++++++++ tasks/setup.yml | 10 ++++++++ 2 files changed, 68 insertions(+) create mode 100644 files/alacritty.toml diff --git a/files/alacritty.toml b/files/alacritty.toml new file mode 100644 index 0000000..8512809 --- /dev/null +++ b/files/alacritty.toml @@ -0,0 +1,58 @@ +[font] +normal = { family = "monospace", style = "Regular" } + +[colors] + [colors.primary] + # Terminal stying + # Defaults + # foreground = "#d8d8d8" + # background = "#181818" + + foreground = "#000000" + background = "#ffffff" + + [colors.normal] + # Defaults + # black = "#181818" + # red = "#ac4242" + # green = "#90a959" + # yellow = "#f4bf75" + # blue = "#6a9fb5" + # magenta = "#aa759f" + # cyan = "#75b5aa" + # white = "#d8d8d8" + + black = "#353535" + red = "#e84f4f" + green = "#77d62f" + yellow = "#e1aa5d" + blue = "#7dc1cf" + magenta = "#9b64fb" + cyan = "#6d878d" + white = "#dddddd" + + [colors.dim] + # Defaults + # black = "#0f0f0f" + # red = "#712b2b" + # green = "#5f6f3a" + # yellow = "#a17e4d" + # blue = "#456877" + # magenta = "#704d68" + # cyan = "#4d7770" + # white = "#8e8e8e" + + black = "#0f0f0f" + red = "#712b2b" + green = "#5f6f3a" + yellow = "#a17e4d" + blue = "#456877" + magenta = "#704d68" + cyan = "#4d7770" + white = "#8e8e8e" + +[selection] +save_to_clipboard = true + +[keyboard] +bindings = [{ key = "N", mods = "Control | Shift", action = "SpawnNewInstance" },] diff --git a/tasks/setup.yml b/tasks/setup.yml index 85440f0..1b8da9e 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -44,6 +44,16 @@ notify: restart powertop when: platform == "laptop" +- name: create alacritty configuration dir + file: + path: '{{ xdg_config_dir }}/alacritty' + state: directory + +- name: copy alacritty configuration + copy: + dest: '{{ xdg_config_dir }}/alacritty/alacritty.toml' + src: 'files/alacritty.toml' + - name: enable fstrim timer become: true systemd: From e290f5ae0ad1f9c69d9c98f9ce11f7526e92bfe8 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 31 May 2024 08:15:08 +0200 Subject: [PATCH 036/131] Add missing mpd state file --- tasks/mpd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 6d4f556..242c83f 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -23,6 +23,7 @@ - { path: '{{ mpd_configuration_dir }}', state: 'directory' } - { path: '{{ ncmpc_configuration_dir }}', state: 'directory' } - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } + - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } - name: remove previous mpd files file: From 742a30faee87ea2a6a3a0c882088d89e638f95f3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 5 Jun 2024 10:56:40 +0200 Subject: [PATCH 037/131] Use `import` setting for alacritty --- tasks/mpd.yml | 1 + tasks/setup.yml | 4 ++-- files/alacritty.toml => templates/alacritty.j2 | 15 +++++++++------ 3 files changed, 12 insertions(+), 8 deletions(-) rename files/alacritty.toml => templates/alacritty.j2 (93%) diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 242c83f..3aa60ec 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -43,6 +43,7 @@ - { src: 'templates/mpd/ncmpc.j2', dest: '{{ ncmpc_configuration_dir }}/config' } notify: - stop mpd service +# TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR # Use mpc to control local mpd server. # Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }} # to add the HTTP stream to the playlist. diff --git a/tasks/setup.yml b/tasks/setup.yml index 1b8da9e..f213248 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -50,9 +50,9 @@ state: directory - name: copy alacritty configuration - copy: + template: dest: '{{ xdg_config_dir }}/alacritty/alacritty.toml' - src: 'files/alacritty.toml' + src: 'templates/alacritty.j2' - name: enable fstrim timer become: true diff --git a/files/alacritty.toml b/templates/alacritty.j2 similarity index 93% rename from files/alacritty.toml rename to templates/alacritty.j2 index 8512809..79668f4 100644 --- a/files/alacritty.toml +++ b/templates/alacritty.j2 @@ -1,3 +1,12 @@ +[general] +import = [ "{{ xdg_config_dir }}/alacritty/include.toml" ] + +[selection] +save_to_clipboard = true + +[keyboard] +bindings = [{ key = "N", mods = "Control | Shift", action = "SpawnNewInstance" },] + [font] normal = { family = "monospace", style = "Regular" } @@ -50,9 +59,3 @@ normal = { family = "monospace", style = "Regular" } magenta = "#704d68" cyan = "#4d7770" white = "#8e8e8e" - -[selection] -save_to_clipboard = true - -[keyboard] -bindings = [{ key = "N", mods = "Control | Shift", action = "SpawnNewInstance" },] From 25ca753bb93b63c62baf4613e38367e0effcd5d4 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 5 Jun 2024 10:59:15 +0200 Subject: [PATCH 038/131] Fix unknown `general` section --- templates/alacritty.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/alacritty.j2 b/templates/alacritty.j2 index 79668f4..8e14692 100644 --- a/templates/alacritty.j2 +++ b/templates/alacritty.j2 @@ -1,4 +1,3 @@ -[general] import = [ "{{ xdg_config_dir }}/alacritty/include.toml" ] [selection] From 556acd2480b51d7abe3eee6ac26e1d4741fd3f8b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 5 Jun 2024 18:45:59 +0200 Subject: [PATCH 039/131] Update laptop configuration --- handlers.yml | 4 ++-- tasks/setup.yml | 30 ++++++++------------------- templates/laptop/nouveau-blacklist.j2 | 2 -- templates/laptop/powertop.j2 | 9 -------- templates/laptop/udev.j2 | 2 -- vars/laptop.yml | 5 ++++- 6 files changed, 15 insertions(+), 37 deletions(-) delete mode 100644 templates/laptop/nouveau-blacklist.j2 delete mode 100644 templates/laptop/powertop.j2 delete mode 100644 templates/laptop/udev.j2 diff --git a/handlers.yml b/handlers.yml index ab48d05..38cfd5a 100644 --- a/handlers.yml +++ b/handlers.yml @@ -51,11 +51,11 @@ state: started enabled: true -- name: start iwd service +- name: restart iwd become: true systemd: name: iwd - state: started + state: restarted enabled: true when: platform == "laptop" diff --git a/tasks/setup.yml b/tasks/setup.yml index f213248..9a2b399 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -33,17 +33,6 @@ state: touch mode: '0644' -- name: copy powertop service - become: true - template: - src: 'templates/{{ platform }}/powertop.j2' - dest: '/etc/systemd/system/powertop.service' - owner: root - group: root - mode: '0644' - notify: restart powertop - when: platform == "laptop" - - name: create alacritty configuration dir file: path: '{{ xdg_config_dir }}/alacritty' @@ -60,21 +49,20 @@ name: fstrim.timer enabled: true -# TODO: setup discrete GPU and remove this configuration -- name: disable nvidia GPU +# TODO: set fan settings to `quiet` with smbios-thermal-ctl + +- name: remove old configuration files block: - name: create udev rule become: true - template: - src: 'templates/{{ platform }}/udev.j2' - dest: '/etc/udev/rules.d/00-remove-nvidia.rules' - owner: root - group: root + file: + path: '/etc/udev/rules.d/00-remove-nvidia.rules' + state: absent - name: blacklist kernel module become: true - template: - src: 'templates/{{ platform }}/nouveau-blacklist.j2' - dest: '/etc/modprobe.d/blacklist-nouveau.conf' + file: + path: '/etc/modprobe.d/blacklist-nouveau.conf' + state: absent owner: root group: root when: platform == "laptop" diff --git a/templates/laptop/nouveau-blacklist.j2 b/templates/laptop/nouveau-blacklist.j2 deleted file mode 100644 index c9b9bfc..0000000 --- a/templates/laptop/nouveau-blacklist.j2 +++ /dev/null @@ -1,2 +0,0 @@ -blacklist nouveau -options nouveau modeset=0 diff --git a/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 deleted file mode 100644 index d30f4ce..0000000 --- a/templates/laptop/powertop.j2 +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Powertop tunings - -[Service] -ExecStart=/usr/bin/powertop --auto-tune -RemainAfterExit=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/laptop/udev.j2 b/templates/laptop/udev.j2 deleted file mode 100644 index e9a40ab..0000000 --- a/templates/laptop/udev.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# Remove NVIDIA VGA/3D controller devices -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1" diff --git a/vars/laptop.yml b/vars/laptop.yml index 3bf6e7d..fa0e5b9 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -1,6 +1,9 @@ platform_packages: - iwd - - powertop + - nvidia + - nvidia-prime + - nvidia-utils + - lib32-nvidia-utils vpn_ip: '10.0.0.2' vpn_subnet: '24' From cf061d3779dbdbf591dca63c7e8a2f372fb82b28 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 16 Jul 2024 11:08:02 +0200 Subject: [PATCH 040/131] Set default git mergetool --- templates/gitconfig.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 3c1e9d9..8391d19 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -8,3 +8,6 @@ editor = nvim [pull] rebase = false + +[merge] +tool = nvimdiff From 7c4dd0d3c2e1a483978577445ffad14e548ab769 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 3 Aug 2024 21:03:07 +0200 Subject: [PATCH 041/131] Add media vpn setup --- .../wireguard/{ => default}/desktop.key | 0 .../wireguard/{ => default}/desktop.pub | 0 .../wireguard/{ => default}/preshared.psk | 0 files/desktop/wireguard/media/desktop.key | 7 ++ files/desktop/wireguard/media/desktop.pub | 1 + files/desktop/wireguard/media/preshared.psk | 7 ++ .../laptop/wireguard/{ => default}/laptop.key | 0 .../laptop/wireguard/{ => default}/laptop.pub | 0 .../wireguard/{ => default}/preshared.psk | 0 files/laptop/wireguard/media/laptop.key | 7 ++ files/laptop/wireguard/media/laptop.pub | 1 + files/laptop/wireguard/media/preshared.psk | 7 ++ playbook.yml | 1 - tasks/network.yml | 41 ++++++++-- templates/desktop/network/wg0.netdev.j2 | 10 ++- templates/desktop/network/wg0.network.j2 | 6 +- templates/desktop/network/wg1.netdev.j2 | 24 ++++++ templates/desktop/network/wg1.network.j2 | 7 ++ templates/laptop/network/wg0.netdev.j2 | 10 ++- templates/laptop/network/wg0.network.j2 | 6 +- templates/laptop/network/wg1.netdev.j2 | 24 ++++++ templates/laptop/network/wg1.network.j2 | 7 ++ vars/desktop.yml | 81 ++++++++++++++----- vars/laptop.yml | 74 ++++++++++++----- vars/vpn.yml | 2 - 25 files changed, 257 insertions(+), 66 deletions(-) rename files/desktop/wireguard/{ => default}/desktop.key (100%) rename files/desktop/wireguard/{ => default}/desktop.pub (100%) rename files/desktop/wireguard/{ => default}/preshared.psk (100%) create mode 100644 files/desktop/wireguard/media/desktop.key create mode 100644 files/desktop/wireguard/media/desktop.pub create mode 100644 files/desktop/wireguard/media/preshared.psk rename files/laptop/wireguard/{ => default}/laptop.key (100%) rename files/laptop/wireguard/{ => default}/laptop.pub (100%) rename files/laptop/wireguard/{ => default}/preshared.psk (100%) create mode 100644 files/laptop/wireguard/media/laptop.key create mode 100644 files/laptop/wireguard/media/laptop.pub create mode 100644 files/laptop/wireguard/media/preshared.psk create mode 100644 templates/desktop/network/wg1.netdev.j2 create mode 100644 templates/desktop/network/wg1.network.j2 create mode 100644 templates/laptop/network/wg1.netdev.j2 create mode 100644 templates/laptop/network/wg1.network.j2 delete mode 100644 vars/vpn.yml diff --git a/files/desktop/wireguard/desktop.key b/files/desktop/wireguard/default/desktop.key similarity index 100% rename from files/desktop/wireguard/desktop.key rename to files/desktop/wireguard/default/desktop.key diff --git a/files/desktop/wireguard/desktop.pub b/files/desktop/wireguard/default/desktop.pub similarity index 100% rename from files/desktop/wireguard/desktop.pub rename to files/desktop/wireguard/default/desktop.pub diff --git a/files/desktop/wireguard/preshared.psk b/files/desktop/wireguard/default/preshared.psk similarity index 100% rename from files/desktop/wireguard/preshared.psk rename to files/desktop/wireguard/default/preshared.psk diff --git a/files/desktop/wireguard/media/desktop.key b/files/desktop/wireguard/media/desktop.key new file mode 100644 index 0000000..8782234 --- /dev/null +++ b/files/desktop/wireguard/media/desktop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62383364643761623739623632633261343735343465336235386336333234656631363432623535 +6562623634363937356137616131396264633161363461340a343432363362346664646161656563 +35623334326238326135646261666330666531633831656564396139666261623937626338386632 +3233333039623039640a383931633539363238326164643365316236326435643537303866373835 +66393465663364303134376566623736636664353031336537663036636462613766343739336331 +6438643538326533313433616438386165626537373162393430 diff --git a/files/desktop/wireguard/media/desktop.pub b/files/desktop/wireguard/media/desktop.pub new file mode 100644 index 0000000..640bf96 --- /dev/null +++ b/files/desktop/wireguard/media/desktop.pub @@ -0,0 +1 @@ +YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/desktop/wireguard/media/preshared.psk b/files/desktop/wireguard/media/preshared.psk new file mode 100644 index 0000000..8e41aac --- /dev/null +++ b/files/desktop/wireguard/media/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303432393930626266313563613636343439623631633163656532363631313039386231623936 +3336636666626237316532346230303961323263613161320a383436636634376162353863386161 +36663064366461333335613633316630633335666335613464333863656536623230383262623733 +3065363835666231630a616362333233643637613762313437626366363365313831363661313336 +66373966656534646462653833343935623466613662333932666666366430663061366261396330 +3064636536643933613738356461313135363033633366396130 diff --git a/files/laptop/wireguard/laptop.key b/files/laptop/wireguard/default/laptop.key similarity index 100% rename from files/laptop/wireguard/laptop.key rename to files/laptop/wireguard/default/laptop.key diff --git a/files/laptop/wireguard/laptop.pub b/files/laptop/wireguard/default/laptop.pub similarity index 100% rename from files/laptop/wireguard/laptop.pub rename to files/laptop/wireguard/default/laptop.pub diff --git a/files/laptop/wireguard/preshared.psk b/files/laptop/wireguard/default/preshared.psk similarity index 100% rename from files/laptop/wireguard/preshared.psk rename to files/laptop/wireguard/default/preshared.psk diff --git a/files/laptop/wireguard/media/laptop.key b/files/laptop/wireguard/media/laptop.key new file mode 100644 index 0000000..939f255 --- /dev/null +++ b/files/laptop/wireguard/media/laptop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64663539393065396333623165623833636539633932306437363365656532343565643866616532 +6562373233633237623761376234336331373637393431380a386261306438393837633037383464 +64623965376138313665393239346138383230383565626264393635303835396537663865313237 +6431313635333030390a646466303961663932353830366235643762393039396531316465333837 +61613264356263616332633334386532303761353536663033373639626634396164623335626566 +3632373266313435646338343738656663356635623138623939 diff --git a/files/laptop/wireguard/media/laptop.pub b/files/laptop/wireguard/media/laptop.pub new file mode 100644 index 0000000..aec0b05 --- /dev/null +++ b/files/laptop/wireguard/media/laptop.pub @@ -0,0 +1 @@ +hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/laptop/wireguard/media/preshared.psk b/files/laptop/wireguard/media/preshared.psk new file mode 100644 index 0000000..ca1d895 --- /dev/null +++ b/files/laptop/wireguard/media/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +63643763346434313734663761386539393032613366626230373862643431613963633664353264 +6466616235653963643861643439633537656439363735330a366439356537386662353431643163 +33363830646433336366353363623835373639383663633837313030393162643931353331633133 +6534363438303261320a333364313534336465616336386337383935353631646361623866326232 +64373139636633393236303335396138326638333635663839663734346463303739646431353437 +3838653361383663633632363862306565643531353066623336 diff --git a/playbook.yml b/playbook.yml index 4c280b9..58b39da 100644 --- a/playbook.yml +++ b/playbook.yml @@ -28,5 +28,4 @@ vars_files: - 'vars/main.yml' - 'vars/gpg.yml' - - 'vars/vpn.yml' - 'vars/mpd.yml' diff --git a/tasks/network.yml b/tasks/network.yml index 9cda432..c03e12e 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -12,8 +12,10 @@ mode: '0644' state: directory loop: - - '{{ vpn_private_key_path }}' - - '{{ vpn_public_key_path }}' + - '{{ vpn_default.private_key_path }}' + - '{{ vpn_default.public_key_path }}' + - '{{ vpn_media.private_key_path }}' + - '{{ vpn_media.public_key_path }}' - name: copy wireguard credentials become: true @@ -25,12 +27,20 @@ mode: '0640' loop: - { - dest: '{{ vpn_public_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.pub', + dest: '{{ vpn_default.public_key_path }}', + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub', } - { - dest: '{{ vpn_private_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.key', + dest: '{{ vpn_default.private_key_path }}', + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key', + } + - { + dest: '{{ vpn_media.public_key_path }}', + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub', + } + - { + dest: '{{ vpn_media.private_key_path }}', + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key', } - name: copy wireguard preshared keys @@ -41,7 +51,7 @@ owner: root group: systemd-network mode: '0640' - loop: '{{ vpn_peers }}' + loop: '{{ vpn_default.peers + vpn_media.peers }}' - block: - name: setup desktop network configuration @@ -65,6 +75,15 @@ src: 'templates/desktop/network/wg0.netdev.j2', dest: '/etc/systemd/network/40-wg0.netdev', } + - { + src: 'templates/desktop/network/wg1.network.j2', + dest: '/etc/systemd/network/40-wg1.network', + } + - { + src: 'templates/desktop/network/wg1.netdev.j2', + dest: '/etc/systemd/network/40-wg1.netdev', + } + - name: remove leftover configuration files become: true file: @@ -101,6 +120,14 @@ src: 'templates/laptop/network/wg0.netdev.j2', dest: '/etc/systemd/network/40-wg0.netdev', } + - { + src: 'templates/laptop/network/wg1.network.j2', + dest: '/etc/systemd/network/40-wg1.network', + } + - { + src: 'templates/laptop/network/wg1.netdev.j2', + dest: '/etc/systemd/network/40-wg1.netdev', + } - name: remove leftover configuration files become: true diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 2397e90..788c88f 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,13 +1,15 @@ +# {{ ansible_managed }} + [NetDev] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} +Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] # PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} +PrivateKey={{ vpn_default.private_key }} -{% for peer in vpn_peers %} +{% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} # PresharedKeyFile option does not seem to work, perhaps a bug? diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 4a5a6e2..4dbb494 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -1,5 +1,7 @@ +# {{ ansible_managed }} + [Match] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} [Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 new file mode 100644 index 0000000..1917cb6 --- /dev/null +++ b/templates/desktop/network/wg1.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ vpn_media.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_media.interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_media.private_key }} + +{% for peer in vpn_media.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 new file mode 100644 index 0000000..3f8e7a1 --- /dev/null +++ b/templates/desktop/network/wg1.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +Name={{ vpn_media.interface }} + +[Network] +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index 2397e90..788c88f 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -1,13 +1,15 @@ +# {{ ansible_managed }} + [NetDev] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} +Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] # PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} +PrivateKey={{ vpn_default.private_key }} -{% for peer in vpn_peers %} +{% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} # PresharedKeyFile option does not seem to work, perhaps a bug? diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 4a5a6e2..4dbb494 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -1,5 +1,7 @@ +# {{ ansible_managed }} + [Match] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} [Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 new file mode 100644 index 0000000..1917cb6 --- /dev/null +++ b/templates/laptop/network/wg1.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ vpn_media.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_media.interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_media.private_key }} + +{% for peer in vpn_media.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 new file mode 100644 index 0000000..3f8e7a1 --- /dev/null +++ b/templates/laptop/network/wg1.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +Name={{ vpn_media.interface }} + +[Network] +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} diff --git a/vars/desktop.yml b/vars/desktop.yml index 5ef0d4a..c79fa20 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -1,27 +1,64 @@ platform_packages: [] -vpn_ip: '10.0.0.3' -vpn_subnet: '24' +vpn_default: + ip: '10.0.0.3' + subnet: '24' + interface: 'wg0' -vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' + public_key_path: '/etc/wireguard/keys/public/default/desktop.pub' + private_key_path: '/etc/wireguard/keys/private/default/desktop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65386334366166306164363464633364383935313739373730373139663139373964336665636264 + 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 + 63366239333230663531306333383962353937353736663336343434663633303232386531353832 + 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 + 62303035386634636333353664373231633434656538303866386262353139363439363435346637 + 6637363334623133376134306165626564343864633032613763 -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386334366166306164363464633364383935313739373730373139663139373964336665636264 - 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 - 63366239333230663531306333383962353937353736663336343434663633303232386531353832 - 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 - 62303035386634636333353664373231633434656538303866386262353139363439363435346637 - 6637363334623133376134306165626564343864633032613763 + peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: 'fudiggity.nl:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', + preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", + } -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", - } +vpn_media: + ip: '10.0.1.3' + subnet: '24' + interface: 'wg1' + + public_key_path: '/etc/wireguard/keys/public/media/desktop.pub' + private_key_path: '/etc/wireguard/keys/private/media/desktop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62396362373339306463343330346431613538383236663666386135383864303835616161336662 + 6633313937313261313033323361383866313639643733650a363730393538623463313362343133 + 34643530303832393530666239636263353435353031316166366638666132323034313662653334 + 3238313161363632380a356464626364656465616231346463366632386635353861303934653036 + 34363436616334386463353463303537346234346666366631333634393733613164636466633137 + 3265386536663664626236343062336662373638656435303966 + + peers: + - { + name: 'zeus-media', + allowd_ips: '10.0.1.1/32', + endpoint: 'fudiggity.nl:51903', + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', + preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', + preshared_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30613935653234316531633935306432343432343266346236383330393030346337313765346333 + 6366303237376564346131623662323066316435613737610a303439333438656663626334313134 + 32623138656664336462643835386435326536313734333535336534656565393934356438313062 + 3561656264663365390a303239613536393539636464656466373531623664633637663937333438 + 65663837353931373436613964633139396531653834386364383666336361376435383965643061 + 6233633761343562386534316336613062626236313833643066, + } diff --git a/vars/laptop.yml b/vars/laptop.yml index fa0e5b9..98d1d88 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -5,28 +5,58 @@ platform_packages: - nvidia-utils - lib32-nvidia-utils -vpn_ip: '10.0.0.2' -vpn_subnet: '24' +vpn_default: + ip: '10.0.0.2' + subnet: '24' + interface: 'wg0' -vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' + public_key_path: '/etc/wireguard/keys/public/default/laptop.pub' + private_key_path: '/etc/wireguard/keys/private/default/laptop.key' -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36393066313764386361376662376266623331313765373666616334356362656332653838346330 - 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 - 61616165376631353433353463313532643564343664346335363835306430386364303635343432 - 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 - 33656632343262373463306438333764393031623666393161356539636663346331613539396637 - 3631363333623539636561366436613861363932323966666238 + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36393066313764386361376662376266623331313765373666616334356362656332653838346330 + 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 + 61616165376631353433353463313532643564343664346335363835306430386364303635343432 + 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 + 33656632343262373463306438333764393031623666393161356539636663346331613539396637 + 3631363333623539636561366436613861363932323966666238 -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", - } + peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: 'fudiggity.nl:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", + } + +vpn_media: + ip: '10.0.1.2' + subnet: '24' + interface: 'wg1' + + public_key_path: '/etc/wireguard/keys/public/media/laptop.pub' + private_key_path: '/etc/wireguard/keys/private/media/laptop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38343933313031343230346232633837346332656163303561323038643935343638333231633032 + 3035633565326130363666393631616333653638386564360a373863366364353632383031316561 + 35306566623237613565653465316566336439613064653934316536333062366163383435313366 + 6130633630376639330a366230386435643736353664623435316334666639653836393531623463 + 30336435613761616132656138303263396263336564323865356538353661366439333538343961 + 6164353934636536333433326332383830353034343437646563 + + peers: + - { + name: 'zeus-media', + allowd_ips: '10.0.1.1/32', + endpoint: 'fudiggity.nl:51903', + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', + preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n666536333463333939313365343734313533633132396662336665643462336164373034666265623061373463396462333162323666323565636265663861310a623766653463613036663530653763376638643566323439636236656239663064646135323337333365653039343836303935316335383831643764663366360a656639303535666430643838343465356530633162383336663633346433346465376236366265656335636438323133643064356462313166323633623634323836363032626463376239373330356533336537633139643461316235366534" + } diff --git a/vars/vpn.yml b/vars/vpn.yml deleted file mode 100644 index 194c351..0000000 --- a/vars/vpn.yml +++ /dev/null @@ -1,2 +0,0 @@ -vpn_interface: 'wg0' -vpn_protocol: 'udp' From 87cb122f82d6c38d9c550807dfcc7e6d868e0260 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 5 Aug 2024 09:43:08 +0200 Subject: [PATCH 042/131] Fix ansible vault tag --- vars/desktop.yml | 9 +-------- vars/main.yml | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/vars/desktop.yml b/vars/desktop.yml index c79fa20..66792c9 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -53,12 +53,5 @@ vpn_media: public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', - preshared_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30613935653234316531633935306432343432343266346236383330393030346337313765346333 - 6366303237376564346131623662323066316435613737610a303439333438656663626334313134 - 32623138656664336462643835386435326536313734333535336534656565393934356438313062 - 3561656264663365390a303239613536393539636464656466373531623664633637663937333438 - 65663837353931373436613964633139396531653834386364383666336361376435383965643061 - 6233633761343562386534316336613062626236313833643066, + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n306139356532343165316339353064323434323432663462363833303930303463373137653463336366303237376564346131623662323066316435613737610a303439333438656663626334313134326231386566643364626438353864353265363137343335353365346565653939343564383130623561656264663365390a303239613536393539636464656466373531623664633637663937333438656638373539313734366139646331393965316538343863643836663363613764353839656430616233633761343562386534316336613062626236313833643066", } diff --git a/vars/main.yml b/vars/main.yml index bdd9a05..547dbde 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -14,7 +14,7 @@ packages: - postgresql - plasma-meta - syncthing - - alacritty # TODO: add configuration file + - alacritty - tmux - unrar - vim From 383b835101d0abdcaea4d3be3adfe9b1c48b9ae7 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 6 Aug 2024 10:19:33 +0200 Subject: [PATCH 043/131] Don't overwrite syncthing config see https://docs.syncthing.net/users/config.html#config-file-format --- tasks/syncthing.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index 5f9b44c..5e9b5bc 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -3,9 +3,12 @@ path: '{{ xdg_config_dir }}/syncthing' state: directory +# Syncthing config files should not be overwritten, +# see https://docs.syncthing.net/users/config.html#config-file-format - name: copy configuration file template: src: 'templates/{{ platform }}/syncthing.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' mode: '0600' + force: false notify: restart syncthing From 92b32cdd96b08bfec168042f4da72db1bedb3e4b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 23 Aug 2024 07:06:44 +0200 Subject: [PATCH 044/131] Update mpv settings --- templates/mpv/config.j2 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index 141c56d..3b24de0 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -4,7 +4,5 @@ gpu-api=opengl vo=gpu hwdec=vaapi -ytdl-format=best - -audio-samplerate=96000 +audio-samplerate=128000 audio-format=s64 From de93805323b9a64bd53cfee9dd1df9c2546a8ab6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 23 Aug 2024 07:10:19 +0200 Subject: [PATCH 045/131] Update mpd settings --- templates/mpd/mpd.conf.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 index 8f9b5a8..92db4da 100644 --- a/templates/mpd/mpd.conf.j2 +++ b/templates/mpd/mpd.conf.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# bind_to_address "{{ mpd_listen_address }}" port "{{ mpd_listen_port }}" @@ -14,7 +16,7 @@ audio_output { name "mpd" replay_gain_handler "software" mixer_type "hardware" - format "96000:24:1" + format "128000:24:2" } input { From ceaec45f543c0cc96fb768e938886fe189f541f0 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 23 Aug 2024 07:10:35 +0200 Subject: [PATCH 046/131] Update templates --- templates/alacritty.j2 | 2 ++ templates/gitconfig.j2 | 2 ++ templates/mpd/ncmpc.j2 | 2 ++ templates/mpd/service.j2 | 3 +++ templates/mpd/socket.j2 | 3 +++ templates/mpv/config.j2 | 2 ++ templates/mpv/input.j2 | 2 ++ templates/pacman.j2 | 2 ++ templates/reflector.j2 | 2 ++ templates/ssh-agent.j2 | 2 ++ templates/timer/daily_target.j2 | 3 +++ templates/timer/daily_timer.j2 | 2 ++ templates/timer/weekly_target.j2 | 2 ++ templates/timer/weekly_timer.j2 | 2 ++ templates/tmux.j2 | 2 ++ 15 files changed, 33 insertions(+) diff --git a/templates/alacritty.j2 b/templates/alacritty.j2 index 8e14692..d8217d2 100644 --- a/templates/alacritty.j2 +++ b/templates/alacritty.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# import = [ "{{ xdg_config_dir }}/alacritty/include.toml" ] [selection] diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 8391d19..0457357 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# [user] email = sonny871@hotmail.com name = Sonny Bakker diff --git a/templates/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 index 449f49e..2b02e99 100644 --- a/templates/mpd/ncmpc.j2 +++ b/templates/mpd/ncmpc.j2 @@ -1,3 +1,5 @@ +## {{ ansible_managed }} +# ## ## Configuration file for ncmpc (~/.config/ncmpc/config) ## diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2 index 985c13f..54d1304 100644 --- a/templates/mpd/service.j2 +++ b/templates/mpd/service.j2 @@ -1,3 +1,6 @@ +# {{ ansible_managed }} +# + [Unit] Description=Music Player Daemon Documentation=man:mpd(1) man:mpd.conf(5) diff --git a/templates/mpd/socket.j2 b/templates/mpd/socket.j2 index d479add..f6c6d2f 100644 --- a/templates/mpd/socket.j2 +++ b/templates/mpd/socket.j2 @@ -1,3 +1,6 @@ +# {{ ansible_managed }} +# + [Socket] ListenStream=/run/user/1000/mpd.socket ListenStream={{ mpd_listen_port }} diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index 3b24de0..fe1d4a6 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# volume=100 sub-auto=fuzzy gpu-api=opengl diff --git a/templates/mpv/input.j2 b/templates/mpv/input.j2 index b2cfeb4..d5252d8 100644 --- a/templates/mpv/input.j2 +++ b/templates/mpv/input.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# ## Seek units are in seconds, but note that these are limited by keyframes RIGHT seek 5 LEFT seek -5 diff --git a/templates/pacman.j2 b/templates/pacman.j2 index a77bbeb..eec494e 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# # /etc/pacman.conf # # Add environment specific settings in /etc/pacman.d/extra.conf diff --git a/templates/reflector.j2 b/templates/reflector.j2 index 97b701b..6d6eb4d 100644 --- a/templates/reflector.j2 +++ b/templates/reflector.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# # Reflector configuration file for the systemd service. # # Empty lines and lines beginning with "#" are ignored. All other lines should diff --git a/templates/ssh-agent.j2 b/templates/ssh-agent.j2 index 9428410..d625c48 100644 --- a/templates/ssh-agent.j2 +++ b/templates/ssh-agent.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# [Unit] Description=SSH key agent diff --git a/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 index c1eb670..e562de4 100644 --- a/templates/timer/daily_target.j2 +++ b/templates/timer/daily_target.j2 @@ -1,3 +1,6 @@ +# {{ ansible_managed }} +# +# # Add the following to your service unit to make use of this target: # Wants=daily.target # diff --git a/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 index 08ebc1a..4290470 100644 --- a/templates/timer/daily_timer.j2 +++ b/templates/timer/daily_timer.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# [Unit] Description=Timer which runs all services on a daily basis inside the daily.target.wants directory diff --git a/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 index 606a319..88109e6 100644 --- a/templates/timer/weekly_target.j2 +++ b/templates/timer/weekly_target.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# # Add the following to your service unit to make use of this target: # Wants=weekly.target # diff --git a/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 index 2a5ad77..00117a1 100644 --- a/templates/timer/weekly_timer.j2 +++ b/templates/timer/weekly_timer.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# [Unit] Description=Timer which runs all services on a weekly basis inside the weekly.target.wants directory diff --git a/templates/tmux.j2 b/templates/tmux.j2 index 0b1f6dd..1c035a1 100644 --- a/templates/tmux.j2 +++ b/templates/tmux.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} +# [Unit] Description=Tmux startup script From 76f102b21d3f0de4aaa3157906b7a7eb6b214132 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 30 Aug 2024 12:58:29 +0200 Subject: [PATCH 047/131] Add wezterm setup --- tasks/setup.yml | 27 +++++++++-- templates/alacritty.j2 | 62 ------------------------ templates/wezterm/includes/colors.lua.j2 | 10 ++++ templates/wezterm/includes/fonts.lua.j2 | 14 ++++++ templates/wezterm/includes/window.lua.j2 | 17 +++++++ templates/wezterm/wezterm.lua.j2 | 22 +++++++++ vars/main.yml | 3 +- 7 files changed, 87 insertions(+), 68 deletions(-) delete mode 100644 templates/alacritty.j2 create mode 100644 templates/wezterm/includes/colors.lua.j2 create mode 100644 templates/wezterm/includes/fonts.lua.j2 create mode 100644 templates/wezterm/includes/window.lua.j2 create mode 100644 templates/wezterm/wezterm.lua.j2 diff --git a/tasks/setup.yml b/tasks/setup.yml index 9a2b399..101a7e9 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -33,15 +33,32 @@ state: touch mode: '0644' -- name: create alacritty configuration dir +- name: create wezterm configuration dir file: - path: '{{ xdg_config_dir }}/alacritty' + path: '{{ xdg_config_dir }}/wezterm/includes' state: directory -- name: copy alacritty configuration +- name: copy wezterm configuration files template: - dest: '{{ xdg_config_dir }}/alacritty/alacritty.toml' - src: 'templates/alacritty.j2' + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/wezterm/wezterm.lua.j2', + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + } + - { + src: 'templates/wezterm/includes/colors.lua.j2', + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + } + - { + src: 'templates/wezterm/includes/fonts.lua.j2', + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + } + - { + src: 'templates/wezterm/includes/window.lua.j2', + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + } - name: enable fstrim timer become: true diff --git a/templates/alacritty.j2 b/templates/alacritty.j2 deleted file mode 100644 index d8217d2..0000000 --- a/templates/alacritty.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# {{ ansible_managed }} -# -import = [ "{{ xdg_config_dir }}/alacritty/include.toml" ] - -[selection] -save_to_clipboard = true - -[keyboard] -bindings = [{ key = "N", mods = "Control | Shift", action = "SpawnNewInstance" },] - -[font] -normal = { family = "monospace", style = "Regular" } - -[colors] - [colors.primary] - # Terminal stying - # Defaults - # foreground = "#d8d8d8" - # background = "#181818" - - foreground = "#000000" - background = "#ffffff" - - [colors.normal] - # Defaults - # black = "#181818" - # red = "#ac4242" - # green = "#90a959" - # yellow = "#f4bf75" - # blue = "#6a9fb5" - # magenta = "#aa759f" - # cyan = "#75b5aa" - # white = "#d8d8d8" - - black = "#353535" - red = "#e84f4f" - green = "#77d62f" - yellow = "#e1aa5d" - blue = "#7dc1cf" - magenta = "#9b64fb" - cyan = "#6d878d" - white = "#dddddd" - - [colors.dim] - # Defaults - # black = "#0f0f0f" - # red = "#712b2b" - # green = "#5f6f3a" - # yellow = "#a17e4d" - # blue = "#456877" - # magenta = "#704d68" - # cyan = "#4d7770" - # white = "#8e8e8e" - - black = "#0f0f0f" - red = "#712b2b" - green = "#5f6f3a" - yellow = "#a17e4d" - blue = "#456877" - magenta = "#704d68" - cyan = "#4d7770" - white = "#8e8e8e" diff --git a/templates/wezterm/includes/colors.lua.j2 b/templates/wezterm/includes/colors.lua.j2 new file mode 100644 index 0000000..b8cd344 --- /dev/null +++ b/templates/wezterm/includes/colors.lua.j2 @@ -0,0 +1,10 @@ +-- {{ ansible_managed }} + +return { + colors = { + -- The default text color + foreground = 'black', + -- The default background color + background = 'white' + } +} diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 new file mode 100644 index 0000000..3394be8 --- /dev/null +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -0,0 +1,14 @@ +-- {{ ansible_managed }} + +local wezterm = require 'wezterm'; + +return { + font = wezterm.font( + 'MonaspiceNe Nerd Font Mono', + { weight = 'Regular', stretch = 'Normal', style = 'Normal' } + ), + + font_size = 11, + freetype_load_target = 'Light', + freetype_render_target = 'HorizontalLcd' +} diff --git a/templates/wezterm/includes/window.lua.j2 b/templates/wezterm/includes/window.lua.j2 new file mode 100644 index 0000000..392724a --- /dev/null +++ b/templates/wezterm/includes/window.lua.j2 @@ -0,0 +1,17 @@ +-- {{ ansible_managed }} + +return { + -- disable the tabbar + enable_tab_bar = false, + + -- window size + initial_cols = 145, + initial_rows = 35, + + window_padding = { + left = 0, + right = 0, + top = 0, + bottom = 0, + } +} diff --git a/templates/wezterm/wezterm.lua.j2 b/templates/wezterm/wezterm.lua.j2 new file mode 100644 index 0000000..557bebb --- /dev/null +++ b/templates/wezterm/wezterm.lua.j2 @@ -0,0 +1,22 @@ +-- {{ ansible_managed }} + +local wezterm = require 'wezterm'; +local config = wezterm.config_builder(); + +config.term = 'wezterm'; + +local modules = { + 'colors', + 'fonts', + 'window', +} + +for _, module_name in pairs(modules) do + local module_path = string.format('includes.%s', module_name) + local module = require(module_path) + for key, value in pairs(module) do + config[key] = value; + end +end + +return config diff --git a/vars/main.yml b/vars/main.yml index 547dbde..daecfe9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -14,7 +14,7 @@ packages: - postgresql - plasma-meta - syncthing - - alacritty + - wezterm - tmux - unrar - vim @@ -29,5 +29,6 @@ packages: - pipewire-pulse - pipewire-alsa - wireguard-tools + - otf-monaspace-nerd platform_packages: [] From 36a549de5713ae606bd5eb95c87bce47888ce391 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 30 Aug 2024 16:51:51 +0200 Subject: [PATCH 048/131] Add coding lignatures settings --- templates/wezterm/includes/fonts.lua.j2 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 index 3394be8..1f1974c 100644 --- a/templates/wezterm/includes/fonts.lua.j2 +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -10,5 +10,17 @@ return { font_size = 11, freetype_load_target = 'Light', - freetype_render_target = 'HorizontalLcd' + freetype_render_target = 'HorizontalLcd', + harfbuzz_features = { + 'calt', -- texture healing + 'ss01', + 'ss02', + 'ss03', + 'ss04', + 'ss05', + 'ss06', + 'ss07', + 'ss08', + 'liga' + } } From 6e88c23a9d1b1701698337ccf1df8a2288dfa86c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 1 Sep 2024 20:33:03 +0200 Subject: [PATCH 049/131] Follow system theme colorscheme --- templates/wezterm/includes/colors.lua.j2 | 37 ++++++++++++++++++++---- 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/templates/wezterm/includes/colors.lua.j2 b/templates/wezterm/includes/colors.lua.j2 index b8cd344..46a1194 100644 --- a/templates/wezterm/includes/colors.lua.j2 +++ b/templates/wezterm/includes/colors.lua.j2 @@ -1,10 +1,35 @@ -- {{ ansible_managed }} +local wezterm = require 'wezterm' + +-- wezterm.gui is not available to the mux server, so take care to +-- do something reasonable when this config is evaluated by the mux +local function get_appearance() + if wezterm.gui then + return wezterm.gui.get_appearance() + end + return 'Dark' +end + +local function scheme_for_appearance(appearance) + if appearance:find 'Dark' then + return 'Dark' + else + return 'Light' + end +end + return { - colors = { - -- The default text color - foreground = 'black', - -- The default background color - background = 'white' - } + color_schemes = { + ['Dark'] = { + background = 'rgb(41, 46, 50)', + foreground = 'white' + }, + ['Light'] = { + background = 'white', + foreground = 'black' + }, + }, + + color_scheme = scheme_for_appearance(get_appearance()), } From a5ed57f910953355a3bb4008e91e4545ef9e2e22 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 4 Sep 2024 09:18:01 +0200 Subject: [PATCH 050/131] Add desktop sysctl/modprobe config files --- handlers.yml | 4 ++ tasks/setup.yml | 53 +++++++++++++++++++- templates/desktop/modprobe/99-amdgpu.conf.j2 | 5 ++ templates/desktop/sysctl/98-forward.conf.j2 | 2 + templates/desktop/sysctl/99-sysrq.conf.j2 | 2 + 5 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 templates/desktop/modprobe/99-amdgpu.conf.j2 create mode 100644 templates/desktop/sysctl/98-forward.conf.j2 create mode 100644 templates/desktop/sysctl/99-sysrq.conf.j2 diff --git a/handlers.yml b/handlers.yml index 38cfd5a..8bd8efe 100644 --- a/handlers.yml +++ b/handlers.yml @@ -85,3 +85,7 @@ enabled: true scope: user daemon-reload: true + +- name: reload sysctl configuration + become: true + command: 'sysctl --system' diff --git a/tasks/setup.yml b/tasks/setup.yml index 101a7e9..c133d37 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -66,6 +66,57 @@ name: fstrim.timer enabled: true +- block: + - name: remove the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: absent + - name: recreate the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: directory + mode: 755 + - name: copy sysctl files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/desktop/sysctl/99-sysrq.conf.j2', + dest: '/etc/sysctl.d/99-sysrq.conf' + } + - { + src: 'templates/desktop/sysctl/98-forward.conf.j2', + dest: '/etc/sysctl.d/98-foward.conf' + } + notify: reload sysctl configuration + + - name: remove the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: absent + - name: recreate the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: directory + mode: 755 + - name: copy modprobe files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', + dest: '/etc/modprobe.d/99-amdgpu.conf' + } + when: platform == 'desktop' + # TODO: set fan settings to `quiet` with smbios-thermal-ctl - name: remove old configuration files @@ -82,4 +133,4 @@ state: absent owner: root group: root - when: platform == "laptop" + when: platform == 'laptop' diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2 new file mode 100644 index 0000000..2ef56d7 --- /dev/null +++ b/templates/desktop/modprobe/99-amdgpu.