diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index d9ade6f..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,26 +0,0 @@ -stages: - - lint - - test - -cache: - key: $CI_COMMIT_REF_SLUG - paths: - - .cache/pip - - node_modules/ - -lint: - stage: lint - image: node:12 - before_script: - - npm install prettier --no-save - script: - - npx prettier '**/*.yml' --check - -syntax-test: - stage: test - image: python:3.7 - before_script: - - pip install ansible --quiet - - ansible-galaxy install -r requirements.yml - script: - - ansible-playbook playbook.yml --syntax-check diff --git a/.prettierrc.yml b/.prettierrc.yml deleted file mode 100644 index 0cb31e6..0000000 --- a/.prettierrc.yml +++ /dev/null @@ -1,5 +0,0 @@ -singleQuote: true -printWidth: 90 -tabWidth: 2 -useTabs: false -bracketSpacing: true diff --git a/ansible.cfg b/ansible.cfg index 4c41b64..32fe937 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,7 @@ [defaults] roles_path = ./roles +inventory = inventory.yml +ask_vault_pass = true [privilege_escalation] become_ask_pass = True diff --git a/default.yml b/default.yml new file mode 100644 index 0000000..16df3af --- /dev/null +++ b/default.yml @@ -0,0 +1,40 @@ +- name: Arch Linux provisioning + gather_facts: true + hosts: all + roles: + - common + tasks: + - name: Generic provisioning + ansible.builtin.import_tasks: 'tasks/setup.yml' + tags: setup + + # TODO: provision ssh client config with modern cyphers + - name: Network provisioning + ansible.builtin.import_tasks: 'tasks/network/main.yml' + tags: network + + # - name: Network host specific provisioning + # ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml' + # tags: network-specific + + - name: Systemd provisioning + ansible.builtin.import_tasks: 'tasks/systemd.yml' + tags: systemd + + - name: Systemd timer provisioning + ansible.builtin.import_tasks: 'tasks/timer.yml' + tags: timers + + # Note: Disable DoH in Firefox to fallback to system's default DNS + # resolver, see + # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings + - name: MPV provisioning + ansible.builtin.import_tasks: 'tasks/mpv.yml' + tags: mpv + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: 'handlers.yml' + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/desktop.yml b/desktop.yml new file mode 100644 index 0000000..ab87111 --- /dev/null +++ b/desktop.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: desktop + gather_facts: true + tasks: + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + # TODO: provision current macvlan setup + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/desktop.yml' + tags: desktop + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/files/gpg_key b/files/gpg_key deleted file mode 100644 index 5fcab22..0000000 --- a/files/gpg_key +++ /dev/null @@ -1,264 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34663932363439393536333037386165353635363461356133643930373232633664343737396263 -6332613133646434333332356135336164346237383237360a643035653161363964333136346533 -37353332656361653662623137643735326532393234366165316234323364656261343132393831 -3034626136656162350a333362643166383138306136646331373439623232373532633130313262 -36356134386565343333353136616263623265623438653663336435376134346563663365373930 -30616435316364613139666661343633363436343635666661646635393661373739653765373363 -30343434396537666234306561353636323365666165333131623365383535396634623539626565 -39363138323638323234326433333066393933373839623834663632373438613339613963383333 -38333866386466303634363362323964653663613966333032633130613336366363326561363433 -30633737316535303366396563333532313036623236376430613234376637336131323666373762 -61383338303536316462616332613562636263343236616635656238653532336561623334356533 -30313662353662376530353933656464383039336664333935653834303833313230323838373838 -63643766303462306130386130333066336466313862366538383230366661373666306638353137 -62643466306435343739363138313433656336643538333133343764326238336137333939636336 -65613238396437623866616330393166363462666532373731613232393966323835346566306333 -32646432623833653761363839323237633863383666373862363761346665306265623366363635 -65326237363361353233646661646330386630653961363862363463326339633532346130396134 -31313730613134633133633362393464623663313031623862373937313763653838343935366335 -35626466346666633961363132343933393066303539353239653662373432623432336662343661 -31343434313461326263373264613538653937336336613031313637633564316134323335653638 -66353733386662616162303032363361393661653935633237323131613331613364333264353232 -30626637663366363630343764303863353035653535343931346636633636643365373237383030 -35393734663661323334373436323437393830636637383566366434663666366531323434653535 -38353064373038336362623735386532396433353063616337326636383065633035386134326533 -37323761393465303563306661646433646532643935323665636265323133623265383437336131 -31316366643932356538393932343238353165303565643663396363636135313561626132353635 -37613737356136623061353734353561653332363031613738636362363061646330303432326436 -62633334393066353835653430363561396131646534653138333263646436633038303135383564 -62386639663833346565356362633662626139666431323830323134613633343062626565653837 -37666366643631666639303131656264613665636631333335316462326431393866626131613962 -31393330663537356438623564313164316439313136333033666663303662633763363264346363 -32663634303131303939333639386536363835346539623835326530303334353463316261393665 -35613365316337363664623739323632333062393662336662323330363162636333623031323166 -37626166653166333136643764663161386434393838633566633835616235656666346464313733 -63636333666432666137373366313261656566646338626264633764633164376235326433646163 -35333935666563366631376366626335653261383033633031393631363435346233323230373266 -62333538616339333532353039343932636633363838376230336465303963663932396265613064 -30323034316232343562386261303264353238346262366639366561303931633563666134393632 -63376330663534346466363439393864373536643230316564373463356231393632666161626432 -61636330356330646432663636383764363431376364626331326664666361326636613031323161 -39633965373763326337646436653739643831376661353562663438333562306238613562326136 -64363231616362653965363039356463363735363231396566336562373762333534646430626534 -36643335663037643066656266636237636161336163326237613964393664666339333833393264 -34323235636431316537303964306165613636656465636131373037353530386136343864306466 -33386662613564646332343866313534316534303738366431626662376562346662663231383039 -30636363373336356438656636363966663563353734643230666233343539643838373065313361 -35336338303631333332646266303162383064626237623335663766613931363233366161663438 -64306236366432383663346639626162353365626137353239356531323662613163643635663262 -37666363393331336531653433323038626537336634326164356632373635303236613935643538 -31313064646136373862366535396266633430313338303533383463373933313836633066666535 -64643034316366656534393163633732323339356337616632383036646366656633303435386664 -65663831356432616538336565343639653062623937663766613361623566336463303165313832 -32353466373430386662343165306264333833656339623639383938663330333464616338343230 -34636433333130306635666633383961363366393036373465396432386534653065643231366166 -30643064353638653762363864313931616336386630356630623838373934346633356364386634 -61643632626636313461363862653532636634623563666237616632396233303338356162326536 -33376264383438376364306530653839303062313264366238343834343063363066383534373365 -61633863343939303433396461353963663331326363316333393339633637343933306563663034 -39356665663435336238326230633135383337306662393935353433623437343836376436613864 -31373136633434623130383436383737396232643033633638356536613932663166633461376633 -62623064623064396638343866663931323061383036313961316632636435653435346263323233 -66396465366266363462303165376133656262663664383963386438326635313161643861306237 -32346531303237343161333261323536386366666135386364316233643361366138363633333566 -37333838333433633336343639333134386233383738373563346536323138383733623831613635 -38663237303363386664373236373033623238373933313236383439346564363538613863633466 -33343166653136653264643130346438393238366637376337653835386539656133356361666430 -32373162363134326631333965646562353132623064623430366334616666636632623039623639 -64373334356334646561313031643331643463306566383163393534303936656532303064666235 -30373262373138383438316361653665393833653164346465323438396430343165393735316561 -62653034653565343239663838646362376538653033343863643339356532646238393362346133 -64613330653565623166636264373663623138313362393833353932653361363138623538343164 -38646666323065363034376536656431613936303133396232383166386534326339323061376337 -61396661313030376536363939346365343235616465633264643731316535313863303562353030 -32303530303762303466303262643537326531376264343634646534333932333136636238623138 -34616663643430303865353963633735333762356562373762333265616438313434393938323938 -66336235656530633838653331663263643432323763393963313661323731343365396364616361 -62346335353133383630613963323838323361333166346132323066616239633261613039666532 -32663365356330383438623863626334313962356431333730353264623337643239653465653037 -35316131336565393063656564353132313136366364376535613761326632396162633166313763 -63306562363061376261323064313465346231336539656430643165376337363434393163663238 -34613132316465663561623265313833643964323430376239646262653833633462396134343565 -31613837323362356464633739613464663435613734653432373566353461633366343836623233 -32346432363234343934653432383732346230323932373635643362633530333837313332383165 -37616231346163363734633030333464616438626138616163663161373362623961626362353234 -39353262323664663861663637386634623463626433386538386531653537616633326533323734 -66326530393537363538306337383738353164326161383736653465346265393837633831643732 -63623764393737653062623462626563363561386531386630336639316230633663356235653036 -30363439376637373364373331306564343135633864393934373365376361623937613133613435 -36373036313838373362656134323138346264303333326237356562313164353636396334316237 -31376136323037326139373930663635313864323061656132356239623763623233646562393939 -64636661666139633331343131633731336365623335353633313363346231396336346339346438 -62353266396566386539306132373636646134363962646131313938356135373632383437333865 -32373163616461373464613661623232623162643334646364333535373437333437666665623065 -33326366646338626662636134653965303866646463366630653939623031316564303664623862 -33393661316638663661646434393934313534623465313766643638373134383764333634376333 -30313263613539333638653439303038383835646137653435636338623165386539633463323663 -62323933653733346566666234333930343466613563653365386237373963636536666636393838 -31636266396236633336383434323131626464393061386566316132303064636434623838643039 -62303136373234623961333336323764643034613664653963366336356332393761633233646534 -66623464626165356432303633653338636264386462343233653139626431633466316330356538 -66393035623035653163343231316230316661666337643461633136306663663231313237643038 -65633366643238323162336166613662313536623866616262663965343565646237393861353263 -62653634653131303433353635656239666436623663306464396133656664383430323832336632 -33363066376237323661353330646233633865666439313964396462373733336465326434626336 -32363362393536356463666233633664306235633732626434623033633632636330663463336365 -66363631303836613332643566333930643333333536356234323666353130396230353630376263 -30353530303865636461356634336534633362363763353961383631343061656435623261616363 -36326132386432653065666163373430623435336666653366333065343334643832643730336331 -61386434326434323761323433343838306238643534376238623730613463396337323862303264 -33373966353033623064353562666639343732353965653366623533373034656135633065343463 -37616332663232613865333062383539633531613735653436323337643063653463333937353632 -62303364366134643830303363303633386266343137633134653537356633383832303932643863 -66356662306434346338333536623061333864376539663135383938323238393638656639623436 -39663930356363616138643736303062306136626239626434303062393035333762373933313638 -39646331626464626339663232326430613163663763316232663837633363343432633662393531 -38313462313830653863376637393765366239393734356334323765396632346138303038313834 -32353637343038363039643164646362313866376562633161343763316164393736663565393166 -66653462633936653364636530383333323636313230323030323131383736643262383561333938 -35393934333361383562373935363465373436356662396331633233633566346231323863346637 -38636631656364376335336638666563333466386437366533613564366132316430646562646232 -64393533333933626439313935373335643332326564333932366634316463343039633630616265 -65363162366634613763653061366138616663643630336430386661616564616264636263383932 -32343766373839356539663432643230386263343630326162633363326262663937646564343365 -61316564333365373230313463383731653337326263303935633438643934623135623763616564 -34376363393531353162303163653265386566396135313161393836336439393139646530623438 -31376631316233333234396533653061663461666632313839653531643432343530353132646132 -36373738643465643634316637373763666338666633623263666134346634373836313266613732 -35326539383534353437613962343732646533326139643263343236396462306666316165663665 -37643961623662663836383837303939613864373163303734623663646632376162356564663031 -31626334316565656464326537323163373938316562386166666137356632316363343237346531 -37656166343639343565653433616136353533353531336561633330313861326237343739316165 -39313232663630396136386137633039313561373930386233663862643734373532313632373538 -63353938663434653630633038323665333462663731646537353765323361353762653637613331 -35663331323831313865306664313131336633636264313061316164303137353836366266366261 -32626165646363623663613263633131396264623531386561336563393539363839393433393563 -64633762393838636338353566373864363364646538353536346332623662353034326638633038 -36336566626636666138353334363437363265653331343130653836636335663736653634313662 -38633135623732336166366136316531306565326435346235643563633932383637393236636666 -66616562393564623165646261646533313238346362353431306135653938636663663232323830 -62393333326135396636646662333332303434396235343639633939396664356463333533333430 -66383231616339353932613836666632303064393136366632663439353062356565343634386364 -64303736376639363762386237336630653132633063656363333136303631386430353662316463 -65363666666434346364333937636137343734636163303166653062396330343835616165386663 -35663563353134623336386363356632643138626135366137636563623532373764633966346437 -61353861326535663431623235653665633030626365333134383434626330313930343462353662 -32353965623662353637326562613266633866616334333563646430613763383739333637363034 -35616263393066383138336366353061386364613666633131646262383230393766393864393735 -64643633336136376132303065353630326465366336646435396663616364663036616639393637 -35386633303433616337396262336330376536356366653536363861616539343936323539373766 -65396638353163636664666333663139343762623335646366336564393036353932323561353931 -38373636636464373035663163356562636230616633636565353166663563616365363037656364 -64623861353164323262343532626232646264626164373536653531333938663734323866653636 -30326364333561353966323463623936333266663831383736386233633964613066356461303965 -33343730623936613036333266313533666530313261303765646536346134346331643935376463 -33326630313436653839303663336636373239633232353865366531663138666466306638653265 -34393664646636636366346438313133393961373231333561313366396538363634333264613166 -38353562663732613064396461346231633464626333663736356431323361616236343430613830 -66356361333135363236636434326534323466636531356539613462306533353336373363353330 -37633661303738363436366234633439383138363030323561333564616133306432383336646431 -37653364316165653666633539316539336465643832356133653736313239626466643162363939 -36323562383865633134393232343439353836306364646632636661363339393139386639356661 -63306232326431343532373737626233363036333763343933633832653766376432376235623534 -36323765666133353238393435376262343233633162633964363038643834636537396562333736 -38363935633134326461376530373630343937323036326563626364316335313839626665393837 -38313435323761343139386530346662326265626666353239356462326333333538346161313438 -36313430386332623365393835343862613338343666633930663634336263306361333861636337 -34313334613761386533636337306664613665643334396661316137376135613161353035383633 -31333664396638316465306635656139616265353639333164656666383733373433333762363435 -37666432326462393135616338633330343332383065356265653563346465343234383036316336 -39653438353839386337396530366364323235393463633464313239356333333163656561376330 -35613137636131306630363335343031633161613733376262636336313638326131343165383231 -64326566393536363937623539386235373561323935646366353165616463376237633964633464 -33353732376337323338316166643236303336393034356639623861333766303034353963396236 -38356338643634363765313664643862323061376331376232366165633830626263303163643433 -65626634343339303031653432663531366639613362613039653638383465353434333639333865 -64383030623538646465363363393161633762313135616432386130663164353033343466393132 -35633763636261616434313531663039363662653962333139303138623838363163653866613539 -36323031633230376632376533613435616239323231613635396435373833353064623834653863 -65663163393933323934323364366535383935303233323639373531646165663535356634393464 -34623532333831306563326237373933383832643637326464656666373339303237363232313938 -63373936393563386530646565346563373337383262616338383531396262626134376136303163 -31653839316339616439366135346337366231363630366264373936356538316564636330373766 -33373961636233383231333464663962666136396437373361666538343065366662623364323237 -64666237663236326661313866306336323564666263373334303266306562343239383866666365 -34313665633465353865333362666564336532663766393134363764653736653237653133313833 -63306463326161373639363362333538373263393564303065656236323363663939366638323762 -36663763313537643066623161313035616462343631336264656664643861643232383561636664 -36633836353435373161666662633838623336366161643365363136386466323937646633313731 -64373739623335353966333833316563386237373031633132353638663435646234666263633435 -34663365313863633236343936633865356166366430383339303138646163383237396239663132 -62353465623566613564333039653466666366396436386461326335373662343262386263356264 -30616538666665393561333630383037656131646239336437393737623862333532356463656435 -63623766373934393264613237653363636261333265613438373762353230393835313235633164 -62323335636333376236306261643931616230666465366666373230393438633365323135666233 -39653332643336313537396463623639646364356136303533623764376538353439303037316535 -61643961353364373638366232363461336238343363636230373834346464376261646630393866 -39376633393735646662613834626263333163383534366463333161396165343666626639326639 -32643064366565333432353430636235336238353836363331646166396533313966663664666666 -61626462653134643266353039653033383431626538346430356564353664633439356434383930 -66353736343839383165383064663039333061643363363265383030396333393762393763616638 -31386535653432323661656132343363646661656637313130353137313362373439373032613731 -65333463623961613138396633353837353061353166383837656333643836343635623363613366 -63346336636165326661363533306139643930393437666332386337373965373761393034616631 -63366632306539623633623731313233333966633735626665643562623639396537343434633835 -33383638613031356631643235326138383664376430623463323062663635623732326639396636 -38336331353336663831346530336439376634396338633664616562363135326430666238653261 -64653132613533383738663832316561613232366339316662633630366164393334356332386162 -64393965393534316136653234396162313631646332653539623362353662333337336634383736 -65616335656663393239643533623466656435383732333666396661663662306635313034306362 -38623137653464376431393731636463613866313166643165636630316364326433326132396161 -61343335336664366536656639653238313736633565343533643034646361653430396132616439 -64373231393232346163643262396233613231373561663835333065363461343263356565336530 -35333535646632303039636664306364623839306139343265666632383638333735613837316561 -33323733353937393831383565363436303638353362323432653963326562333532653864616634 -35616632646234343862643531613236636236616534623231643663393633363831663661626138 -35633763366530363339346132643163613739653532626263336565626261646264303334393834 -31663231326562663964643633316438363161653535396435646362383036656363356137663636 -31336163303766633236333465653864663539353633386664303038646663366363646566336466 -33303435393739636131636166656237323436636237353863646365326639636166363739333439 -64373139626465656264313837363233653334393033343663396563666530373538613036653064 -39396231393662396565313066616164353031613833396331666131653031623261663038336563 -36653835333538386561643033623865383338366463646465666431383833633939376565616230 -62643063333631643439643333316563303465383563393130303634333130303330663134363436 -66386132663065656464323034306132613531343037396561626234626438333063393433316633 -63636264306163636631653732396166643934643866393064353364316264333662646665636663 -66393265636230303536656535623962643934316138393532663262653966626536323233623737 -38353730343538323231623531336436333133326334343238616630656531613538316130623761 -34646233613139343231366232636565316232356365643164653933643132356432613761613636 -34363831353935656437633034333232653938613365613066333361393164623864373339313730 -62373537366466356162343663626561316530373365386437656264396433303433623134616464 -36616530363438366238393136663239623362326533636363353435653261386137616361346164 -38653636373063663932336435626361613934393432646139353833306436346662356539333131 -62326361366635643830356639326234656662316435383031343039653830393664373033653735 -61616233313138663438376632336162656139346430326562363231333430626166363031336435 -62333338623339613633313061656332613630383338306534623034316135393233616539376434 -38326234353963616234623232643839373038643933383631636635613538393262303431373364 -63376463656263313230653832626262363537363735336237306636373435616566613832316338 -64393361393064346432666539643364313433336361333262383934633066363535646562383262 -33383334376238653339323362316330303863653762306636373931633534303731336234636532 -34356361346436323363333430313231643732623461366236306338636431303632373264616139 -36376630323265623831636265633866366136316631396239646266666564313062646637636262 -35353165643464346564323937636463643832616331623036396636383133643731613033393432 -61393833656430333537653332313931663435663838646633303435626139306336623762636462 -32313934306531643662343163323630646562363134303266366530323766353138643266396633 -35396662303566343235653131613830323538363263643939666362656665313135306362363037 -36303238616634363337613935373435303931313866333565666638383835656637366464396136 -64303237646138373339376161666265303632626136353261383438386637616564616436306336 -33613164323037303530373431333565643734313636613838373638326234343531613136356566 -30636337393463396436303530653330323639386438353439613761643831316533353166333539 -30393161646239663935393438646334666530363565333964366364353530353861666633646563 -65626262643666656166306633326463363666633731363431626463616433643732353962633464 -39666533396232616130666131613232643762623562383662346366316466333339313836393737 -33353635396536333464663836366262356164666266663039623334666334343939313638346464 -63383664346635633365633962376238653365656331313362313536663138663464666436613132 -62656638396261613136393330623437383561386163653938323831373932353764623865306664 -35393130323464653266353563383663336233313361323133313435643564663063336335626266 -39396239643031666133656461393535663661643036326666663330656130313038636537386562 -39346439613333363061633364316166643135353832386432616362643337373363313931383135 -64613366373464363062386231303736336130613164366661363434346464383936646366613737 -38313730376436306165663466623335646533666138623564363466633938393139323836643865 -37373636653937343937303462663235353238656439353837663264663366396664386466646638 -34653266313135326130613531386239336538666364356234663164353662396565626361323238 -656463383063623064336666333062386432 diff --git a/files/gpg_pub b/files/gpg_pub deleted file mode 100644 index c38c90d..0000000 --- a/files/gpg_pub +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES -AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp -nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI -W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy -a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot -vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF -3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ -vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9 -ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy -xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC -HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT -YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz -ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x -m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au -cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD -1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL -WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp -R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if -0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp -QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U -nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G -0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW -XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua -Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I -tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP -CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK -Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh -BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi -YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL -psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18 -Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU -8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/ -FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA -TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM -ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P -hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g== -=KJ2a ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/public-keys/desktop.pub b/files/public-keys/desktop.pub new file mode 100644 index 0000000..9321cdf --- /dev/null +++ b/files/public-keys/desktop.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop diff --git a/files/public-keys/xps.pub b/files/public-keys/xps.pub new file mode 100755 index 0000000..e36455a --- /dev/null +++ b/files/public-keys/xps.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop diff --git a/files/tmux_start b/files/tmux_start index 4e6646d..56d5770 100755 --- a/files/tmux_start +++ b/files/tmux_start @@ -1,16 +1,8 @@ #!/bin/bash MAIN="main" -DEVELOPMENT="development" tmux start-server tmux new-session -ds $MAIN tmux new-window -tmux new-window -tmux select-window -t 0 - -tmux new-session -ds $DEVELOPMENT -tmux new-window -tmux new-window -tmux new-window tmux select-window -t 0 diff --git a/files/wireguard-media/desktop/fudiggity.key b/files/wireguard-media/desktop/fudiggity.key new file mode 100644 index 0000000..8782234 --- /dev/null +++ b/files/wireguard-media/desktop/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62383364643761623739623632633261343735343465336235386336333234656631363432623535 +6562623634363937356137616131396264633161363461340a343432363362346664646161656563 +35623334326238326135646261666330666531633831656564396139666261623937626338386632 +3233333039623039640a383931633539363238326164643365316236326435643537303866373835 +66393465663364303134376566623736636664353031336537663036636462613766343739336331 +6438643538326533313433616438386165626537373162393430 diff --git a/files/wireguard-media/desktop/fudiggity.pub b/files/wireguard-media/desktop/fudiggity.pub new file mode 100644 index 0000000..640bf96 --- /dev/null +++ b/files/wireguard-media/desktop/fudiggity.pub @@ -0,0 +1 @@ +YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/wireguard-media/desktop/preshared.psk b/files/wireguard-media/desktop/preshared.psk new file mode 100644 index 0000000..8e41aac --- /dev/null +++ b/files/wireguard-media/desktop/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303432393930626266313563613636343439623631633163656532363631313039386231623936 +3336636666626237316532346230303961323263613161320a383436636634376162353863386161 +36663064366461333335613633316630633335666335613464333863656536623230383262623733 +3065363835666231630a616362333233643637613762313437626366363365313831363661313336 +66373966656534646462653833343935623466613662333932666666366430663061366261396330 +3064636536643933613738356461313135363033633366396130 diff --git a/files/wireguard-media/htpc/fudiggity.key b/files/wireguard-media/htpc/fudiggity.key new file mode 100644 index 0000000..118a8a6 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +30313239376562613332383265336333613266663264383636666437643436623462663861333639 +3830623835333263353863363535376532623262323535610a663330316133376131303465326665 +35663564623737636136306338623531653162633237636361643764343030353262616139623735 +3532626238316664310a336335633564396638303236333838363264613861616637343833363665 +39366264306438643662313130396135363461656466626436663339313337613830623364646637 +3735323933323563646563393532306237336165633534353735 diff --git a/files/wireguard-media/htpc/fudiggity.pub b/files/wireguard-media/htpc/fudiggity.pub new file mode 100644 index 0000000..cdbb114 --- /dev/null +++ b/files/wireguard-media/htpc/fudiggity.pub @@ -0,0 +1 @@ +XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg= diff --git a/files/wireguard-media/htpc/preshared.psk b/files/wireguard-media/htpc/preshared.psk new file mode 100644 index 0000000..82ca126 --- /dev/null +++ b/files/wireguard-media/htpc/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +65363636336134323530333461393634666334383464356239613765396465373635353465323262 +3163343634336361323765623365633637663436616539340a376566313735316262366237366435 +33666634663966386434656363633136393565336134323465306264633630333131356539623862 +3666343633396634650a626263653632643333346564303065316634643763303036376332336