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +# disable Panel Self Refresh for 6.10 +# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514 +options amdgpu dcdebugmask=0x12 diff --git a/templates/desktop/sysctl/98-forward.conf.j2 b/templates/desktop/sysctl/98-forward.conf.j2 new file mode 100644 index 0000000..16f90a8 --- /dev/null +++ b/templates/desktop/sysctl/98-forward.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +net.ipv4.ip_forward = 1 diff --git a/templates/desktop/sysctl/99-sysrq.conf.j2 b/templates/desktop/sysctl/99-sysrq.conf.j2 new file mode 100644 index 0000000..a4c7283 --- /dev/null +++ b/templates/desktop/sysctl/99-sysrq.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +kernel.sysrq = 1 From 5d91c4196d2c03c7a28d7970f9187bed3e7146a7 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 4 Sep 2024 10:54:50 +0200 Subject: [PATCH 051/131] Setup desktop initramfs configuration --- playbook.yml | 4 + tasks/setup-desktop.yml | 111 ++++++++++++++++++ tasks/setup-laptop.yml | 18 +++ tasks/setup.yml | 69 ----------- .../desktop/mkinitcpio/99-modules.conf.j2 | 3 + .../desktop/mkinitcpio/linux-lts.preset.j2 | 9 ++ templates/desktop/mkinitcpio/linux.preset.j2 | 9 ++ 7 files changed, 154 insertions(+), 69 deletions(-) create mode 100644 tasks/setup-desktop.yml create mode 100644 tasks/setup-laptop.yml create mode 100644 templates/desktop/mkinitcpio/99-modules.conf.j2 create mode 100644 templates/desktop/mkinitcpio/linux-lts.preset.j2 create mode 100644 templates/desktop/mkinitcpio/linux.preset.j2 diff --git a/playbook.yml b/playbook.yml index 58b39da..dc93465 100644 --- a/playbook.yml +++ b/playbook.yml @@ -15,6 +15,10 @@ - common tasks: - import_tasks: 'tasks/setup.yml' + - import_tasks: 'tasks/setup-desktop.yml' + when: platform == 'desktop' + - import_tasks: 'tasks/setup-laptop.yml' + when: platform == 'laptop' - import_tasks: 'tasks/network.yml' - import_tasks: 'tasks/systemd.yml' - import_tasks: 'tasks/git.yml' diff --git a/tasks/setup-desktop.yml b/tasks/setup-desktop.yml new file mode 100644 index 0000000..ea1607e --- /dev/null +++ b/tasks/setup-desktop.yml @@ -0,0 +1,111 @@ +- name: remove the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: absent + +- name: recreate the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: directory + mode: 755 + +- name: copy sysctl files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/desktop/sysctl/99-sysrq.conf.j2', + dest: '/etc/sysctl.d/99-sysrq.conf' + } + - { + src: 'templates/desktop/sysctl/98-forward.conf.j2', + dest: '/etc/sysctl.d/98-foward.conf' + } + notify: reload sysctl configuration + +- name: remove the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: absent + +- name: recreate the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: directory + mode: 755 + +- name: copy modprobe files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', + dest: '/etc/modprobe.d/99-amdgpu.conf' + } + +- name: remove the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: absent + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: recreate the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: directory + mode: 755 + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: copy mkinitcpio configuration files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/desktop/mkinitcpio/99-modules.conf.j2', + dest: '/etc/mkinitcpio.conf.d/99-amdgpu.conf' + } + - { + src: 'templates/desktop/mkinitcpio/linux.preset.j2', + dest: '/etc/mkinitcpio.d/linux.preset' + } + - { + src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2', + dest: '/etc/mkinitcpio.d/linux-lts.preset' + } + + +- name: remove old initramfs files + become: true + file: + path: '{{ item }}' + state: absent + loop: + - /boot/initramfs-linux-lts-fallback.img + - /boot/initramfs-linux-fallback.img + +- name: regenerate initramfs images + become: true + command: 'mkinitcpio --allpresets' + register: mkinitcpio_stats + +- name: log mkinitcpio stdout + debug: + var: mkinitcpio_stats.stdout_lines + +# TODO: provision systemd-boot diff --git a/tasks/setup-laptop.yml b/tasks/setup-laptop.yml new file mode 100644 index 0000000..69828e3 --- /dev/null +++ b/tasks/setup-laptop.yml @@ -0,0 +1,18 @@ +# TODO: set fan settings to `quiet` with smbios-thermal-ctl +# TODO: provision mkinitcpio +# TODO: provision modprobe +# TODO: provision sysctl? +# +- name: create udev rule + become: true + file: + path: '/etc/udev/rules.d/00-remove-nvidia.rules' + state: absent + +- name: blacklist kernel module + become: true + file: + path: '/etc/modprobe.d/blacklist-nouveau.conf' + state: absent + owner: root + group: root diff --git a/tasks/setup.yml b/tasks/setup.yml index c133d37..44f56a7 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -65,72 +65,3 @@ systemd: name: fstrim.timer enabled: true - -- block: - - name: remove the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: absent - - name: recreate the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: directory - mode: 755 - - name: copy sysctl files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/desktop/sysctl/99-sysrq.conf.j2', - dest: '/etc/sysctl.d/99-sysrq.conf' - } - - { - src: 'templates/desktop/sysctl/98-forward.conf.j2', - dest: '/etc/sysctl.d/98-foward.conf' - } - notify: reload sysctl configuration - - - name: remove the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: absent - - name: recreate the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: directory - mode: 755 - - name: copy modprobe files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', - dest: '/etc/modprobe.d/99-amdgpu.conf' - } - when: platform == 'desktop' - -# TODO: set fan settings to `quiet` with smbios-thermal-ctl - -- name: remove old configuration files - block: - - name: create udev rule - become: true - file: - path: '/etc/udev/rules.d/00-remove-nvidia.rules' - state: absent - - name: blacklist kernel module - become: true - file: - path: '/etc/modprobe.d/blacklist-nouveau.conf' - state: absent - owner: root - group: root - when: platform == 'laptop' diff --git a/templates/desktop/mkinitcpio/99-modules.conf.j2 b/templates/desktop/mkinitcpio/99-modules.conf.j2 new file mode 100644 index 0000000..82581fb --- /dev/null +++ b/templates/desktop/mkinitcpio/99-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(amdgpu) diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..175cda7 --- /dev/null +++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_config="/etc/mkinitcpio.conf" +default_image="/boot/initramfs-linux-lts.img" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..8aceb4a --- /dev/null +++ b/templates/desktop/mkinitcpio/linux.preset.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_config="/etc/mkinitcpio.conf" +default_image="/boot/initramfs-linux.img" +default_kver="/boot/vmlinuz-linux" From fec111584c32cdcfd5b17e4ff904cb8008f7f04f Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 8 Sep 2024 20:35:48 +0200 Subject: [PATCH 052/131] Setup uefi stubs with systemd-boot for laptop Directly booting the stubs currently does not seem to work either due to a buggy UEFI implementation or the embedded cmdline being overwritten, see https://www.reddit.com/r/archlinux/comments/up8h6l/comment/i8jkuf7/ --- tasks/setup-laptop.yml | 136 ++++++++++++++++-- templates/laptop/cmdline.j2 | 1 + templates/laptop/mkinitcpio/99-hooks.conf.j2 | 3 + .../laptop/mkinitcpio/99-modules.conf.j2 | 3 + .../laptop/mkinitcpio/linux-lts.preset.j2 | 8 ++ templates/laptop/mkinitcpio/linux.preset.j2 | 8 ++ templates/laptop/sysctl/98-forward.conf.j2 | 2 + templates/laptop/sysctl/99-sysrq.conf.j2 | 2 + vars/laptop.yml | 4 + 9 files changed, 157 insertions(+), 10 deletions(-) create mode 100644 templates/laptop/cmdline.j2 create mode 100644 templates/laptop/mkinitcpio/99-hooks.conf.j2 create mode 100644 templates/laptop/mkinitcpio/99-modules.conf.j2 create mode 100644 templates/laptop/mkinitcpio/linux-lts.preset.j2 create mode 100644 templates/laptop/mkinitcpio/linux.preset.j2 create mode 100644 templates/laptop/sysctl/98-forward.conf.j2 create mode 100644 templates/laptop/sysctl/99-sysrq.conf.j2 diff --git a/tasks/setup-laptop.yml b/tasks/setup-laptop.yml index 69828e3..bc74a32 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/setup-laptop.yml @@ -1,18 +1,134 @@ # TODO: set fan settings to `quiet` with smbios-thermal-ctl -# TODO: provision mkinitcpio -# TODO: provision modprobe -# TODO: provision sysctl? -# -- name: create udev rule + +- name: remove the sysctl.d directory become: true file: - path: '/etc/udev/rules.d/00-remove-nvidia.rules' + path: /etc/sysctl.d state: absent -- name: blacklist kernel module +- name: recreate the sysctl.d directory become: true file: - path: '/etc/modprobe.d/blacklist-nouveau.conf' + path: /etc/sysctl.d + state: directory + mode: 755 + +- name: copy sysctl files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/laptop/sysctl/99-sysrq.conf.j2', + dest: '/etc/sysctl.d/99-sysrq.conf' + } + - { + src: 'templates/laptop/sysctl/98-forward.conf.j2', + dest: '/etc/sysctl.d/98-foward.conf' + } + notify: reload sysctl configuration + +- name: remove the modprobe.d directory + become: true + file: + path: /etc/modprobe.d state: absent - owner: root - group: root + +- name: recreate the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: directory + mode: 755 + +- name: copy kernel parameters template + become: true + template: + src: 'templates/laptop/cmdline.j2' + dest: '/etc/kernel/cmdline' + +- name: remove the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: absent + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: recreate the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: directory + mode: 755 + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: copy mkinitcpio configuration files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/laptop/mkinitcpio/99-modules.conf.j2', + dest: '/etc/mkinitcpio.conf.d/99-modules.conf' + } + - { + src: 'templates/laptop/mkinitcpio/99-hooks.conf.j2', + dest: '/etc/mkinitcpio.conf.d/99-hooks.conf' + } + - { + src: 'templates/laptop/mkinitcpio/linux.preset.j2', + dest: '/etc/mkinitcpio.d/linux.preset' + } + - { + src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2', + dest: '/etc/mkinitcpio.d/linux-lts.preset' + } + +- name: regenerate initramfs images + become: true + command: 'mkinitcpio --allpresets' + register: mkinitcpio_stats + +- name: log mkinitcpio stdout + debug: + var: mkinitcpio_stats.stdout_lines + +- name: create a Linux UEFI boot entry + become: true + command: efibootmgr \ + --create \ + --disk /dev/nvme0n1 \ + --part 1 \ + --label 'Arch Linux' \ + --loader '\EFI\Linux\linux.efi'\ + --unicode + register: efi_linux_stats + when: register_uefi_entry + +- name: log efibootmgr stdout + debug: + var: efi_linux_stats.stdout_lines + when: register_uefi_entry + +- name: create a Linux LTS UEFI boot entry + become: true + command: efibootmgr \ + --create \ + --disk /dev/nvme0n1 \ + --part 1 \ + --label 'Arch Linux LTS' \ + --loader '\EFI\Linux\linux-lts.efi'\ + --unicode + register: efi_linux_lts_stats + when: register_uefi_entry + +- name: log efibootmgr LTS stdout + debug: + var: efi_linux_lts_stats.stdout_lines + when: register_uefi_entry diff --git a/templates/laptop/cmdline.j2 b/templates/laptop/cmdline.j2 new file mode 100644 index 0000000..a2aab0b --- /dev/null +++ b/templates/laptop/cmdline.j2 @@ -0,0 +1 @@ +cryptdevice=UUID=4483183a-4881-4bf6-b20c-3ba918642cc4:cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_aspm=nommconf i915.fastboot=1 enable_fbc=1 enable_psr=1 disable_power_well=0 acpi_rev_override=1 bgrt_disable diff --git a/templates/laptop/mkinitcpio/99-hooks.conf.j2 b/templates/laptop/mkinitcpio/99-hooks.conf.j2 new file mode 100644 index 0000000..ab81af5 --- /dev/null +++ b/templates/laptop/mkinitcpio/99-hooks.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 resume filesystems fsck) diff --git a/templates/laptop/mkinitcpio/99-modules.conf.j2 b/templates/laptop/mkinitcpio/99-modules.conf.j2 new file mode 100644 index 0000000..0095973 --- /dev/null +++ b/templates/laptop/mkinitcpio/99-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(intel_agp i915 i8k) diff --git a/templates/laptop/mkinitcpio/linux-lts.preset.j2 b/templates/laptop/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/laptop/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/laptop/mkinitcpio/linux.preset.j2 b/templates/laptop/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/laptop/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/laptop/sysctl/98-forward.conf.j2 b/templates/laptop/sysctl/98-forward.conf.j2 new file mode 100644 index 0000000..16f90a8 --- /dev/null +++ b/templates/laptop/sysctl/98-forward.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +net.ipv4.ip_forward = 1 diff --git a/templates/laptop/sysctl/99-sysrq.conf.j2 b/templates/laptop/sysctl/99-sysrq.conf.j2 new file mode 100644 index 0000000..a4c7283 --- /dev/null +++ b/templates/laptop/sysctl/99-sysrq.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +kernel.sysrq = 1 diff --git a/vars/laptop.yml b/vars/laptop.yml index 98d1d88..cf815f4 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -4,6 +4,10 @@ platform_packages: - nvidia-prime - nvidia-utils - lib32-nvidia-utils + - systemd-ukify + - efibootmgr + +register_uefi_entry: false vpn_default: ip: '10.0.0.2' From ebb8f8c2c268142b7378aa3e8898a14c27b4673d Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 9 Sep 2024 09:09:30 +0200 Subject: [PATCH 053/131] Move mkinitcpio/modprobe/sysctl configuration to base setup task --- tasks/setup-desktop.yml | 112 +-------------- tasks/setup-laptop.yml | 132 ------------------ tasks/setup.yml | 128 +++++++++++++++++ templates/desktop/cmdline.j2 | 1 + .../{99-modules.conf.j2 => 1-modules.conf.j2} | 0 .../desktop/mkinitcpio/linux-lts.preset.j2 | 3 +- templates/desktop/mkinitcpio/linux.preset.j2 | 3 +- .../{99-modules.conf.j2 => 1-modules.conf.j2} | 0 .../{99-hooks.conf.j2 => 2-hooks.conf.j2} | 0 vars/desktop.yml | 24 ++++ vars/laptop.yml | 24 +++- vars/main.yml | 8 ++ 12 files changed, 185 insertions(+), 250 deletions(-) create mode 100644 templates/desktop/cmdline.j2 rename templates/desktop/mkinitcpio/{99-modules.conf.j2 => 1-modules.conf.j2} (100%) rename templates/laptop/mkinitcpio/{99-modules.conf.j2 => 1-modules.conf.j2} (100%) rename templates/laptop/mkinitcpio/{99-hooks.conf.j2 => 2-hooks.conf.j2} (100%) diff --git a/tasks/setup-desktop.yml b/tasks/setup-desktop.yml index ea1607e..ed97d53 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/setup-desktop.yml @@ -1,111 +1 @@ -- name: remove the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: absent - -- name: recreate the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: directory - mode: 755 - -- name: copy sysctl files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/desktop/sysctl/99-sysrq.conf.j2', - dest: '/etc/sysctl.d/99-sysrq.conf' - } - - { - src: 'templates/desktop/sysctl/98-forward.conf.j2', - dest: '/etc/sysctl.d/98-foward.conf' - } - notify: reload sysctl configuration - -- name: remove the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: absent - -- name: recreate the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: directory - mode: 755 - -- name: copy modprobe files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', - dest: '/etc/modprobe.d/99-amdgpu.conf' - } - -- name: remove the mkinitcpio directories - become: true - file: - path: '{{ item }}' - state: absent - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: recreate the mkinitcpio directories - become: true - file: - path: '{{ item }}' - state: directory - mode: 755 - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: copy mkinitcpio configuration files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/desktop/mkinitcpio/99-modules.conf.j2', - dest: '/etc/mkinitcpio.conf.d/99-amdgpu.conf' - } - - { - src: 'templates/desktop/mkinitcpio/linux.preset.j2', - dest: '/etc/mkinitcpio.d/linux.preset' - } - - { - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2', - dest: '/etc/mkinitcpio.d/linux-lts.preset' - } - - -- name: remove old initramfs files - become: true - file: - path: '{{ item }}' - state: absent - loop: - - /boot/initramfs-linux-lts-fallback.img - - /boot/initramfs-linux-fallback.img - -- name: regenerate initramfs images - become: true - command: 'mkinitcpio --allpresets' - register: mkinitcpio_stats - -- name: log mkinitcpio stdout - debug: - var: mkinitcpio_stats.stdout_lines - -# TODO: provision systemd-boot +--- diff --git a/tasks/setup-laptop.yml b/tasks/setup-laptop.yml index bc74a32..b6c81b1 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/setup-laptop.yml @@ -1,134 +1,2 @@ # TODO: set fan settings to `quiet` with smbios-thermal-ctl -- name: remove the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: absent - -- name: recreate the sysctl.d directory - become: true - file: - path: /etc/sysctl.d - state: directory - mode: 755 - -- name: copy sysctl files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/laptop/sysctl/99-sysrq.conf.j2', - dest: '/etc/sysctl.d/99-sysrq.conf' - } - - { - src: 'templates/laptop/sysctl/98-forward.conf.j2', - dest: '/etc/sysctl.d/98-foward.conf' - } - notify: reload sysctl configuration - -- name: remove the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: absent - -- name: recreate the modprobe.d directory - become: true - file: - path: /etc/modprobe.d - state: directory - mode: 755 - -- name: copy kernel parameters template - become: true - template: - src: 'templates/laptop/cmdline.j2' - dest: '/etc/kernel/cmdline' - -- name: remove the mkinitcpio directories - become: true - file: - path: '{{ item }}' - state: absent - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: recreate the mkinitcpio directories - become: true - file: - path: '{{ item }}' - state: directory - mode: 755 - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: copy mkinitcpio configuration files - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { - src: 'templates/laptop/mkinitcpio/99-modules.conf.j2', - dest: '/etc/mkinitcpio.conf.d/99-modules.conf' - } - - { - src: 'templates/laptop/mkinitcpio/99-hooks.conf.j2', - dest: '/etc/mkinitcpio.conf.d/99-hooks.conf' - } - - { - src: 'templates/laptop/mkinitcpio/linux.preset.j2', - dest: '/etc/mkinitcpio.d/linux.preset' - } - - { - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2', - dest: '/etc/mkinitcpio.d/linux-lts.preset' - } - -- name: regenerate initramfs images - become: true - command: 'mkinitcpio --allpresets' - register: mkinitcpio_stats - -- name: log mkinitcpio stdout - debug: - var: mkinitcpio_stats.stdout_lines - -- name: create a Linux UEFI boot entry - become: true - command: efibootmgr \ - --create \ - --disk /dev/nvme0n1 \ - --part 1 \ - --label 'Arch Linux' \ - --loader '\EFI\Linux\linux.efi'\ - --unicode - register: efi_linux_stats - when: register_uefi_entry - -- name: log efibootmgr stdout - debug: - var: efi_linux_stats.stdout_lines - when: register_uefi_entry - -- name: create a Linux LTS UEFI boot entry - become: true - command: efibootmgr \ - --create \ - --disk /dev/nvme0n1 \ - --part 1 \ - --label 'Arch Linux LTS' \ - --loader '\EFI\Linux\linux-lts.efi'\ - --unicode - register: efi_linux_lts_stats - when: register_uefi_entry - -- name: log efibootmgr LTS stdout - debug: - var: efi_linux_lts_stats.stdout_lines - when: register_uefi_entry diff --git a/tasks/setup.yml b/tasks/setup.yml index 44f56a7..0833f95 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -65,3 +65,131 @@ systemd: name: fstrim.timer enabled: true + +- name: remove the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: absent + +- name: recreate the sysctl.d directory + become: true + file: + path: /etc/sysctl.d + state: directory + mode: 755 + +- name: copy sysctl files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { + src: 'templates/{{ platform }}/sysctl/99-sysrq.conf.j2', + dest: '/etc/sysctl.d/99-sysrq.conf' + } + - { + src: 'templates/{{ platform }}/sysctl/98-forward.conf.j2', + dest: '/etc/sysctl.d/98-foward.conf' + } + notify: reload sysctl configuration + +- name: remove the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: absent + +- name: recreate the modprobe.d directory + become: true + file: + path: /etc/modprobe.d + state: directory + mode: 755 + +- name: copy modprobe configuration files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: '{{ modprobe_templates }}' + when: modprobe_templates + +- name: copy kernel parameters template + become: true + template: + src: 'templates/{{ platform }}/cmdline.j2' + dest: '/etc/kernel/cmdline' + +- name: remove the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: absent + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: recreate the mkinitcpio directories + become: true + file: + path: '{{ item }}' + state: directory + mode: 755 + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: copy mkinitcpio configuration files + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: '{{ mkinitcpio_templates }}' + when: mkinitcpio_templates + +- name: regenerate initramfs images + become: true + command: 'mkinitcpio --allpresets' + register: mkinitcpio_stats + +- name: log mkinitcpio stdout + debug: + var: mkinitcpio_stats.stdout_lines + +- name: create a Linux UEFI boot entry + become: true + command: efibootmgr \ + --create \ + --disk '{{ boot_configuration.disk }}' \ + --part '{{ boot_configuration.partition }}' \ + --label 'Arch Linux' \ + --loader '\EFI\Linux\linux.efi'\ + --unicode + --index 0 + register: efi_linux_stats + when: register_uefi_entries + +- name: log efibootmgr stdout + debug: + var: efi_linux_stats.stdout_lines + when: register_uefi_entries + +- name: create a Linux LTS UEFI boot entry + become: true + command: efibootmgr \ + --create \ + --disk '{{ boot_configuration.disk }}' \ + --part '{{ boot_configuration.partition }}' \ + --label 'Arch Linux LTS' \ + --loader '\EFI\Linux\linux-lts.efi'\ + --unicode + --index 1 + register: efi_linux_lts_stats + when: register_uefi_entries + +- name: log efibootmgr LTS stdout + debug: + var: efi_linux_lts_stats.stdout_lines + when: register_uefi_entries diff --git a/templates/desktop/cmdline.j2 b/templates/desktop/cmdline.j2 new file mode 100644 index 0000000..08259b5 --- /dev/null +++ b/templates/desktop/cmdline.j2 @@ -0,0 +1 @@ +root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable diff --git a/templates/desktop/mkinitcpio/99-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/desktop/mkinitcpio/99-modules.conf.j2 rename to templates/desktop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 index 175cda7..71d2550 100644 --- a/templates/desktop/mkinitcpio/linux-lts.preset.j2 +++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2 @@ -4,6 +4,5 @@ PRESETS=('default') -default_config="/etc/mkinitcpio.conf" -default_image="/boot/initramfs-linux-lts.img" +default_uki="/boot/EFI/Linux/linux-lts.efi" default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 index 8aceb4a..22097bb 100644 --- a/templates/desktop/mkinitcpio/linux.preset.j2 +++ b/templates/desktop/mkinitcpio/linux.preset.j2 @@ -4,6 +4,5 @@ PRESETS=('default') -default_config="/etc/mkinitcpio.conf" -default_image="/boot/initramfs-linux.img" +default_uki="/boot/EFI/Linux/linux.efi" default_kver="/boot/vmlinuz-linux" diff --git a/templates/laptop/mkinitcpio/99-modules.conf.j2 b/templates/laptop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/99-modules.conf.j2 rename to templates/laptop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/laptop/mkinitcpio/99-hooks.conf.j2 b/templates/laptop/mkinitcpio/2-hooks.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/99-hooks.conf.j2 rename to templates/laptop/mkinitcpio/2-hooks.conf.j2 diff --git a/vars/desktop.yml b/vars/desktop.yml index 66792c9..fc9fc0f 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -1,5 +1,29 @@ platform_packages: [] +modprobe_templates: + - { + src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', + dest: '/etc/modprobe.d/99-amdgpu.conf' + } + +mkinitcpio_templates: + - { + src: 'templates/desktop/mkinitcpio/1-modules.conf.j2', + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + } + - { + src: 'templates/desktop/mkinitcpio/linux.preset.j2', + dest: '/etc/mkinitcpio.d/linux.preset' + } + - { + src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2', + dest: '/etc/mkinitcpio.d/linux-lts.preset' + } + +boot_configuration: + disk: /dev/sdc + partition: 1 + vpn_default: ip: '10.0.0.3' subnet: '24' diff --git a/vars/laptop.yml b/vars/laptop.yml index cf815f4..0b8c907 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -4,10 +4,28 @@ platform_packages: - nvidia-prime - nvidia-utils - lib32-nvidia-utils - - systemd-ukify - - efibootmgr -register_uefi_entry: false +boot_configuration: + disk: /dev/nvme0n1 + partition: 1 + +mkinitcpio_templates: + - { + src: 'templates/laptop/mkinitcpio/1-modules.conf.j2', + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + } + - { + src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2', + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + } + - { + src: 'templates/laptop/mkinitcpio/linux.preset.j2', + dest: '/etc/mkinitcpio.d/linux.preset' + } + - { + src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2', + dest: '/etc/mkinitcpio.d/linux-lts.preset' + } vpn_default: ip: '10.0.0.2' diff --git a/vars/main.yml b/vars/main.yml index daecfe9..9f8d919 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,8 @@ xdg_config_dir: '{{ ansible_env.HOME }}/.config' xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' +register_uefi_entries: false + packages: - firefox - mpv @@ -30,5 +32,11 @@ packages: - pipewire-alsa - wireguard-tools - otf-monaspace-nerd + - systemd-ukify + - efibootmgr platform_packages: [] +modprobe_templates: [] +mkinitcpio_templates: [] + +boot_configuration: From b1965fc63154a518ae43b238682ecf20c9dac6e8 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 16 Sep 2024 08:34:45 +0200 Subject: [PATCH 054/131] Update mpd configuration --- tasks/mpd.yml | 7 ++++++ templates/mpd/mpd.conf.j2 | 11 +++++----- templates/mpd/ncmpcpp/bindings.j2 | 16 ++++++++++++++ templates/mpd/ncmpcpp/config.j2 | 36 +++++++++++++++++++++++++++++++ vars/mpd.yml | 1 + 5 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 templates/mpd/ncmpcpp/bindings.j2 create mode 100644 templates/mpd/ncmpcpp/config.j2 diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 3aa60ec..0673104 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -22,6 +22,7 @@ loop: - { path: '{{ mpd_configuration_dir }}', state: 'directory' } - { path: '{{ ncmpc_configuration_dir }}', state: 'directory' } + - { path: '{{ ncmpcpp_configuration_dir }}', state: 'directory' } - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } @@ -41,8 +42,14 @@ loop: - { src: 'templates/mpd/mpd.conf.j2', dest: '{{ mpd_configuration_dir }}/mpd.conf' } - { src: 'templates/mpd/ncmpc.j2', dest: '{{ ncmpc_configuration_dir }}/config' } + - { src: 'templates/mpd/ncmpcpp/config.j2', dest: '{{ ncmpcpp_configuration_dir }}/config' } + - { + src: 'templates/mpd/ncmpcpp/bindings.j2', + dest: '{{ ncmpcpp_configuration_dir }}/bindings' + } notify: - stop mpd service + # TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR # Use mpc to control local mpd server. # Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }} diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 index 92db4da..d99b7d4 100644 --- a/templates/mpd/mpd.conf.j2 +++ b/templates/mpd/mpd.conf.j2 @@ -3,7 +3,8 @@ bind_to_address "{{ mpd_listen_address }}" port "{{ mpd_listen_port }}" -playlist_directory "{{ mpd_configuration_dir }}/playlists" +playlist_directory "{{ mpd_configuration_dir }}/playlists" +state_file "{{ mpd_configuration_dir }}/state" database { plugin "proxy" @@ -12,11 +13,9 @@ database { } audio_output { - type "pulse" - name "mpd" - replay_gain_handler "software" - mixer_type "hardware" - format "128000:24:2" + name "mpd" + type "pipewire" + dsd "yes" } input { diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 new file mode 100644 index 0000000..a1bd2ce --- /dev/null +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +def_key "l" + next_column +def_key "h" + previous_column +def_key "k" + scroll_up +def_key "j" + scroll_down + +def_key "l" + jump_to_playing_song + +def_key "a" + add_item_to_playlist diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 new file mode 100644 index 0000000..f532ff1 --- /dev/null +++ b/templates/mpd/ncmpcpp/config.j2 @@ -0,0 +1,36 @@ +# {{ ansible_managed }} +# + +############## Connection ################### +## Connect to mpd running on a specified host +mpd_host = 10.0.0.1 + +## Connect to mpd on the specified port. +mpd_port = 21000 + +# header_visibility = yes +# playlist_show_mpd_host = yes +# titles_visibility = yes +# enable_window_title = yes + + +connected_message_on_startup = no + +display_bitrate = yes + +############## Theme ################### + +user_interface = classic + +song_columns_list_format = "(40)[9]{t|f} (25)[245]{a} (25)[245]{b} (25)[245]{l}" +song_list_format = "{$5 %a$9 $1│$9 $8%t$9 }|{ $8%f$9}$R{$5%b $7}" + +# Column Names +header_window_color = 1 + +# Main window +main_window_color = 1 + +# Bottombar +progressbar_color = 1 +player_state_color = 1 diff --git a/vars/mpd.yml b/vars/mpd.yml index 8e2e696..742d0d4 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -7,3 +7,4 @@ mpd_remote_stream_port: '8000' # note that this is not used (yet) mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' +ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp' From bfe99ee70aaccf41fd91da2783b07562cc2685a1 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 23 Sep 2024 09:14:50 +0200 Subject: [PATCH 055/131] Update pacman configuration --- templates/pacman.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/pacman.j2 b/templates/pacman.j2 index eec494e..76ce942 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -37,10 +37,11 @@ Architecture = auto #UseSyslog #Color #NoProgressBar -#TotalDownload CheckSpace VerbosePkgLists ParallelDownloads = 5 +DownloadUser = alpm +#DisableSandbox # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. @@ -75,7 +76,7 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] From 3d1c18603e79fefdc62b7a797d69c29174d7fd2c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 24 Sep 2024 14:07:48 +0200 Subject: [PATCH 056/131] Add kde applications --- vars/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/main.yml b/vars/main.yml index 9f8d919..e0115aa 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -30,6 +30,8 @@ packages: - pipewire - pipewire-pulse - pipewire-alsa + - merkuro + - kmail - wireguard-tools - otf-monaspace-nerd - systemd-ukify From 928770a745781ca3d30a6a792dfc797533e93db5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 27 Sep 2024 07:33:30 +0200 Subject: [PATCH 057/131] Update laptop setup --- handlers.yml | 11 ----------- tasks/setup-laptop.yml | 13 ++++++++++++- templates/laptop/powertop.service.j2 | 12 ++++++++++++ 3 files changed, 24 insertions(+), 12 deletions(-) create mode 100644 templates/laptop/powertop.service.j2 diff --git a/handlers.yml b/handlers.yml index 8bd8efe..8afa79b 100644 --- a/handlers.yml +++ b/handlers.yml @@ -59,17 +59,6 @@ enabled: true when: platform == "laptop" -- name: restart pipewire-pulse - systemd: - name: '{{ item.name }}' - state: restarted - enabled: '{{ item.enabled }}' - scope: user - daemon-reload: true - loop: - - { name: 'pipewire-pulse.socket', enabled: true } - - { name: 'pipewire-pulse.service', enabled: false } - - name: stop mpd service systemd: name: mpd.service diff --git a/tasks/setup-laptop.yml b/tasks/setup-laptop.yml index b6c81b1..19d26e5 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/setup-laptop.yml @@ -1,2 +1,13 @@ -# TODO: set fan settings to `quiet` with smbios-thermal-ctl +- name: set fan and thermal monitoring control + become: true + command: smbios-thermal-ctl --set-thermal-mode quiet +- name: provision powertop systemd service + become: true + template: + src: 'templates/laptop/powertop.service.j2' + dest: '/etc/systemd/system/powertop.service' + owner: root + group: root + mode: '0644' + notify: restart powertop diff --git a/templates/laptop/powertop.service.j2 b/templates/laptop/powertop.service.j2 new file mode 100644 index 0000000..c614bcf --- /dev/null +++ b/templates/laptop/powertop.service.j2 @@ -0,0 +1,12 @@ +# {{ ansible_managed }} + +[Unit] +Description=Powertop tunings + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/bin/powertop --auto-tune + +[Install] +WantedBy=multi-user.target From ff1cfaca45edfb2b6746b48bfdfcab7791acf260 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 7 Oct 2024 20:49:47 +0200 Subject: [PATCH 058/131] Add git delta configuration --- templates/gitconfig.j2 | 12 ++++++++++++ vars/main.yml | 1 + 2 files changed, 13 insertions(+) diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 0457357..11f5112 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -7,9 +7,21 @@ signingkey = {{ gpg_pub_key }} [core] editor = nvim +pager = delta + +[interactive] +diffFilter = delta --color-only [pull] rebase = false [merge] tool = nvimdiff +conflictstyle = diff3 + +[diff] +colorMoved = default + +[delta] +navigate = true +hyperlinks = true diff --git a/vars/main.yml b/vars/main.yml index e0115aa..cd8d787 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -36,6 +36,7 @@ packages: - otf-monaspace-nerd - systemd-ukify - efibootmgr + - git-delta platform_packages: [] modprobe_templates: [] From b8d8f6b6439fe1888eba66bf7112307483941844 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 8 Dec 2024 14:43:39 +0100 Subject: [PATCH 059/131] Update requirements --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ba54c45..b20eeb6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ -- src: git+https://git.fudiggity.nl/ansible/common.git +- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git name: common version: master scm: git From bd7b0bd9553a4d12df94080fbbe9256b897ab412 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 9 Dec 2024 08:17:51 +0100 Subject: [PATCH 060/131] Include support for visualizer --- templates/mpd/mpd.conf.j2 | 6 ++++++ templates/mpd/ncmpcpp/config.j2 | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 index d99b7d4..af43ed2 100644 --- a/templates/mpd/mpd.conf.j2 +++ b/templates/mpd/mpd.conf.j2 @@ -18,6 +18,12 @@ audio_output { dsd "yes" } +audio_output { + type "fifo" + name "my_fifo" + path "/tmp/mpd.fifo" +} + input { enabled "no" plugin "tidal" diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 index f532ff1..865a549 100644 --- a/templates/mpd/ncmpcpp/config.j2 +++ b/templates/mpd/ncmpcpp/config.j2 @@ -18,6 +18,12 @@ connected_message_on_startup = no display_bitrate = yes +visualizer_data_source = "/tmp/mpd.fifo" +visualizer_output_name = "my_fifo" +visualizer_in_stereo = "yes" +visualizer_type = "spectrum" +visualizer_look = "+|" + ############## Theme ################### user_interface = classic From 1ce33295f2a9b69c49408c8b39fe5282015c3aa9 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 19 Jan 2025 17:52:14 +0100 Subject: [PATCH 061/131] Add xdg-desktop-portal desktop configuration --- handlers.yml | 4 ++++ tasks/setup-desktop.yml | 11 ++++++++++- templates/desktop/xdg-desktop-portal.service.j2 | 5 +++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 templates/desktop/xdg-desktop-portal.service.j2 diff --git a/handlers.yml b/handlers.yml index 8afa79b..43e4d2f 100644 --- a/handlers.yml +++ b/handlers.yml @@ -78,3 +78,7 @@ - name: reload sysctl configuration become: true command: 'sysctl --system' + +- name: daemon-reload + ansible.builtin.systemd: + daemon-reload: true diff --git a/tasks/setup-desktop.yml b/tasks/setup-desktop.yml index ed97d53..8795401 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/setup-desktop.yml @@ -1 +1,10 @@ ---- +- name: Create xdg-desktop-portal.service.d directory + file: + path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' + state: directory + +- name: Copy xdg-desktop-portal.service drop-in + template: + src: templates/desktop/xdg-desktop-portal.service.j2 + dest: 'xdg_config_dir/systemd/user/xdg-desktop-portal/override.conf' + notify: daemon-reload diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2 new file mode 100644 index 0000000..7d06561 --- /dev/null +++ b/templates/desktop/xdg-desktop-portal.service.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Unit] +Requires=plasma-core.target +After=plasma-core.target From c9b00691fff845a60d71982a7224f9bc92b7310b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 20 Jan 2025 08:53:10 +0100 Subject: [PATCH 062/131] Use correct directory path --- tasks/setup-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-desktop.yml b/tasks/setup-desktop.yml index 8795401..7a9f056 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/setup-desktop.yml @@ -6,5 +6,5 @@ - name: Copy xdg-desktop-portal.service drop-in template: src: templates/desktop/xdg-desktop-portal.service.j2 - dest: 'xdg_config_dir/systemd/user/xdg-desktop-portal/override.conf' + dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' notify: daemon-reload From 4c968c55da0514ea867bbd25dc2432d3e53ea024 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 20 Jan 2025 09:11:59 +0100 Subject: [PATCH 063/131] Use correct systemd reload scope --- handlers.yml | 3 ++- tasks/setup-desktop.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/handlers.yml b/handlers.yml index 43e4d2f..1f99b34 100644 --- a/handlers.yml +++ b/handlers.yml @@ -79,6 +79,7 @@ become: true command: 'sysctl --system' -- name: daemon-reload +- name: user daemon-reload ansible.builtin.systemd: daemon-reload: true + scope: user diff --git a/tasks/setup-desktop.yml b/tasks/setup-desktop.yml index 7a9f056..f06ec16 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/setup-desktop.yml @@ -7,4 +7,4 @@ template: src: templates/desktop/xdg-desktop-portal.service.j2 dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' - notify: daemon-reload + notify: user daemon-reload From 88c46f77799f68cd816fc724e3e5abbae91a8476 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 4 Feb 2025 20:35:40 +0100 Subject: [PATCH 064/131] Unset default keybindings --- templates/mpd/ncmpcpp/bindings.j2 | 365 +++++++++++++++++++++++++++++- 1 file changed, 355 insertions(+), 10 deletions(-) diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 index a1bd2ce..26e0113 100644 --- a/templates/mpd/ncmpcpp/bindings.j2 +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -1,16 +1,361 @@ # {{ ansible_managed }} -def_key "l" - next_column -def_key "h" - previous_column -def_key "k" - scroll_up -def_key "j" - scroll_down +# custom bindings +def_key "a" + add_item_to_playlist def_key "l" jump_to_playing_song -def_key "a" - add_item_to_playlist +def_key "l" + next_column + +def_key "h" + previous_column + +def_key "k" + scroll_up + +def_key "j" + scroll_down + +def_key "tab" + next_screen + +def_key "shift-tab" + previous_screen + +def_key "f1" + show_help + +def_key "1" + show_playlist + +def_key "2" + show_browser + +def_key "2" + change_browse_mode + +def_key "3" + show_search_engine + +def_key "3" + reset_search_engine + +def_key "4" + show_media_library + +def_key "4" + toggle_media_library_columns_mode + +def_key "5" + show_playlist_editor + +def_key "6" + show_tag_editor + +def_key "7" + show_outputs + +def_key "8" + show_visualizer + +def_key "[" + scroll_up_album + +def_key "]" + scroll_down_album + +def_key "{" + scroll_up_artist + +def_key "}" + scroll_down_artist + +def_key "page_up" + page_up + +def_key "page_down" + page_down + +def_key "home" + move_home + +def_key "end" + move_end + +def_key "enter" + enter_directory + +def_key "enter" + toggle_output + +def_key "enter" + run_action + +def_key "enter" + play_item + +def_key "delete" + delete_playlist_items + +def_key "delete" + delete_browser_items + +def_key "delete" + delete_stored_playlist + +def_key "s" + stop + +def_key "p" + pause + +def_key ">" + next + +def_key "<" + previous + +def_key "ctrl-h" + replay_song + +def_key "f" + seek_forward + +def_key "b" + seek_backward + +def_key "r" + toggle_repeat + +def_key "z" + toggle_random + +def_key "u" + update_database + +def_key "/" + find + +def_key "q" + quit + + +# default dummy bindings +def_key "mouse" + dummy + +def_key "up" + dummy + +def_key "shift-up" + dummy + +def_key "down" + dummy + +def_key "shift-down" + dummy + +def_key "insert" + dummy + +def_key "space" + dummy + +def_key "space" + dummy + +def_key "space" + dummy + +def_key "right" + dummy + +def_key "+" + dummy + +def_key "left" + dummy + +def_key "-" + dummy + +def_key ":" + dummy + +def_key "=" + dummy + +def_key "@" + dummy + +def_key "ctrl-h" + dummy + +def_key "backspace" + dummy + +def_key "backspace" + dummy + +def_key "backspace" + dummy + +def_key "y" + dummy + +def_key "y" + dummy + +def_key "y" + dummy + +def_key "R" + dummy + +def_key "Y" + dummy + +def_key "T" + dummy + +def_key "|" + dummy + +def_key "#" + dummy + +def_key "Z" + dummy + +def_key "x" + dummy + +def_key "X" + dummy + +def_key "ctrl-s" + dummy + +def_key "ctrl-s" + dummy + +def_key "ctrl-s" + dummy + +def_key "ctrl-r" + dummy + +def_key "ctrl-f" + dummy + +def_key "ctrl-_" + dummy + +def_key "?" + dummy + +def_key "." + dummy + +def_key "," + dummy + +def_key "w" + dummy + +def_key "e" + dummy + +def_key "i" + dummy + +def_key "I" + dummy + +def_key "g" + dummy + +def_key "ctrl-v" + dummy + +def_key "v" + dummy + +def_key "V" + dummy + +def_key "B" + dummy + +def_key "c" + clear_playlist + +def_key "C" + dummy + +def_key "m" + dummy + +def_key "n" + dummy + +def_key "M" + dummy + +def_key "A" + dummy + +def_key "S" + dummy + +def_key "o" + dummy + +def_key "G" + dummy + +def_key "~" + dummy + +def_key "E" + dummy + +def_key "U" + dummy + +def_key "P" + dummy + +def_key "\\" + dummy + +def_key "!" + dummy + +def_key "L" + dummy + +def_key "F" + dummy + +def_key "alt-l" + dummy + +def_key "ctrl-l" + dummy + +def_key "`" + dummy + +def_key "`" + dummy + +def_key "`" + dummy + +def_key "ctrl-p" + dummy From a8a3ad8410f07a3c112f708eca0f782601571ea5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 4 Feb 2025 20:35:55 +0100 Subject: [PATCH 065/131] Show linenumbers in diffs --- templates/gitconfig.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 index 11f5112..91ae366 100644 --- a/templates/gitconfig.j2 +++ b/templates/gitconfig.j2 @@ -25,3 +25,4 @@ colorMoved = default [delta] navigate = true hyperlinks = true +line-numbers = true From 90e5f9515471be0941840eb53212a8b1276ee991 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 4 Feb 2025 21:56:47 +0100 Subject: [PATCH 066/131] Set wayland display --- templates/tmux.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/tmux.j2 b/templates/tmux.j2 index 1c035a1..3044e2b 100644 --- a/templates/tmux.j2 +++ b/templates/tmux.j2 @@ -4,7 +4,7 @@ Description=Tmux startup script [Service] -Environment=DISPLAY=:0 +Environment=WAYLAND_DISPLAY=wayland-0 ExecStart=/home/sonny/.local/bin/tmux_start Type=forking RemainAfterExit=yes From 283082729180568d313fdf5b2f5a48fb0f6caf2b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 7 Feb 2025 08:53:45 +0100 Subject: [PATCH 067/131] Reload tmux service whenever applicable --- handlers.yml | 7 +++++++ tasks/systemd.yml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/handlers.yml b/handlers.yml index 1f99b34..5b24c95 100644 --- a/handlers.yml +++ b/handlers.yml @@ -79,6 +79,13 @@ become: true command: 'sysctl --system' +- name: restart tmux service + systemd: + name: tmux + state: restarted + enabled: true + scope: user + - name: user daemon-reload ansible.builtin.systemd: daemon-reload: true diff --git a/tasks/systemd.yml b/tasks/systemd.yml index baee82e..204acf8 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -16,6 +16,9 @@ src: 'templates/tmux.j2' dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' mode: '0644' + notify: + - user daemon-reload + - restart tmux service - name: copy tmux startup script copy: From f03fe525c75ecf95769939518d63a76cda28e46f Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Feb 2025 20:34:37 +0100 Subject: [PATCH 068/131] add missing ncmpcpp keybinds --- templates/mpd/ncmpcpp/bindings.j2 | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 index 26e0113..b6b2d7d 100644 --- a/templates/mpd/ncmpcpp/bindings.j2 +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -142,6 +142,18 @@ def_key "/" def_key "q" quit +def_key "v" + select_range + +def_key "c" + remove_selection + +def_key "C" + clear_playlist + +def_key "/" + find + # default dummy bindings def_key "mouse" @@ -282,21 +294,9 @@ def_key "g" def_key "ctrl-v" dummy -def_key "v" - dummy - -def_key "V" - dummy - def_key "B" dummy -def_key "c" - clear_playlist - -def_key "C" - dummy - def_key "m" dummy From 2d3971a7447d20b8b62df008ac812ead99139178 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Feb 2025 20:34:53 +0100 Subject: [PATCH 069/131] Add tags to certain tasks --- playbook.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/playbook.yml b/playbook.yml index dc93465..7b0b51d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -15,15 +15,27 @@ - common tasks: - import_tasks: 'tasks/setup.yml' + - import_tasks: 'tasks/setup-desktop.yml' when: platform == 'desktop' + tags: laptop + - import_tasks: 'tasks/setup-laptop.yml' when: platform == 'laptop' + tags: laptop + - import_tasks: 'tasks/network.yml' - import_tasks: 'tasks/systemd.yml' + - import_tasks: 'tasks/git.yml' + tags: git + - import_tasks: 'tasks/mpv.yml' + tags: mpv + - import_tasks: 'tasks/mpd.yml' + tags: mpd + - import_tasks: 'tasks/syncthing.yml' - import_tasks: 'tasks/timer.yml' handlers: From 8fdeec1a4379664193c80f04aed7ee31d0820678 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Feb 2025 20:49:27 +0100 Subject: [PATCH 070/131] Remove duplicate keybinds & add search keybind --- templates/mpd/ncmpcpp/bindings.j2 | 36 ++----------------------------- 1 file changed, 2 insertions(+), 34 deletions(-) diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 index b6b2d7d..92e0d45 100644 --- a/templates/mpd/ncmpcpp/bindings.j2 +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -1,6 +1,6 @@ # {{ ansible_managed }} -# custom bindings +# enabled bindings def_key "a" add_item_to_playlist @@ -137,6 +137,7 @@ def_key "u" update_database def_key "/" + find_item_forward find def_key "q" @@ -151,9 +152,6 @@ def_key "c" def_key "C" clear_playlist -def_key "/" - find - # default dummy bindings def_key "mouse" @@ -177,12 +175,6 @@ def_key "insert" def_key "space" dummy -def_key "space" - dummy - -def_key "space" - dummy - def_key "right" dummy @@ -210,18 +202,6 @@ def_key "ctrl-h" def_key "backspace" dummy -def_key "backspace" - dummy - -def_key "backspace" - dummy - -def_key "y" - dummy - -def_key "y" - dummy - def_key "y" dummy @@ -252,12 +232,6 @@ def_key "X" def_key "ctrl-s" dummy -def_key "ctrl-s" - dummy - -def_key "ctrl-s" - dummy - def_key "ctrl-r" dummy @@ -351,11 +325,5 @@ def_key "ctrl-l" def_key "`" dummy -def_key "`" - dummy - -def_key "`" - dummy - def_key "ctrl-p" dummy From 03a3b09bf158b6c0b5979a82451aa1935c99ef00 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 20 Feb 2025 21:47:36 +0100 Subject: [PATCH 071/131] Install spell checking packages --- vars/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/main.yml b/vars/main.yml index cd8d787..46b249f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -37,6 +37,8 @@ packages: - systemd-ukify - efibootmgr - git-delta + - aspell-nl + - aspell-en platform_packages: [] modprobe_templates: [] From 10b34cffaf96b043e27e8221d53e32e6d9a7bf66 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 1 Mar 2025 21:01:48 +0100 Subject: [PATCH 072/131] Fix ansible lint errors --- playbook.yml | 58 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/playbook.yml b/playbook.yml index 7b0b51d..01a2109 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,46 +1,66 @@ -- hosts: localhost +- name: Arch Linux provisioning + hosts: localhost pre_tasks: - - name: install shared packages + - name: Install shared packages become: true - pacman: + community.general.pacman: name: '{{ packages }}' - - name: detecting platform - import_tasks: 'tasks/platform.yml' - - name: install platform specific packages + + - name: Detect platform + ansible.builtin.import_tasks: 'tasks/platform.yml' + + - name: Install platform specific packages become: true - pacman: + community.general.pacman: name: '{{ platform_packages }}' when: platform_packages | length > 0 roles: - common tasks: - - import_tasks: 'tasks/setup.yml' + - name: Generic provisioning + ansible.builtin.import_tasks: 'tasks/setup.yml' - - import_tasks: 'tasks/setup-desktop.yml' + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/setup-desktop.yml' when: platform == 'desktop' tags: laptop - - import_tasks: 'tasks/setup-laptop.yml' + - name: Laptop provisioning + ansible.builtin.import_tasks: 'tasks/setup-laptop.yml' when: platform == 'laptop' tags: laptop - - import_tasks: 'tasks/network.yml' - - import_tasks: 'tasks/systemd.yml' + - name: Network provisioning + ansible.builtin.import_tasks: 'tasks/network.yml' - - import_tasks: 'tasks/git.yml' + - name: Systemd provisioning + ansible.builtin.import_tasks: 'tasks/systemd.yml' + + - name: Git provisioning + ansible.builtin.import_tasks: 'tasks/git.yml' tags: git - - import_tasks: 'tasks/mpv.yml' + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/mpv.yml' tags: mpv - - import_tasks: 'tasks/mpd.yml' + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' tags: mpd - - import_tasks: 'tasks/syncthing.yml' - - import_tasks: 'tasks/timer.yml' + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + + - name: Systemd timer provisioning + ansible.builtin.import_tasks: 'tasks/timer.yml' + handlers: - - import_tasks: 'handlers.yml' - - import_tasks: 'roles/common/handlers/user.yml' + + - name: Import default handlers + ansible.builtin.import_tasks: 'handlers.yml' + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' vars_files: - 'vars/main.yml' - 'vars/gpg.yml' From ee384fe64451b2c5816eeabcb4dfdcb6eb793f11 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 1 Mar 2025 21:08:26 +0100 Subject: [PATCH 073/131] Fix network task linter errors --- tasks/network.yml | 163 +++++++++++++++++++++------------------------- 1 file changed, 73 insertions(+), 90 deletions(-) diff --git a/tasks/network.yml b/tasks/network.yml index c03e12e..1faca5c 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,9 +3,9 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. -- name: create wireguard directories +- name: Create wireguard directories become: true - file: + ansible.builtin.file: path: '{{ item | dirname }}' owner: root group: systemd-network @@ -17,35 +17,30 @@ - '{{ vpn_media.private_key_path }}' - '{{ vpn_media.public_key_path }}' -- name: copy wireguard credentials +- name: Copy wireguard credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { - dest: '{{ vpn_default.public_key_path }}', - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub', - } - - { - dest: '{{ vpn_default.private_key_path }}', - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key', - } - - { - dest: '{{ vpn_media.public_key_path }}', - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub', - } - - { - dest: '{{ vpn_media.private_key_path }}', - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key', - } + - dest: '{{ vpn_default.public_key_path }}' + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub' -- name: copy wireguard preshared keys + - dest: '{{ vpn_default.private_key_path }}' + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key' + + - dest: '{{ vpn_media.public_key_path }}' + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub' + + - dest: '{{ vpn_media.private_key_path }}' + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key' + +- name: Copy wireguard preshared keys become: true - copy: + ansible.builtin.copy: src: '{{ item.preshared_key_source_path }}' dest: '{{ item.preshared_key_path }}' owner: root @@ -53,100 +48,88 @@ mode: '0640' loop: '{{ vpn_default.peers + vpn_media.peers }}' -- block: - - name: setup desktop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/desktop/network/enp.network.j2', - dest: '/etc/systemd/network/20-wired.network', - } - - { - src: 'templates/desktop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/desktop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - - { - src: 'templates/desktop/network/wg1.network.j2', - dest: '/etc/systemd/network/40-wg1.network', - } - - { - src: 'templates/desktop/network/wg1.netdev.j2', - dest: '/etc/systemd/network/40-wg1.netdev', - } - - - name: remove leftover configuration files - become: true - file: - path: '{{ item }}' - state: absent - loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' - +- name: Desktop configuration notify: - restart systemd-networkd - restart systemd-resolved when: platform == "desktop" - -- block: - - name: setup laptop network configuration + block: + - name: Setup network configuration become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { - src: 'templates/laptop/network/wireless.network.j2', - dest: '/etc/systemd/network/20-wireless.network', - } - - { - src: 'templates/laptop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/laptop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - - { - src: 'templates/laptop/network/wg1.network.j2', - dest: '/etc/systemd/network/40-wg1.network', - } - - { - src: 'templates/laptop/network/wg1.netdev.j2', - dest: '/etc/systemd/network/40-wg1.netdev', - } + - src: 'templates/desktop/network/enp.network.j2' + dest: '/etc/systemd/network/20-wired.network' - - name: remove leftover configuration files + - src: 'templates/desktop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/desktop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/desktop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/desktop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + + - name: Remove leftover configuration files become: true - file: + ansible.builtin.file: path: '{{ item }}' state: absent loop: - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' +- name: Laptop configuration notify: - restart systemd-networkd - restart systemd-resolved - restart iwd when: platform == "laptop" + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/laptop/network/wireless.network.j2' + dest: '/etc/systemd/network/20-wireless.network' -- name: copy firewall template + - src: 'templates/laptop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/laptop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/laptop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/laptop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + + - name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' + +- name: Copy firewall template become: true - template: + ansible.builtin.template: src: 'templates/{{ platform }}/nftables.j2' dest: '/etc/nftables.conf' owner: root From eab191b54ebd6041f7969c46bc9d62c2525d093f Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 1 Mar 2025 21:45:59 +0100 Subject: [PATCH 074/131] Ask vault password by default --- ansible.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible.cfg b/ansible.cfg index 4c41b64..5ec08e7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,6 @@ [defaults] roles_path = ./roles +ask_vault_pass = true [privilege_escalation] become_ask_pass = True From a44c76344b417b91647e424d7ea06be735eae3b3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 1 Mar 2025 21:46:16 +0100 Subject: [PATCH 075/131] Add more tags --- playbook.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/playbook.yml b/playbook.yml index 01a2109..ea30c97 100644 --- a/playbook.yml +++ b/playbook.yml @@ -8,6 +8,7 @@ - name: Detect platform ansible.builtin.import_tasks: 'tasks/platform.yml' + tags: platform_vars - name: Install platform specific packages become: true @@ -19,6 +20,7 @@ tasks: - name: Generic provisioning ansible.builtin.import_tasks: 'tasks/setup.yml' + tags: setup - name: Desktop provisioning ansible.builtin.import_tasks: 'tasks/setup-desktop.yml' @@ -32,9 +34,11 @@ - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' + tags: network - name: Systemd provisioning ansible.builtin.import_tasks: 'tasks/systemd.yml' + tags: systemd - name: Git provisioning ansible.builtin.import_tasks: 'tasks/git.yml' @@ -50,12 +54,13 @@ - name: Syncthing provisioning ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing - name: Systemd timer provisioning ansible.builtin.import_tasks: 'tasks/timer.yml' + tags: timers handlers: - - name: Import default handlers ansible.builtin.import_tasks: 'handlers.yml' From b2c395b3b7f164d5511567345dc67453571283b2 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 2 Mar 2025 16:05:07 +0100 Subject: [PATCH 076/131] Use systemd file option wherever applicable --- tasks/network.yml | 29 ++++++--- tasks/platform.yml | 20 +++--- templates/desktop/network/wg0.netdev.j2 | 6 +- templates/desktop/network/wg1.netdev.j2 | 6 +- templates/laptop/network/wg0.netdev.j2 | 6 +- templates/laptop/network/wg1.netdev.j2 | 6 +- vars/desktop.yml | 82 ++++++++---------------- vars/laptop.yml | 83 ++++++++----------------- vars/main.yml | 2 + 9 files changed, 94 insertions(+), 146 deletions(-) diff --git a/tasks/network.yml b/tasks/network.yml index 1faca5c..feec18b 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,21 +3,26 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. -- name: Create wireguard directories +- name: Create Wireguard directories become: true ansible.builtin.file: - path: '{{ item | dirname }}' + path: '{{ item }}' owner: root group: systemd-network - mode: '0644' + mode: '0750' state: directory + recurse: true loop: - - '{{ vpn_default.private_key_path }}' - - '{{ vpn_default.public_key_path }}' - - '{{ vpn_media.private_key_path }}' - - '{{ vpn_media.public_key_path }}' + - '{{ vpn_config_dir }}' + - '{{ vpn_default.private_key_path | dirname }}' + - '{{ vpn_default.public_key_path | dirname }}' + - '{{ vpn_media.private_key_path | dirname }}' + - '{{ vpn_media.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved -- name: Copy wireguard credentials +- name: Copy Wireguard credentials become: true ansible.builtin.copy: src: '{{ item.src }}' @@ -37,8 +42,11 @@ - dest: '{{ vpn_media.private_key_path }}' src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key' + notify: + - restart systemd-networkd + - restart systemd-resolved -- name: Copy wireguard preshared keys +- name: Copy Wireguard preshared keys become: true ansible.builtin.copy: src: '{{ item.preshared_key_source_path }}' @@ -47,6 +55,9 @@ group: systemd-network mode: '0640' loop: '{{ vpn_default.peers + vpn_media.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved - name: Desktop configuration notify: diff --git a/tasks/platform.yml b/tasks/platform.yml index 287b9c7..66e96cd 100644 --- a/tasks/platform.yml +++ b/tasks/platform.yml @@ -1,22 +1,22 @@ -- name: detect platform - command: laptop-detect +- name: Detect platform + ansible.builtin.command: laptop-detect register: is_laptop failed_when: is_laptop.rc == 2 -- name: set platform (desktop) - set_fact: +- name: Set platform (desktop) + ansible.builtin.set_fact: platform: 'desktop' when: is_laptop.rc == 1 -- name: set platform (laptop) - set_fact: +- name: Set platform (laptop) + ansible.builtin.set_fact: platform: 'laptop' when: is_laptop.rc == 0 -- name: load desktop specific vars - include_vars: 'vars/desktop.yml' +- name: Load desktop specific vars + ansible.builtin.include_vars: 'vars/desktop.yml' when: platform == "desktop" -- name: load laptop specific vars - include_vars: 'vars/laptop.yml' +- name: Load laptop specific vars + ansible.builtin.include_vars: 'vars/laptop.yml' when: platform == "laptop" diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 788c88f..6f1c0dd 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -6,14 +6,12 @@ Kind=wireguard Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_default.private_key }} +PrivateKeyFile={{ vpn_default.private_key_path }} {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} +PresharedKeyFile={{ peer.preshared_key_path }} AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 index 1917cb6..104804f 100644 --- a/templates/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -6,14 +6,12 @@ Kind=wireguard Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_media.private_key }} +PrivateKeyFile={{ vpn_media.private_key_path }} {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} +PresharedKeyFile={{ peer.preshared_key_path }} AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index 788c88f..6f1c0dd 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -6,14 +6,12 @@ Kind=wireguard Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_default.private_key }} +PrivateKeyFile={{ vpn_default.private_key_path }} {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} +PresharedKeyFile={{ peer.preshared_key_path }} AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 index 1917cb6..104804f 100644 --- a/templates/laptop/network/wg1.netdev.j2 +++ b/templates/laptop/network/wg1.netdev.j2 @@ -6,14 +6,12 @@ Kind=wireguard Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_media.private_key }} +PrivateKeyFile={{ vpn_media.private_key_path }} {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} +PresharedKeyFile={{ peer.preshared_key_path }} AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/vars/desktop.yml b/vars/desktop.yml index fc9fc0f..3f39782 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -1,24 +1,18 @@ platform_packages: [] modprobe_templates: - - { - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2', + - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' dest: '/etc/modprobe.d/99-amdgpu.conf' - } mkinitcpio_templates: - - { - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2', - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - } - - { - src: 'templates/desktop/mkinitcpio/linux.preset.j2', - dest: '/etc/mkinitcpio.d/linux.preset' - } - - { - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2', - dest: '/etc/mkinitcpio.d/linux-lts.preset' - } + - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/desktop/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' boot_configuration: disk: /dev/sdc @@ -29,53 +23,31 @@ vpn_default: subnet: '24' interface: 'wg0' - public_key_path: '/etc/wireguard/keys/public/default/desktop.pub' - private_key_path: '/etc/wireguard/keys/private/default/desktop.key' - - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386334366166306164363464633364383935313739373730373139663139373964336665636264 - 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 - 63366239333230663531306333383962353937353736663336343434663633303232386531353832 - 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 - 62303035386634636333353664373231633434656538303866386262353139363439363435346637 - 6637363334623133376134306165626564343864633032613763 + public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' + private_key_source_path: 'files/desktop/wireguard/default/desktop.key' peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', - preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", - } + - name: 'zeus' + allowd_ips: '10.0.0.1/32' + endpoint: 'fudiggity.nl:51902' + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' + preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.3' subnet: '24' interface: 'wg1' - public_key_path: '/etc/wireguard/keys/public/media/desktop.pub' - private_key_path: '/etc/wireguard/keys/private/media/desktop.key' - - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62396362373339306463343330346431613538383236663666386135383864303835616161336662 - 6633313937313261313033323361383866313639643733650a363730393538623463313362343133 - 34643530303832393530666239636263353435353031316166366638666132323034313662653334 - 3238313161363632380a356464626364656465616231346463366632386635353861303934653036 - 34363436616334386463353463303537346234346666366631333634393733613164636466633137 - 3265386536663664626236343062336662373638656435303966 + public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' + private_key_source_path: 'files/desktop/wireguard/media/desktop.key' peers: - - { - name: 'zeus-media', - allowd_ips: '10.0.1.1/32', - endpoint: 'fudiggity.nl:51903', - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', - preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n306139356532343165316339353064323434323432663462363833303930303463373137653463336366303237376564346131623662323066316435613737610a303439333438656663626334313134326231386566643364626438353864353265363137343335353365346565653939343564383130623561656264663365390a303239613536393539636464656466373531623664633637663937333438656638373539313734366139646331393965316538343863643836663363613764353839656430616233633761343562386534316336613062626236313833643066", - } + - name: 'zeus-media' + allowd_ips: '10.0.1.1/32' + endpoint: 'fudiggity.nl:51903' + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' + preshared_key_source_path: 'files/desktop/wireguard/media/preshared.psk' diff --git a/vars/laptop.yml b/vars/laptop.yml index 0b8c907..f2e5dbc 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -10,75 +10,46 @@ boot_configuration: partition: 1 mkinitcpio_templates: - - { - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2', - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - } - - { - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2', - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - } - - { - src: 'templates/laptop/mkinitcpio/linux.preset.j2', - dest: '/etc/mkinitcpio.d/linux.preset' - } - - { - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2', - dest: '/etc/mkinitcpio.d/linux-lts.preset' - } + - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + + - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2' + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + + - src: 'templates/laptop/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' vpn_default: ip: '10.0.0.2' subnet: '24' interface: 'wg0' - public_key_path: '/etc/wireguard/keys/public/default/laptop.pub' - private_key_path: '/etc/wireguard/keys/private/default/laptop.key' - - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36393066313764386361376662376266623331313765373666616334356362656332653838346330 - 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 - 61616165376631353433353463313532643564343664346335363835306430386364303635343432 - 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 - 33656632343262373463306438333764393031623666393161356539636663346331613539396637 - 3631363333623539636561366436613861363932323966666238 + public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", - } + - name: 'zeus' + allowd_ips: '10.0.0.1/32' + endpoint: 'fudiggity.nl:51902' + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' + preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.2' subnet: '24' interface: 'wg1' - public_key_path: '/etc/wireguard/keys/public/media/laptop.pub' - private_key_path: '/etc/wireguard/keys/private/media/laptop.key' - - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 38343933313031343230346232633837346332656163303561323038643935343638333231633032 - 3035633565326130363666393631616333653638386564360a373863366364353632383031316561 - 35306566623237613565653465316566336439613064653934316536333062366163383435313366 - 6130633630376639330a366230386435643736353664623435316334666639653836393531623463 - 30336435613761616132656138303263396263336564323865356538353661366439333538343961 - 6164353934636536333433326332383830353034343437646563 + public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' peers: - - { - name: 'zeus-media', - allowd_ips: '10.0.1.1/32', - endpoint: 'fudiggity.nl:51903', - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', - preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n666536333463333939313365343734313533633132396662336665643462336164373034666265623061373463396462333162323666323565636265663861310a623766653463613036663530653763376638643566323439636236656239663064646135323337333365653039343836303935316335383831643764663366360a656639303535666430643838343465356530633162383336663633346433346465376236366265656335636438323133643064356462313166323633623634323836363032626463376239373330356533336537633139643461316235366534" - } + - name: 'zeus-media' + allowd_ips: '10.0.1.1/32' + endpoint: 'fudiggity.nl:51903' + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' + preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk' diff --git a/vars/main.yml b/vars/main.yml index cd8d787..5c35e2f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -43,3 +43,5 @@ modprobe_templates: [] mkinitcpio_templates: [] boot_configuration: + +vpn_config_dir: '/etc/wireguard' From 460d9365f11acff71ddbf1e57916cfce017b2cff Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 2 Mar 2025 20:11:23 +0100 Subject: [PATCH 077/131] Remove thermal control monitoring provisioning --- tasks/setup-laptop.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tasks/setup-laptop.yml b/tasks/setup-laptop.yml index 19d26e5..01517f4 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/setup-laptop.yml @@ -1,10 +1,6 @@ -- name: set fan and thermal monitoring control +- name: Provision powertop systemd service become: true - command: smbios-thermal-ctl --set-thermal-mode quiet - -- name: provision powertop systemd service - become: true - template: + ansible.builtin.template: src: 'templates/laptop/powertop.service.j2' dest: '/etc/systemd/system/powertop.service' owner: root From 079b45be28812a7c42de66dd1682e2e563afae51 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 6 Mar 2025 02:22:49 +0100 Subject: [PATCH 078/131] Use DNS from wireguard interface --- templates/desktop/network/wg0.network.j2 | 2 ++ templates/desktop/network/wg1.network.j2 | 2 ++ templates/laptop/network/wg0.network.j2 | 2 ++ templates/laptop/network/wg1.network.j2 | 2 ++ vars/desktop.yml | 6 ++++++ vars/laptop.yml | 6 ++++++ vars/mpd.yml | 2 +- 7 files changed, 21 insertions(+), 1 deletion(-) diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 4dbb494..9253528 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -5,3 +5,5 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +DNS={{ vpn_default.dns }} +Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 3f8e7a1..9a03d7b 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -5,3 +5,5 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +DNS={{ vpn_media.dns }} +Domains={{ vpn_media.domains | join(' ') }} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 4dbb494..9253528 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -5,3 +5,5 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +DNS={{ vpn_default.dns }} +Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 index 3f8e7a1..9a03d7b 100644 --- a/templates/laptop/network/wg1.network.j2 +++ b/templates/laptop/network/wg1.network.j2 @@ -5,3 +5,5 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +DNS={{ vpn_media.dns }} +Domains={{ vpn_media.domains | join(' ') }} diff --git a/vars/desktop.yml b/vars/desktop.yml index 3f39782..d9646c5 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -22,6 +22,9 @@ vpn_default: ip: '10.0.0.3' subnet: '24' interface: 'wg0' + dns: '10.0.0.1' + domains: + - ~vpn.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -39,6 +42,9 @@ vpn_media: ip: '10.0.1.3' subnet: '24' interface: 'wg1' + dns: '10.0.1.1' + domains: + - ~media-vpn.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' diff --git a/vars/laptop.yml b/vars/laptop.yml index f2e5dbc..cba4fa9 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -26,6 +26,9 @@ vpn_default: ip: '10.0.0.2' subnet: '24' interface: 'wg0' + dns: '10.0.0.1' + domains: + - ~vpn.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' @@ -42,6 +45,9 @@ vpn_media: ip: '10.0.1.2' subnet: '24' interface: 'wg1' + dns: '10.0.1.1' + domains: + - ~media-vpn.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' diff --git a/vars/mpd.yml b/vars/mpd.yml index 742d0d4..fa1b0be 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,7 +1,7 @@ mpd_listen_address: '127.0.0.1' mpd_listen_port: '6600' -mpd_remote_address: '10.0.0.1' +mpd_remote_address: 'vpn.fudiggity.nl' mpd_remote_port: '21000' mpd_remote_stream_port: '8000' # note that this is not used (yet) From 2d2fb508f0af2cec7394b122a3b5694e0eca44a6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 7 Mar 2025 09:22:48 +0100 Subject: [PATCH 079/131] Remove ncmpc configuration --- tasks/mpd.yml | 73 +++++++++++++++++++++++++++++---------------------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 0673104..569a263 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -1,52 +1,63 @@ -- name: copy systemd configuration files - template: +- name: Copy systemd configuration files + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0644' loop: - - { - src: 'templates/mpd/service.j2', - dest: '{{ xdg_config_dir }}/systemd/user/mpd.service', - } - - { - src: 'templates/mpd/socket.j2', - dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket', - } + - src: 'templates/mpd/service.j2' + dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' + + - src: 'templates/mpd/socket.j2' + dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service - restart mpd socket -- name: create mpd files - file: +- name: Create mpd files + ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' + mode: '0644' loop: - - { path: '{{ mpd_configuration_dir }}', state: 'directory' } - - { path: '{{ ncmpc_configuration_dir }}', state: 'directory' } - - { path: '{{ ncmpcpp_configuration_dir }}', state: 'directory' } - - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' } - - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' } + - path: '{{ mpd_configuration_dir }}' + state: 'directory' + - path: '{{ ncmpc_configuration_dir }}' + state: 'directory' + - path: '{{ ncmpcpp_configuration_dir }}' + state: 'directory' + - path: '{{ mpd_configuration_dir }}/playlists' + state: 'directory' + - path: '{{ mpd_configuration_dir }}/state' + state: 'touch' -- name: remove previous mpd files - file: +- name: Remove previous mpd files + ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' + mode: '0644' + recurse: '{{ item.path is directory }}' loop: - - { path: '{{ mpd_configuration_dir }}/log', state: 'absent' } - - { path: '{{ mpd_configuration_dir }}/database', state: 'absent' } - - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'absent' } + - path: '{{ mpd_configuration_dir }}/log' + state: 'absent' + - path: '{{ mpd_configuration_dir }}/database' + state: 'absent' + - path: '{{ mpd_configuration_dir }}/sticker.sql' + state: 'absent' + - path: '{{ ncmpc_configuration_dir }}' + state: 'absent' -- name: copy configuration files - template: +- name: Copy configuration files + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0644' loop: - - { src: 'templates/mpd/mpd.conf.j2', dest: '{{ mpd_configuration_dir }}/mpd.conf' } - - { src: 'templates/mpd/ncmpc.j2', dest: '{{ ncmpc_configuration_dir }}/config' } - - { src: 'templates/mpd/ncmpcpp/config.j2', dest: '{{ ncmpcpp_configuration_dir }}/config' } - - { - src: 'templates/mpd/ncmpcpp/bindings.j2', - dest: '{{ ncmpcpp_configuration_dir }}/bindings' - } + - src: 'templates/mpd/mpd.conf.j2' + dest: '{{ mpd_configuration_dir }}/mpd.conf' + - src: 'templates/mpd/ncmpcpp/config.j2' + dest: '{{ ncmpcpp_configuration_dir }}/config' + - src: 'templates/mpd/ncmpcpp/bindings.j2' + dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service From 58b8d145e6af0bc9885c9082ffc8c5e59f211e9f Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Mar 2025 08:15:18 +0100 Subject: [PATCH 080/131] Fix mpd file permissions --- tasks/mpd.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 569a263..08de7d4 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -17,7 +17,7 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' - mode: '0644' + mode: '0755' loop: - path: '{{ mpd_configuration_dir }}' state: 'directory' @@ -34,8 +34,6 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' - mode: '0644' - recurse: '{{ item.path is directory }}' loop: - path: '{{ mpd_configuration_dir }}/log' state: 'absent' @@ -50,7 +48,7 @@ ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' - mode: '0644' + mode: '0755' loop: - src: 'templates/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' From 8920ba56f32d2e75b4691693542340f867aea4b5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Mar 2025 20:55:43 +0100 Subject: [PATCH 081/131] Add transmission route configuration --- templates/desktop/network/wg0.netdev.j2 | 4 +++- templates/desktop/network/wg0.network.j2 | 10 ++++++++++ templates/desktop/network/wg1.netdev.j2 | 4 +++- templates/desktop/network/wg1.network.j2 | 10 ++++++++++ vars/desktop.yml | 12 ++++++++++-- 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 6f1c0dd..ffceef7 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 9253528..1787da4 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -7,3 +7,13 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} + +{% for peer in vpn_default.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 index 104804f..13d86df 100644 --- a/templates/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 9a03d7b..8e462cc 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -7,3 +7,13 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} + +{% for peer in vpn_media.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination = {{ ip.address }} +Scope = link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index d9646c5..e4cca6c 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -18,6 +18,7 @@ boot_configuration: disk: /dev/sdc partition: 1 +# TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' subnet: '24' @@ -25,6 +26,7 @@ vpn_default: dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl + - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -32,7 +34,11 @@ vpn_default: peers: - name: 'zeus' - allowd_ips: '10.0.0.1/32' + allowed_ips: + - address: '10.0.0.0/24' + create_route: false + - address: '172.16.238.0/24' + create_route: true endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -52,7 +58,9 @@ vpn_media: peers: - name: 'zeus-media' - allowd_ips: '10.0.1.1/32' + allowed_ips: + - address: '10.0.1.0/24' + create_route: false endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' From e72f7533ebd47454a153e111bef9b5e97711b6b0 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Mar 2025 21:00:54 +0100 Subject: [PATCH 082/131] Remove unused files --- .gitlab-ci.yml | 26 -------------------------- .prettierrc.yml | 5 ----- package-lock.json | 33 --------------------------------- package.json | 5 ----- 4 files changed, 69 deletions(-) delete mode 100644 .gitlab-ci.yml delete mode 100644 .prettierrc.yml delete mode 100644 package-lock.json delete mode 100644 package.json diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 2a8b491..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,26 +0,0 @@ -stages: - - lint - - test - -cache: - key: $CI_COMMIT_REF_SLUG - paths: - - .cache/pip - - node_modules/ - -lint: - stage: lint - image: node:lts - before_script: - - npm install - script: - - npx prettier '**/*.yml' --check - -syntax-test: - stage: test - image: python:3.7 - before_script: - - pip install ansible --quiet - - ansible-galaxy install --role-file requirements.yml --roles-path ./roles - script: - - ansible-playbook playbook.yml --syntax-check diff --git a/.prettierrc.yml b/.prettierrc.yml deleted file mode 100644 index 0cb31e6..0000000 --- a/.prettierrc.yml +++ /dev/null @@ -1,5 +0,0 @@ -singleQuote: true -printWidth: 90 -tabWidth: 2 -useTabs: false -bracketSpacing: true diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 0db7ba2..0000000 --- a/package-lock.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "name": "development", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "prettier": "^2.6.2" - } - }, - "node_modules/prettier": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", - "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==", - "bin": { - "prettier": "bin-prettier.js" - }, - "engines": { - "node": ">=10.13.0" - }, - "funding": { - "url": "https://github.com/prettier/prettier?sponsor=1" - } - } - }, - "dependencies": { - "prettier": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", - "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==" - } - } -} diff --git a/package.json b/package.json deleted file mode 100644 index e1f5891..0000000 --- a/package.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "dependencies": { - "prettier": "^2.6.2" - } -} From 1231d2bbaeb7d63f8779c91466b7fed961099ea1 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 9 Mar 2025 21:15:27 +0100 Subject: [PATCH 083/131] Apply changes from 8920ba56f32d2e75b4691693542340f867aea4b5 to laptop configuration --- templates/desktop/network/wg0.network.j2 | 2 +- templates/desktop/network/wg1.network.j2 | 6 +++--- templates/laptop/network/wg0.netdev.j2 | 4 +++- templates/laptop/network/wg0.network.j2 | 12 +++++++++++- templates/laptop/network/wg1.netdev.j2 | 4 +++- templates/laptop/network/wg1.network.j2 | 12 +++++++++++- vars/desktop.yml | 5 ++--- vars/laptop.yml | 15 +++++++++++---- 8 files changed, 45 insertions(+), 15 deletions(-) diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 1787da4..515a71a 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 8e462cc..40d3650 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} @@ -12,8 +12,8 @@ Domains={{ vpn_media.domains | join(' ') }} {% for ip in peer.allowed_ips %} {% if ip.create_route %} [Route] -Destination = {{ ip.address }} -Scope = link +Destination={{ ip.address }} +Scope=link {% endif %} {% endfor %} {% endfor %} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index 6f1c0dd..ffceef7 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 9253528..515a71a 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -4,6 +4,16 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} + +{% for peer in vpn_default.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 index 104804f..13d86df 100644 --- a/templates/laptop/network/wg1.netdev.j2 +++ b/templates/laptop/network/wg1.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 index 9a03d7b..40d3650 100644 --- a/templates/laptop/network/wg1.network.j2 +++ b/templates/laptop/network/wg1.network.j2 @@ -4,6 +4,16 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} + +{% for peer in vpn_media.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index e4cca6c..6a22f27 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -21,7 +21,7 @@ boot_configuration: # TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' - subnet: '24' + prefix: '24' interface: 'wg0' dns: '10.0.0.1' domains: @@ -30,7 +30,6 @@ vpn_default: public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' - private_key_source_path: 'files/desktop/wireguard/default/desktop.key' peers: - name: 'zeus' @@ -46,7 +45,7 @@ vpn_default: vpn_media: ip: '10.0.1.3' - subnet: '24' + prefix: '24' interface: 'wg1' dns: '10.0.1.1' domains: diff --git a/vars/laptop.yml b/vars/laptop.yml index cba4fa9..cc46761 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -24,18 +24,23 @@ mkinitcpio_templates: vpn_default: ip: '10.0.0.2' - subnet: '24' + prefix: '24' interface: 'wg0' dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl + - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - name: 'zeus' - allowd_ips: '10.0.0.1/32' + allowed_ips: + - address: '10.0.0.0/24' + create_route: false + - address: '172.16.238.0/24' + create_route: true endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -43,7 +48,7 @@ vpn_default: vpn_media: ip: '10.0.1.2' - subnet: '24' + prefix: '24' interface: 'wg1' dns: '10.0.1.1' domains: @@ -54,7 +59,9 @@ vpn_media: peers: - name: 'zeus-media' - allowd_ips: '10.0.1.1/32' + allowed_ips: + - address: '10.0.1.0/24' + create_route: false endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' From aafd7eaf750431882d31022108e70e94cb8794f3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 12 Mar 2025 17:24:46 +0100 Subject: [PATCH 084/131] Add binding for single mode --- templates/mpd/ncmpcpp/bindings.j2 | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 index 92e0d45..1f85833 100644 --- a/templates/mpd/ncmpcpp/bindings.j2 +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -127,12 +127,15 @@ def_key "f" def_key "b" seek_backward -def_key "r" +def_key "ctrl-r" toggle_repeat -def_key "z" +def_key "ctrl-z" toggle_random +def_key "ctrl-s" + toggle_single + def_key "u" update_database @@ -196,9 +199,6 @@ def_key "=" def_key "@" dummy -def_key "ctrl-h" - dummy - def_key "backspace" dummy @@ -229,12 +229,6 @@ def_key "x" def_key "X" dummy -def_key "ctrl-s" - dummy - -def_key "ctrl-r" - dummy - def_key "ctrl-f" dummy From d148eca9b7fb914cb7219e661ff8ec3055837c56 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 13 Mar 2025 21:24:55 +0100 Subject: [PATCH 085/131] Split platform vars into directories --- tasks/platform.yml | 6 ++++-- vars/desktop/system.yml | 19 +++++++++++++++++++ vars/{desktop.yml => desktop/vpn.yml} | 20 -------------------- vars/laptop/system.yml | 23 +++++++++++++++++++++++ vars/{laptop.yml => laptop/vpn.yml} | 24 ------------------------ 5 files changed, 46 insertions(+), 46 deletions(-) create mode 100644 vars/desktop/system.yml rename vars/{desktop.yml => desktop/vpn.yml} (74%) create mode 100644 vars/laptop/system.yml rename vars/{laptop.yml => laptop/vpn.yml} (70%) diff --git a/tasks/platform.yml b/tasks/platform.yml index 66e96cd..bad51f3 100644 --- a/tasks/platform.yml +++ b/tasks/platform.yml @@ -14,9 +14,11 @@ when: is_laptop.rc == 0 - name: Load desktop specific vars - ansible.builtin.include_vars: 'vars/desktop.yml' + ansible.builtin.include_vars: + dir: vars/desktop when: platform == "desktop" - name: Load laptop specific vars - ansible.builtin.include_vars: 'vars/laptop.yml' + ansible.builtin.include_vars: + dir: vars/laptop when: platform == "laptop" diff --git a/vars/desktop/system.yml b/vars/desktop/system.yml new file mode 100644 index 0000000..61a2959 --- /dev/null +++ b/vars/desktop/system.yml @@ -0,0 +1,19 @@ +platform_packages: [] + +modprobe_templates: + - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' + dest: '/etc/modprobe.d/99-amdgpu.conf' + +mkinitcpio_templates: + - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/desktop/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +boot_configuration: + disk: /dev/sdc + partition: 1 diff --git a/vars/desktop.yml b/vars/desktop/vpn.yml similarity index 74% rename from vars/desktop.yml rename to vars/desktop/vpn.yml index 6a22f27..e5f97d6 100644 --- a/vars/desktop.yml +++ b/vars/desktop/vpn.yml @@ -1,23 +1,3 @@ -platform_packages: [] - -modprobe_templates: - - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' - dest: '/etc/modprobe.d/99-amdgpu.conf' - -mkinitcpio_templates: - - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - - src: 'templates/desktop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - -boot_configuration: - disk: /dev/sdc - partition: 1 - # TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' diff --git a/vars/laptop/system.yml b/vars/laptop/system.yml new file mode 100644 index 0000000..be95be8 --- /dev/null +++ b/vars/laptop/system.yml @@ -0,0 +1,23 @@ +platform_packages: + - iwd + - nvidia + - nvidia-prime + - nvidia-utils + - lib32-nvidia-utils + +boot_configuration: + disk: /dev/nvme0n1 + partition: 1 + +mkinitcpio_templates: + - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + + - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2' + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + + - src: 'templates/laptop/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' diff --git a/vars/laptop.yml b/vars/laptop/vpn.yml similarity index 70% rename from vars/laptop.yml rename to vars/laptop/vpn.yml index cc46761..44aeccb 100644 --- a/vars/laptop.yml +++ b/vars/laptop/vpn.yml @@ -1,27 +1,3 @@ -platform_packages: - - iwd - - nvidia - - nvidia-prime - - nvidia-utils - - lib32-nvidia-utils - -boot_configuration: - disk: /dev/nvme0n1 - partition: 1 - -mkinitcpio_templates: - - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2' - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - - src: 'templates/laptop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - vpn_default: ip: '10.0.0.2' prefix: '24' From 171426a358f461b79ed01363b3a4e4364f4ac7b3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 13 Mar 2025 22:40:27 +0100 Subject: [PATCH 086/131] Update syncthing configuration --- handlers.yml | 4 +- playbook.yml | 28 +++++- tasks/syncthing.yml | 24 +++--- templates/desktop/syncthing.j2 | 132 ---------------------------- templates/laptop/syncthing.j2 | 132 ---------------------------- templates/syncthing.j2 | 152 +++++++++++++++++++++++++++++++++ vars/desktop/syncthing.yml | 45 ++++++++++ vars/desktop/vpn.yml | 12 +-- vars/laptop/syncthing.yml | 45 ++++++++++ vars/laptop/vpn.yml | 17 ++-- vars/main.yml | 2 + vars/mpd.yml | 2 +- 12 files changed, 303 insertions(+), 292 deletions(-) delete mode 100644 templates/desktop/syncthing.j2 delete mode 100644 templates/laptop/syncthing.j2 create mode 100644 templates/syncthing.j2 create mode 100644 vars/desktop/syncthing.yml create mode 100644 vars/laptop/syncthing.yml diff --git a/handlers.yml b/handlers.yml index 5b24c95..23ae9bb 100644 --- a/handlers.yml +++ b/handlers.yml @@ -22,10 +22,10 @@ daemon-reload: true scope: user -- name: restart syncthing +- name: start syncthing systemd: name: syncthing - state: restarted + state: started enabled: true scope: user diff --git a/playbook.yml b/playbook.yml index ea30c97..155fbe1 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,9 +6,33 @@ community.general.pacman: name: '{{ packages }}' - - name: Detect platform - ansible.builtin.import_tasks: 'tasks/platform.yml' + - name: Platform vars tags: platform_vars + block: + - name: Detect platform + ansible.builtin.command: laptop-detect + register: is_laptop + failed_when: is_laptop.rc == 2 + + - name: Set platform (desktop) + ansible.builtin.set_fact: + platform: desktop + when: is_laptop.rc == 1 + + - name: Set platform (laptop) + ansible.builtin.set_fact: + platform: laptop + when: is_laptop.rc == 0 + + - name: Load desktop specific vars + ansible.builtin.include_vars: + dir: vars/desktop + when: platform == 'desktop' + + - name: Load laptop specific vars + ansible.builtin.include_vars: + dir: vars/laptop + when: platform == 'laptop' - name: Install platform specific packages become: true diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index 5e9b5bc..3c36b5e 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,14 +1,18 @@ -- name: create configuration dir - file: +- name: Create configuration dir + ansible.builtin.file: path: '{{ xdg_config_dir }}/syncthing' state: directory + mode: '0755' -# Syncthing config files should not be overwritten, -# see https://docs.syncthing.net/users/config.html#config-file-format -- name: copy configuration file - template: - src: 'templates/{{ platform }}/syncthing.j2' +- name: Stop syncthing service + ansible.builtin.systemd: + name: syncthing + scope: user + state: stopped + +- name: Copy configuration file + ansible.builtin.template: + src: 'templates/syncthing.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' - mode: '0600' - force: false - notify: restart syncthing + mode: '0640' + notify: start syncthing diff --git a/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 deleted file mode 100644 index f4f290f..0000000 --- a/templates/desktop/syncthing.j2 +++ /dev/null @@ -1,132 +0,0 @@ - - - basic - - - 0 - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - - basic - - - 0 - - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - -1 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - -
dynamic
- false - false - 0 - 0 - 0 - - -
tcp://10.0.0.1:22000
- false - false - 0 - 0 - 0 - - -
127.0.0.1:8384
- Qo5fAhxR7LnwvJ7eGYr4gigkHm2LrT6y - dark - - - - default - default - true - true - 21027 - [ff12::8384]:21027 - 0 - 0 - 60 - true - 10 - true - true - 60 - 30 - 10 - 3 - 0 - rxdDP3h2 - https://data.syncthing.net/newdata - false - 1800 - true - 12 - false - 24 - false - 5 - false - 1 - https://upgrades.syncthing.net/meta.json - false - 10 - authenticationUserAndPassword - 0 - ~ - true - 0 - https://crash.syncthing.net/newcrash - true - 180 - 20 - default - auto - 0 - - diff --git a/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 deleted file mode 100644 index 4112f18..0000000 --- a/templates/laptop/syncthing.j2 +++ /dev/null @@ -1,132 +0,0 @@ - - - basic - - - 0 - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - - basic - - - 0 - - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - -
tcp://10.0.0.1:22000
- false - false - 0 - 0 - 0 - - -
dynamic
- false - false - 0 - 0 - 0 - - -
127.0.0.1:8384
- 2y25PxNtQjtDoe6qnDSiWpmSMpJnvoyi - dark - - - - default - default - true - true - 21027 - [ff12::8384]:21027 - 0 - 0 - 60 - true - 10 - true - true - 60 - 30 - 10 - -1 - 0 - A3FvpLVX - https://data.syncthing.net/newdata - false - 1800 - true - 12 - false - 24 - false - 5 - false - 1 - https://upgrades.syncthing.net/meta.json - false - 10 - authenticationUserAndPassword - 0 - ~ - true - 0 - https://crash.syncthing.net/newcrash - true - 180 - 20 - default - auto - 0 - - diff --git a/templates/syncthing.j2 b/templates/syncthing.j2 new file mode 100644 index 0000000..c48c0d8 --- /dev/null +++ b/templates/syncthing.j2 @@ -0,0 +1,152 @@ + + + + {% for folder in syncthing_folders -%} + + + {% for id in folder.devices -%} + + + + {%- endfor %} + + basic + 20 + + 3600 + + basic + + + 0 + 0 + 0 + random + false + 0 + 0 + -1 + false + false + false + 25 + .stfolder + false + 0 + 2 + false + standard + standard + false + false + false + false + false + false + + {%- endfor %} + + {% for device in syncthing_devices -%} + +
{{ device.address }}
+ false + false + 0 + 0 + 0 + false + 0 + 0 + + {%- endfor %} + + +
{{ syncthing_listen_address }}:{{ syncthing_gui_port }}
+ {{ syncthing_api_key }} + default + true + + + + tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }} + + + + + + basic + + + + + + 1 + + + 3600 + + basic + + + 0 + 0 + 0 + random + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 2 + false + standard + standard + false + false + + + +
dynamic
+ false + false + 0 + 0 + 0 + false + 0 + 0 + + + + (?d).DS_Store + + + diff --git a/vars/desktop/syncthing.yml b/vars/desktop/syncthing.yml new file mode 100644 index 0000000..a9f0bc0 --- /dev/null +++ b/vars/desktop/syncthing.yml @@ -0,0 +1,45 @@ +syncthing_listen_address: '0.0.0.0' +syncthing_protocol_port: 22000 +syncthing_gui_port: 8384 + +syncthing_config_version: 37 +syncthing_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39643534383666343331666336356662333165633032356532323730316535616363393330376263 + 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 + 34653032646230313063613265313836383033353336333461376432363530633632313234323733 + 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 + 64666465356566313263376330643664313266646139663433663366316232613562663863366334 + 3061663839656563353663373135393233653130383735366538 + +syncthing_devices: + - name: Desktop + id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN + address: dynamic + + - name: Fudiggity + id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV + address: tcp://syncthing.{{ server_domain }}:22000 + + - name: XPS15 + id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH + address: tcp://10.0.0.2:22000 + +syncthing_folders: + - id: default + label: Default + path: '{{ ansible_env.HOME }}/syncthing/default' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id + + - id: pictures + label: Pictures + path: '{{ ansible_env.HOME }}/syncthing/pictures' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id diff --git a/vars/desktop/vpn.yml b/vars/desktop/vpn.yml index e5f97d6..51fb9e4 100644 --- a/vars/desktop/vpn.yml +++ b/vars/desktop/vpn.yml @@ -5,20 +5,20 @@ vpn_default: interface: 'wg0' dns: '10.0.0.1' domains: - - ~vpn.fudiggity.nl - - ~transmission.fudiggity.nl + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' peers: - - name: 'zeus' + - name: 'fudiggity' allowed_ips: - address: '10.0.0.0/24' create_route: false - address: '172.16.238.0/24' create_route: true - endpoint: 'fudiggity.nl:51902' + endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk' @@ -29,7 +29,7 @@ vpn_media: interface: 'wg1' dns: '10.0.1.1' domains: - - ~media-vpn.fudiggity.nl + - '~media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' @@ -40,7 +40,7 @@ vpn_media: allowed_ips: - address: '10.0.1.0/24' create_route: false - endpoint: 'fudiggity.nl:51903' + endpoint: '{{ server_domain }}.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' preshared_key_source_path: 'files/desktop/wireguard/media/preshared.psk' diff --git a/vars/laptop/syncthing.yml b/vars/laptop/syncthing.yml new file mode 100644 index 0000000..a817845 --- /dev/null +++ b/vars/laptop/syncthing.yml @@ -0,0 +1,45 @@ +syncthing_listen_address: '0.0.0.0' +syncthing_protocol_port: 22000 +syncthing_gui_port: 8384 + +syncthing_config_version: 37 +syncthing_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35346637623066636261633331343438313736356137633466306633613563343630363565643763 + 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 + 65336339383630313837323137613137303862613061326131313437316637383637666638313235 + 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 + 66333431636134366466373533616438326230323965333763316336393764303737663461363636 + 3061373832313462623765353130616237343966333332623262 + +syncthing_devices: + - name: Desktop + id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN + address: tcp://10.0.0.3:22000 + + - name: Fudiggity + id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV + address: tcp://syncthing.{{ server_domain }}:22000 + + - name: XPS15 + id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH + address: dynamic + +syncthing_folders: + - id: default + label: Default + path: '{{ ansible_env.HOME }}/syncthing/default' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id + + - id: pictures + label: Pictures + path: '{{ ansible_env.HOME }}/syncthing/pictures' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id diff --git a/vars/laptop/vpn.yml b/vars/laptop/vpn.yml index 44aeccb..158db4e 100644 --- a/vars/laptop/vpn.yml +++ b/vars/laptop/vpn.yml @@ -4,20 +4,23 @@ vpn_default: interface: 'wg0' dns: '10.0.0.1' domains: - - ~vpn.fudiggity.nl - - ~transmission.fudiggity.nl + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - - name: 'zeus' + - name: 'fudiggity' allowed_ips: - address: '10.0.0.0/24' create_route: false - address: '172.16.238.0/24' create_route: true - endpoint: 'fudiggity.nl:51902' + - address: '172.32.238.0/24' + create_route: true + endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk' @@ -28,17 +31,17 @@ vpn_media: interface: 'wg1' dns: '10.0.1.1' domains: - - ~media-vpn.fudiggity.nl + - '~media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' peers: - - name: 'zeus-media' + - name: 'fudiggity-media' allowed_ips: - address: '10.0.1.0/24' create_route: false - endpoint: 'fudiggity.nl:51903' + endpoint: '{{ server_domain }}:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk' diff --git a/vars/main.yml b/vars/main.yml index 4419e81..0bba8b7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -47,3 +47,5 @@ mkinitcpio_templates: [] boot_configuration: vpn_config_dir: '/etc/wireguard' + +server_domain: fudiggity.nl diff --git a/vars/mpd.yml b/vars/mpd.yml index fa1b0be..258ec66 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,7 +1,7 @@ mpd_listen_address: '127.0.0.1' mpd_listen_port: '6600' -mpd_remote_address: 'vpn.fudiggity.nl' +mpd_remote_address: 'vpn.{{ server_domain }}' mpd_remote_port: '21000' mpd_remote_stream_port: '8000' # note that this is not used (yet) From 11eb116f2dda9593178b1c2336850e8e4b45bd43 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 14 Mar 2025 08:43:46 +0100 Subject: [PATCH 087/131] Add missing desktop configuration for syncthing --- vars/desktop/vpn.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vars/desktop/vpn.yml b/vars/desktop/vpn.yml index 51fb9e4..066741b 100644 --- a/vars/desktop/vpn.yml +++ b/vars/desktop/vpn.yml @@ -5,8 +5,9 @@ vpn_default: interface: 'wg0' dns: '10.0.0.1' domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' + - ~vpn.{{ server_domain }} + - ~transmission.{{ server_domain }} + - ~syncthing.{{ server_domain }} public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -18,6 +19,8 @@ vpn_default: create_route: false - address: '172.16.238.0/24' create_route: true + - address: '172.32.238.0/24' + create_route: true endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' From 4d66a42129986446b5fc59e7991ef49523bf9c64 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 14 Mar 2025 20:05:33 +0100 Subject: [PATCH 088/131] Increase font size for wezterm --- templates/wezterm/includes/fonts.lua.j2 | 2 +- vars/main.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 index 1f1974c..fb2735d 100644 --- a/templates/wezterm/includes/fonts.lua.j2 +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -8,7 +8,7 @@ return { { weight = 'Regular', stretch = 'Normal', style = 'Normal' } ), - font_size = 11, + font_size = {{ wezterm_font_size }}, freetype_load_target = 'Light', freetype_render_target = 'HorizontalLcd', harfbuzz_features = { diff --git a/vars/main.yml b/vars/main.yml index 0bba8b7..5dccfd9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -49,3 +49,5 @@ boot_configuration: vpn_config_dir: '/etc/wireguard' server_domain: fudiggity.nl + +wezterm_font_size: 12 From eb308670ccfdeb95785950a11c688f73f20ef772 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 14 Mar 2025 20:37:55 +0100 Subject: [PATCH 089/131] Remove old task file --- tasks/platform.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 tasks/platform.yml diff --git a/tasks/platform.yml b/tasks/platform.yml deleted file mode 100644 index bad51f3..0000000 --- a/tasks/platform.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Detect platform - ansible.builtin.command: laptop-detect - register: is_laptop - failed_when: is_laptop.rc == 2 - -- name: Set platform (desktop) - ansible.builtin.set_fact: - platform: 'desktop' - when: is_laptop.rc == 1 - -- name: Set platform (laptop) - ansible.builtin.set_fact: - platform: 'laptop' - when: is_laptop.rc == 0 - -- name: Load desktop specific vars - ansible.builtin.include_vars: - dir: vars/desktop - when: platform == "desktop" - -- name: Load laptop specific vars - ansible.builtin.include_vars: - dir: vars/laptop - when: platform == "laptop" From 4b8aaf3e950f2c3cd81158ad3469ae63a514bd83 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 15 Mar 2025 00:05:30 +0100 Subject: [PATCH 090/131] Group/host variable refactor --- ansible.cfg | 1 + files/desktop/wireguard/media/desktop.key | 7 - files/desktop/wireguard/media/desktop.pub | 1 - files/desktop/wireguard/media/preshared.psk | 7 - files/laptop/wireguard/media/laptop.key | 7 - files/laptop/wireguard/media/laptop.pub | 1 - files/laptop/wireguard/media/preshared.psk | 7 - .../desktop/wireguard/default/desktop.key | 0 .../desktop/wireguard/default/desktop.pub | 0 .../desktop/wireguard/default/preshared.psk | 0 files/{ => personal/gpg}/gpg_key | 0 files/{ => personal/gpg}/gpg_pub | 0 .../xps}/wireguard/default/preshared.psk | 0 .../xps/wireguard/default/xps.key} | 0 .../xps/wireguard/default/xps.pub} | 0 files/tmux_start | 8 - {vars => group_vars/all}/main.yml | 20 +-- {vars => group_vars/personal}/gpg.yml | 0 {vars => group_vars/personal}/mpd.yml | 0 group_vars/personal/system.yml | 39 ++++ handlers.yml | 1 - {vars => host_vars}/desktop/syncthing.yml | 0 {vars => host_vars}/desktop/system.yml | 10 +- {vars => host_vars}/desktop/vpn.yml | 6 +- {vars/laptop => host_vars/xps}/syncthing.yml | 0 host_vars/xps/system.yml | 61 +++++++ {vars/laptop => host_vars/xps}/vpn.yml | 4 +- inventory.yml | 6 + playbook.yml | 105 ++++------- tasks/git.yml | 28 +-- tasks/mpv.yml | 20 --- tasks/network.yml | 108 ++--------- .../desktop.yml} | 8 +- tasks/{ => personal}/mpd.yml | 11 +- tasks/personal/mpv.yml | 16 ++ tasks/{ => personal}/syncthing.yml | 0 tasks/personal/wireguard.yml | 112 ++++++++++++ tasks/{setup-laptop.yml => personal/xps.yml} | 2 +- tasks/setup.yml | 169 ++++++++++-------- tasks/systemd.yml | 16 +- templates/laptop/sysctl/98-forward.conf.j2 | 2 - templates/laptop/sysctl/99-sysrq.conf.j2 | 2 - templates/{ => personal}/desktop/cmdline.j2 | 0 .../desktop/mkinitcpio/1-modules.conf.j2 | 0 .../desktop/mkinitcpio/linux-lts.preset.j2 | 0 .../desktop/mkinitcpio/linux.preset.j2 | 0 .../desktop/modprobe/99-amdgpu.conf.j2 | 0 .../desktop/network/enp.network.j2 | 0 .../desktop/network/wg0.netdev.j2 | 0 .../desktop/network/wg0.network.j2 | 0 .../desktop/network/wg1.netdev.j2 | 0 .../desktop/network/wg1.network.j2 | 0 templates/{ => personal}/desktop/nftables.j2 | 0 .../desktop/xdg-desktop-portal.service.j2 | 0 templates/{ => personal}/mpd/mpd.conf.j2 | 0 templates/{ => personal}/mpd/ncmpc.j2 | 0 .../{ => personal}/mpd/ncmpcpp/bindings.j2 | 0 .../{ => personal}/mpd/ncmpcpp/config.j2 | 0 templates/{ => personal}/mpd/service.j2 | 0 templates/{ => personal}/mpd/socket.j2 | 0 templates/{ => personal}/mpv/config.j2 | 0 templates/{ => personal}/mpv/input.j2 | 0 templates/{laptop => personal/xps}/cmdline.j2 | 0 .../xps}/mkinitcpio/1-modules.conf.j2 | 0 .../xps}/mkinitcpio/2-hooks.conf.j2 | 0 .../xps}/mkinitcpio/linux-lts.preset.j2 | 0 .../xps}/mkinitcpio/linux.preset.j2 | 0 .../xps}/network/wg0.netdev.j2 | 0 .../xps}/network/wg0.network.j2 | 0 .../xps}/network/wg1.netdev.j2 | 0 .../xps}/network/wg1.network.j2 | 0 .../xps}/network/wireless.network.j2 | 0 .../{laptop => personal/xps}/nftables.j2 | 0 .../xps}/powertop.service.j2 | 0 templates/polkit.j2 | 11 ++ .../{desktop => }/sysctl/98-forward.conf.j2 | 0 .../{desktop => }/sysctl/99-sysrq.conf.j2 | 0 vars/laptop/system.yml | 23 --- 78 files changed, 445 insertions(+), 374 deletions(-) delete mode 100644 files/desktop/wireguard/media/desktop.key delete mode 100644 files/desktop/wireguard/media/desktop.pub delete mode 100644 files/desktop/wireguard/media/preshared.psk delete mode 100644 files/laptop/wireguard/media/laptop.key delete mode 100644 files/laptop/wireguard/media/laptop.pub delete mode 100644 files/laptop/wireguard/media/preshared.psk rename files/{ => personal}/desktop/wireguard/default/desktop.key (100%) rename files/{ => personal}/desktop/wireguard/default/desktop.pub (100%) rename files/{ => personal}/desktop/wireguard/default/preshared.psk (100%) rename files/{ => personal/gpg}/gpg_key (100%) rename files/{ => personal/gpg}/gpg_pub (100%) rename files/{laptop => personal/xps}/wireguard/default/preshared.psk (100%) rename files/{laptop/wireguard/default/laptop.key => personal/xps/wireguard/default/xps.key} (100%) rename files/{laptop/wireguard/default/laptop.pub => personal/xps/wireguard/default/xps.pub} (100%) rename {vars => group_vars/all}/main.yml (80%) rename {vars => group_vars/personal}/gpg.yml (100%) rename {vars => group_vars/personal}/mpd.yml (100%) create mode 100644 group_vars/personal/system.yml rename {vars => host_vars}/desktop/syncthing.yml (100%) rename {vars => host_vars}/desktop/system.yml (51%) rename {vars => host_vars}/desktop/vpn.yml (84%) rename {vars/laptop => host_vars/xps}/syncthing.yml (100%) create mode 100644 host_vars/xps/system.yml rename {vars/laptop => host_vars/xps}/vpn.yml (89%) create mode 100644 inventory.yml delete mode 100644 tasks/mpv.yml rename tasks/{setup-desktop.yml => personal/desktop.yml} (67%) rename tasks/{ => personal}/mpd.yml (87%) create mode 100644 tasks/personal/mpv.yml rename tasks/{ => personal}/syncthing.yml (100%) create mode 100644 tasks/personal/wireguard.yml rename tasks/{setup-laptop.yml => personal/xps.yml} (79%) delete mode 100644 templates/laptop/sysctl/98-forward.conf.j2 delete mode 100644 templates/laptop/sysctl/99-sysrq.conf.j2 rename templates/{ => personal}/desktop/cmdline.j2 (100%) rename templates/{ => personal}/desktop/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{ => personal}/desktop/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{ => personal}/desktop/mkinitcpio/linux.preset.j2 (100%) rename templates/{ => personal}/desktop/modprobe/99-amdgpu.conf.j2 (100%) rename templates/{ => personal}/desktop/network/enp.network.j2 (100%) rename templates/{ => personal}/desktop/network/wg0.netdev.j2 (100%) rename templates/{ => personal}/desktop/network/wg0.network.j2 (100%) rename templates/{ => personal}/desktop/network/wg1.netdev.j2 (100%) rename templates/{ => personal}/desktop/network/wg1.network.j2 (100%) rename templates/{ => personal}/desktop/nftables.j2 (100%) rename templates/{ => personal}/desktop/xdg-desktop-portal.service.j2 (100%) rename templates/{ => personal}/mpd/mpd.conf.j2 (100%) rename templates/{ => personal}/mpd/ncmpc.j2 (100%) rename templates/{ => personal}/mpd/ncmpcpp/bindings.j2 (100%) rename templates/{ => personal}/mpd/ncmpcpp/config.j2 (100%) rename templates/{ => personal}/mpd/service.j2 (100%) rename templates/{ => personal}/mpd/socket.j2 (100%) rename templates/{ => personal}/mpv/config.j2 (100%) rename templates/{ => personal}/mpv/input.j2 (100%) rename templates/{laptop => personal/xps}/cmdline.j2 (100%) rename templates/{laptop => personal/xps}/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{laptop => personal/xps}/mkinitcpio/2-hooks.conf.j2 (100%) rename templates/{laptop => personal/xps}/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{laptop => personal/xps}/mkinitcpio/linux.preset.j2 (100%) rename templates/{laptop => personal/xps}/network/wg0.netdev.j2 (100%) rename templates/{laptop => personal/xps}/network/wg0.network.j2 (100%) rename templates/{laptop => personal/xps}/network/wg1.netdev.j2 (100%) rename templates/{laptop => personal/xps}/network/wg1.network.j2 (100%) rename templates/{laptop => personal/xps}/network/wireless.network.j2 (100%) rename templates/{laptop => personal/xps}/nftables.j2 (100%) rename templates/{laptop => personal/xps}/powertop.service.j2 (100%) create mode 100644 templates/polkit.j2 rename templates/{desktop => }/sysctl/98-forward.conf.j2 (100%) rename templates/{desktop => }/sysctl/99-sysrq.conf.j2 (100%) delete mode 100644 vars/laptop/system.yml diff --git a/ansible.cfg b/ansible.cfg index 5ec08e7..32fe937 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,6 @@ [defaults] roles_path = ./roles +inventory = inventory.yml ask_vault_pass = true [privilege_escalation] diff --git a/files/desktop/wireguard/media/desktop.key b/files/desktop/wireguard/media/desktop.key deleted file mode 100644 index 8782234..0000000 --- a/files/desktop/wireguard/media/desktop.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62383364643761623739623632633261343735343465336235386336333234656631363432623535 -6562623634363937356137616131396264633161363461340a343432363362346664646161656563 -35623334326238326135646261666330666531633831656564396139666261623937626338386632 -3233333039623039640a383931633539363238326164643365316236326435643537303866373835 -66393465663364303134376566623736636664353031336537663036636462613766343739336331 -6438643538326533313433616438386165626537373162393430 diff --git a/files/desktop/wireguard/media/desktop.pub b/files/desktop/wireguard/media/desktop.pub deleted file mode 100644 index 640bf96..0000000 --- a/files/desktop/wireguard/media/desktop.pub +++ /dev/null @@ -1 +0,0 @@ -YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/desktop/wireguard/media/preshared.psk b/files/desktop/wireguard/media/preshared.psk deleted file mode 100644 index 8e41aac..0000000 --- a/files/desktop/wireguard/media/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34303432393930626266313563613636343439623631633163656532363631313039386231623936 -3336636666626237316532346230303961323263613161320a383436636634376162353863386161 -36663064366461333335613633316630633335666335613464333863656536623230383262623733 -3065363835666231630a616362333233643637613762313437626366363365313831363661313336 -66373966656534646462653833343935623466613662333932666666366430663061366261396330 -3064636536643933613738356461313135363033633366396130 diff --git a/files/laptop/wireguard/media/laptop.key b/files/laptop/wireguard/media/laptop.key deleted file mode 100644 index 939f255..0000000 --- a/files/laptop/wireguard/media/laptop.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64663539393065396333623165623833636539633932306437363365656532343565643866616532 -6562373233633237623761376234336331373637393431380a386261306438393837633037383464 -64623965376138313665393239346138383230383565626264393635303835396537663865313237 -6431313635333030390a646466303961663932353830366235643762393039396531316465333837 -61613264356263616332633334386532303761353536663033373639626634396164623335626566 -3632373266313435646338343738656663356635623138623939 diff --git a/files/laptop/wireguard/media/laptop.pub b/files/laptop/wireguard/media/laptop.pub deleted file mode 100644 index aec0b05..0000000 --- a/files/laptop/wireguard/media/laptop.pub +++ /dev/null @@ -1 +0,0 @@ -hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/laptop/wireguard/media/preshared.psk b/files/laptop/wireguard/media/preshared.psk deleted file mode 100644 index ca1d895..0000000 --- a/files/laptop/wireguard/media/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63643763346434313734663761386539393032613366626230373862643431613963633664353264 -6466616235653963643861643439633537656439363735330a366439356537386662353431643163 -33363830646433336366353363623835373639383663633837313030393162643931353331633133 -6534363438303261320a333364313534336465616336386337383935353631646361623866326232 -64373139636633393236303335396138326638333635663839663734346463303739646431353437 -3838653361383663633632363862306565643531353066623336 diff --git a/files/desktop/wireguard/default/desktop.key b/files/personal/desktop/wireguard/default/desktop.key similarity index 100% rename from files/desktop/wireguard/default/desktop.key rename to files/personal/desktop/wireguard/default/desktop.key diff --git a/files/desktop/wireguard/default/desktop.pub b/files/personal/desktop/wireguard/default/desktop.pub similarity index 100% rename from files/desktop/wireguard/default/desktop.pub rename to files/personal/desktop/wireguard/default/desktop.pub diff --git a/files/desktop/wireguard/default/preshared.psk b/files/personal/desktop/wireguard/default/preshared.psk similarity index 100% rename from files/desktop/wireguard/default/preshared.psk rename to files/personal/desktop/wireguard/default/preshared.psk diff --git a/files/gpg_key b/files/personal/gpg/gpg_key similarity index 100% rename from files/gpg_key rename to files/personal/gpg/gpg_key diff --git a/files/gpg_pub b/files/personal/gpg/gpg_pub similarity index 100% rename from files/gpg_pub rename to files/personal/gpg/gpg_pub diff --git a/files/laptop/wireguard/default/preshared.psk b/files/personal/xps/wireguard/default/preshared.psk similarity index 100% rename from files/laptop/wireguard/default/preshared.psk rename to files/personal/xps/wireguard/default/preshared.psk diff --git a/files/laptop/wireguard/default/laptop.key b/files/personal/xps/wireguard/default/xps.key similarity index 100% rename from files/laptop/wireguard/default/laptop.key rename to files/personal/xps/wireguard/default/xps.key diff --git a/files/laptop/wireguard/default/laptop.pub b/files/personal/xps/wireguard/default/xps.pub similarity index 100% rename from files/laptop/wireguard/default/laptop.pub rename to files/personal/xps/wireguard/default/xps.pub diff --git a/files/tmux_start b/files/tmux_start index 4e6646d..56d5770 100755 --- a/files/tmux_start +++ b/files/tmux_start @@ -1,16 +1,8 @@ #!/bin/bash MAIN="main" -DEVELOPMENT="development" tmux start-server tmux new-session -ds $MAIN tmux new-window -tmux new-window -tmux select-window -t 0 - -tmux new-session -ds $DEVELOPMENT -tmux new-window -tmux new-window -tmux new-window tmux select-window -t 0 diff --git a/vars/main.yml b/group_vars/all/main.yml similarity index 80% rename from vars/main.yml rename to group_vars/all/main.yml index 5dccfd9..405504f 100644 --- a/vars/main.yml +++ b/group_vars/all/main.yml @@ -1,21 +1,13 @@ -xdg_config_dir: '{{ ansible_env.HOME }}/.config' -xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' - -register_uefi_entries: false +ansible_become_method: community.general.run0 packages: - firefox - - mpv - - youtube-dl - keepassxc - gimp - nftables - - mpd - - nfs-utils - okular - postgresql - plasma-meta - - syncthing - wezterm - tmux - unrar @@ -26,13 +18,11 @@ packages: - iproute2 - curl - reflector - - laptop-detect - pipewire - pipewire-pulse - pipewire-alsa - merkuro - kmail - - wireguard-tools - otf-monaspace-nerd - systemd-ukify - efibootmgr @@ -40,14 +30,16 @@ packages: - aspell-nl - aspell-en -platform_packages: [] +xdg_config_dir: '{{ ansible_env.HOME }}/.config' +xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' + modprobe_templates: [] mkinitcpio_templates: [] boot_configuration: -vpn_config_dir: '/etc/wireguard' - server_domain: fudiggity.nl +register_uefi_entries: false + wezterm_font_size: 12 diff --git a/vars/gpg.yml b/group_vars/personal/gpg.yml similarity index 100% rename from vars/gpg.yml rename to group_vars/personal/gpg.yml diff --git a/vars/mpd.yml b/group_vars/personal/mpd.yml similarity index 100% rename from vars/mpd.yml rename to group_vars/personal/mpd.yml diff --git a/group_vars/personal/system.yml b/group_vars/personal/system.yml new file mode 100644 index 0000000..f3e9732 --- /dev/null +++ b/group_vars/personal/system.yml @@ -0,0 +1,39 @@ +packages: + - keepassxc + - gimp + - nftables + - okular + - postgresql + - plasma-meta + - wezterm + - tmux + - unrar + - vim + - git + - openssl + - kmail + - iproute2 + - curl + - reflector + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + - aspell-nl + - aspell-en + + # custom packages + - firefox + - mpv + - youtube-dl + - nfs-utils + - syncthing + - mpd + - wireguard-tools + +vpn_config_dir: '/etc/wireguard' diff --git a/handlers.yml b/handlers.yml index 23ae9bb..0af528a 100644 --- a/handlers.yml +++ b/handlers.yml @@ -57,7 +57,6 @@ name: iwd state: restarted enabled: true - when: platform == "laptop" - name: stop mpd service systemd: diff --git a/vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml similarity index 100% rename from vars/desktop/syncthing.yml rename to host_vars/desktop/syncthing.yml diff --git a/vars/desktop/system.yml b/host_vars/desktop/system.yml similarity index 51% rename from vars/desktop/system.yml rename to host_vars/desktop/system.yml index 61a2959..67054cd 100644 --- a/vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -1,17 +1,15 @@ -platform_packages: [] - modprobe_templates: - - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' + - src: 'templates/personal/desktop/modprobe/99-amdgpu.conf.j2' dest: '/etc/modprobe.d/99-amdgpu.conf' mkinitcpio_templates: - - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' + - src: 'templates/personal/desktop/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - src: 'templates/desktop/mkinitcpio/linux.preset.j2' + - src: 'templates/personal/desktop/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/personal/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' boot_configuration: diff --git a/vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml similarity index 84% rename from vars/desktop/vpn.yml rename to host_vars/desktop/vpn.yml index 066741b..3cc3977 100644 --- a/vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -24,7 +24,7 @@ vpn_default: endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk' + preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.3' @@ -36,7 +36,7 @@ vpn_media: public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: 'files/desktop/wireguard/media/desktop.key' + private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key' peers: - name: 'zeus-media' @@ -46,4 +46,4 @@ vpn_media: endpoint: '{{ server_domain }}.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/desktop/wireguard/media/preshared.psk' + preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk' diff --git a/vars/laptop/syncthing.yml b/host_vars/xps/syncthing.yml similarity index 100% rename from vars/laptop/syncthing.yml rename to host_vars/xps/syncthing.yml diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml new file mode 100644 index 0000000..23170ef --- /dev/null +++ b/host_vars/xps/system.yml @@ -0,0 +1,61 @@ +packages: + - keepassxc + - gimp + - nftables + - okular + - postgresql + - plasma-meta + - wezterm + - tmux + - unrar + - vim + - git + - openssl + - kmail + - iproute2 + - curl + - reflector + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + - aspell-nl + - aspell-en + + # custom packages + - firefox + - mpv + - youtube-dl + - nfs-utils + - syncthing + - mpd + - wireguard-tools + + # custom host packages + - iwd + - nvidia + - nvidia-prime + - nvidia-utils + - lib32-nvidia-utils + +boot_configuration: + disk: /dev/nvme0n1 + partition: 1 + +mkinitcpio_templates: + - src: 'templates/personal/xps/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + + - src: 'templates/personal/xps/mkinitcpio/2-hooks.conf.j2' + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + + - src: 'templates/personal/xps/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/personal/xps/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' diff --git a/vars/laptop/vpn.yml b/host_vars/xps/vpn.yml similarity index 89% rename from vars/laptop/vpn.yml rename to host_vars/xps/vpn.yml index 158db4e..1a2eab2 100644 --- a/vars/laptop/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -23,7 +23,7 @@ vpn_default: endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk' + preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk' vpn_media: ip: '10.0.1.2' @@ -44,4 +44,4 @@ vpn_media: endpoint: '{{ server_domain }}:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk' + preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk' diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..610f4b7 --- /dev/null +++ b/inventory.yml @@ -0,0 +1,6 @@ +personal: + hosts: + xps: + ansible_connection: local + desktop: + ansible_connection: local diff --git a/playbook.yml b/playbook.yml index 155fbe1..a604be7 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,61 +1,21 @@ - name: Arch Linux provisioning - hosts: localhost - pre_tasks: - - name: Install shared packages - become: true - community.general.pacman: - name: '{{ packages }}' - - - name: Platform vars - tags: platform_vars - block: - - name: Detect platform - ansible.builtin.command: laptop-detect - register: is_laptop - failed_when: is_laptop.rc == 2 - - - name: Set platform (desktop) - ansible.builtin.set_fact: - platform: desktop - when: is_laptop.rc == 1 - - - name: Set platform (laptop) - ansible.builtin.set_fact: - platform: laptop - when: is_laptop.rc == 0 - - - name: Load desktop specific vars - ansible.builtin.include_vars: - dir: vars/desktop - when: platform == 'desktop' - - - name: Load laptop specific vars - ansible.builtin.include_vars: - dir: vars/laptop - when: platform == 'laptop' - - - name: Install platform specific packages - become: true - community.general.pacman: - name: '{{ platform_packages }}' - when: platform_packages | length > 0 + hosts: + - xps + - desktop + gather_facts: true roles: - common tasks: + - name: Verifying that a limit is set + ansible.builtin.fail: + msg: 'This playbook cannot be run with no limit' + run_once: true + when: ansible_limit is not defined + - name: Generic provisioning ansible.builtin.import_tasks: 'tasks/setup.yml' tags: setup - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/setup-desktop.yml' - when: platform == 'desktop' - tags: laptop - - - name: Laptop provisioning - ansible.builtin.import_tasks: 'tasks/setup-laptop.yml' - when: platform == 'laptop' - tags: laptop - - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' tags: network @@ -64,33 +24,46 @@ ansible.builtin.import_tasks: 'tasks/systemd.yml' tags: systemd + # TODO: move to development playbook - name: Git provisioning ansible.builtin.import_tasks: 'tasks/git.yml' tags: git - - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/mpv.yml' - tags: mpv - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' - tags: syncthing - - name: Systemd timer provisioning ansible.builtin.import_tasks: 'tasks/timer.yml' tags: timers + - name: Personal provisiong + when: "'personal' in group_names" + block: + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/personal/wireguard.yml' + tags: wireguard + + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/personal/mpv.yml' + tags: mpv + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/personal/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/personal/syncthing.yml' + tags: syncthing + + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/personal/desktop.yml' + when: ansible_hostname == 'desktop' + tags: desktop + + - name: XPS provisioning + ansible.builtin.import_tasks: 'tasks/personal/xps.yml' + when: ansible_hostname == 'xps' + tags: xps handlers: - name: Import default handlers ansible.builtin.import_tasks: 'handlers.yml' - name: Import common role handlers ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' - vars_files: - - 'vars/main.yml' - - 'vars/gpg.yml' - - 'vars/mpd.yml' diff --git a/tasks/git.yml b/tasks/git.yml index 3b07f8f..a375d3b 100644 --- a/tasks/git.yml +++ b/tasks/git.yml @@ -1,24 +1,28 @@ -- name: copy git configuration - template: +- name: Copy git configuration + ansible.builtin.template: src: 'templates/gitconfig.j2' dest: '{{ ansible_env.HOME }}/.gitconfig' + mode: '0755' -- name: copy keys - copy: +- name: Copy keys + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } - - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } + - src: 'files/personal/gpg/gpg_key' + dest: '{{ ansible_env.HOME }}/gpg.key' + - src: 'files/personal/gpg/gpg_pub' + dest: '{{ ansible_env.HOME }}/gpg.pub' -- name: import secret key - command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' +- name: Import secret key + ansible.builtin.command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' -- name: import public key - command: 'gpg --import ~/gpg.pub' +- name: Import public key + ansible.builtin.command: 'gpg --import ~/gpg.pub' -- name: remove temp keys - file: +- name: Remove temp keys + ansible.builtin.file: path: '{{ item }}' state: absent loop: diff --git a/tasks/mpv.yml b/tasks/mpv.yml deleted file mode 100644 index c0e8a8a..0000000 --- a/tasks/mpv.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: create configuration directory - file: - path: '{{ ansible_env.HOME }}/.config/mpv' - state: directory - mode: '0700' - -- name: copy configuration files - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0644' - loop: - - { - src: 'templates/mpv/input.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf', - } - - { - src: 'templates/mpv/config.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf', - } diff --git a/tasks/network.yml b/tasks/network.yml index feec18b..d00a814 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,67 +3,25 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. -- name: Create Wireguard directories +- name: Copy firewall template become: true - ansible.builtin.file: - path: '{{ item }}' + ansible.builtin.template: + src: "{{ lookup('ansible.builtin.first_found', paths) }}" + dest: '/etc/nftables.conf' owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ vpn_default.private_key_path | dirname }}' - - '{{ vpn_default.public_key_path | dirname }}' - - '{{ vpn_media.private_key_path | dirname }}' - - '{{ vpn_media.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ vpn_default.public_key_path }}' - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub' - - - dest: '{{ vpn_default.private_key_path }}' - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key' - - - dest: '{{ vpn_media.public_key_path }}' - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub' - - - dest: '{{ vpn_media.private_key_path }}' - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ vpn_default.peers + vpn_media.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved + group: root + mode: '0600' + vars: + paths: + - 'templates/{{ ansible_hostname }}/nftables.j2' + - 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2' + notify: restart nftables - name: Desktop configuration notify: - restart systemd-networkd - restart systemd-resolved - when: platform == "desktop" + when: ansible_hostname == 'desktop' block: - name: Setup network configuration become: true @@ -74,21 +32,9 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/desktop/network/enp.network.j2' + - src: 'templates/personal/desktop/network/enp.network.j2' dest: '/etc/systemd/network/20-wired.network' - - src: 'templates/desktop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/desktop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/desktop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/desktop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - - name: Remove leftover configuration files become: true ansible.builtin.file: @@ -98,12 +44,12 @@ - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' -- name: Laptop configuration +- name: XPS configuration notify: - restart systemd-networkd - restart systemd-resolved - restart iwd - when: platform == "laptop" + when: ansible_hostname == 'xps' block: - name: Setup network configuration become: true @@ -114,21 +60,9 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/laptop/network/wireless.network.j2' + - src: 'templates/personal/xps/network/wireless.network.j2' dest: '/etc/systemd/network/20-wireless.network' - - src: 'templates/laptop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/laptop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/laptop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/laptop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - - name: Remove leftover configuration files become: true ansible.builtin.file: @@ -137,13 +71,3 @@ loop: - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' - -- name: Copy firewall template - become: true - ansible.builtin.template: - src: 'templates/{{ platform }}/nftables.j2' - dest: '/etc/nftables.conf' - owner: root - group: root - mode: '0600' - notify: restart nftables diff --git a/tasks/setup-desktop.yml b/tasks/personal/desktop.yml similarity index 67% rename from tasks/setup-desktop.yml rename to tasks/personal/desktop.yml index f06ec16..7ebea99 100644 --- a/tasks/setup-desktop.yml +++ b/tasks/personal/desktop.yml @@ -1,10 +1,12 @@ - name: Create xdg-desktop-portal.service.d directory - file: + ansible.builtin.file: path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' state: directory + mode: '0755' - name: Copy xdg-desktop-portal.service drop-in - template: - src: templates/desktop/xdg-desktop-portal.service.j2 + ansible.builtin.template: + src: templates/personal/desktop/xdg-desktop-portal.service.j2 dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' + mode: '0755' notify: user daemon-reload diff --git a/tasks/mpd.yml b/tasks/personal/mpd.yml similarity index 87% rename from tasks/mpd.yml rename to tasks/personal/mpd.yml index 08de7d4..8126cf1 100644 --- a/tasks/mpd.yml +++ b/tasks/personal/mpd.yml @@ -4,10 +4,10 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/mpd/service.j2' + - src: 'templates/personal/mpd/service.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - src: 'templates/mpd/socket.j2' + - src: 'templates/personal/mpd/socket.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service @@ -34,6 +34,7 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' + mode: '0755' loop: - path: '{{ mpd_configuration_dir }}/log' state: 'absent' @@ -50,11 +51,11 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'templates/mpd/mpd.conf.j2' + - src: 'templates/personal/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/mpd/ncmpcpp/config.j2' + - src: 'templates/personal/mpd/ncmpcpp/config.j2' dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/mpd/ncmpcpp/bindings.j2' + - src: 'templates/personal/mpd/ncmpcpp/bindings.j2' dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service diff --git a/tasks/personal/mpv.yml b/tasks/personal/mpv.yml new file mode 100644 index 0000000..3b1e48f --- /dev/null +++ b/tasks/personal/mpv.yml @@ -0,0 +1,16 @@ +- name: Create configuration directory + ansible.builtin.file: + path: '{{ ansible_env.HOME }}/.config/mpv' + state: directory + mode: '0700' + +- name: Copy configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0644' + loop: + - src: 'templates/personal/mpv/input.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' + - src: 'templates/personal/mpv/config.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/syncthing.yml b/tasks/personal/syncthing.yml similarity index 100% rename from tasks/syncthing.yml rename to tasks/personal/syncthing.yml diff --git a/tasks/personal/wireguard.yml b/tasks/personal/wireguard.yml new file mode 100644 index 0000000..81657ea --- /dev/null +++ b/tasks/personal/wireguard.yml @@ -0,0 +1,112 @@ +# Note: Only compatible with personal group + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ vpn_default.private_key_path | dirname }}' + - '{{ vpn_default.public_key_path | dirname }}' + - '{{ vpn_media.private_key_path | dirname }}' + - '{{ vpn_media.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ vpn_default.public_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub' + + - dest: '{{ vpn_default.private_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key' + + - dest: '{{ vpn_media.public_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub' + + - dest: '{{ vpn_media.private_key_path }}' + src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ vpn_default.peers + vpn_media.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Desktop configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + when: ansible_hostname == 'desktop' + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/personal/desktop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/personal/desktop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/personal/desktop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/personal/desktop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + +- name: XPS configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + - restart iwd + when: ansible_hostname == 'xps' + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/personal/xps/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/personal/xps/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/personal/xps/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/personal/xps/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' diff --git a/tasks/setup-laptop.yml b/tasks/personal/xps.yml similarity index 79% rename from tasks/setup-laptop.yml rename to tasks/personal/xps.yml index 01517f4..10b48b2 100644 --- a/tasks/setup-laptop.yml +++ b/tasks/personal/xps.yml @@ -1,7 +1,7 @@ - name: Provision powertop systemd service become: true ansible.builtin.template: - src: 'templates/laptop/powertop.service.j2' + src: 'templates/personal/xps/powertop.service.j2' dest: '/etc/systemd/system/powertop.service' owner: root group: root diff --git a/tasks/setup.yml b/tasks/setup.yml index 0833f95..197cfb0 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,166 +1,183 @@ -- name: copy reflector configuration +- name: Provision pollkit administrator configuration become: true - template: + ansible.builtin.template: + src: 'templates/polkit.j2' + dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules' + mode: '0755' + +- name: Install shared packages + become: true + community.general.pacman: + name: '{{ packages }}' + +- name: Copy reflector configuration + become: true + ansible.builtin.template: src: 'templates/reflector.j2' dest: '/etc/xdg/reflector/reflector.conf' - owner: root - group: root mode: '0600' # started by weekly timer -- name: disable reflector +- name: Disable reflector become: true - systemd: + ansible.builtin.systemd: name: reflector state: stopped enabled: false -- name: copy pacman configuration +- name: Copy pacman configuration become: true - template: + ansible.builtin.template: src: 'templates/pacman.j2' dest: '/etc/pacman.conf' owner: root group: root mode: '0644' -- name: create extra conf +- name: Create extra conf become: true - file: + ansible.builtin.file: path: '/etc/pacman.d/extra.conf' owner: root group: root state: touch mode: '0644' -- name: create wezterm configuration dir - file: +- name: Create wezterm configuration dir + ansible.builtin.file: path: '{{ xdg_config_dir }}/wezterm/includes' state: directory + mode: '0755' -- name: copy wezterm configuration files - template: +- name: Copy wezterm configuration files + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { - src: 'templates/wezterm/wezterm.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - } - - { - src: 'templates/wezterm/includes/colors.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - } - - { - src: 'templates/wezterm/includes/fonts.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - } - - { - src: 'templates/wezterm/includes/window.lua.j2', - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - } + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' -- name: enable fstrim timer + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + +- name: Enable fstrim timer become: true - systemd: + ansible.builtin.systemd: name: fstrim.timer enabled: true -- name: remove the sysctl.d directory +- name: Remove the sysctl.d directory become: true - file: + ansible.builtin.file: path: /etc/sysctl.d state: absent -- name: recreate the sysctl.d directory +- name: Recreate the sysctl.d directory become: true - file: + ansible.builtin.file: path: /etc/sysctl.d state: directory - mode: 755 + mode: '0755' -- name: copy sysctl files +- name: Copy sysctl files become: true - template: + when: "'personal' not in group_names" + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: - - { - src: 'templates/{{ platform }}/sysctl/99-sysrq.conf.j2', - dest: '/etc/sysctl.d/99-sysrq.conf' - } - - { - src: 'templates/{{ platform }}/sysctl/98-forward.conf.j2', - dest: '/etc/sysctl.d/98-foward.conf' - } + - src: 'templates/sysctl/99-sysrq.conf.j2' + dest: '/etc/sysctl.d/99-sysrq.conf' + - src: 'templates/sysctl/98-forward.conf.j2' + dest: '/etc/sysctl.d/98-foward.conf' notify: reload sysctl configuration -- name: remove the modprobe.d directory +- name: Remove the modprobe.d directory become: true - file: + ansible.builtin.file: path: /etc/modprobe.d state: absent -- name: recreate the modprobe.d directory +- name: Recreate the modprobe.d directory become: true - file: + ansible.builtin.file: path: /etc/modprobe.d state: directory - mode: 755 + mode: '0755' -- name: copy modprobe configuration files +- name: Copy modprobe configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: '{{ modprobe_templates }}' when: modprobe_templates -- name: copy kernel parameters template +- name: Copy kernel parameters template become: true - template: - src: 'templates/{{ platform }}/cmdline.j2' + when: "'personal' not in group_names" + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/cmdline.j2' dest: '/etc/kernel/cmdline' + mode: '0755' -- name: remove the mkinitcpio directories +- name: Copy kernel parameters template for personal group become: true - file: + when: "'personal' in group_names" + ansible.builtin.template: + src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2' + dest: '/etc/kernel/cmdline' + mode: '0755' + +- name: Remove the mkinitcpio directories + become: true + ansible.builtin.file: path: '{{ item }}' state: absent loop: - /etc/mkinitcpio.conf.d - /etc/mkinitcpio.d -- name: recreate the mkinitcpio directories +- name: Recreate the mkinitcpio directories become: true - file: + ansible.builtin.file: path: '{{ item }}' state: directory - mode: 755 + mode: '0755' loop: - /etc/mkinitcpio.conf.d - /etc/mkinitcpio.d -- name: copy mkinitcpio configuration files +- name: Copy mkinitcpio configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' + mode: '0755' loop: '{{ mkinitcpio_templates }}' when: mkinitcpio_templates -- name: regenerate initramfs images +- name: Regenerate initramfs images become: true - command: 'mkinitcpio --allpresets' + ansible.builtin.command: 'mkinitcpio --allpresets' register: mkinitcpio_stats -- name: log mkinitcpio stdout - debug: +- name: Log mkinitcpio stdout + ansible.builtin.debug: var: mkinitcpio_stats.stdout_lines -- name: create a Linux UEFI boot entry +- name: Create a Linux UEFI boot entry become: true - command: efibootmgr \ + ansible.builtin.command: efibootmgr \ --create \ --disk '{{ boot_configuration.disk }}' \ --part '{{ boot_configuration.partition }}' \ @@ -171,14 +188,14 @@ register: efi_linux_stats when: register_uefi_entries -- name: log efibootmgr stdout - debug: +- name: Log efibootmgr stdout + ansible.builtin.debug: var: efi_linux_stats.stdout_lines when: register_uefi_entries -- name: create a Linux LTS UEFI boot entry +- name: Create a Linux LTS UEFI boot entry become: true - command: efibootmgr \ + ansible.builtin.command: efibootmgr \ --create \ --disk '{{ boot_configuration.disk }}' \ --part '{{ boot_configuration.partition }}' \ @@ -189,7 +206,7 @@ register: efi_linux_lts_stats when: register_uefi_entries -- name: log efibootmgr LTS stdout - debug: +- name: Log efibootmgr LTS stdout + ansible.builtin.debug: var: efi_linux_lts_stats.stdout_lines when: register_uefi_entries diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 204acf8..4b6e6e5 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,18 +1,18 @@ -- name: setup systemd user service folder - file: +- name: Setup systemd user service folder + ansible.builtin.file: path: '{{ xdg_config_dir }}/systemd/user' state: directory mode: '0755' -- name: add ssh-agent service - template: +- name: Add ssh-agent service + ansible.builtin.template: src: 'templates/ssh-agent.j2' dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' mode: '0644' notify: restart user ssh-agent -- name: copy tmux service - template: +- name: Copy tmux service + ansible.builtin.template: src: 'templates/tmux.j2' dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' mode: '0644' @@ -20,8 +20,8 @@ - user daemon-reload - restart tmux service -- name: copy tmux startup script - copy: +- name: Copy tmux startup script + ansible.builtin.copy: src: 'files/tmux_start' dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' mode: '0740' diff --git a/templates/laptop/sysctl/98-forward.conf.j2 b/templates/laptop/sysctl/98-forward.conf.j2 deleted file mode 100644 index 16f90a8..0000000 --- a/templates/laptop/sysctl/98-forward.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -net.ipv4.ip_forward = 1 diff --git a/templates/laptop/sysctl/99-sysrq.conf.j2 b/templates/laptop/sysctl/99-sysrq.conf.j2 deleted file mode 100644 index a4c7283..0000000 --- a/templates/laptop/sysctl/99-sysrq.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -kernel.sysrq = 1 diff --git a/templates/desktop/cmdline.j2 b/templates/personal/desktop/cmdline.j2 similarity index 100% rename from templates/desktop/cmdline.j2 rename to templates/personal/desktop/cmdline.j2 diff --git a/templates/desktop/mkinitcpio/1-modules.conf.j2 b/templates/personal/desktop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/desktop/mkinitcpio/1-modules.conf.j2 rename to templates/personal/desktop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/desktop/mkinitcpio/linux-lts.preset.j2 rename to templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/personal/desktop/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/desktop/mkinitcpio/linux.preset.j2 rename to templates/personal/desktop/mkinitcpio/linux.preset.j2 diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/personal/desktop/modprobe/99-amdgpu.conf.j2 similarity index 100% rename from templates/desktop/modprobe/99-amdgpu.conf.j2 rename to templates/personal/desktop/modprobe/99-amdgpu.conf.j2 diff --git a/templates/desktop/network/enp.network.j2 b/templates/personal/desktop/network/enp.network.j2 similarity index 100% rename from templates/desktop/network/enp.network.j2 rename to templates/personal/desktop/network/enp.network.j2 diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/personal/desktop/network/wg0.netdev.j2 similarity index 100% rename from templates/desktop/network/wg0.netdev.j2 rename to templates/personal/desktop/network/wg0.netdev.j2 diff --git a/templates/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 similarity index 100% rename from templates/desktop/network/wg0.network.j2 rename to templates/personal/desktop/network/wg0.network.j2 diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/personal/desktop/network/wg1.netdev.j2 similarity index 100% rename from templates/desktop/network/wg1.netdev.j2 rename to templates/personal/desktop/network/wg1.netdev.j2 diff --git a/templates/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 similarity index 100% rename from templates/desktop/network/wg1.network.j2 rename to templates/personal/desktop/network/wg1.network.j2 diff --git a/templates/desktop/nftables.j2 b/templates/personal/desktop/nftables.j2 similarity index 100% rename from templates/desktop/nftables.j2 rename to templates/personal/desktop/nftables.j2 diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/personal/desktop/xdg-desktop-portal.service.j2 similarity index 100% rename from templates/desktop/xdg-desktop-portal.service.j2 rename to templates/personal/desktop/xdg-desktop-portal.service.j2 diff --git a/templates/mpd/mpd.conf.j2 b/templates/personal/mpd/mpd.conf.j2 similarity index 100% rename from templates/mpd/mpd.conf.j2 rename to templates/personal/mpd/mpd.conf.j2 diff --git a/templates/mpd/ncmpc.j2 b/templates/personal/mpd/ncmpc.j2 similarity index 100% rename from templates/mpd/ncmpc.j2 rename to templates/personal/mpd/ncmpc.j2 diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/personal/mpd/ncmpcpp/bindings.j2 similarity index 100% rename from templates/mpd/ncmpcpp/bindings.j2 rename to templates/personal/mpd/ncmpcpp/bindings.j2 diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/personal/mpd/ncmpcpp/config.j2 similarity index 100% rename from templates/mpd/ncmpcpp/config.j2 rename to templates/personal/mpd/ncmpcpp/config.j2 diff --git a/templates/mpd/service.j2 b/templates/personal/mpd/service.j2 similarity index 100% rename from templates/mpd/service.j2 rename to templates/personal/mpd/service.j2 diff --git a/templates/mpd/socket.j2 b/templates/personal/mpd/socket.j2 similarity index 100% rename from templates/mpd/socket.j2 rename to templates/personal/mpd/socket.j2 diff --git a/templates/mpv/config.j2 b/templates/personal/mpv/config.j2 similarity index 100% rename from templates/mpv/config.j2 rename to templates/personal/mpv/config.j2 diff --git a/templates/mpv/input.j2 b/templates/personal/mpv/input.j2 similarity index 100% rename from templates/mpv/input.j2 rename to templates/personal/mpv/input.j2 diff --git a/templates/laptop/cmdline.j2 b/templates/personal/xps/cmdline.j2 similarity index 100% rename from templates/laptop/cmdline.j2 rename to templates/personal/xps/cmdline.j2 diff --git a/templates/laptop/mkinitcpio/1-modules.conf.j2 b/templates/personal/xps/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/1-modules.conf.j2 rename to templates/personal/xps/mkinitcpio/1-modules.conf.j2 diff --git a/templates/laptop/mkinitcpio/2-hooks.conf.j2 b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 similarity index 100% rename from templates/laptop/mkinitcpio/2-hooks.conf.j2 rename to templates/personal/xps/mkinitcpio/2-hooks.conf.j2 diff --git a/templates/laptop/mkinitcpio/linux-lts.preset.j2 b/templates/personal/xps/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/laptop/mkinitcpio/linux-lts.preset.j2 rename to templates/personal/xps/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/laptop/mkinitcpio/linux.preset.j2 b/templates/personal/xps/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/laptop/mkinitcpio/linux.preset.j2 rename to templates/personal/xps/mkinitcpio/linux.preset.j2 diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/personal/xps/network/wg0.netdev.j2 similarity index 100% rename from templates/laptop/network/wg0.netdev.j2 rename to templates/personal/xps/network/wg0.netdev.j2 diff --git a/templates/laptop/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 similarity index 100% rename from templates/laptop/network/wg0.network.j2 rename to templates/personal/xps/network/wg0.network.j2 diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/personal/xps/network/wg1.netdev.j2 similarity index 100% rename from templates/laptop/network/wg1.netdev.j2 rename to templates/personal/xps/network/wg1.netdev.j2 diff --git a/templates/laptop/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 similarity index 100% rename from templates/laptop/network/wg1.network.j2 rename to templates/personal/xps/network/wg1.network.j2 diff --git a/templates/laptop/network/wireless.network.j2 b/templates/personal/xps/network/wireless.network.j2 similarity index 100% rename from templates/laptop/network/wireless.network.j2 rename to templates/personal/xps/network/wireless.network.j2 diff --git a/templates/laptop/nftables.j2 b/templates/personal/xps/nftables.j2 similarity index 100% rename from templates/laptop/nftables.j2 rename to templates/personal/xps/nftables.j2 diff --git a/templates/laptop/powertop.service.j2 b/templates/personal/xps/powertop.service.j2 similarity index 100% rename from templates/laptop/powertop.service.j2 rename to templates/personal/xps/powertop.service.j2 diff --git a/templates/polkit.j2 b/templates/polkit.j2 new file mode 100644 index 0000000..86a4b5f --- /dev/null +++ b/templates/polkit.j2 @@ -0,0 +1,11 @@ +/* {{ ansible_managed }} + * + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:" + * without password authentication, similar to "sudo NOPASSWD:" + */ +polkit.addRule(function(action, subject) { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); diff --git a/templates/desktop/sysctl/98-forward.conf.j2 b/templates/sysctl/98-forward.conf.j2 similarity index 100% rename from templates/desktop/sysctl/98-forward.conf.j2 rename to templates/sysctl/98-forward.conf.j2 diff --git a/templates/desktop/sysctl/99-sysrq.conf.j2 b/templates/sysctl/99-sysrq.conf.j2 similarity index 100% rename from templates/desktop/sysctl/99-sysrq.conf.j2 rename to templates/sysctl/99-sysrq.conf.j2 diff --git a/vars/laptop/system.yml b/vars/laptop/system.yml deleted file mode 100644 index be95be8..0000000 --- a/vars/laptop/system.yml +++ /dev/null @@ -1,23 +0,0 @@ -platform_packages: - - iwd - - nvidia - - nvidia-prime - - nvidia-utils - - lib32-nvidia-utils - -boot_configuration: - disk: /dev/nvme0n1 - partition: 1 - -mkinitcpio_templates: - - src: 'templates/laptop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - - src: 'templates/laptop/mkinitcpio/2-hooks.conf.j2' - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - - src: 'templates/laptop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/laptop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' From 523b5cd49f507fc5f0f3b0255b72a3f006996962 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 15 Mar 2025 00:13:27 +0100 Subject: [PATCH 091/131] Use "all" directory for groups --- files/personal/{ => all}/gpg/gpg_key | 0 files/personal/{ => all}/gpg/gpg_pub | 0 playbook.yml | 8 ++++---- tasks/git.yml | 4 ++-- tasks/personal/{ => all}/mpd.yml | 10 +++++----- tasks/personal/{ => all}/mpv.yml | 4 ++-- tasks/personal/{ => all}/syncthing.yml | 0 tasks/personal/{ => all}/wireguard.yml | 0 templates/personal/{ => all}/mpd/mpd.conf.j2 | 0 templates/personal/{ => all}/mpd/ncmpc.j2 | 0 templates/personal/{ => all}/mpd/ncmpcpp/bindings.j2 | 0 templates/personal/{ => all}/mpd/ncmpcpp/config.j2 | 0 templates/personal/{ => all}/mpd/service.j2 | 0 templates/personal/{ => all}/mpd/socket.j2 | 0 templates/personal/{ => all}/mpv/config.j2 | 0 templates/personal/{ => all}/mpv/input.j2 | 0 16 files changed, 13 insertions(+), 13 deletions(-) rename files/personal/{ => all}/gpg/gpg_key (100%) rename files/personal/{ => all}/gpg/gpg_pub (100%) rename tasks/personal/{ => all}/mpd.yml (87%) rename tasks/personal/{ => all}/mpv.yml (80%) rename tasks/personal/{ => all}/syncthing.yml (100%) rename tasks/personal/{ => all}/wireguard.yml (100%) rename templates/personal/{ => all}/mpd/mpd.conf.j2 (100%) rename templates/personal/{ => all}/mpd/ncmpc.j2 (100%) rename templates/personal/{ => all}/mpd/ncmpcpp/bindings.j2 (100%) rename templates/personal/{ => all}/mpd/ncmpcpp/config.j2 (100%) rename templates/personal/{ => all}/mpd/service.j2 (100%) rename templates/personal/{ => all}/mpd/socket.j2 (100%) rename templates/personal/{ => all}/mpv/config.j2 (100%) rename templates/personal/{ => all}/mpv/input.j2 (100%) diff --git a/files/personal/gpg/gpg_key b/files/personal/all/gpg/gpg_key similarity index 100% rename from files/personal/gpg/gpg_key rename to files/personal/all/gpg/gpg_key diff --git a/files/personal/gpg/gpg_pub b/files/personal/all/gpg/gpg_pub similarity index 100% rename from files/personal/gpg/gpg_pub rename to files/personal/all/gpg/gpg_pub diff --git a/playbook.yml b/playbook.yml index a604be7..2f99cf1 100644 --- a/playbook.yml +++ b/playbook.yml @@ -37,19 +37,19 @@ when: "'personal' in group_names" block: - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/personal/wireguard.yml' + ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' tags: wireguard - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/personal/mpv.yml' + ansible.builtin.import_tasks: 'tasks/personal/all/mpv.yml' tags: mpv - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/personal/mpd.yml' + ansible.builtin.import_tasks: 'tasks/personal/all/mpd.yml' tags: mpd - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/personal/syncthing.yml' + ansible.builtin.import_tasks: 'tasks/personal/all/syncthing.yml' tags: syncthing - name: Desktop provisioning diff --git a/tasks/git.yml b/tasks/git.yml index a375d3b..63185b2 100644 --- a/tasks/git.yml +++ b/tasks/git.yml @@ -10,9 +10,9 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'files/personal/gpg/gpg_key' + - src: 'files/personal/all/gpg/gpg_key' dest: '{{ ansible_env.HOME }}/gpg.key' - - src: 'files/personal/gpg/gpg_pub' + - src: 'files/personal/all/gpg/gpg_pub' dest: '{{ ansible_env.HOME }}/gpg.pub' - name: Import secret key diff --git a/tasks/personal/mpd.yml b/tasks/personal/all/mpd.yml similarity index 87% rename from tasks/personal/mpd.yml rename to tasks/personal/all/mpd.yml index 8126cf1..41b1467 100644 --- a/tasks/personal/mpd.yml +++ b/tasks/personal/all/mpd.yml @@ -4,10 +4,10 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/mpd/service.j2' + - src: 'templates/personal/all/mpd/service.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - src: 'templates/personal/mpd/socket.j2' + - src: 'templates/personal/all/mpd/socket.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service @@ -51,11 +51,11 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'templates/personal/mpd/mpd.conf.j2' + - src: 'templates/personal/all/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/personal/mpd/ncmpcpp/config.j2' + - src: 'templates/personal/all/mpd/ncmpcpp/config.j2' dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/personal/mpd/ncmpcpp/bindings.j2' + - src: 'templates/personal/all/mpd/ncmpcpp/bindings.j2' dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service diff --git a/tasks/personal/mpv.yml b/tasks/personal/all/mpv.yml similarity index 80% rename from tasks/personal/mpv.yml rename to tasks/personal/all/mpv.yml index 3b1e48f..5369c93 100644 --- a/tasks/personal/mpv.yml +++ b/tasks/personal/all/mpv.yml @@ -10,7 +10,7 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/mpv/input.j2' + - src: 'templates/personal/all/mpv/input.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' - - src: 'templates/personal/mpv/config.j2' + - src: 'templates/personal/all/mpv/config.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/personal/syncthing.yml b/tasks/personal/all/syncthing.yml similarity index 100% rename from tasks/personal/syncthing.yml rename to tasks/personal/all/syncthing.yml diff --git a/tasks/personal/wireguard.yml b/tasks/personal/all/wireguard.yml similarity index 100% rename from tasks/personal/wireguard.yml rename to tasks/personal/all/wireguard.yml diff --git a/templates/personal/mpd/mpd.conf.j2 b/templates/personal/all/mpd/mpd.conf.j2 similarity index 100% rename from templates/personal/mpd/mpd.conf.j2 rename to templates/personal/all/mpd/mpd.conf.j2 diff --git a/templates/personal/mpd/ncmpc.j2 b/templates/personal/all/mpd/ncmpc.j2 similarity index 100% rename from templates/personal/mpd/ncmpc.j2 rename to templates/personal/all/mpd/ncmpc.j2 diff --git a/templates/personal/mpd/ncmpcpp/bindings.j2 b/templates/personal/all/mpd/ncmpcpp/bindings.j2 similarity index 100% rename from templates/personal/mpd/ncmpcpp/bindings.j2 rename to templates/personal/all/mpd/ncmpcpp/bindings.j2 diff --git a/templates/personal/mpd/ncmpcpp/config.j2 b/templates/personal/all/mpd/ncmpcpp/config.j2 similarity index 100% rename from templates/personal/mpd/ncmpcpp/config.j2 rename to templates/personal/all/mpd/ncmpcpp/config.j2 diff --git a/templates/personal/mpd/service.j2 b/templates/personal/all/mpd/service.j2 similarity index 100% rename from templates/personal/mpd/service.j2 rename to templates/personal/all/mpd/service.j2 diff --git a/templates/personal/mpd/socket.j2 b/templates/personal/all/mpd/socket.j2 similarity index 100% rename from templates/personal/mpd/socket.j2 rename to templates/personal/all/mpd/socket.j2 diff --git a/templates/personal/mpv/config.j2 b/templates/personal/all/mpv/config.j2 similarity index 100% rename from templates/personal/mpv/config.j2 rename to templates/personal/all/mpv/config.j2 diff --git a/templates/personal/mpv/input.j2 b/templates/personal/all/mpv/input.j2 similarity index 100% rename from templates/personal/mpv/input.j2 rename to templates/personal/all/mpv/input.j2 From 5662dde74e0a229b7889d2101418fd67574129ac Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 15 Mar 2025 00:36:05 +0100 Subject: [PATCH 092/131] Add missing desktop wireguard files --- files/personal/desktop/wireguard/media/desktop.key | 7 +++++++ files/personal/desktop/wireguard/media/desktop.pub | 1 + files/personal/desktop/wireguard/media/preshared.psk | 7 +++++++ 3 files changed, 15 insertions(+) create mode 100644 files/personal/desktop/wireguard/media/desktop.key create mode 100644 files/personal/desktop/wireguard/media/desktop.pub create mode 100644 files/personal/desktop/wireguard/media/preshared.psk diff --git a/files/personal/desktop/wireguard/media/desktop.key b/files/personal/desktop/wireguard/media/desktop.key new file mode 100644 index 0000000..8782234 --- /dev/null +++ b/files/personal/desktop/wireguard/media/desktop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62383364643761623739623632633261343735343465336235386336333234656631363432623535 +6562623634363937356137616131396264633161363461340a343432363362346664646161656563 +35623334326238326135646261666330666531633831656564396139666261623937626338386632 +3233333039623039640a383931633539363238326164643365316236326435643537303866373835 +66393465663364303134376566623736636664353031336537663036636462613766343739336331 +6438643538326533313433616438386165626537373162393430 diff --git a/files/personal/desktop/wireguard/media/desktop.pub b/files/personal/desktop/wireguard/media/desktop.pub new file mode 100644 index 0000000..640bf96 --- /dev/null +++ b/files/personal/desktop/wireguard/media/desktop.pub @@ -0,0 +1 @@ +YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/personal/desktop/wireguard/media/preshared.psk b/files/personal/desktop/wireguard/media/preshared.psk new file mode 100644 index 0000000..8e41aac --- /dev/null +++ b/files/personal/desktop/wireguard/media/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303432393930626266313563613636343439623631633163656532363631313039386231623936 +3336636666626237316532346230303961323263613161320a383436636634376162353863386161 +36663064366461333335613633316630633335666335613464333863656536623230383262623733 +3065363835666231630a616362333233643637613762313437626366363365313831363661313336 +66373966656534646462653833343935623466613662333932666666366430663061366261396330 +3064636536643933613738356461313135363033633366396130 From 51007dfed42df86e739d1501c4b0f37fc2219a2f Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 17 Mar 2025 10:58:30 +0100 Subject: [PATCH 093/131] Fix media vpn settings for desktop --- host_vars/desktop/vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index 3cc3977..887ccdf 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -43,7 +43,7 @@ vpn_media: allowed_ips: - address: '10.0.1.0/24' create_route: false - endpoint: '{{ server_domain }}.nl:51903' + endpoint: '{{ server_domain }}:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk' From 75019c6049cc221e0e9882fb6a69e62416fd32ec Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 17 Mar 2025 21:41:50 +0100 Subject: [PATCH 094/131] Remove git configuration --- playbook.yml | 5 ----- tasks/git.yml | 30 ------------------------------ templates/gitconfig.j2 | 28 ---------------------------- 3 files changed, 63 deletions(-) delete mode 100644 tasks/git.yml delete mode 100644 templates/gitconfig.j2 diff --git a/playbook.yml b/playbook.yml index 2f99cf1..6b2775d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -24,11 +24,6 @@ ansible.builtin.import_tasks: 'tasks/systemd.yml' tags: systemd - # TODO: move to development playbook - - name: Git provisioning - ansible.builtin.import_tasks: 'tasks/git.yml' - tags: git - - name: Systemd timer provisioning ansible.builtin.import_tasks: 'tasks/timer.yml' tags: timers diff --git a/tasks/git.yml b/tasks/git.yml deleted file mode 100644 index 63185b2..0000000 --- a/tasks/git.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: Copy git configuration - ansible.builtin.template: - src: 'templates/gitconfig.j2' - dest: '{{ ansible_env.HOME }}/.gitconfig' - mode: '0755' - -- name: Copy keys - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'files/personal/all/gpg/gpg_key' - dest: '{{ ansible_env.HOME }}/gpg.key' - - src: 'files/personal/all/gpg/gpg_pub' - dest: '{{ ansible_env.HOME }}/gpg.pub' - -- name: Import secret key - ansible.builtin.command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' - -- name: Import public key - ansible.builtin.command: 'gpg --import ~/gpg.pub' - -- name: Remove temp keys - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - '{{ ansible_env.HOME }}/gpg.key' - - '{{ ansible_env.HOME }}/gpg.pub' diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 deleted file mode 100644 index 91ae366..0000000 --- a/templates/gitconfig.j2 +++ /dev/null @@ -1,28 +0,0 @@ -# {{ ansible_managed }} -# -[user] -email = sonny871@hotmail.com -name = Sonny Bakker -signingkey = {{ gpg_pub_key }} - -[core] -editor = nvim -pager = delta - -[interactive] -diffFilter = delta --color-only - -[pull] -rebase = false - -[merge] -tool = nvimdiff -conflictstyle = diff3 - -[diff] -colorMoved = default - -[delta] -navigate = true -hyperlinks = true -line-numbers = true From a9c5eac733ca330cbddf9a5666ed98dd0f3ecd28 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 5 Apr 2025 09:23:34 +0200 Subject: [PATCH 095/131] Update wezterm font size --- group_vars/all/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 405504f..fbc2f9b 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -42,4 +42,4 @@ server_domain: fudiggity.nl register_uefi_entries: false -wezterm_font_size: 12 +wezterm_font_size: 11 From 43f662f3fff5d2ce23bb39d74aa496b42a3277ed Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 5 Apr 2025 11:42:55 +0200 Subject: [PATCH 096/131] Use required for online directive --- templates/personal/desktop/network/enp.network.j2 | 4 +++- templates/personal/xps/network/wireless.network.j2 | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/templates/personal/desktop/network/enp.network.j2 b/templates/personal/desktop/network/enp.network.j2 index 252cbe9..1cf3fa2 100644 --- a/templates/personal/desktop/network/enp.network.j2 +++ b/templates/personal/desktop/network/enp.network.j2 @@ -1,5 +1,7 @@ [Match] +# TODO: replace with MACAddress directive Name=enp* [Network] -DHCP=yes +DHCP=true +RequiredForOnline=true diff --git a/templates/personal/xps/network/wireless.network.j2 b/templates/personal/xps/network/wireless.network.j2 index 3c23fc2..fe2fad1 100644 --- a/templates/personal/xps/network/wireless.network.j2 +++ b/templates/personal/xps/network/wireless.network.j2 @@ -1,5 +1,6 @@ [Match] -Name=wlan0 +MACAddress=98:2c:bc:e3:ff:bc [Network] -DHCP=ipv4 +DHCP=true +RequiredForOnline=true From 6b2c70f5da7e45e5b2ed662a3d85763aebab13ea Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 6 Apr 2025 19:30:16 +0200 Subject: [PATCH 097/131] Add radicale to vpn config & use RouteTable directive --- host_vars/desktop/vpn.yml | 50 +++++++++---------- host_vars/xps/vpn.yml | 40 +++++++-------- .../personal/desktop/network/wg0.netdev.j2 | 3 +- .../personal/desktop/network/wg0.network.j2 | 10 ---- .../personal/desktop/network/wg1.netdev.j2 | 3 +- templates/personal/xps/network/wg0.netdev.j2 | 3 +- templates/personal/xps/network/wg0.network.j2 | 10 ---- templates/personal/xps/network/wg1.netdev.j2 | 3 +- 8 files changed, 51 insertions(+), 71 deletions(-) diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index 887ccdf..ffcd439 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -1,49 +1,47 @@ # TODO: scope variables to their destination file vpn_default: - ip: '10.0.0.3' - prefix: '24' - interface: 'wg0' - dns: '10.0.0.1' + ip: 10.0.0.3 + prefix: 24 + interface: wg0 + dns: 10.0.0.1 domains: - - ~vpn.{{ server_domain }} - - ~transmission.{{ server_domain }} - - ~syncthing.{{ server_domain }} + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' peers: - - name: 'fudiggity' + - name: fudiggity allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true - - address: '172.32.238.0/24' - create_route: true + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 endpoint: '{{ server_domain }}:51902' - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' + public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk' + preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk vpn_media: - ip: '10.0.1.3' - prefix: '24' - interface: 'wg1' - dns: '10.0.1.1' + ip: 10.0.1.3 + prefix: 24 + interface: wg1 + dns: 10.0.1.1 domains: - '~media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key' + private_key_source_path: files/personal/desktop/wireguard/media/desktop.key peers: - - name: 'zeus-media' + - name: zeus-media allowed_ips: - - address: '10.0.1.0/24' - create_route: false + - 10.0.1.0/24 endpoint: '{{ server_domain }}:51903' - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk' + preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 1a2eab2..5d4c0ac 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -1,35 +1,34 @@ vpn_default: - ip: '10.0.0.2' - prefix: '24' - interface: 'wg0' - dns: '10.0.0.1' + ip: 10.0.0.2 + prefix: 24 + interface: wg0 + dns: 10.0.0.1 domains: - '~vpn.{{ server_domain }}' - '~transmission.{{ server_domain }}' - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - - name: 'fudiggity' + - name: fudiggity allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true - - address: '172.32.238.0/24' - create_route: true + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk' + preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk vpn_media: - ip: '10.0.1.2' - prefix: '24' - interface: 'wg1' - dns: '10.0.1.1' + ip: 10.0.1.2 + prefix: 24 + interface: wg1 + dns: 10.0.1.1 domains: - '~media-vpn.{{ server_domain }}' @@ -37,11 +36,10 @@ vpn_media: private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' peers: - - name: 'fudiggity-media' + - name: fudiggity-media allowed_ips: - - address: '10.0.1.0/24' - create_route: false + - 10.0.1.0/24 endpoint: '{{ server_domain }}:51903' - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk' + preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk diff --git a/templates/personal/desktop/network/wg0.netdev.j2 b/templates/personal/desktop/network/wg0.netdev.j2 index ffceef7..db08b4e 100644 --- a/templates/personal/desktop/network/wg0.netdev.j2 +++ b/templates/personal/desktop/network/wg0.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] PrivateKeyFile={{ vpn_default.private_key_path }} +RouteTable=main {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 index 515a71a..36beed3 100644 --- a/templates/personal/desktop/network/wg0.network.j2 +++ b/templates/personal/desktop/network/wg0.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/personal/desktop/network/wg1.netdev.j2 b/templates/personal/desktop/network/wg1.netdev.j2 index 13d86df..5fbc9f9 100644 --- a/templates/personal/desktop/network/wg1.netdev.j2 +++ b/templates/personal/desktop/network/wg1.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] PrivateKeyFile={{ vpn_media.private_key_path }} +RouteTable=main {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/xps/network/wg0.netdev.j2 b/templates/personal/xps/network/wg0.netdev.j2 index ffceef7..db08b4e 100644 --- a/templates/personal/xps/network/wg0.netdev.j2 +++ b/templates/personal/xps/network/wg0.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] PrivateKeyFile={{ vpn_default.private_key_path }} +RouteTable=main {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 index 515a71a..36beed3 100644 --- a/templates/personal/xps/network/wg0.network.j2 +++ b/templates/personal/xps/network/wg0.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/personal/xps/network/wg1.netdev.j2 b/templates/personal/xps/network/wg1.netdev.j2 index 13d86df..5fbc9f9 100644 --- a/templates/personal/xps/network/wg1.netdev.j2 +++ b/templates/personal/xps/network/wg1.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] PrivateKeyFile={{ vpn_media.private_key_path }} +RouteTable=main {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} From 20bf21baa2e934d6979e512347679313275e5d41 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 6 Apr 2025 21:16:57 +0200 Subject: [PATCH 098/131] Add pa-dlna setup for xps --- host_vars/xps/vpn.yml | 3 ++ tasks/personal/xps.yml | 45 ++++++++++++++++++++++- templates/personal/xps/nftables.j2 | 3 ++ templates/personal/xps/pa-dlna/config.j2 | 26 +++++++++++++ templates/personal/xps/pa-dlna/service.j2 | 40 ++++++++++++++++++++ 5 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 templates/personal/xps/pa-dlna/config.j2 create mode 100644 templates/personal/xps/pa-dlna/service.j2 diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 5d4c0ac..22822fd 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -1,3 +1,6 @@ +pa_dlna_version: 0.16 +pa_dlna_systemd_version: 0.0.9 + vpn_default: ip: 10.0.0.2 prefix: 24 diff --git a/tasks/personal/xps.yml b/tasks/personal/xps.yml index 10b48b2..b1eb784 100644 --- a/tasks/personal/xps.yml +++ b/tasks/personal/xps.yml @@ -1,9 +1,50 @@ - name: Provision powertop systemd service become: true ansible.builtin.template: - src: 'templates/personal/xps/powertop.service.j2' - dest: '/etc/systemd/system/powertop.service' + src: templates/personal/xps/powertop.service.j2 + dest: /etc/systemd/system/powertop.service owner: root group: root mode: '0644' notify: restart powertop + +- name: Provision python pa-dlna + block: + - name: Create configuration directory + ansible.builtin.file: + path: '{{ xdg_config_dir }}/pa-dlna' + state: directory + mode: '0755' + + - name: Copy configuration file + ansible.builtin.template: + src: templates/personal/xps/pa-dlna/config.j2 + dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' + mode: '0755' + + - name: Copy systemd service + ansible.builtin.template: + src: templates/personal/xps/pa-dlna/service.j2 + dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' + mode: '0755' + + - name: Create virtualenv directory + become: true + ansible.builtin.file: + path: /opt/virtualenv/pa-dlna + state: directory + owner: sonny + group: sonny + mode: '0755' + + - name: Install pa-dlna + ansible.builtin.pip: + name: 'pa-dlna=={{ pa_dlna_version }}' + virtualenv: /opt/virtualenv/pa-dlna + virtualenv_command: python3.13 -m venv + + - name: Install python-systemd + ansible.builtin.pip: + name: 'python-systemd=={{ pa_dlna_systemd_version }}' + virtualenv: /opt/virtualenv/pa-dlna + virtualenv_command: python3.13 -m venv diff --git a/templates/personal/xps/nftables.j2 b/templates/personal/xps/nftables.j2 index b54a534..5140777 100644 --- a/templates/personal/xps/nftables.j2 +++ b/templates/personal/xps/nftables.j2 @@ -23,6 +23,9 @@ table inet filter { # allow ssh tcp dport ssh accept + ip saddr 192.168.2.11 tcp dport 8080 accept comment "HTTP pa-dlna server" + ip saddr 192.168.2.11 udp dport 1900 accept comment "UPnP" + # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept } diff --git a/templates/personal/xps/pa-dlna/config.j2 b/templates/personal/xps/pa-dlna/config.j2 new file mode 100644 index 0000000..865a203 --- /dev/null +++ b/templates/personal/xps/pa-dlna/config.j2 @@ -0,0 +1,26 @@ +# {{ ansible_managed }} +# +# This is the built-in pa-dlna configuration written as text. It can be +# parsed by a Python Configuration parser and consists of sections, each led +# by a [section] header, followed by option/value entries separated by +# '='. See https://docs.python.org/3/library/configparser.html. +# +# The 'selection' option is written as a multi-line in which case all the +# lines after the first line start with a white space. +# +# The default value of 'selection' lists the encoders in this order: +# - mp3 encoders first as mp3 is the most common encoding +# - lossless encoders +# - then lossy encoders +# See https://trac.ffmpeg.org/wiki/Encode/HighQualityAudio. + +[DEFAULT] +selection = + FFMpegFlacEncoder, + FFMpegOpusEncoder, +sample_format = s24be +rate = 96000 +channels = 2 +track_metadata = yes +soap_minimum_interval = 5 +args = None diff --git a/templates/personal/xps/pa-dlna/service.j2 b/templates/personal/xps/pa-dlna/service.j2 new file mode 100644 index 0000000..feef6f1 --- /dev/null +++ b/templates/personal/xps/pa-dlna/service.j2 @@ -0,0 +1,40 @@ +# {{ ansible_managed }} +# +# When enabled, the pa-dlna service unit is started automatically after the +# pulseaudio or pipewire service unit is started. It will also stop when the +# pulseaudio or pipewire service unit stops. However it will stop when the +# pulseaudio or pipewire service unit is restarted but it will not start. +# +# Both pa-dlna and pulseaudio service units are of 'Type=notify'. This means +# that pa-dlna will only start after pulseaudio has notified systemd that it +# is ready and pa-dlna may connect successfully to libpulse. +# +# However the pipewire service unit is of 'Type=simple'. In that case and if +# pa-dlna fails to start with the error: +# LibPulseStateError(('PA_CONTEXT_FAILED', 'Connection refused')) +# add a delay to the pa-dlna start up sequence with the directive: +# ExecStartPre=/bin/sleep 1 +# +# Any pa-dlna option may be added to the 'ExecStart' directive, for example to +# restrict the allowed NICs or IP addresses (recommended) or to change the +# log level. +# The '--systemd' option is required. +# +# The 'python-systemd' package is required. + +[Unit] +Description=Pa-dlna Service +Documentation=https://pa-dlna.readthedocs.io/en/stable/ + +After=pipewire-session-manager.service + +[Service] +Type=simple +ExecStart=/opt/virtualenv/pa-dlna/bin/pa-dlna +Slice=session.slice + +NoNewPrivileges=yes +UMask=0077 + +[Install] +WantedBy=pipewire-session-manager.service From b0c504072a1e574c43b951c1c80940e589c5b212 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 7 Apr 2025 20:46:17 +0200 Subject: [PATCH 099/131] Update desktop network configuration --- playbook.yml | 2 ++ tasks/network.yml | 6 ++++-- templates/personal/desktop/network/enp.network.j2 | 7 ------- templates/personal/desktop/network/enp1s0.link.j2 | 7 +++++++ templates/personal/desktop/network/enp1s0.network.j2 | 11 +++++++++++ templates/personal/desktop/network/wg1.network.j2 | 10 ---------- templates/personal/xps/network/wg1.network.j2 | 10 ---------- 7 files changed, 24 insertions(+), 29 deletions(-) delete mode 100644 templates/personal/desktop/network/enp.network.j2 create mode 100644 templates/personal/desktop/network/enp1s0.link.j2 create mode 100644 templates/personal/desktop/network/enp1s0.network.j2 diff --git a/playbook.yml b/playbook.yml index 6b2775d..1d25070 100644 --- a/playbook.yml +++ b/playbook.yml @@ -16,6 +16,7 @@ ansible.builtin.import_tasks: 'tasks/setup.yml' tags: setup + # TODO: add hostname provisioning - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' tags: network @@ -31,6 +32,7 @@ - name: Personal provisiong when: "'personal' in group_names" block: + # TODO: require (w)lan interfaces before configuring these - name: Wireguard provisioning ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' tags: wireguard diff --git a/tasks/network.yml b/tasks/network.yml index d00a814..26eea9c 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -32,8 +32,10 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/personal/desktop/network/enp.network.j2' - dest: '/etc/systemd/network/20-wired.network' + - src: 'templates/personal/desktop/network/enp1s0.link.j2' + dest: '/etc/systemd/network/20-enp1s0.link' + - src: 'templates/personal/desktop/network/enp1s0.network.j2' + dest: '/etc/systemd/network/20-enp1s0.network' - name: Remove leftover configuration files become: true diff --git a/templates/personal/desktop/network/enp.network.j2 b/templates/personal/desktop/network/enp.network.j2 deleted file mode 100644 index 1cf3fa2..0000000 --- a/templates/personal/desktop/network/enp.network.j2 +++ /dev/null @@ -1,7 +0,0 @@ -[Match] -# TODO: replace with MACAddress directive -Name=enp* - -[Network] -DHCP=true -RequiredForOnline=true diff --git a/templates/personal/desktop/network/enp1s0.link.j2 b/templates/personal/desktop/network/enp1s0.link.j2 new file mode 100644 index 0000000..f44ef77 --- /dev/null +++ b/templates/personal/desktop/network/enp1s0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress=00:d8:61:9f:52:65 + +[Link] +Name=enp1s0 diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 new file mode 100644 index 0000000..7ff6687 --- /dev/null +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -0,0 +1,11 @@ +[Match] +Name=enp1s0 + +[Network] +DHCP=false +Address=192.168.2.15/24 +DNS=192.168.2.254 +Gateway=192.168.2.254 + +[Link] +RequiredForOnline=true diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 index 40d3650..5ea0ce9 100644 --- a/templates/personal/desktop/network/wg1.network.j2 +++ b/templates/personal/desktop/network/wg1.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} - -{% for peer in vpn_media.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 index 40d3650..5ea0ce9 100644 --- a/templates/personal/xps/network/wg1.network.j2 +++ b/templates/personal/xps/network/wg1.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} - -{% for peer in vpn_media.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} From c45bccdaa12328ed93cbb96ca3c79cbdc0220771 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 10 Apr 2025 21:50:42 +0200 Subject: [PATCH 100/131] Include local network configuration for xps --- host_vars/xps/network.yml | 7 +++++++ tasks/network.yml | 6 +++++- .../personal/xps/network/wireless.network.j2 | 6 ------ .../personal/xps/network/wlan0-local.network.j2 | 15 +++++++++++++++ templates/personal/xps/network/wlan0.link.j2 | 7 +++++++ templates/personal/xps/network/wlan0.network.j2 | 6 ++++++ 6 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 host_vars/xps/network.yml delete mode 100644 templates/personal/xps/network/wireless.network.j2 create mode 100644 templates/personal/xps/network/wlan0-local.network.j2 create mode 100644 templates/personal/xps/network/wlan0.link.j2 create mode 100644 templates/personal/xps/network/wlan0.network.j2 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml new file mode 100644 index 0000000..03ad73b --- /dev/null +++ b/host_vars/xps/network.yml @@ -0,0 +1,7 @@ +wireless_interface: wlan0 +wireless_interface_mac: 98:2c:bc:e3:ff:bc + +local_network_ssid: KPNAE51C6 +local_network_address: 192.168.2.9/24 +local_network_dns: 192.168.2.254 +local_network_gateway: 192.168.2.254 diff --git a/tasks/network.yml b/tasks/network.yml index 26eea9c..0fdda79 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -62,7 +62,11 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/personal/xps/network/wireless.network.j2' + - src: 'templates/personal/xps/network/wlan0.link.j2' + dest: '/etc/systemd/network/10-wlan0.link' + - src: 'templates/personal/xps/network/wlan0-local.network.j2' + dest: '/etc/systemd/network/10-wireless.network' + - src: 'templates/personal/xps/network/wlan0.network.j2' dest: '/etc/systemd/network/20-wireless.network' - name: Remove leftover configuration files diff --git a/templates/personal/xps/network/wireless.network.j2 b/templates/personal/xps/network/wireless.network.j2 deleted file mode 100644 index fe2fad1..0000000 --- a/templates/personal/xps/network/wireless.network.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[Match] -MACAddress=98:2c:bc:e3:ff:bc - -[Network] -DHCP=true -RequiredForOnline=true diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 new file mode 100644 index 0000000..3a80188 --- /dev/null +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -0,0 +1,15 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ wireless_interface_mac }} +SSID={{ local_network_ssid }} + +[Network] +Address={{ local_network_address }} +DNS={{ local_network_dns }} +Gateway={{ local_network_gateway }} +DHCP=no +RequiredForOnline=yes + +[Link] +MulticastDNS=yes diff --git a/templates/personal/xps/network/wlan0.link.j2 b/templates/personal/xps/network/wlan0.link.j2 new file mode 100644 index 0000000..429ab10 --- /dev/null +++ b/templates/personal/xps/network/wlan0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ wireless_interface_mac }} + +[Link] +Name={{ wireless_interface }} diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 new file mode 100644 index 0000000..c4c7be2 --- /dev/null +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -0,0 +1,6 @@ +[Match] +MACAddress={{ wireless_interface_mac }} + +[Network] +DHCP=yes +RequiredForOnline=yes From 99d22367513dea24e11e4350f91f0f68b1b92837 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 11 Apr 2025 09:49:16 +0200 Subject: [PATCH 101/131] Add network variables & use mDNS for desktop --- host_vars/desktop/network.yml | 6 ++++++ templates/personal/desktop/network/enp1s0.link.j2 | 4 ++-- .../personal/desktop/network/enp1s0.network.j2 | 15 +++++++++------ 3 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 host_vars/desktop/network.yml diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml new file mode 100644 index 0000000..22f1abb --- /dev/null +++ b/host_vars/desktop/network.yml @@ -0,0 +1,6 @@ +lan_interface: enp1s0 +lan_interface_mac: 00:d8:61:9f:52:65 + +local_network_address: 192.168.2.15/24 +local_network_dns: 192.168.2.254 +local_network_gateway: 192.168.2.254 diff --git a/templates/personal/desktop/network/enp1s0.link.j2 b/templates/personal/desktop/network/enp1s0.link.j2 index f44ef77..4ed6b79 100644 --- a/templates/personal/desktop/network/enp1s0.link.j2 +++ b/templates/personal/desktop/network/enp1s0.link.j2 @@ -1,7 +1,7 @@ # {{ ansible_managed }} [Match] -MACAddress=00:d8:61:9f:52:65 +MACAddress={{ lan_interface_mac }} [Link] -Name=enp1s0 +Name={{ lan_interface }} diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 index 7ff6687..6b8882e 100644 --- a/templates/personal/desktop/network/enp1s0.network.j2 +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -1,11 +1,14 @@ +# {{ ansible_managed }} + [Match] -Name=enp1s0 +Name={{ lan_interface }} [Network] -DHCP=false -Address=192.168.2.15/24 -DNS=192.168.2.254 -Gateway=192.168.2.254 +DHCP=no +Address={{ local_network_address }} +DNS={{ local_network_dns }} +Gateway={{ local_network_gateway }} +MulticastDNS=yes [Link] -RequiredForOnline=true +RequiredForOnline=yes From 13114e3a8448d876d90c376b14aaf570dca53d8b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 11 Apr 2025 22:38:38 +0200 Subject: [PATCH 102/131] Disable ipv6 router advertisement reception & use RequiredForonline=routable --- templates/personal/desktop/network/enp1s0.network.j2 | 3 ++- templates/personal/xps/network/wlan0-local.network.j2 | 3 ++- templates/personal/xps/network/wlan0.network.j2 | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 index 6b8882e..7a34ad1 100644 --- a/templates/personal/desktop/network/enp1s0.network.j2 +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -9,6 +9,7 @@ Address={{ local_network_address }} DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} MulticastDNS=yes +IPv6AcceptRA=no [Link] -RequiredForOnline=yes +RequiredForOnline=routable diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 3a80188..9e41426 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -9,7 +9,8 @@ Address={{ local_network_address }} DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} DHCP=no -RequiredForOnline=yes +IPv6AcceptRA=no +RequiredForOnline=routable [Link] MulticastDNS=yes diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 index c4c7be2..20ac598 100644 --- a/templates/personal/xps/network/wlan0.network.j2 +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -3,4 +3,4 @@ MACAddress={{ wireless_interface_mac }} [Network] DHCP=yes -RequiredForOnline=yes +RequiredForOnline=routable From 3fc19b62c8c3eb341f6878c679901823505a9354 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 12 Apr 2025 20:58:31 +0200 Subject: [PATCH 103/131] Move mDNS setting to correct directive --- templates/personal/xps/network/wlan0-local.network.j2 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 9e41426..99f1eb3 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -10,7 +10,5 @@ DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} DHCP=no IPv6AcceptRA=no -RequiredForOnline=routable - -[Link] MulticastDNS=yes +RequiredForOnline=routable From a1618a3092ce0c59d1b4de72dfd39b9b0b6ce766 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 12 Apr 2025 21:34:32 +0200 Subject: [PATCH 104/131] Add hostname provisioning --- host_vars/desktop/network.yml | 2 ++ host_vars/xps/network.yml | 2 ++ playbook.yml | 1 - tasks/network.yml | 16 +++++++++++++++- templates/hosts.j2 | 5 +++++ 5 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 templates/hosts.j2 diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml index 22f1abb..8470e20 100644 --- a/host_vars/desktop/network.yml +++ b/host_vars/desktop/network.yml @@ -4,3 +4,5 @@ lan_interface_mac: 00:d8:61:9f:52:65 local_network_address: 192.168.2.15/24 local_network_dns: 192.168.2.254 local_network_gateway: 192.168.2.254 + +hostname: desktop diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index 03ad73b..ecddca8 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -5,3 +5,5 @@ local_network_ssid: KPNAE51C6 local_network_address: 192.168.2.9/24 local_network_dns: 192.168.2.254 local_network_gateway: 192.168.2.254 + +hostname: xps diff --git a/playbook.yml b/playbook.yml index 1d25070..3108293 100644 --- a/playbook.yml +++ b/playbook.yml @@ -16,7 +16,6 @@ ansible.builtin.import_tasks: 'tasks/setup.yml' tags: setup - # TODO: add hostname provisioning - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' tags: network diff --git a/tasks/network.yml b/tasks/network.yml index 0fdda79..fa4a975 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,11 +3,25 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. +- name: Set hostname + become: true + ansible.builtin.hostname: + name: '{{ hostname }}' + use: systemd + +- name: Copy hosts file + become: true + ansible.builtin.template: + src: templates/hosts.j2 + dest: /etc/hosts + mode: '0644' + owner: root + - name: Copy firewall template become: true ansible.builtin.template: src: "{{ lookup('ansible.builtin.first_found', paths) }}" - dest: '/etc/nftables.conf' + dest: /etc/nftables.conf owner: root group: root mode: '0600' diff --git a/templates/hosts.j2 b/templates/hosts.j2 new file mode 100644 index 0000000..58cf68c --- /dev/null +++ b/templates/hosts.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +127.0.0.1 localhost.localdomain localhost +127.0.1.1 localhost.localdomain {{ hostname }} +::1 localhost.localdomain localhost From 3f8c92b780faa37add6682e8e97f1ad888ef9e02 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 13 Apr 2025 08:40:53 +0200 Subject: [PATCH 105/131] Prevent interface reconfiguration on carrier loss --- templates/personal/xps/network/wlan0-local.network.j2 | 1 + templates/personal/xps/network/wlan0.network.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 99f1eb3..1e97314 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -10,5 +10,6 @@ DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} DHCP=no IPv6AcceptRA=no +IPv6SendRA=no MulticastDNS=yes RequiredForOnline=routable diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 index 20ac598..a90c88e 100644 --- a/templates/personal/xps/network/wlan0.network.j2 +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -4,3 +4,4 @@ MACAddress={{ wireless_interface_mac }} [Network] DHCP=yes RequiredForOnline=routable +IgnoreCarrierLoss=3s From 8c1f19650a3241f8cf4b67aeec9568dba09336c6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 14 Apr 2025 21:45:34 +0200 Subject: [PATCH 106/131] Disable LinkLocalAddressing --- templates/personal/desktop/network/enp1s0.network.j2 | 4 +++- templates/personal/xps/network/wlan0-local.network.j2 | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 index 7a34ad1..6f1d5e8 100644 --- a/templates/personal/desktop/network/enp1s0.network.j2 +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -4,12 +4,14 @@ Name={{ lan_interface }} [Network] -DHCP=no Address={{ local_network_address }} DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} +DHCP=no MulticastDNS=yes +LinkLocalAddressing=no IPv6AcceptRA=no +IPv6SendRA=no [Link] RequiredForOnline=routable diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 1e97314..c01faab 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -9,7 +9,8 @@ Address={{ local_network_address }} DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} DHCP=no +MulticastDNS=yes +LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no -MulticastDNS=yes RequiredForOnline=routable From 1ca269d54b67d2878fefd46f1a664d53fe5872e5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 15 Apr 2025 22:22:18 +0200 Subject: [PATCH 107/131] Use search domains --- host_vars/desktop/vpn.yml | 10 +++++----- host_vars/xps/vpn.yml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index ffcd439..6f36936 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -5,10 +5,10 @@ vpn_default: interface: wg0 dns: 10.0.0.1 domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' + - 'vpn.{{ server_domain }}' + - 'transmission.{{ server_domain }}' + - 'syncthing.{{ server_domain }}' + - 'radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -31,7 +31,7 @@ vpn_media: interface: wg1 dns: 10.0.1.1 domains: - - '~media-vpn.{{ server_domain }}' + - 'media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 22822fd..66e483d 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -7,10 +7,10 @@ vpn_default: interface: wg0 dns: 10.0.0.1 domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' + - 'vpn.{{ server_domain }}' + - 'transmission.{{ server_domain }}' + - 'syncthing.{{ server_domain }}' + - 'radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' @@ -33,7 +33,7 @@ vpn_media: interface: wg1 dns: 10.0.1.1 domains: - - '~media-vpn.{{ server_domain }}' + - 'media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' From a48528fdf5f1b91d173917076260f7bc6ae604f5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 16 Apr 2025 09:04:23 +0200 Subject: [PATCH 108/131] Allow mDNS requests --- templates/personal/desktop/nftables.j2 | 3 +++ templates/personal/xps/nftables.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/templates/personal/desktop/nftables.j2 b/templates/personal/desktop/nftables.j2 index 2f37138..29f4cd1 100644 --- a/templates/personal/desktop/nftables.j2 +++ b/templates/personal/desktop/nftables.j2 @@ -20,6 +20,9 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept + # allow mDNS + udp dport 5353 accept + # allow ssh tcp dport ssh accept diff --git a/templates/personal/xps/nftables.j2 b/templates/personal/xps/nftables.j2 index 5140777..f1f7d40 100644 --- a/templates/personal/xps/nftables.j2 +++ b/templates/personal/xps/nftables.j2 @@ -20,6 +20,9 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept + # allow mDNS + udp dport 5353 accept + # allow ssh tcp dport ssh accept From bb73032f304e326b0372eef6235e0cd4c1ab5966 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Thu, 17 Apr 2025 22:43:24 +0200 Subject: [PATCH 109/131] Use route-only domains to prevent unrelated dns queries --- templates/personal/desktop/network/wg0.network.j2 | 2 +- templates/personal/desktop/network/wg1.network.j2 | 2 +- templates/personal/xps/network/wg0.network.j2 | 2 +- templates/personal/xps/network/wg1.network.j2 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 index 36beed3..d583bc6 100644 --- a/templates/personal/desktop/network/wg0.network.j2 +++ b/templates/personal/desktop/network/wg0.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} +Domains={{ vpn_default.domains | join(' ') }} {{ vpn_default.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 index 5ea0ce9..5e8d1c5 100644 --- a/templates/personal/desktop/network/wg1.network.j2 +++ b/templates/personal/desktop/network/wg1.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} +Domains={{ vpn_media.domains | join(' ') }} {{ vpn_media.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 index 36beed3..d583bc6 100644 --- a/templates/personal/xps/network/wg0.network.j2 +++ b/templates/personal/xps/network/wg0.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} +Domains={{ vpn_default.domains | join(' ') }} {{ vpn_default.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 index 5ea0ce9..5e8d1c5 100644 --- a/templates/personal/xps/network/wg1.network.j2 +++ b/templates/personal/xps/network/wg1.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} +Domains={{ vpn_media.domains | join(' ') }} {{ vpn_media.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} From b038a3ec72c596c74e74c2ff69329dc3c8fe3cde Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 18 Apr 2025 21:10:20 +0200 Subject: [PATCH 110/131] Add Jellyfin domain --- host_vars/desktop/vpn.yml | 2 ++ host_vars/xps/vpn.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index 6f36936..49fc629 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -32,6 +32,7 @@ vpn_media: dns: 10.0.1.1 domains: - 'media-vpn.{{ server_domain }}' + - 'jellyfin.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' @@ -41,6 +42,7 @@ vpn_media: - name: zeus-media allowed_ips: - 10.0.1.0/24 + - 172.8.238.0/24 endpoint: '{{ server_domain }}:51903' public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 66e483d..6951d94 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -34,6 +34,7 @@ vpn_media: dns: 10.0.1.1 domains: - 'media-vpn.{{ server_domain }}' + - 'jellyfin.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' @@ -42,6 +43,7 @@ vpn_media: - name: fudiggity-media allowed_ips: - 10.0.1.0/24 + - 172.8.238.0/24 endpoint: '{{ server_domain }}:51903' public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' From 3199911ab78c9613285887f9d6d050ea6b7e6466 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 19 Apr 2025 17:13:04 +0200 Subject: [PATCH 111/131] Add new network configuration --- host_vars/xps/network.yml | 5 +++++ tasks/network.yml | 5 +++++ .../personal/xps/network/wlan0-frans.network.j2 | 16 ++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 templates/personal/xps/network/wlan0-frans.network.j2 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index ecddca8..dbfa8ae 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -6,4 +6,9 @@ local_network_address: 192.168.2.9/24 local_network_dns: 192.168.2.254 local_network_gateway: 192.168.2.254 +frans_network_ssid: KPNDD1056 +frans_network_address: 192.168.2.9/24 +frans_network_dns: 192.168.2.254 +frans_network_gateway: 192.168.2.254 + hostname: xps diff --git a/tasks/network.yml b/tasks/network.yml index fa4a975..1c44670 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -78,8 +78,13 @@ loop: - src: 'templates/personal/xps/network/wlan0.link.j2' dest: '/etc/systemd/network/10-wlan0.link' + - src: 'templates/personal/xps/network/wlan0-local.network.j2' dest: '/etc/systemd/network/10-wireless.network' + + - src: 'templates/personal/xps/network/wlan0-frans.network.j2' + dest: '/etc/systemd/network/11-wireless.network' + - src: 'templates/personal/xps/network/wlan0.network.j2' dest: '/etc/systemd/network/20-wireless.network' diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/personal/xps/network/wlan0-frans.network.j2 new file mode 100644 index 0000000..fb19ae3 --- /dev/null +++ b/templates/personal/xps/network/wlan0-frans.network.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ wireless_interface_mac }} +SSID={{ frans_network_ssid }} + +[Network] +Address={{ frans_network_address }} +DNS={{ frans_network_dns }} +Gateway={{ frans_network_gateway }} +DHCP=no +MulticastDNS=yes +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no +RequiredForOnline=routable From da68e6adc975437415e1de2a503c758b7f991d2a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 19 Apr 2025 19:39:51 +0200 Subject: [PATCH 112/131] Use sd-encrypt hook to unlock encrypted partition --- templates/personal/xps/cmdline.j2 | 2 +- templates/personal/xps/mkinitcpio/2-hooks.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/personal/xps/cmdline.j2 b/templates/personal/xps/cmdline.j2 index a2aab0b..90371ba 100644 --- a/templates/personal/xps/cmdline.j2 +++ b/templates/personal/xps/cmdline.j2 @@ -1 +1 @@ -cryptdevice=UUID=4483183a-4881-4bf6-b20c-3ba918642cc4:cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_aspm=nommconf i915.fastboot=1 enable_fbc=1 enable_psr=1 disable_power_well=0 acpi_rev_override=1 bgrt_disable +rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_aspm=nommconf acpi_rev_override=1 bgrt_disable diff --git a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 index ab81af5..c3b6807 100644 --- a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 +++ b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 @@ -1,3 +1,3 @@ # {{ ansible_managed }} -HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 resume filesystems fsck) +HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt lvm2 resume filesystems fsck) From 71af560ed73248421b01a284a90c863b6d0e2749 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 20 Apr 2025 08:27:48 +0200 Subject: [PATCH 113/131] Reorder & remove unused hooks --- templates/personal/xps/mkinitcpio/2-hooks.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 index c3b6807..0a885cd 100644 --- a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 +++ b/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 @@ -1,3 +1,3 @@ # {{ ansible_managed }} -HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt lvm2 resume filesystems fsck) +HOOKS=(base systemd autodetect modconf keyboard sd-vconsole sd-encrypt block lvm2 filesystems fsck) From 4fc4f2712bf42e132077b53c47ee6a7b4fe5dde4 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 21 Apr 2025 19:17:14 +0200 Subject: [PATCH 114/131] Update mpd configuration --- group_vars/personal/mpd.yml | 10 +++++----- host_vars/desktop/vpn.yml | 2 ++ host_vars/xps/vpn.yml | 2 ++ templates/personal/all/mpd/ncmpcpp/config.j2 | 4 ++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/group_vars/personal/mpd.yml b/group_vars/personal/mpd.yml index 258ec66..f28520a 100644 --- a/group_vars/personal/mpd.yml +++ b/group_vars/personal/mpd.yml @@ -1,9 +1,9 @@ -mpd_listen_address: '127.0.0.1' -mpd_listen_port: '6600' +mpd_listen_address: 127.0.0.1 +mpd_listen_port: 6600 -mpd_remote_address: 'vpn.{{ server_domain }}' -mpd_remote_port: '21000' -mpd_remote_stream_port: '8000' # note that this is not used (yet) +mpd_remote_address: 'mpd.{{ server_domain }}' +mpd_remote_port: 21000 +mpd_remote_stream_port: 8000 mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index 49fc629..dc04880 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -9,6 +9,7 @@ vpn_default: - 'transmission.{{ server_domain }}' - 'syncthing.{{ server_domain }}' - 'radicale.{{ server_domain }}' + - 'mpd.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -20,6 +21,7 @@ vpn_default: - 172.16.238.0/24 - 172.32.238.0/24 - 172.64.238.0/24 + - 172.128.238.0/24 endpoint: '{{ server_domain }}:51902' public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 6951d94..cd9d2ea 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -11,6 +11,7 @@ vpn_default: - 'transmission.{{ server_domain }}' - 'syncthing.{{ server_domain }}' - 'radicale.{{ server_domain }}' + - 'mpd.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' @@ -22,6 +23,7 @@ vpn_default: - 172.16.238.0/24 - 172.32.238.0/24 - 172.64.238.0/24 + - 172.128.238.0/24 endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' diff --git a/templates/personal/all/mpd/ncmpcpp/config.j2 b/templates/personal/all/mpd/ncmpcpp/config.j2 index 865a549..a7cc08a 100644 --- a/templates/personal/all/mpd/ncmpcpp/config.j2 +++ b/templates/personal/all/mpd/ncmpcpp/config.j2 @@ -3,10 +3,10 @@ ############## Connection ################### ## Connect to mpd running on a specified host -mpd_host = 10.0.0.1 +mpd_host = {{ mpd_remote_address }} ## Connect to mpd on the specified port. -mpd_port = 21000 +mpd_port = {{ mpd_remote_port }} # header_visibility = yes # playlist_show_mpd_host = yes From c5c7c8ce88c4e44bc3580a66ff269e181c9715a4 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 09:48:58 +0200 Subject: [PATCH 115/131] Revert to route only domains Resolution sometimes fails as HTTPS requests are not possible yet to some domains. This causes HTTP requests to fail later on. Can be reproduced by doing a HTTPS request first (for a domain configured without HTTPS) and retrying with a HTTP request afterwards. --- host_vars/desktop/vpn.yml | 14 +++++++------- host_vars/xps/vpn.yml | 14 +++++++------- templates/personal/desktop/network/wg0.network.j2 | 2 +- templates/personal/desktop/network/wg1.network.j2 | 2 +- templates/personal/xps/network/wg0.network.j2 | 2 +- templates/personal/xps/network/wg1.network.j2 | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index dc04880..c738313 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -5,11 +5,11 @@ vpn_default: interface: wg0 dns: 10.0.0.1 domains: - - 'vpn.{{ server_domain }}' - - 'transmission.{{ server_domain }}' - - 'syncthing.{{ server_domain }}' - - 'radicale.{{ server_domain }}' - - 'mpd.{{ server_domain }}' + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' + - '~mpd.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -33,8 +33,8 @@ vpn_media: interface: wg1 dns: 10.0.1.1 domains: - - 'media-vpn.{{ server_domain }}' - - 'jellyfin.{{ server_domain }}' + - '~media-vpn.{{ server_domain }}' + - '~jellyfin.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index cd9d2ea..59ab2e1 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -7,11 +7,11 @@ vpn_default: interface: wg0 dns: 10.0.0.1 domains: - - 'vpn.{{ server_domain }}' - - 'transmission.{{ server_domain }}' - - 'syncthing.{{ server_domain }}' - - 'radicale.{{ server_domain }}' - - 'mpd.{{ server_domain }}' + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' + - '~mpd.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' @@ -35,8 +35,8 @@ vpn_media: interface: wg1 dns: 10.0.1.1 domains: - - 'media-vpn.{{ server_domain }}' - - 'jellyfin.{{ server_domain }}' + - '~media-vpn.{{ server_domain }}' + - '~jellyfin.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 index d583bc6..36beed3 100644 --- a/templates/personal/desktop/network/wg0.network.j2 +++ b/templates/personal/desktop/network/wg0.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} {{ vpn_default.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} +Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 index 5e8d1c5..5ea0ce9 100644 --- a/templates/personal/desktop/network/wg1.network.j2 +++ b/templates/personal/desktop/network/wg1.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} {{ vpn_media.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} +Domains={{ vpn_media.domains | join(' ') }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 index d583bc6..36beed3 100644 --- a/templates/personal/xps/network/wg0.network.j2 +++ b/templates/personal/xps/network/wg0.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_default.interface }} [Network] Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} {{ vpn_default.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} +Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 index 5e8d1c5..5ea0ce9 100644 --- a/templates/personal/xps/network/wg1.network.j2 +++ b/templates/personal/xps/network/wg1.network.j2 @@ -6,4 +6,4 @@ Name={{ vpn_media.interface }} [Network] Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} {{ vpn_media.domains | map('regex_replace', '^(.*)$', '~\\1') | join(' ') }} +Domains={{ vpn_media.domains | join(' ') }} From f5ada68b2ba27230a45f59a5224d1aa89dbd4cf1 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 09:54:08 +0200 Subject: [PATCH 116/131] Use group name in playbook file --- inventory.yml | 2 +- playbook.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/inventory.yml b/inventory.yml index 610f4b7..6aab803 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,5 +1,5 @@ personal: - hosts: + hosts: xps: ansible_connection: local desktop: diff --git a/playbook.yml b/playbook.yml index 3108293..60eba42 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,7 +1,5 @@ - name: Arch Linux provisioning - hosts: - - xps - - desktop + hosts: personal gather_facts: true roles: - common From 0bf6345ff3c9d2a70bd3484f1581218d2506e0d6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 16:23:44 +0200 Subject: [PATCH 117/131] Keep mpv open after finishing --- templates/personal/all/mpv/config.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/personal/all/mpv/config.j2 b/templates/personal/all/mpv/config.j2 index fe1d4a6..c51a293 100644 --- a/templates/personal/all/mpv/config.j2 +++ b/templates/personal/all/mpv/config.j2 @@ -8,3 +8,6 @@ hwdec=vaapi audio-samplerate=128000 audio-format=s64 + +# Do not close the window on exit +keep-open=yes From 6f393b4c39f094243dd5e8c199d7217212f70c38 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 17:10:24 +0200 Subject: [PATCH 118/131] Add BindCarrier directive To disable wireguard interfaces whenever applicable --- templates/personal/desktop/network/enp1s0.network.j2 | 2 -- templates/personal/desktop/network/wg0.network.j2 | 1 + templates/personal/desktop/network/wg1.network.j2 | 1 + templates/personal/xps/network/wg0.network.j2 | 1 + templates/personal/xps/network/wg1.network.j2 | 1 + 5 files changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 index 6f1d5e8..1bfb866 100644 --- a/templates/personal/desktop/network/enp1s0.network.j2 +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -12,6 +12,4 @@ MulticastDNS=yes LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no - -[Link] RequiredForOnline=routable diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 index 36beed3..4cb1039 100644 --- a/templates/personal/desktop/network/wg0.network.j2 +++ b/templates/personal/desktop/network/wg0.network.j2 @@ -7,3 +7,4 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 index 5ea0ce9..129cac1 100644 --- a/templates/personal/desktop/network/wg1.network.j2 +++ b/templates/personal/desktop/network/wg1.network.j2 @@ -7,3 +7,4 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 index 36beed3..3832085 100644 --- a/templates/personal/xps/network/wg0.network.j2 +++ b/templates/personal/xps/network/wg0.network.j2 @@ -7,3 +7,4 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 index 5ea0ce9..ae3f641 100644 --- a/templates/personal/xps/network/wg1.network.j2 +++ b/templates/personal/xps/network/wg1.network.j2 @@ -7,3 +7,4 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} +BindCarrier={{ wireless_interface }} From 82a02be85a9dc451f1f127d88e168d816f5aeaca Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 17:11:03 +0200 Subject: [PATCH 119/131] Use DNS over TLS & enable DNSSEC --- host_vars/desktop/network.yml | 2 +- host_vars/xps/network.yml | 6 ++++-- playbook.yml | 3 ++- templates/personal/desktop/network/enp1s0.network.j2 | 6 ++++-- templates/personal/xps/network/wlan0-frans.network.j2 | 6 ++++-- templates/personal/xps/network/wlan0-local.network.j2 | 6 ++++-- templates/personal/xps/network/wlan0.network.j2 | 3 +++ 7 files changed, 22 insertions(+), 10 deletions(-) diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml index 8470e20..25eaf55 100644 --- a/host_vars/desktop/network.yml +++ b/host_vars/desktop/network.yml @@ -2,7 +2,7 @@ lan_interface: enp1s0 lan_interface_mac: 00:d8:61:9f:52:65 local_network_address: 192.168.2.15/24 -local_network_dns: 192.168.2.254 +local_network_dns: 9.9.9.9 149.112.112.112 local_network_gateway: 192.168.2.254 hostname: desktop diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index dbfa8ae..3fd2f25 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -3,12 +3,14 @@ wireless_interface_mac: 98:2c:bc:e3:ff:bc local_network_ssid: KPNAE51C6 local_network_address: 192.168.2.9/24 -local_network_dns: 192.168.2.254 +local_network_dns: 9.9.9.9 149.112.112.112 local_network_gateway: 192.168.2.254 frans_network_ssid: KPNDD1056 frans_network_address: 192.168.2.9/24 -frans_network_dns: 192.168.2.254 +frans_network_dns: 9.9.9.9 149.112.112.112 frans_network_gateway: 192.168.2.254 +default_network_dns: 9.9.9.9 149.112.112.112 + hostname: xps diff --git a/playbook.yml b/playbook.yml index 60eba42..be8a56a 100644 --- a/playbook.yml +++ b/playbook.yml @@ -29,7 +29,8 @@ - name: Personal provisiong when: "'personal' in group_names" block: - # TODO: require (w)lan interfaces before configuring these + # Note: set `network.dns.native_https_query` in about:config to prevent + # DoH requests by default. See https://github.com/arkenfox/user.js/issues/1881 - name: Wireguard provisioning ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' tags: wireguard diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/personal/desktop/network/enp1s0.network.j2 index 1bfb866..af57302 100644 --- a/templates/personal/desktop/network/enp1s0.network.j2 +++ b/templates/personal/desktop/network/enp1s0.network.j2 @@ -5,10 +5,12 @@ Name={{ lan_interface }} [Network] Address={{ local_network_address }} -DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} -DHCP=no +DNS={{ local_network_dns }} MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/personal/xps/network/wlan0-frans.network.j2 index fb19ae3..522ddc3 100644 --- a/templates/personal/xps/network/wlan0-frans.network.j2 +++ b/templates/personal/xps/network/wlan0-frans.network.j2 @@ -6,10 +6,12 @@ SSID={{ frans_network_ssid }} [Network] Address={{ frans_network_address }} -DNS={{ frans_network_dns }} Gateway={{ frans_network_gateway }} -DHCP=no +DNS={{ frans_network_dns }} MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index c01faab..3d23390 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -6,10 +6,12 @@ SSID={{ local_network_ssid }} [Network] Address={{ local_network_address }} -DNS={{ local_network_dns }} Gateway={{ local_network_gateway }} -DHCP=no +DNS={{ local_network_dns }} MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 index a90c88e..ed8191f 100644 --- a/templates/personal/xps/network/wlan0.network.j2 +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -2,6 +2,9 @@ MACAddress={{ wireless_interface_mac }} [Network] +DNS={{ default_network_dns }} +DNSOverTLS=yes +DNSSEC=yes DHCP=yes RequiredForOnline=routable IgnoreCarrierLoss=3s From fed90f0d39658ae444109b487f7be1ec1b75582a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 10 May 2025 21:42:06 +0200 Subject: [PATCH 120/131] Decrease wezterm fontsize for xps --- host_vars/xps/main.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 host_vars/xps/main.yml diff --git a/host_vars/xps/main.yml b/host_vars/xps/main.yml new file mode 100644 index 0000000..1224e3b --- /dev/null +++ b/host_vars/xps/main.yml @@ -0,0 +1 @@ +wezterm_font_size: 10 From 10b00a13248114c416ab56a328475e386843b2a3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 14 May 2025 19:46:57 +0200 Subject: [PATCH 121/131] Remove powertop setup --- tasks/personal/xps.yml | 10 +++------- templates/personal/xps/powertop.service.j2 | 12 ------------ 2 files changed, 3 insertions(+), 19 deletions(-) delete mode 100644 templates/personal/xps/powertop.service.j2 diff --git a/tasks/personal/xps.yml b/tasks/personal/xps.yml index b1eb784..8bef201 100644 --- a/tasks/personal/xps.yml +++ b/tasks/personal/xps.yml @@ -1,12 +1,8 @@ - name: Provision powertop systemd service become: true - ansible.builtin.template: - src: templates/personal/xps/powertop.service.j2 - dest: /etc/systemd/system/powertop.service - owner: root - group: root - mode: '0644' - notify: restart powertop + ansible.builtin.file: + path: /etc/systemd/system/powertop.service + state: absent - name: Provision python pa-dlna block: diff --git a/templates/personal/xps/powertop.service.j2 b/templates/personal/xps/powertop.service.j2 deleted file mode 100644 index c614bcf..0000000 --- a/templates/personal/xps/powertop.service.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=Powertop tunings - -[Service] -Type=oneshot -RemainAfterExit=true -ExecStart=/usr/bin/powertop --auto-tune - -[Install] -WantedBy=multi-user.target From d86a6f99983f68a1cf4c500cfb397f6e385a7680 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 14 May 2025 19:47:06 +0200 Subject: [PATCH 122/131] Remove unneeded kernel params --- templates/personal/xps/cmdline.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/personal/xps/cmdline.j2 b/templates/personal/xps/cmdline.j2 index 90371ba..e23cec7 100644 --- a/templates/personal/xps/cmdline.j2 +++ b/templates/personal/xps/cmdline.j2 @@ -1 +1 @@ -rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_aspm=nommconf acpi_rev_override=1 bgrt_disable +rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_port_pm=off acpi_rev_override=1 From 9129cb37779ddf0c80eba7fe0446c1f609b8d77a Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 30 May 2025 20:41:35 +0200 Subject: [PATCH 123/131] Use random MAC for wifi connections --- host_vars/xps/network.yml | 1 - tasks/network.yml | 24 +++++++++++++++---- templates/personal/xps/iwd.j2 | 4 ++++ .../xps/network/wlan0-frans.network.j2 | 2 +- .../xps/network/wlan0-local.network.j2 | 2 +- templates/personal/xps/network/wlan0.link.j2 | 7 ------ .../personal/xps/network/wlan0.network.j2 | 2 +- 7 files changed, 26 insertions(+), 16 deletions(-) create mode 100644 templates/personal/xps/iwd.j2 delete mode 100644 templates/personal/xps/network/wlan0.link.j2 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index 3fd2f25..9150f86 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -1,5 +1,4 @@ wireless_interface: wlan0 -wireless_interface_mac: 98:2c:bc:e3:ff:bc local_network_ssid: KPNAE51C6 local_network_address: 192.168.2.9/24 diff --git a/tasks/network.yml b/tasks/network.yml index 1c44670..0e35a82 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -76,9 +76,6 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/personal/xps/network/wlan0.link.j2' - dest: '/etc/systemd/network/10-wlan0.link' - - src: 'templates/personal/xps/network/wlan0-local.network.j2' dest: '/etc/systemd/network/10-wireless.network' @@ -88,11 +85,28 @@ - src: 'templates/personal/xps/network/wlan0.network.j2' dest: '/etc/systemd/network/20-wireless.network' + - name: Create iwd directory + become: true + ansible.builtin.template: + src: templates/personal/xps/iwd.j2 + dest: /etc/iwd + mode: '0644' + owner: root + + - name: Provision iwd configuration + become: true + ansible.builtin.template: + src: templates/personal/xps/iwd.j2 + dest: /etc/iwd/main.config + mode: '0755' + owner: root + - name: Remove leftover configuration files become: true ansible.builtin.file: path: '{{ item }}' state: absent loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' + - /etc/systemd/network/30-vmbr0.network + - /etc/systemd/network/30-vmbr0.netdev + - /etc/systemd/network/10-wlan0.link diff --git a/templates/personal/xps/iwd.j2 b/templates/personal/xps/iwd.j2 new file mode 100644 index 0000000..ece78b8 --- /dev/null +++ b/templates/personal/xps/iwd.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[General] +AddressRandomization=network diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/personal/xps/network/wlan0-frans.network.j2 index 522ddc3..7790429 100644 --- a/templates/personal/xps/network/wlan0-frans.network.j2 +++ b/templates/personal/xps/network/wlan0-frans.network.j2 @@ -1,7 +1,7 @@ # {{ ansible_managed }} [Match] -MACAddress={{ wireless_interface_mac }} +Name={{ wireless_interface }} SSID={{ frans_network_ssid }} [Network] diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 3d23390..1a67fce 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -1,7 +1,7 @@ # {{ ansible_managed }} [Match] -MACAddress={{ wireless_interface_mac }} +Name={{ wireless_interface }} SSID={{ local_network_ssid }} [Network] diff --git a/templates/personal/xps/network/wlan0.link.j2 b/templates/personal/xps/network/wlan0.link.j2 deleted file mode 100644 index 429ab10..0000000 --- a/templates/personal/xps/network/wlan0.link.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -[Match] -MACAddress={{ wireless_interface_mac }} - -[Link] -Name={{ wireless_interface }} diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 index ed8191f..4def9c6 100644 --- a/templates/personal/xps/network/wlan0.network.j2 +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -1,5 +1,5 @@ [Match] -MACAddress={{ wireless_interface_mac }} +Name={{ wireless_interface }} [Network] DNS={{ default_network_dns }} From e45b0c59ace3852a01527fa2554c7d4783fd5105 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 8 Jun 2025 13:35:07 +0200 Subject: [PATCH 124/131] Update note about disabling DoH --- playbook.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/playbook.yml b/playbook.yml index be8a56a..2bb2360 100644 --- a/playbook.yml +++ b/playbook.yml @@ -29,8 +29,9 @@ - name: Personal provisiong when: "'personal' in group_names" block: - # Note: set `network.dns.native_https_query` in about:config to prevent - # DoH requests by default. See https://github.com/arkenfox/user.js/issues/1881 + # Note: Disable DoH in Firefox to fallback to system's default DNS + # resolver, see + # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - name: Wireguard provisioning ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' tags: wireguard From 026c8106ca2964bc9fef0e1545ddd1ef8327b8d6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 29 Jun 2025 20:36:31 +0200 Subject: [PATCH 125/131] Use correct section for RequiredForOnline setting --- templates/personal/xps/network/wlan0-frans.network.j2 | 2 ++ templates/personal/xps/network/wlan0-local.network.j2 | 2 ++ templates/personal/xps/network/wlan0.network.j2 | 4 +++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/personal/xps/network/wlan0-frans.network.j2 index 7790429..8ff0b0d 100644 --- a/templates/personal/xps/network/wlan0-frans.network.j2 +++ b/templates/personal/xps/network/wlan0-frans.network.j2 @@ -15,4 +15,6 @@ DHCP=no LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no + +[Link] RequiredForOnline=routable diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/personal/xps/network/wlan0-local.network.j2 index 1a67fce..880606c 100644 --- a/templates/personal/xps/network/wlan0-local.network.j2 +++ b/templates/personal/xps/network/wlan0-local.network.j2 @@ -15,4 +15,6 @@ DHCP=no LinkLocalAddressing=no IPv6AcceptRA=no IPv6SendRA=no + +[Link] RequiredForOnline=routable diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/personal/xps/network/wlan0.network.j2 index 4def9c6..30d588b 100644 --- a/templates/personal/xps/network/wlan0.network.j2 +++ b/templates/personal/xps/network/wlan0.network.j2 @@ -6,5 +6,7 @@ DNS={{ default_network_dns }} DNSOverTLS=yes DNSSEC=yes DHCP=yes -RequiredForOnline=routable IgnoreCarrierLoss=3s + +[Link] +RequiredForOnline=routable From 44eb29b22656d7f262a016af77f3244a141e7f6e Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Fri, 26 Sep 2025 08:47:41 +0200 Subject: [PATCH 126/131] Update mpv configuration --- playbook.yml | 2 ++ templates/personal/all/mpv/config.j2 | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/playbook.yml b/playbook.yml index be8a56a..54813d6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -14,6 +14,7 @@ ansible.builtin.import_tasks: 'tasks/setup.yml' tags: setup + # TODO: provision ssh client config with modern cyphers - name: Network provisioning ansible.builtin.import_tasks: 'tasks/network.yml' tags: network @@ -47,6 +48,7 @@ ansible.builtin.import_tasks: 'tasks/personal/all/syncthing.yml' tags: syncthing + # TODO: provision current macvlan setup - name: Desktop provisioning ansible.builtin.import_tasks: 'tasks/personal/desktop.yml' when: ansible_hostname == 'desktop' diff --git a/templates/personal/all/mpv/config.j2 b/templates/personal/all/mpv/config.j2 index c51a293..cb9323b 100644 --- a/templates/personal/all/mpv/config.j2 +++ b/templates/personal/all/mpv/config.j2 @@ -1,13 +1,14 @@ # {{ ansible_managed }} # -volume=100 -sub-auto=fuzzy gpu-api=opengl vo=gpu hwdec=vaapi audio-samplerate=128000 audio-format=s64 +volume=100 -# Do not close the window on exit -keep-open=yes +keep-open=yes # do not close the window on exit +keepaspect-window=no # add black bars if window aspect and video aspect mismatch + +sub-auto=fuzzy # load all subs containing the media filename From f90702c7b8e9cea145695649e540f412280d2ac6 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 1 Oct 2025 19:58:37 +0200 Subject: [PATCH 127/131] Update mpv keybindings --- templates/personal/all/mpv/input.j2 | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/templates/personal/all/mpv/input.j2 b/templates/personal/all/mpv/input.j2 index d5252d8..a405e81 100644 --- a/templates/personal/all/mpv/input.j2 +++ b/templates/personal/all/mpv/input.j2 @@ -1,14 +1,13 @@ # {{ ansible_managed }} # -## Seek units are in seconds, but note that these are limited by keyframes +# See /usr/share/doc/mpv/input.conf for more options. +# +## Seek units are in seconds, but note that these are limited by keyframes. RIGHT seek 5 LEFT seek -5 SHIFT+RIGHT seek 60 SHIFT+LEFT seek -60 -# UP add volume 2 -# DOWN add volume -2 - UP add ao-volume 2 DOWN add ao-volume -2 m cycle ao-mute @@ -19,8 +18,7 @@ PGDWN add chapter -1 # skip to previous chapter q quit j cycle sub # cycle through subtitles - -#SHARP cycle audio # switch audio streams +- cycle audio # switch audio track f cycle fullscreen # toggle fullscreen s screenshot # take a screenshot From 970f7489fb1b916bbbf4e02ba7f4ca7ec37d0c6c Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 12 Oct 2025 15:33:37 +0200 Subject: [PATCH 128/131] Layout refactor Also included provisioning for htpc host --- default.yml | 40 +++ desktop.yml | 34 +++ files/personal/all/gpg/gpg_key | 264 ------------------ files/personal/all/gpg/gpg_pub | 40 --- .../desktop/fudiggity.key} | 0 .../desktop/fudiggity.pub} | 0 .../desktop}/preshared.psk | 0 files/wireguard-media/htpc/fudiggity.key | 7 + files/wireguard-media/htpc/fudiggity.pub | 1 + files/wireguard-media/htpc/preshared.psk | 7 + .../desktop/fudiggity.key} | 0 .../desktop/fudiggity.pub} | 0 .../desktop}/preshared.psk | 0 .../xps.key => wireguard/xps/fudiggity.key} | 0 .../xps.pub => wireguard/xps/fudiggity.pub} | 0 .../default => wireguard/xps}/preshared.psk | 0 group_vars/all/main.yml | 17 -- group_vars/personal/gpg.yml | 8 - group_vars/personal/system.yml | 39 --- handlers.yml | 2 +- host_vars/desktop/network.yml | 5 + host_vars/desktop/system.yml | 46 ++- host_vars/desktop/vpn.yml | 51 ---- host_vars/htpc/network.yml | 11 + host_vars/htpc/system.yml | 44 +++ host_vars/xps/main.yml | 1 - host_vars/xps/network.yml | 5 + host_vars/xps/pa-dlna.yml | 2 + host_vars/xps/system.yml | 49 ++-- host_vars/xps/vpn.yml | 52 ---- htpc.yml | 19 ++ inventory.yml | 7 +- playbook.yml | 67 ----- tasks/{personal => }/desktop.yml | 2 +- tasks/{personal/all/mpd.yml => mpd.yaml} | 14 +- tasks/{personal/all => }/mpv.yml | 4 +- tasks/network.yml | 112 -------- tasks/network/desktop.yml | 27 ++ tasks/network/htpc.yml | 0 tasks/network/main.yml | 28 ++ tasks/network/xps.yml | 47 ++++ tasks/personal/all/wireguard.yml | 112 -------- tasks/setup.yml | 53 ++-- tasks/{personal/all => }/syncthing.yml | 2 +- tasks/timer.yml | 6 +- tasks/wireguard-media.yml | 71 +++++ tasks/wireguard.yml | 71 +++++ tasks/{personal => }/xps.yml | 4 +- templates/{personal => }/desktop/cmdline.j2 | 0 .../desktop/mkinitcpio/1-modules.conf.j2 | 0 .../desktop/mkinitcpio/linux-lts.preset.j2 | 0 .../desktop/mkinitcpio/linux.preset.j2 | 0 .../desktop/modprobe/99-amdgpu.conf.j2 | 0 .../desktop/network/enp1s0.link.j2 | 0 .../desktop/network/enp1s0.network.j2 | 0 .../xps => desktop}/network/wg0.netdev.j2 | 8 +- templates/desktop/network/wg0.network.j2 | 10 + .../desktop/network/wg1.netdev.j2 | 8 +- templates/desktop/network/wg1.network.j2 | 10 + templates/{personal => }/desktop/nftables.j2 | 0 .../desktop/xdg-desktop-portal.service.j2 | 0 templates/htpc/cmdline.j2 | 1 + templates/htpc/mkinitcpio/1-modules.conf.j2 | 3 + .../mkinitcpio/linux-lts.preset.j2 | 0 .../xps => htpc}/mkinitcpio/linux.preset.j2 | 0 templates/htpc/network/enp1s0.link.j2 | 7 + templates/htpc/network/enp1s0.network.j2 | 17 ++ .../xps => htpc}/network/wg1.netdev.j2 | 8 +- templates/htpc/network/wg1.network.j2 | 10 + templates/htpc/nftables.j2 | 29 ++ templates/{personal/all => }/mpd/mpd.conf.j2 | 0 templates/{personal/all => }/mpd/ncmpc.j2 | 0 .../all => }/mpd/ncmpcpp/bindings.j2 | 0 .../{personal/all => }/mpd/ncmpcpp/config.j2 | 0 templates/{personal/all => }/mpd/service.j2 | 0 templates/{personal/all => }/mpd/socket.j2 | 0 templates/{personal/all => }/mpv/config.j2 | 0 templates/{personal/all => }/mpv/input.j2 | 0 .../personal/desktop/network/wg0.network.j2 | 10 - .../personal/desktop/network/wg1.network.j2 | 10 - templates/personal/xps/network/wg0.network.j2 | 10 - templates/personal/xps/network/wg1.network.j2 | 10 - .../{syncthing.j2 => syncthing/config.j2} | 0 templates/{personal => }/xps/cmdline.j2 | 0 templates/{personal => }/xps/iwd.j2 | 0 .../xps/mkinitcpio/1-modules.conf.j2 | 0 .../xps/mkinitcpio/2-hooks.conf.j2 | 0 templates/xps/mkinitcpio/linux-lts.preset.j2 | 8 + templates/xps/mkinitcpio/linux.preset.j2 | 8 + .../desktop => xps}/network/wg0.netdev.j2 | 8 +- templates/xps/network/wg0.network.j2 | 10 + templates/xps/network/wg1.netdev.j2 | 25 ++ templates/xps/network/wg1.network.j2 | 10 + .../xps/network/wlan0-frans.network.j2 | 0 .../xps/network/wlan0-local.network.j2 | 0 .../xps/network/wlan0.network.j2 | 0 templates/{personal => }/xps/nftables.j2 | 0 .../{personal => }/xps/pa-dlna/config.j2 | 0 .../{personal => }/xps/pa-dlna/service.j2 | 0 {group_vars/personal => vars}/mpd.yml | 0 vars/wireguard-media.yml | 22 ++ vars/wireguard.yml | 28 ++ xps.yml | 34 +++ 103 files changed, 782 insertions(+), 893 deletions(-) create mode 100644 default.yml create mode 100644 desktop.yml delete mode 100644 files/personal/all/gpg/gpg_key delete mode 100644 files/personal/all/gpg/gpg_pub rename files/{personal/desktop/wireguard/media/desktop.key => wireguard-media/desktop/fudiggity.key} (100%) rename files/{personal/desktop/wireguard/media/desktop.pub => wireguard-media/desktop/fudiggity.pub} (100%) rename files/{personal/desktop/wireguard/media => wireguard-media/desktop}/preshared.psk (100%) create mode 100644 files/wireguard-media/htpc/fudiggity.key create mode 100644 files/wireguard-media/htpc/fudiggity.pub create mode 100644 files/wireguard-media/htpc/preshared.psk rename files/{personal/desktop/wireguard/default/desktop.key => wireguard/desktop/fudiggity.key} (100%) rename files/{personal/desktop/wireguard/default/desktop.pub => wireguard/desktop/fudiggity.pub} (100%) rename files/{personal/desktop/wireguard/default => wireguard/desktop}/preshared.psk (100%) rename files/{personal/xps/wireguard/default/xps.key => wireguard/xps/fudiggity.key} (100%) rename files/{personal/xps/wireguard/default/xps.pub => wireguard/xps/fudiggity.pub} (100%) rename files/{personal/xps/wireguard/default => wireguard/xps}/preshared.psk (100%) delete mode 100644 group_vars/personal/gpg.yml delete mode 100644 group_vars/personal/system.yml delete mode 100644 host_vars/desktop/vpn.yml create mode 100644 host_vars/htpc/network.yml create mode 100644 host_vars/htpc/system.yml delete mode 100644 host_vars/xps/main.yml create mode 100644 host_vars/xps/pa-dlna.yml delete mode 100644 host_vars/xps/vpn.yml create mode 100644 htpc.yml delete mode 100644 playbook.yml rename tasks/{personal => }/desktop.yml (85%) rename tasks/{personal/all/mpd.yml => mpd.yaml} (86%) rename tasks/{personal/all => }/mpv.yml (80%) delete mode 100644 tasks/network.yml create mode 100644 tasks/network/desktop.yml create mode 100644 tasks/network/htpc.yml create mode 100644 tasks/network/main.yml create mode 100644 tasks/network/xps.yml delete mode 100644 tasks/personal/all/wireguard.yml rename tasks/{personal/all => }/syncthing.yml (90%) create mode 100644 tasks/wireguard-media.yml create mode 100644 tasks/wireguard.yml rename tasks/{personal => }/xps.yml (92%) rename templates/{personal => }/desktop/cmdline.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{personal => }/desktop/mkinitcpio/linux.preset.j2 (100%) rename templates/{personal => }/desktop/modprobe/99-amdgpu.conf.j2 (100%) rename templates/{personal => }/desktop/network/enp1s0.link.j2 (100%) rename templates/{personal => }/desktop/network/enp1s0.network.j2 (100%) rename templates/{personal/xps => desktop}/network/wg0.netdev.j2 (66%) create mode 100644 templates/desktop/network/wg0.network.j2 rename templates/{personal => }/desktop/network/wg1.netdev.j2 (67%) create mode 100644 templates/desktop/network/wg1.network.j2 rename templates/{personal => }/desktop/nftables.j2 (100%) rename templates/{personal => }/desktop/xdg-desktop-portal.service.j2 (100%) create mode 100644 templates/htpc/cmdline.j2 create mode 100644 templates/htpc/mkinitcpio/1-modules.conf.j2 rename templates/{personal/xps => htpc}/mkinitcpio/linux-lts.preset.j2 (100%) rename templates/{personal/xps => htpc}/mkinitcpio/linux.preset.j2 (100%) create mode 100644 templates/htpc/network/enp1s0.link.j2 create mode 100644 templates/htpc/network/enp1s0.network.j2 rename templates/{personal/xps => htpc}/network/wg1.netdev.j2 (67%) create mode 100644 templates/htpc/network/wg1.network.j2 create mode 100644 templates/htpc/nftables.j2 rename templates/{personal/all => }/mpd/mpd.conf.j2 (100%) rename templates/{personal/all => }/mpd/ncmpc.j2 (100%) rename templates/{personal/all => }/mpd/ncmpcpp/bindings.j2 (100%) rename templates/{personal/all => }/mpd/ncmpcpp/config.j2 (100%) rename templates/{personal/all => }/mpd/service.j2 (100%) rename templates/{personal/all => }/mpd/socket.j2 (100%) rename templates/{personal/all => }/mpv/config.j2 (100%) rename templates/{personal/all => }/mpv/input.j2 (100%) delete mode 100644 templates/personal/desktop/network/wg0.network.j2 delete mode 100644 templates/personal/desktop/network/wg1.network.j2 delete mode 100644 templates/personal/xps/network/wg0.network.j2 delete mode 100644 templates/personal/xps/network/wg1.network.j2 rename templates/{syncthing.j2 => syncthing/config.j2} (100%) rename templates/{personal => }/xps/cmdline.j2 (100%) rename templates/{personal => }/xps/iwd.j2 (100%) rename templates/{personal => }/xps/mkinitcpio/1-modules.conf.j2 (100%) rename templates/{personal => }/xps/mkinitcpio/2-hooks.conf.j2 (100%) create mode 100644 templates/xps/mkinitcpio/linux-lts.preset.j2 create mode 100644 templates/xps/mkinitcpio/linux.preset.j2 rename templates/{personal/desktop => xps}/network/wg0.netdev.j2 (66%) create mode 100644 templates/xps/network/wg0.network.j2 create mode 100644 templates/xps/network/wg1.netdev.j2 create mode 100644 templates/xps/network/wg1.network.j2 rename templates/{personal => }/xps/network/wlan0-frans.network.j2 (100%) rename templates/{personal => }/xps/network/wlan0-local.network.j2 (100%) rename templates/{personal => }/xps/network/wlan0.network.j2 (100%) rename templates/{personal => }/xps/nftables.j2 (100%) rename templates/{personal => }/xps/pa-dlna/config.j2 (100%) rename templates/{personal => }/xps/pa-dlna/service.j2 (100%) rename {group_vars/personal => vars}/mpd.yml (100%) create mode 100644 vars/wireguard-media.yml create mode 100644 vars/wireguard.yml create mode 100644 xps.yml diff --git a/default.yml b/default.yml new file mode 100644 index 0000000..16df3af --- /dev/null +++ b/default.yml @@ -0,0 +1,40 @@ +- name: Arch Linux provisioning + gather_facts: true + hosts: all + roles: + - common + tasks: + - name: Generic provisioning + ansible.builtin.import_tasks: 'tasks/setup.yml' + tags: setup + + # TODO: provision ssh client config with modern cyphers + - name: Network provisioning + ansible.builtin.import_tasks: 'tasks/network/main.yml' + tags: network + + # - name: Network host specific provisioning + # ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml' + # tags: network-specific + + - name: Systemd provisioning + ansible.builtin.import_tasks: 'tasks/systemd.yml' + tags: systemd + + - name: Systemd timer provisioning + ansible.builtin.import_tasks: 'tasks/timer.yml' + tags: timers + + # Note: Disable DoH in Firefox to fallback to system's default DNS + # resolver, see + # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/mpv.yml' + tags: mpv + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: 'handlers.yml' + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/desktop.yml b/desktop.yml new file mode 100644 index 0000000..ab87111 --- /dev/null +++ b/desktop.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: desktop + gather_facts: true + tasks: + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + # TODO: provision current macvlan setup + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/desktop.yml' + tags: desktop + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/files/personal/all/gpg/gpg_key b/files/personal/all/gpg/gpg_key deleted file mode 100644 index 5fcab22..0000000 --- a/files/personal/all/gpg/gpg_key +++ /dev/null @@ -1,264 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34663932363439393536333037386165353635363461356133643930373232633664343737396263 -6332613133646434333332356135336164346237383237360a643035653161363964333136346533 -37353332656361653662623137643735326532393234366165316234323364656261343132393831 -3034626136656162350a333362643166383138306136646331373439623232373532633130313262 -36356134386565343333353136616263623265623438653663336435376134346563663365373930 -30616435316364613139666661343633363436343635666661646635393661373739653765373363 -30343434396537666234306561353636323365666165333131623365383535396634623539626565 -39363138323638323234326433333066393933373839623834663632373438613339613963383333 -38333866386466303634363362323964653663613966333032633130613336366363326561363433 -30633737316535303366396563333532313036623236376430613234376637336131323666373762 -61383338303536316462616332613562636263343236616635656238653532336561623334356533 -30313662353662376530353933656464383039336664333935653834303833313230323838373838 -63643766303462306130386130333066336466313862366538383230366661373666306638353137 -62643466306435343739363138313433656336643538333133343764326238336137333939636336 -65613238396437623866616330393166363462666532373731613232393966323835346566306333 -32646432623833653761363839323237633863383666373862363761346665306265623366363635 -65326237363361353233646661646330386630653961363862363463326339633532346130396134 -31313730613134633133633362393464623663313031623862373937313763653838343935366335 -35626466346666633961363132343933393066303539353239653662373432623432336662343661 -31343434313461326263373264613538653937336336613031313637633564316134323335653638 -66353733386662616162303032363361393661653935633237323131613331613364333264353232 -30626637663366363630343764303863353035653535343931346636633636643365373237383030 -35393734663661323334373436323437393830636637383566366434663666366531323434653535 -38353064373038336362623735386532396433353063616337326636383065633035386134326533 -37323761393465303563306661646433646532643935323665636265323133623265383437336131 -31316366643932356538393932343238353165303565643663396363636135313561626132353635 -37613737356136623061353734353561653332363031613738636362363061646330303432326436 -62633334393066353835653430363561396131646534653138333263646436633038303135383564 -62386639663833346565356362633662626139666431323830323134613633343062626565653837 -37666366643631666639303131656264613665636631333335316462326431393866626131613962 -31393330663537356438623564313164316439313136333033666663303662633763363264346363 -32663634303131303939333639386536363835346539623835326530303334353463316261393665 -35613365316337363664623739323632333062393662336662323330363162636333623031323166 -37626166653166333136643764663161386434393838633566633835616235656666346464313733 -63636333666432666137373366313261656566646338626264633764633164376235326433646163 -35333935666563366631376366626335653261383033633031393631363435346233323230373266 -62333538616339333532353039343932636633363838376230336465303963663932396265613064 -30323034316232343562386261303264353238346262366639366561303931633563666134393632 -63376330663534346466363439393864373536643230316564373463356231393632666161626432 -61636330356330646432663636383764363431376364626331326664666361326636613031323161 -39633965373763326337646436653739643831376661353562663438333562306238613562326136 -64363231616362653965363039356463363735363231396566336562373762333534646430626534 -36643335663037643066656266636237636161336163326237613964393664666339333833393264 -34323235636431316537303964306165613636656465636131373037353530386136343864306466 -33386662613564646332343866313534316534303738366431626662376562346662663231383039 -30636363373336356438656636363966663563353734643230666233343539643838373065313361 -35336338303631333332646266303162383064626237623335663766613931363233366161663438 -64306236366432383663346639626162353365626137353239356531323662613163643635663262 -37666363393331336531653433323038626537336634326164356632373635303236613935643538 -31313064646136373862366535396266633430313338303533383463373933313836633066666535 -64643034316366656534393163633732323339356337616632383036646366656633303435386664 -65663831356432616538336565343639653062623937663766613361623566336463303165313832 -32353466373430386662343165306264333833656339623639383938663330333464616338343230 -34636433333130306635666633383961363366393036373465396432386534653065643231366166 -30643064353638653762363864313931616336386630356630623838373934346633356364386634 -61643632626636313461363862653532636634623563666237616632396233303338356162326536 -33376264383438376364306530653839303062313264366238343834343063363066383534373365 -61633863343939303433396461353963663331326363316333393339633637343933306563663034 -39356665663435336238326230633135383337306662393935353433623437343836376436613864 -31373136633434623130383436383737396232643033633638356536613932663166633461376633 -62623064623064396638343866663931323061383036313961316632636435653435346263323233 -66396465366266363462303165376133656262663664383963386438326635313161643861306237 -32346531303237343161333261323536386366666135386364316233643361366138363633333566 -37333838333433633336343639333134386233383738373563346536323138383733623831613635 -38663237303363386664373236373033623238373933313236383439346564363538613863633466 -33343166653136653264643130346438393238366637376337653835386539656133356361666430 -32373162363134326631333965646562353132623064623430366334616666636632623039623639 -64373334356334646561313031643331643463306566383163393534303936656532303064666235 -30373262373138383438316361653665393833653164346465323438396430343165393735316561 -62653034653565343239663838646362376538653033343863643339356532646238393362346133 -64613330653565623166636264373663623138313362393833353932653361363138623538343164 -38646666323065363034376536656431613936303133396232383166386534326339323061376337 -61396661313030376536363939346365343235616465633264643731316535313863303562353030 -32303530303762303466303262643537326531376264343634646534333932333136636238623138 -34616663643430303865353963633735333762356562373762333265616438313434393938323938 -66336235656530633838653331663263643432323763393963313661323731343365396364616361 -62346335353133383630613963323838323361333166346132323066616239633261613039666532 -32663365356330383438623863626334313962356431333730353264623337643239653465653037 -35316131336565393063656564353132313136366364376535613761326632396162633166313763 -63306562363061376261323064313465346231336539656430643165376337363434393163663238 -34613132316465663561623265313833643964323430376239646262653833633462396134343565 -31613837323362356464633739613464663435613734653432373566353461633366343836623233 -32346432363234343934653432383732346230323932373635643362633530333837313332383165 -37616231346163363734633030333464616438626138616163663161373362623961626362353234 -39353262323664663861663637386634623463626433386538386531653537616633326533323734 -66326530393537363538306337383738353164326161383736653465346265393837633831643732 -63623764393737653062623462626563363561386531386630336639316230633663356235653036 -30363439376637373364373331306564343135633864393934373365376361623937613133613435 -36373036313838373362656134323138346264303333326237356562313164353636396334316237 -31376136323037326139373930663635313864323061656132356239623763623233646562393939 -64636661666139633331343131633731336365623335353633313363346231396336346339346438 -62353266396566386539306132373636646134363962646131313938356135373632383437333865 -32373163616461373464613661623232623162643334646364333535373437333437666665623065 -33326366646338626662636134653965303866646463366630653939623031316564303664623862 -33393661316638663661646434393934313534623465313766643638373134383764333634376333 -30313263613539333638653439303038383835646137653435636338623165386539633463323663 -62323933653733346566666234333930343466613563653365386237373963636536666636393838 -31636266396236633336383434323131626464393061386566316132303064636434623838643039 -62303136373234623961333336323764643034613664653963366336356332393761633233646534 -66623464626165356432303633653338636264386462343233653139626431633466316330356538 -66393035623035653163343231316230316661666337643461633136306663663231313237643038 -65633366643238323162336166613662313536623866616262663965343565646237393861353263 -62653634653131303433353635656239666436623663306464396133656664383430323832336632 -33363066376237323661353330646233633865666439313964396462373733336465326434626336 -32363362393536356463666233633664306235633732626434623033633632636330663463336365 -66363631303836613332643566333930643333333536356234323666353130396230353630376263 -30353530303865636461356634336534633362363763353961383631343061656435623261616363 -36326132386432653065666163373430623435336666653366333065343334643832643730336331 -61386434326434323761323433343838306238643534376238623730613463396337323862303264 -33373966353033623064353562666639343732353965653366623533373034656135633065343463 -37616332663232613865333062383539633531613735653436323337643063653463333937353632 -62303364366134643830303363303633386266343137633134653537356633383832303932643863 -66356662306434346338333536623061333864376539663135383938323238393638656639623436 -39663930356363616138643736303062306136626239626434303062393035333762373933313638 -39646331626464626339663232326430613163663763316232663837633363343432633662393531 -38313462313830653863376637393765366239393734356334323765396632346138303038313834 -32353637343038363039643164646362313866376562633161343763316164393736663565393166 -66653462633936653364636530383333323636313230323030323131383736643262383561333938 -35393934333361383562373935363465373436356662396331633233633566346231323863346637 -38636631656364376335336638666563333466386437366533613564366132316430646562646232 -64393533333933626439313935373335643332326564333932366634316463343039633630616265 -65363162366634613763653061366138616663643630336430386661616564616264636263383932 -32343766373839356539663432643230386263343630326162633363326262663937646564343365 -61316564333365373230313463383731653337326263303935633438643934623135623763616564 -34376363393531353162303163653265386566396135313161393836336439393139646530623438 -31376631316233333234396533653061663461666632313839653531643432343530353132646132 -36373738643465643634316637373763666338666633623263666134346634373836313266613732 -35326539383534353437613962343732646533326139643263343236396462306666316165663665 -37643961623662663836383837303939613864373163303734623663646632376162356564663031 -31626334316565656464326537323163373938316562386166666137356632316363343237346531 -37656166343639343565653433616136353533353531336561633330313861326237343739316165 -39313232663630396136386137633039313561373930386233663862643734373532313632373538 -63353938663434653630633038323665333462663731646537353765323361353762653637613331 -35663331323831313865306664313131336633636264313061316164303137353836366266366261 -32626165646363623663613263633131396264623531386561336563393539363839393433393563 -64633762393838636338353566373864363364646538353536346332623662353034326638633038 -36336566626636666138353334363437363265653331343130653836636335663736653634313662 -38633135623732336166366136316531306565326435346235643563633932383637393236636666 -66616562393564623165646261646533313238346362353431306135653938636663663232323830 -62393333326135396636646662333332303434396235343639633939396664356463333533333430 -66383231616339353932613836666632303064393136366632663439353062356565343634386364 -64303736376639363762386237336630653132633063656363333136303631386430353662316463 -65363666666434346364333937636137343734636163303166653062396330343835616165386663 -35663563353134623336386363356632643138626135366137636563623532373764633966346437 -61353861326535663431623235653665633030626365333134383434626330313930343462353662 -32353965623662353637326562613266633866616334333563646430613763383739333637363034 -35616263393066383138336366353061386364613666633131646262383230393766393864393735 -64643633336136376132303065353630326465366336646435396663616364663036616639393637 -35386633303433616337396262336330376536356366653536363861616539343936323539373766 -65396638353163636664666333663139343762623335646366336564393036353932323561353931 -38373636636464373035663163356562636230616633636565353166663563616365363037656364 -64623861353164323262343532626232646264626164373536653531333938663734323866653636 -30326364333561353966323463623936333266663831383736386233633964613066356461303965 -33343730623936613036333266313533666530313261303765646536346134346331643935376463 -33326630313436653839303663336636373239633232353865366531663138666466306638653265 -34393664646636636366346438313133393961373231333561313366396538363634333264613166 -38353562663732613064396461346231633464626333663736356431323361616236343430613830 -66356361333135363236636434326534323466636531356539613462306533353336373363353330 -37633661303738363436366234633439383138363030323561333564616133306432383336646431 -37653364316165653666633539316539336465643832356133653736313239626466643162363939 -36323562383865633134393232343439353836306364646632636661363339393139386639356661 -63306232326431343532373737626233363036333763343933633832653766376432376235623534 -36323765666133353238393435376262343233633162633964363038643834636537396562333736 -38363935633134326461376530373630343937323036326563626364316335313839626665393837 -38313435323761343139386530346662326265626666353239356462326333333538346161313438 -36313430386332623365393835343862613338343666633930663634336263306361333861636337 -34313334613761386533636337306664613665643334396661316137376135613161353035383633 -31333664396638316465306635656139616265353639333164656666383733373433333762363435 -37666432326462393135616338633330343332383065356265653563346465343234383036316336 -39653438353839386337396530366364323235393463633464313239356333333163656561376330 -35613137636131306630363335343031633161613733376262636336313638326131343165383231 -64326566393536363937623539386235373561323935646366353165616463376237633964633464 -33353732376337323338316166643236303336393034356639623861333766303034353963396236 -38356338643634363765313664643862323061376331376232366165633830626263303163643433 -65626634343339303031653432663531366639613362613039653638383465353434333639333865 -64383030623538646465363363393161633762313135616432386130663164353033343466393132 -35633763636261616434313531663039363662653962333139303138623838363163653866613539 -36323031633230376632376533613435616239323231613635396435373833353064623834653863 -65663163393933323934323364366535383935303233323639373531646165663535356634393464 -34623532333831306563326237373933383832643637326464656666373339303237363232313938 -63373936393563386530646565346563373337383262616338383531396262626134376136303163 -31653839316339616439366135346337366231363630366264373936356538316564636330373766 -33373961636233383231333464663962666136396437373361666538343065366662623364323237 -64666237663236326661313866306336323564666263373334303266306562343239383866666365 -34313665633465353865333362666564336532663766393134363764653736653237653133313833 -63306463326161373639363362333538373263393564303065656236323363663939366638323762 -36663763313537643066623161313035616462343631336264656664643861643232383561636664 -36633836353435373161666662633838623336366161643365363136386466323937646633313731 -64373739623335353966333833316563386237373031633132353638663435646234666263633435 -34663365313863633236343936633865356166366430383339303138646163383237396239663132 -62353465623566613564333039653466666366396436386461326335373662343262386263356264 -30616538666665393561333630383037656131646239336437393737623862333532356463656435 -63623766373934393264613237653363636261333265613438373762353230393835313235633164 -62323335636333376236306261643931616230666465366666373230393438633365323135666233 -39653332643336313537396463623639646364356136303533623764376538353439303037316535 -61643961353364373638366232363461336238343363636230373834346464376261646630393866 -39376633393735646662613834626263333163383534366463333161396165343666626639326639 -32643064366565333432353430636235336238353836363331646166396533313966663664666666 -61626462653134643266353039653033383431626538346430356564353664633439356434383930 -66353736343839383165383064663039333061643363363265383030396333393762393763616638 -31386535653432323661656132343363646661656637313130353137313362373439373032613731 -65333463623961613138396633353837353061353166383837656333643836343635623363613366 -63346336636165326661363533306139643930393437666332386337373965373761393034616631 -63366632306539623633623731313233333966633735626665643562623639396537343434633835 -33383638613031356631643235326138383664376430623463323062663635623732326639396636 -38336331353336663831346530336439376634396338633664616562363135326430666238653261 -64653132613533383738663832316561613232366339316662633630366164393334356332386162 -64393965393534316136653234396162313631646332653539623362353662333337336634383736 -65616335656663393239643533623466656435383732333666396661663662306635313034306362 -38623137653464376431393731636463613866313166643165636630316364326433326132396161 -61343335336664366536656639653238313736633565343533643034646361653430396132616439 -64373231393232346163643262396233613231373561663835333065363461343263356565336530 -35333535646632303039636664306364623839306139343265666632383638333735613837316561 -33323733353937393831383565363436303638353362323432653963326562333532653864616634 -35616632646234343862643531613236636236616534623231643663393633363831663661626138 -35633763366530363339346132643163613739653532626263336565626261646264303334393834 -31663231326562663964643633316438363161653535396435646362383036656363356137663636 -31336163303766633236333465653864663539353633386664303038646663366363646566336466 -33303435393739636131636166656237323436636237353863646365326639636166363739333439 -64373139626465656264313837363233653334393033343663396563666530373538613036653064 -39396231393662396565313066616164353031613833396331666131653031623261663038336563 -36653835333538386561643033623865383338366463646465666431383833633939376565616230 -62643063333631643439643333316563303465383563393130303634333130303330663134363436 -66386132663065656464323034306132613531343037396561626234626438333063393433316633 -63636264306163636631653732396166643934643866393064353364316264333662646665636663 -66393265636230303536656535623962643934316138393532663262653966626536323233623737 -38353730343538323231623531336436333133326334343238616630656531613538316130623761 -34646233613139343231366232636565316232356365643164653933643132356432613761613636 -34363831353935656437633034333232653938613365613066333361393164623864373339313730 -62373537366466356162343663626561316530373365386437656264396433303433623134616464 -36616530363438366238393136663239623362326533636363353435653261386137616361346164 -38653636373063663932336435626361613934393432646139353833306436346662356539333131 -62326361366635643830356639326234656662316435383031343039653830393664373033653735 -61616233313138663438376632336162656139346430326562363231333430626166363031336435 -62333338623339613633313061656332613630383338306534623034316135393233616539376434 -38326234353963616234623232643839373038643933383631636635613538393262303431373364 -63376463656263313230653832626262363537363735336237306636373435616566613832316338 -64393361393064346432666539643364313433336361333262383934633066363535646562383262 -33383334376238653339323362316330303863653762306636373931633534303731336234636532 -34356361346436323363333430313231643732623461366236306338636431303632373264616139 -36376630323265623831636265633866366136316631396239646266666564313062646637636262 -35353165643464346564323937636463643832616331623036396636383133643731613033393432 -61393833656430333537653332313931663435663838646633303435626139306336623762636462 -32313934306531643662343163323630646562363134303266366530323766353138643266396633 -35396662303566343235653131613830323538363263643939666362656665313135306362363037 -36303238616634363337613935373435303931313866333565666638383835656637366464396136 -64303237646138373339376161666265303632626136353261383438386637616564616436306336 -33613164323037303530373431333565643734313636613838373638326234343531613136356566 -30636337393463396436303530653330323639386438353439613761643831316533353166333539 -30393161646239663935393438646334666530363565333964366364353530353861666633646563 -65626262643666656166306633326463363666633731363431626463616433643732353962633464 -39666533396232616130666131613232643762623562383662346366316466333339313836393737 -33353635396536333464663836366262356164666266663039623334666334343939313638346464 -63383664346635633365633962376238653365656331313362313536663138663464666436613132 -62656638396261613136393330623437383561386163653938323831373932353764623865306664 -35393130323464653266353563383663336233313361323133313435643564663063336335626266 -39396239643031666133656461393535663661643036326666663330656130313038636537386562 -39346439613333363061633364316166643135353832386432616362643337373363313931383135 -64613366373464363062386231303736336130613164366661363434346464383936646366613737 -38313730376436306165663466623335646533666138623564363466633938393139323836643865 -37373636653937343937303462663235353238656439353837663264663366396664386466646638 -34653266313135326130613531386239336538666364356234663164353662396565626361323238 -656463383063623064336666333062386432 diff --git a/files/personal/all/gpg/gpg_pub b/files/personal/all/gpg/gpg_pub deleted file mode 100644 index c38c90d..0000000 --- a/files/personal/all/gpg/gpg_pub +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES -AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp -nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI -W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy -a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot -vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF -3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ -vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9 -ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy -xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC -HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT -YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz -ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x -m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au -cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD -1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL -WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp -R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if -0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp -QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U -nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G -0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW -XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua -Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I -tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP -CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK -Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh -BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi -YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL -psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18 -Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU -8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/ -FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA -TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM -ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P -hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g== -=KJ2a ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/personal/desktop/wireguard/media/desktop.key b/files/wireguard-media/desktop/fudiggity.key similarity index 100% rename from files/personal/desktop/wireguard/media/desktop.key rename to files/wireguard-media/desktop/fudiggity.key diff --git a/files/personal/desktop/wireguard/media/desktop.pub b/files/wireguard-media/desktop/fudiggity.pub similarity index 100% rename from files/personal/desktop/wireguard/media/desktop.pub rename to files/wireguard-media/desktop/fudiggity.pub diff --git a/files/personal/desktop/wireguard/media/preshared.psk b/files/wireguard-media/desktop/preshared.psk similarity index 100% rename from files/personal/desktop/wireguard/media/preshared.psk rename to files/wireguard-media/desktop/preshared.psk diff --git a/files/wireguard-media/htpc/fudiggity.key b/files/wireguard-media/htpc/fudiggity.key new file mode 100644 index 0000000..118a8a6 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +30313239376562613332383265336333613266663264383636666437643436623462663861333639 +3830623835333263353863363535376532623262323535610a663330316133376131303465326665 +35663564623737636136306338623531653162633237636361643764343030353262616139623735 +3532626238316664310a336335633564396638303236333838363264613861616637343833363665 +39366264306438643662313130396135363461656466626436663339313337613830623364646637 +3735323933323563646563393532306237336165633534353735 diff --git a/files/wireguard-media/htpc/fudiggity.pub b/files/wireguard-media/htpc/fudiggity.pub new file mode 100644 index 0000000..cdbb114 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.pub @@ -0,0 +1 @@ +XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg= diff --git a/files/wireguard-media/htpc/preshared.psk b/files/wireguard-media/htpc/preshared.psk new file mode 100644 index 0000000..82ca126 --- /dev/null +++ b/files/wireguard-media/htpc/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +65363636336134323530333461393634666334383464356239613765396465373635353465323262 +3163343634336361323765623365633637663436616539340a376566313735316262366237366435 +33666634663966386434656363633136393565336134323465306264633630333131356539623862 +3666343633396634650a626263653632643333346564303065316634643763303036376332336333 +39323430306564346635393535313233363235316535656362363931323862303530363136663961 +6139326230353537643537346664623332383863323332633565 diff --git a/files/personal/desktop/wireguard/default/desktop.key b/files/wireguard/desktop/fudiggity.key similarity index 100% rename from files/personal/desktop/wireguard/default/desktop.key rename to files/wireguard/desktop/fudiggity.key diff --git a/files/personal/desktop/wireguard/default/desktop.pub b/files/wireguard/desktop/fudiggity.pub similarity index 100% rename from files/personal/desktop/wireguard/default/desktop.pub rename to files/wireguard/desktop/fudiggity.pub diff --git a/files/personal/desktop/wireguard/default/preshared.psk b/files/wireguard/desktop/preshared.psk similarity index 100% rename from files/personal/desktop/wireguard/default/preshared.psk rename to files/wireguard/desktop/preshared.psk diff --git a/files/personal/xps/wireguard/default/xps.key b/files/wireguard/xps/fudiggity.key similarity index 100% rename from files/personal/xps/wireguard/default/xps.key rename to files/wireguard/xps/fudiggity.key diff --git a/files/personal/xps/wireguard/default/xps.pub b/files/wireguard/xps/fudiggity.pub similarity index 100% rename from files/personal/xps/wireguard/default/xps.pub rename to files/wireguard/xps/fudiggity.pub diff --git a/files/personal/xps/wireguard/default/preshared.psk b/files/wireguard/xps/preshared.psk similarity index 100% rename from files/personal/xps/wireguard/default/preshared.psk rename to files/wireguard/xps/preshared.psk diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index fbc2f9b..9084ba3 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,34 +1,17 @@ -ansible_become_method: community.general.run0 - packages: - - firefox - - keepassxc - - gimp - nftables - - okular - - postgresql - - plasma-meta - - wezterm - tmux - unrar - vim - git - openssl - - kmail - iproute2 - curl - reflector - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - otf-monaspace-nerd - systemd-ukify - efibootmgr - git-delta - - aspell-nl - - aspell-en xdg_config_dir: '{{ ansible_env.HOME }}/.config' xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' diff --git a/group_vars/personal/gpg.yml b/group_vars/personal/gpg.yml deleted file mode 100644 index 542a8a9..0000000 --- a/group_vars/personal/gpg.yml +++ /dev/null @@ -1,8 +0,0 @@ -gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1' -gpg_passphrase: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61383265343062663836623033343538333562636433383735383862306465316439376333373563 - 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 - 36616636363134386333616137656333353439633832633731373834336239393337316366626462 - 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 - 3463 diff --git a/group_vars/personal/system.yml b/group_vars/personal/system.yml deleted file mode 100644 index f3e9732..0000000 --- a/group_vars/personal/system.yml +++ /dev/null @@ -1,39 +0,0 @@ -packages: - - keepassxc - - gimp - - nftables - - okular - - postgresql - - plasma-meta - - wezterm - - tmux - - unrar - - vim - - git - - openssl - - kmail - - iproute2 - - curl - - reflector - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - - aspell-nl - - aspell-en - - # custom packages - - firefox - - mpv - - youtube-dl - - nfs-utils - - syncthing - - mpd - - wireguard-tools - -vpn_config_dir: '/etc/wireguard' diff --git a/handlers.yml b/handlers.yml index 0af528a..dae3fe5 100644 --- a/handlers.yml +++ b/handlers.yml @@ -44,7 +44,7 @@ state: restarted enabled: true -- name: start systemd-resolved service +- name: restart systemd-resolved become: true systemd: name: systemd-resolved diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml index 25eaf55..1010119 100644 --- a/host_vars/desktop/network.yml +++ b/host_vars/desktop/network.yml @@ -6,3 +6,8 @@ local_network_dns: 9.9.9.9 149.112.112.112 local_network_gateway: 192.168.2.254 hostname: desktop + +wireguard: + ip: 10.0.0.3 +wireguard_media: + ip: 10.0.1.3 diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml index 67054cd..93a9275 100644 --- a/host_vars/desktop/system.yml +++ b/host_vars/desktop/system.yml @@ -1,15 +1,53 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - aspell-nl + - aspell-en + modprobe_templates: - - src: 'templates/personal/desktop/modprobe/99-amdgpu.conf.j2' + - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' dest: '/etc/modprobe.d/99-amdgpu.conf' mkinitcpio_templates: - - src: 'templates/personal/desktop/mkinitcpio/1-modules.conf.j2' + - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - src: 'templates/personal/desktop/mkinitcpio/linux.preset.j2' + - src: 'templates/desktop/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/personal/desktop/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' boot_configuration: diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml deleted file mode 100644 index c738313..0000000 --- a/host_vars/desktop/vpn.yml +++ /dev/null @@ -1,51 +0,0 @@ -# TODO: scope variables to their destination file -vpn_default: - ip: 10.0.0.3 - prefix: 24 - interface: wg0 - dns: 10.0.0.1 - domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.0.0/24 - - 172.16.238.0/24 - - 172.32.238.0/24 - - 172.64.238.0/24 - - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' - public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk - -vpn_media: - ip: 10.0.1.3 - prefix: 24 - interface: wg1 - dns: 10.0.1.1 - domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: files/personal/desktop/wireguard/media/desktop.key - - peers: - - name: zeus-media - allowed_ips: - - 10.0.1.0/24 - - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' - public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml new file mode 100644 index 0000000..10fc32b --- /dev/null +++ b/host_vars/htpc/network.yml @@ -0,0 +1,11 @@ +lan_interface: enp1s0 +lan_interface_mac: bc:fc:e7:6e:73:53 + +local_network_address: 192.168.2.30/24 +local_network_dns: 9.9.9.9 149.112.112.112 +local_network_gateway: 192.168.2.254 + +hostname: htpc + +wireguard_media: + ip: 10.0.1.8 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml new file mode 100644 index 0000000..fa2d07a --- /dev/null +++ b/host_vars/htpc/system.yml @@ -0,0 +1,44 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - firefox + - mpv + - yt-dlp + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - pipewire + - pipewire-pulse + - pipewire-alsa + +modprobe_templates: [] + +mkinitcpio_templates: + - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/htpc/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +boot_configuration: + disk: /dev/sda + partition: 1 diff --git a/host_vars/xps/main.yml b/host_vars/xps/main.yml deleted file mode 100644 index 1224e3b..0000000 --- a/host_vars/xps/main.yml +++ /dev/null @@ -1 +0,0 @@ -wezterm_font_size: 10 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml index 9150f86..864536b 100644 --- a/host_vars/xps/network.yml +++ b/host_vars/xps/network.yml @@ -13,3 +13,8 @@ frans_network_gateway: 192.168.2.254 default_network_dns: 9.9.9.9 149.112.112.112 hostname: xps + +wireguard: + ip: 10.0.0.2 +wireguard_media: # TODO: add missing credentials + ip: 10.0.1.2 diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml new file mode 100644 index 0000000..4361051 --- /dev/null +++ b/host_vars/xps/pa-dlna.yml @@ -0,0 +1,2 @@ +pa_dlna_version: 0.16 +pa_dlna_systemd_version: 0.0.9 diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml index 23170ef..53ed97b 100644 --- a/host_vars/xps/system.yml +++ b/host_vars/xps/system.yml @@ -1,41 +1,40 @@ packages: - - keepassxc - - gimp - nftables - - okular - - postgresql - - plasma-meta - - wezterm - tmux - unrar - vim - git - openssl - - kmail - iproute2 - curl - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail - pipewire - pipewire-pulse - pipewire-alsa - merkuro - kmail - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - aspell-nl - aspell-en - # custom packages - - firefox - - mpv - - youtube-dl - - nfs-utils - - syncthing - - mpd - - wireguard-tools - # custom host packages - iwd - nvidia @@ -48,14 +47,16 @@ boot_configuration: partition: 1 mkinitcpio_templates: - - src: 'templates/personal/xps/mkinitcpio/1-modules.conf.j2' + - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - src: 'templates/personal/xps/mkinitcpio/2-hooks.conf.j2' + - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2' dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - src: 'templates/personal/xps/mkinitcpio/linux.preset.j2' + - src: 'templates/xps/mkinitcpio/linux.preset.j2' dest: '/etc/mkinitcpio.d/linux.preset' - - src: 'templates/personal/xps/mkinitcpio/linux-lts.preset.j2' + - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' dest: '/etc/mkinitcpio.d/linux-lts.preset' + +wezterm_font_size: 10 diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml deleted file mode 100644 index 59ab2e1..0000000 --- a/host_vars/xps/vpn.yml +++ /dev/null @@ -1,52 +0,0 @@ -pa_dlna_version: 0.16 -pa_dlna_systemd_version: 0.0.9 - -vpn_default: - ip: 10.0.0.2 - prefix: 24 - interface: wg0 - dns: 10.0.0.1 - domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.0.0/24 - - 172.16.238.0/24 - - 172.32.238.0/24 - - 172.64.238.0/24 - - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk - -vpn_media: - ip: 10.0.1.2 - prefix: 24 - interface: wg1 - dns: 10.0.1.1 - domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/media/laptop.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' - - peers: - - name: fudiggity-media - allowed_ips: - - 10.0.1.0/24 - - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' - public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk diff --git a/htpc.yml b/htpc.yml new file mode 100644 index 0000000..28ffd78 --- /dev/null +++ b/htpc.yml @@ -0,0 +1,19 @@ +- hosts: htpc + gather_facts: true + +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: htpc + tasks: + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/inventory.yml b/inventory.yml index 6aab803..6e289f8 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,6 +1,11 @@ -personal: +all: hosts: xps: ansible_connection: local + ansible_become_method: community.general.run0 desktop: ansible_connection: local + ansible_become_method: community.general.run0 + htpc: + ansible_connection: local + ansible_become_method: community.general.run0 diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index a25464c..0000000 --- a/playbook.yml +++ /dev/null @@ -1,67 +0,0 @@ -- name: Arch Linux provisioning - hosts: personal - gather_facts: true - roles: - - common - tasks: - - name: Verifying that a limit is set - ansible.builtin.fail: - msg: 'This playbook cannot be run with no limit' - run_once: true - when: ansible_limit is not defined - - - name: Generic provisioning - ansible.builtin.import_tasks: 'tasks/setup.yml' - tags: setup - - # TODO: provision ssh client config with modern cyphers - - name: Network provisioning - ansible.builtin.import_tasks: 'tasks/network.yml' - tags: network - - - name: Systemd provisioning - ansible.builtin.import_tasks: 'tasks/systemd.yml' - tags: systemd - - - name: Systemd timer provisioning - ansible.builtin.import_tasks: 'tasks/timer.yml' - tags: timers - - - name: Personal provisiong - when: "'personal' in group_names" - block: - # Note: Disable DoH in Firefox to fallback to system's default DNS - # resolver, see - # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/wireguard.yml' - tags: wireguard - - - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/mpv.yml' - tags: mpv - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/personal/all/syncthing.yml' - tags: syncthing - - # TODO: provision current macvlan setup - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/personal/desktop.yml' - when: ansible_hostname == 'desktop' - tags: desktop - - - name: XPS provisioning - ansible.builtin.import_tasks: 'tasks/personal/xps.yml' - when: ansible_hostname == 'xps' - tags: xps - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: 'handlers.yml' - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/tasks/personal/desktop.yml b/tasks/desktop.yml similarity index 85% rename from tasks/personal/desktop.yml rename to tasks/desktop.yml index 7ebea99..a5134cd 100644 --- a/tasks/personal/desktop.yml +++ b/tasks/desktop.yml @@ -6,7 +6,7 @@ - name: Copy xdg-desktop-portal.service drop-in ansible.builtin.template: - src: templates/personal/desktop/xdg-desktop-portal.service.j2 + src: templates/desktop/xdg-desktop-portal.service.j2 dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' mode: '0755' notify: user daemon-reload diff --git a/tasks/personal/all/mpd.yml b/tasks/mpd.yaml similarity index 86% rename from tasks/personal/all/mpd.yml rename to tasks/mpd.yaml index 41b1467..f3e29b7 100644 --- a/tasks/personal/all/mpd.yml +++ b/tasks/mpd.yaml @@ -1,13 +1,17 @@ +- name: Include mpd defaults + ansible.builtin.include_vars: + file: vars/mpd.yml + - name: Copy systemd configuration files ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/all/mpd/service.j2' + - src: 'templates/mpd/service.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - src: 'templates/personal/all/mpd/socket.j2' + - src: 'templates/mpd/socket.j2' dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' notify: - stop mpd service @@ -51,11 +55,11 @@ dest: '{{ item.dest }}' mode: '0755' loop: - - src: 'templates/personal/all/mpd/mpd.conf.j2' + - src: 'templates/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/personal/all/mpd/ncmpcpp/config.j2' + - src: 'templates/mpd/ncmpcpp/config.j2' dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/personal/all/mpd/ncmpcpp/bindings.j2' + - src: 'templates/mpd/ncmpcpp/bindings.j2' dest: '{{ ncmpcpp_configuration_dir }}/bindings' notify: - stop mpd service diff --git a/tasks/personal/all/mpv.yml b/tasks/mpv.yml similarity index 80% rename from tasks/personal/all/mpv.yml rename to tasks/mpv.yml index 5369c93..3b4c52a 100644 --- a/tasks/personal/all/mpv.yml +++ b/tasks/mpv.yml @@ -10,7 +10,7 @@ dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/personal/all/mpv/input.j2' + - src: 'templates/mpv/input.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' - - src: 'templates/personal/all/mpv/config.j2' + - src: 'templates/mpv/config.j2' dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/network.yml b/tasks/network.yml deleted file mode 100644 index 0e35a82..0000000 --- a/tasks/network.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Note that Wireguard does DNS resolution only once during connection. -# When a client's IP changes, the server should be notified in some way, -# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` -# for example. - -- name: Set hostname - become: true - ansible.builtin.hostname: - name: '{{ hostname }}' - use: systemd - -- name: Copy hosts file - become: true - ansible.builtin.template: - src: templates/hosts.j2 - dest: /etc/hosts - mode: '0644' - owner: root - -- name: Copy firewall template - become: true - ansible.builtin.template: - src: "{{ lookup('ansible.builtin.first_found', paths) }}" - dest: /etc/nftables.conf - owner: root - group: root - mode: '0600' - vars: - paths: - - 'templates/{{ ansible_hostname }}/nftables.j2' - - 'templates/{{ group_names[0] }}/{{ ansible_hostname }}/nftables.j2' - notify: restart nftables - -- name: Desktop configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - when: ansible_hostname == 'desktop' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/desktop/network/enp1s0.link.j2' - dest: '/etc/systemd/network/20-enp1s0.link' - - src: 'templates/personal/desktop/network/enp1s0.network.j2' - dest: '/etc/systemd/network/20-enp1s0.network' - - - name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' - -- name: XPS configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - - restart iwd - when: ansible_hostname == 'xps' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/xps/network/wlan0-local.network.j2' - dest: '/etc/systemd/network/10-wireless.network' - - - src: 'templates/personal/xps/network/wlan0-frans.network.j2' - dest: '/etc/systemd/network/11-wireless.network' - - - src: 'templates/personal/xps/network/wlan0.network.j2' - dest: '/etc/systemd/network/20-wireless.network' - - - name: Create iwd directory - become: true - ansible.builtin.template: - src: templates/personal/xps/iwd.j2 - dest: /etc/iwd - mode: '0644' - owner: root - - - name: Provision iwd configuration - become: true - ansible.builtin.template: - src: templates/personal/xps/iwd.j2 - dest: /etc/iwd/main.config - mode: '0755' - owner: root - - - name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - /etc/systemd/network/30-vmbr0.network - - /etc/systemd/network/30-vmbr0.netdev - - /etc/systemd/network/10-wlan0.link diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml new file mode 100644 index 0000000..4eb16d8 --- /dev/null +++ b/tasks/network/desktop.yml @@ -0,0 +1,27 @@ +- name: Desktop configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/desktop/network/enp1s0.link.j2' + dest: '/etc/systemd/network/20-enp1s0.link' + - src: 'templates/desktop//network/enp1s0.network.j2' + dest: '/etc/systemd/network/20-enp1s0.network' + + - name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' diff --git a/tasks/network/htpc.yml b/tasks/network/htpc.yml new file mode 100644 index 0000000..e69de29 diff --git a/tasks/network/main.yml b/tasks/network/main.yml new file mode 100644 index 0000000..f8586b1 --- /dev/null +++ b/tasks/network/main.yml @@ -0,0 +1,28 @@ +# Note that Wireguard does DNS resolution only once during connection. +# When a client's IP changes, the server should be notified in some way, +# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` +# for example. + +- name: Set hostname + become: true + ansible.builtin.hostname: + name: '{{ hostname }}' + use: systemd + +- name: Copy hosts file + become: true + ansible.builtin.template: + src: templates/hosts.j2 + dest: /etc/hosts + mode: '0644' + owner: root + +- name: Copy firewall template + become: true + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/nftables.j2' + dest: /etc/nftables.conf + owner: root + group: root + mode: '0600' + notify: restart nftables diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml new file mode 100644 index 0000000..0c99843 --- /dev/null +++ b/tasks/network/xps.yml @@ -0,0 +1,47 @@ +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/xps/network/wlan0-local.network.j2' + dest: '/etc/systemd/network/10-wireless.network' + + - src: 'templates/xps/network/wlan0-frans.network.j2' + dest: '/etc/systemd/network/11-wireless.network' + + - src: 'templates/xps/network/wlan0.network.j2' + dest: '/etc/systemd/network/20-wireless.network' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Create iwd directory + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd + mode: '0644' + owner: root + +- name: Provision iwd configuration + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd/main.config + mode: '0755' + owner: root + notify: restart iwd + +- name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/systemd/network/30-vmbr0.network + - /etc/systemd/network/30-vmbr0.netdev + - /etc/systemd/network/10-wlan0.link diff --git a/tasks/personal/all/wireguard.yml b/tasks/personal/all/wireguard.yml deleted file mode 100644 index 81657ea..0000000 --- a/tasks/personal/all/wireguard.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Note: Only compatible with personal group - -- name: Create Wireguard directories - become: true - ansible.builtin.file: - path: '{{ item }}' - owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ vpn_default.private_key_path | dirname }}' - - '{{ vpn_default.public_key_path | dirname }}' - - '{{ vpn_media.private_key_path | dirname }}' - - '{{ vpn_media.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ vpn_default.public_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.pub' - - - dest: '{{ vpn_default.private_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/default/{{ ansible_hostname }}.key' - - - dest: '{{ vpn_media.public_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.pub' - - - dest: '{{ vpn_media.private_key_path }}' - src: 'files/personal/{{ ansible_hostname }}/wireguard/media/{{ ansible_hostname }}.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ vpn_default.peers + vpn_media.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Desktop configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - when: ansible_hostname == 'desktop' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/desktop/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/personal/desktop/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/personal/desktop/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/personal/desktop/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - -- name: XPS configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - - restart iwd - when: ansible_hostname == 'xps' - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/personal/xps/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/personal/xps/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - - - src: 'templates/personal/xps/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/personal/xps/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' diff --git a/tasks/setup.yml b/tasks/setup.yml index 197cfb0..ed4fcf2 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -43,29 +43,32 @@ state: touch mode: '0644' -- name: Create wezterm configuration dir - ansible.builtin.file: - path: '{{ xdg_config_dir }}/wezterm/includes' - state: directory - mode: '0755' +- name: Setup Wezterm + when: "'wezterm' in packages" + block: + - name: Create wezterm configuration dir + ansible.builtin.file: + path: '{{ xdg_config_dir }}/wezterm/includes' + state: directory + mode: '0755' -- name: Copy wezterm configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/wezterm/wezterm.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + - name: Copy wezterm configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - - src: 'templates/wezterm/includes/colors.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - - src: 'templates/wezterm/includes/fonts.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - - src: 'templates/wezterm/includes/window.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - name: Enable fstrim timer become: true @@ -88,7 +91,6 @@ - name: Copy sysctl files become: true - when: "'personal' not in group_names" ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -124,20 +126,11 @@ - name: Copy kernel parameters template become: true - when: "'personal' not in group_names" ansible.builtin.template: src: 'templates/{{ ansible_hostname }}/cmdline.j2' dest: '/etc/kernel/cmdline' mode: '0755' -- name: Copy kernel parameters template for personal group - become: true - when: "'personal' in group_names" - ansible.builtin.template: - src: 'templates/personal/{{ ansible_hostname }}/cmdline.j2' - dest: '/etc/kernel/cmdline' - mode: '0755' - - name: Remove the mkinitcpio directories become: true ansible.builtin.file: @@ -164,7 +157,7 @@ dest: '{{ item.dest }}' mode: '0755' loop: '{{ mkinitcpio_templates }}' - when: mkinitcpio_templates + when: '{{ mkinitcpio_templates | length > 0 }}' - name: Regenerate initramfs images become: true diff --git a/tasks/personal/all/syncthing.yml b/tasks/syncthing.yml similarity index 90% rename from tasks/personal/all/syncthing.yml rename to tasks/syncthing.yml index 3c36b5e..c54fde5 100644 --- a/tasks/personal/all/syncthing.yml +++ b/tasks/syncthing.yml @@ -12,7 +12,7 @@ - name: Copy configuration file ansible.builtin.template: - src: 'templates/syncthing.j2' + src: 'templates/syncthing/config.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' mode: '0640' notify: start syncthing diff --git a/tasks/timer.yml b/tasks/timer.yml index f35bf46..7a2aa56 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -22,9 +22,9 @@ loop: - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } - { - src: 'templates/timer/weekly_target.j2', - dest: '/etc/systemd/system/weekly.target', - } + src: 'templates/timer/weekly_target.j2', + dest: '/etc/systemd/system/weekly.target', + } - name: create target directories become: true diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml new file mode 100644 index 0000000..b22e477 --- /dev/null +++ b/tasks/wireguard-media.yml @@ -0,0 +1,71 @@ +- name: Include wireguard media defaults + ansible.builtin.include_vars: + file: vars/wireguard-media.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_media_defaults.private_key_path | dirname }}' + - '{{ wireguard_media_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_media_defaults.public_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_media_defaults.private_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_media_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml new file mode 100644 index 0000000..bfd9418 --- /dev/null +++ b/tasks/wireguard.yml @@ -0,0 +1,71 @@ +- name: Include wireguard defaults + ansible.builtin.include_vars: + file: vars/wireguard.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_defaults.private_key_path | dirname }}' + - '{{ wireguard_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_defaults.public_key_path }}' + src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_defaults.private_key_path }}' + src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}" diff --git a/tasks/personal/xps.yml b/tasks/xps.yml similarity index 92% rename from tasks/personal/xps.yml rename to tasks/xps.yml index 8bef201..06aeb90 100644 --- a/tasks/personal/xps.yml +++ b/tasks/xps.yml @@ -14,13 +14,13 @@ - name: Copy configuration file ansible.builtin.template: - src: templates/personal/xps/pa-dlna/config.j2 + src: templates/xps/pa-dlna/config.j2 dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' mode: '0755' - name: Copy systemd service ansible.builtin.template: - src: templates/personal/xps/pa-dlna/service.j2 + src: templates/xps/pa-dlna/service.j2 dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' mode: '0755' diff --git a/templates/personal/desktop/cmdline.j2 b/templates/desktop/cmdline.j2 similarity index 100% rename from templates/personal/desktop/cmdline.j2 rename to templates/desktop/cmdline.j2 diff --git a/templates/personal/desktop/mkinitcpio/1-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/1-modules.conf.j2 rename to templates/desktop/mkinitcpio/1-modules.conf.j2 diff --git a/templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/linux-lts.preset.j2 rename to templates/desktop/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/personal/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/personal/desktop/mkinitcpio/linux.preset.j2 rename to templates/desktop/mkinitcpio/linux.preset.j2 diff --git a/templates/personal/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2 similarity index 100% rename from templates/personal/desktop/modprobe/99-amdgpu.conf.j2 rename to templates/desktop/modprobe/99-amdgpu.conf.j2 diff --git a/templates/personal/desktop/network/enp1s0.link.j2 b/templates/desktop/network/enp1s0.link.j2 similarity index 100% rename from templates/personal/desktop/network/enp1s0.link.j2 rename to templates/desktop/network/enp1s0.link.j2 diff --git a/templates/personal/desktop/network/enp1s0.network.j2 b/templates/desktop/network/enp1s0.network.j2 similarity index 100% rename from templates/personal/desktop/network/enp1s0.network.j2 rename to templates/desktop/network/enp1s0.network.j2 diff --git a/templates/personal/xps/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 similarity index 66% rename from templates/personal/xps/network/wg0.netdev.j2 rename to templates/desktop/network/wg0.netdev.j2 index db08b4e..85ba97e 100644 --- a/templates/personal/xps/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_default.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_default.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_default.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_default.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/desktop/network/wg0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 similarity index 67% rename from templates/personal/desktop/network/wg1.netdev.j2 rename to templates/desktop/network/wg1.netdev.j2 index 5fbc9f9..85ba97e 100644 --- a/templates/personal/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_media.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_media.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_media.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_media.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/desktop/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/nftables.j2 b/templates/desktop/nftables.j2 similarity index 100% rename from templates/personal/desktop/nftables.j2 rename to templates/desktop/nftables.j2 diff --git a/templates/personal/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2 similarity index 100% rename from templates/personal/desktop/xdg-desktop-portal.service.j2 rename to templates/desktop/xdg-desktop-portal.service.j2 diff --git a/templates/htpc/cmdline.j2 b/templates/htpc/cmdline.j2 new file mode 100644 index 0000000..f1e2797 --- /dev/null +++ b/templates/htpc/cmdline.j2 @@ -0,0 +1 @@ +rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap diff --git a/templates/htpc/mkinitcpio/1-modules.conf.j2 b/templates/htpc/mkinitcpio/1-modules.conf.j2 new file mode 100644 index 0000000..82581fb --- /dev/null +++ b/templates/htpc/mkinitcpio/1-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(amdgpu) diff --git a/templates/personal/xps/mkinitcpio/linux-lts.preset.j2 b/templates/htpc/mkinitcpio/linux-lts.preset.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/linux-lts.preset.j2 rename to templates/htpc/mkinitcpio/linux-lts.preset.j2 diff --git a/templates/personal/xps/mkinitcpio/linux.preset.j2 b/templates/htpc/mkinitcpio/linux.preset.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/linux.preset.j2 rename to templates/htpc/mkinitcpio/linux.preset.j2 diff --git a/templates/htpc/network/enp1s0.link.j2 b/templates/htpc/network/enp1s0.link.j2 new file mode 100644 index 0000000..4ed6b79 --- /dev/null +++ b/templates/htpc/network/enp1s0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ lan_interface_mac }} + +[Link] +Name={{ lan_interface }} diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2 new file mode 100644 index 0000000..af57302 --- /dev/null +++ b/templates/htpc/network/enp1s0.network.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Match] +Name={{ lan_interface }} + +[Network] +Address={{ local_network_address }} +Gateway={{ local_network_gateway }} +DNS={{ local_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no +RequiredForOnline=routable diff --git a/templates/personal/xps/network/wg1.netdev.j2 b/templates/htpc/network/wg1.netdev.j2 similarity index 67% rename from templates/personal/xps/network/wg1.netdev.j2 rename to templates/htpc/network/wg1.netdev.j2 index 5fbc9f9..85ba97e 100644 --- a/templates/personal/xps/network/wg1.netdev.j2 +++ b/templates/htpc/network/wg1.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_media.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_media.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_media.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_media.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/htpc/network/wg1.network.j2 b/templates/htpc/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/htpc/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/htpc/nftables.j2 b/templates/htpc/nftables.j2 new file mode 100644 index 0000000..9a8cb01 --- /dev/null +++ b/templates/htpc/nftables.j2 @@ -0,0 +1,29 @@ +#!/usr/bin/nft -f +# vim:set ts=2 sw=2 et: + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # allow established/related connections + ct state { established, related } accept + + # early drop of invalid connections + ct state invalid drop + + # allow from loopback + iifname lo accept + + # allow icmp + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # allow mDNS + udp dport 5353 accept + + # allow ssh + tcp dport ssh accept + } +} diff --git a/templates/personal/all/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 similarity index 100% rename from templates/personal/all/mpd/mpd.conf.j2 rename to templates/mpd/mpd.conf.j2 diff --git a/templates/personal/all/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpc.j2 rename to templates/mpd/ncmpc.j2 diff --git a/templates/personal/all/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpcpp/bindings.j2 rename to templates/mpd/ncmpcpp/bindings.j2 diff --git a/templates/personal/all/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 similarity index 100% rename from templates/personal/all/mpd/ncmpcpp/config.j2 rename to templates/mpd/ncmpcpp/config.j2 diff --git a/templates/personal/all/mpd/service.j2 b/templates/mpd/service.j2 similarity index 100% rename from templates/personal/all/mpd/service.j2 rename to templates/mpd/service.j2 diff --git a/templates/personal/all/mpd/socket.j2 b/templates/mpd/socket.j2 similarity index 100% rename from templates/personal/all/mpd/socket.j2 rename to templates/mpd/socket.j2 diff --git a/templates/personal/all/mpv/config.j2 b/templates/mpv/config.j2 similarity index 100% rename from templates/personal/all/mpv/config.j2 rename to templates/mpv/config.j2 diff --git a/templates/personal/all/mpv/input.j2 b/templates/mpv/input.j2 similarity index 100% rename from templates/personal/all/mpv/input.j2 rename to templates/mpv/input.j2 diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 deleted file mode 100644 index 4cb1039..0000000 --- a/templates/personal/desktop/network/wg0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_default.interface }} - -[Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} -DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/personal/desktop/network/wg1.network.j2 b/templates/personal/desktop/network/wg1.network.j2 deleted file mode 100644 index 129cac1..0000000 --- a/templates/personal/desktop/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_media.interface }} - -[Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} -DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 deleted file mode 100644 index 3832085..0000000 --- a/templates/personal/xps/network/wg0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_default.interface }} - -[Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} -DNS={{ vpn_default.dns }} -Domains={{ vpn_default.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/personal/xps/network/wg1.network.j2 b/templates/personal/xps/network/wg1.network.j2 deleted file mode 100644 index ae3f641..0000000 --- a/templates/personal/xps/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ vpn_media.interface }} - -[Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} -DNS={{ vpn_media.dns }} -Domains={{ vpn_media.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/syncthing.j2 b/templates/syncthing/config.j2 similarity index 100% rename from templates/syncthing.j2 rename to templates/syncthing/config.j2 diff --git a/templates/personal/xps/cmdline.j2 b/templates/xps/cmdline.j2 similarity index 100% rename from templates/personal/xps/cmdline.j2 rename to templates/xps/cmdline.j2 diff --git a/templates/personal/xps/iwd.j2 b/templates/xps/iwd.j2 similarity index 100% rename from templates/personal/xps/iwd.j2 rename to templates/xps/iwd.j2 diff --git a/templates/personal/xps/mkinitcpio/1-modules.conf.j2 b/templates/xps/mkinitcpio/1-modules.conf.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/1-modules.conf.j2 rename to templates/xps/mkinitcpio/1-modules.conf.j2 diff --git a/templates/personal/xps/mkinitcpio/2-hooks.conf.j2 b/templates/xps/mkinitcpio/2-hooks.conf.j2 similarity index 100% rename from templates/personal/xps/mkinitcpio/2-hooks.conf.j2 rename to templates/xps/mkinitcpio/2-hooks.conf.j2 diff --git a/templates/xps/mkinitcpio/linux-lts.preset.j2 b/templates/xps/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/xps/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/xps/mkinitcpio/linux.preset.j2 b/templates/xps/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/xps/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/personal/desktop/network/wg0.netdev.j2 b/templates/xps/network/wg0.netdev.j2 similarity index 66% rename from templates/personal/desktop/network/wg0.netdev.j2 rename to templates/xps/network/wg0.netdev.j2 index db08b4e..85ba97e 100644 --- a/templates/personal/desktop/network/wg0.netdev.j2 +++ b/templates/xps/network/wg0.netdev.j2 @@ -1,15 +1,15 @@ # {{ ansible_managed }} [NetDev] -Name={{ vpn_default.interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_default.interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -PrivateKeyFile={{ vpn_default.private_key_path }} +PrivateKeyFile={{ wireguard.private_key_path }} RouteTable=main -{% for peer in vpn_default.peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} diff --git a/templates/xps/network/wg0.network.j2 b/templates/xps/network/wg0.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wg1.netdev.j2 b/templates/xps/network/wg1.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/xps/network/wg1.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/xps/network/wg1.network.j2 b/templates/xps/network/wg1.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/personal/xps/network/wlan0-frans.network.j2 b/templates/xps/network/wlan0-frans.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0-frans.network.j2 rename to templates/xps/network/wlan0-frans.network.j2 diff --git a/templates/personal/xps/network/wlan0-local.network.j2 b/templates/xps/network/wlan0-local.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0-local.network.j2 rename to templates/xps/network/wlan0-local.network.j2 diff --git a/templates/personal/xps/network/wlan0.network.j2 b/templates/xps/network/wlan0.network.j2 similarity index 100% rename from templates/personal/xps/network/wlan0.network.j2 rename to templates/xps/network/wlan0.network.j2 diff --git a/templates/personal/xps/nftables.j2 b/templates/xps/nftables.j2 similarity index 100% rename from templates/personal/xps/nftables.j2 rename to templates/xps/nftables.j2 diff --git a/templates/personal/xps/pa-dlna/config.j2 b/templates/xps/pa-dlna/config.j2 similarity index 100% rename from templates/personal/xps/pa-dlna/config.j2 rename to templates/xps/pa-dlna/config.j2 diff --git a/templates/personal/xps/pa-dlna/service.j2 b/templates/xps/pa-dlna/service.j2 similarity index 100% rename from templates/personal/xps/pa-dlna/service.j2 rename to templates/xps/pa-dlna/service.j2 diff --git a/group_vars/personal/mpd.yml b/vars/mpd.yml similarity index 100% rename from group_vars/personal/mpd.yml rename to vars/mpd.yml diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml new file mode 100644 index 0000000..71c9f9c --- /dev/null +++ b/vars/wireguard-media.yml @@ -0,0 +1,22 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_media_defaults: + prefix: 24 + interface: wg1 + dns: 10.0.1.1 + domains: + - '~media-vpn.{{ server_domain }}' + - '~jellyfin.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.1.0/24 + - 172.8.238.0/24 + endpoint: '{{ server_domain }}:51903' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk' + preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk diff --git a/vars/wireguard.yml b/vars/wireguard.yml new file mode 100644 index 0000000..4109b86 --- /dev/null +++ b/vars/wireguard.yml @@ -0,0 +1,28 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_defaults: + prefix: 24 + interface: wg0 + dns: 10.0.0.1 + domains: + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' + - '~mpd.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 + - 172.128.238.0/24 + endpoint: '{{ server_domain }}:51902' + public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk' + preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk diff --git a/xps.yml b/xps.yml new file mode 100644 index 0000000..ca3ab0d --- /dev/null +++ b/xps.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: xps + gather_facts: true + tasks: + + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/xps.yml' + tags: xps + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' From 21bbedd13bd192a9f462d5df704ece973c4aafec Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 12 Oct 2025 17:59:38 +0200 Subject: [PATCH 129/131] Allow customizing wezterm size from vars --- host_vars/htpc/system.yml | 3 ++ tasks/setup.yml | 38 ++++++++++++------------ templates/wezterm/includes/window.lua.j2 | 4 +-- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml index fa2d07a..c26db07 100644 --- a/host_vars/htpc/system.yml +++ b/host_vars/htpc/system.yml @@ -27,6 +27,9 @@ packages: - pipewire-pulse - pipewire-alsa +wezterm_columns: 90 +wezterm_rows: 18 + modprobe_templates: [] mkinitcpio_templates: diff --git a/tasks/setup.yml b/tasks/setup.yml index ed4fcf2..e2c0d73 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -46,29 +46,29 @@ - name: Setup Wezterm when: "'wezterm' in packages" block: - - name: Create wezterm configuration dir - ansible.builtin.file: - path: '{{ xdg_config_dir }}/wezterm/includes' - state: directory - mode: '0755' + - name: Create wezterm configuration dir + ansible.builtin.file: + path: '{{ xdg_config_dir }}/wezterm/includes' + state: directory + mode: '0755' - - name: Copy wezterm configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/wezterm/wezterm.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + - name: Copy wezterm configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - - src: 'templates/wezterm/includes/colors.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - - src: 'templates/wezterm/includes/fonts.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - - src: 'templates/wezterm/includes/window.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - name: Enable fstrim timer become: true diff --git a/templates/wezterm/includes/window.lua.j2 b/templates/wezterm/includes/window.lua.j2 index 392724a..b822f71 100644 --- a/templates/wezterm/includes/window.lua.j2 +++ b/templates/wezterm/includes/window.lua.j2 @@ -5,8 +5,8 @@ return { enable_tab_bar = false, -- window size - initial_cols = 145, - initial_rows = 35, + initial_cols = {{ wezterm_columns | default(145) }}, + initial_rows = {{ wezterm_rows | default(35) }}, window_padding = { left = 0, From 5b29e66d63b21680cf0934e9e1c20504b07568f5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 18 Oct 2025 08:21:39 +0200 Subject: [PATCH 130/131] Add missing wireguard media credentials for XPS --- files/wireguard-media/xps/fudiggity.key | 7 +++++++ files/wireguard-media/xps/fudiggity.pub | 1 + files/wireguard-media/xps/preshared.psk | 7 +++++++ 3 files changed, 15 insertions(+) create mode 100644 files/wireguard-media/xps/fudiggity.key create mode 100644 files/wireguard-media/xps/fudiggity.pub create mode 100644 files/wireguard-media/xps/preshared.psk diff --git a/files/wireguard-media/xps/fudiggity.key b/files/wireguard-media/xps/fudiggity.key new file mode 100644 index 0000000..939f255 --- /dev/null +++ b/files/wireguard-media/xps/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64663539393065396333623165623833636539633932306437363365656532343565643866616532 +6562373233633237623761376234336331373637393431380a386261306438393837633037383464 +64623965376138313665393239346138383230383565626264393635303835396537663865313237 +6431313635333030390a646466303961663932353830366235643762393039396531316465333837 +61613264356263616332633334386532303761353536663033373639626634396164623335626566 +3632373266313435646338343738656663356635623138623939 diff --git a/files/wireguard-media/xps/fudiggity.pub b/files/wireguard-media/xps/fudiggity.pub new file mode 100644 index 0000000..aec0b05 --- /dev/null +++ b/files/wireguard-media/xps/fudiggity.pub @@ -0,0 +1 @@ +hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/wireguard-media/xps/preshared.psk b/files/wireguard-media/xps/preshared.psk new file mode 100644 index 0000000..ca1d895 --- /dev/null +++ b/files/wireguard-media/xps/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +63643763346434313734663761386539393032613366626230373862643431613963633664353264 +6466616235653963643861643439633537656439363735330a366439356537386662353431643163 +33363830646433336366353363623835373639383663633837313030393162643931353331633133 +6534363438303261320a333364313534336465616336386337383935353631646361623866326232 +64373139636633393236303335396138326638333635663839663734346463303739646431353437 +3838653361383663633632363862306565643531353066623336 From da726a8ecfe888c5f32920e3c53a188ca5c3536b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 18 Oct 2025 08:24:32 +0200 Subject: [PATCH 131/131] Add public keys --- files/public-keys/desktop.pub | 1 + files/public-keys/xps.pub | 1 + 2 files changed, 2 insertions(+) create mode 100644 files/public-keys/desktop.pub create mode 100755 files/public-keys/xps.pub diff --git a/files/public-keys/desktop.pub b/files/public-keys/desktop.pub new file mode 100644 index 0000000..9321cdf --- /dev/null +++ b/files/public-keys/desktop.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop diff --git a/files/public-keys/xps.pub b/files/public-keys/xps.pub new file mode 100755 index 0000000..e36455a --- /dev/null +++ b/files/public-keys/xps.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop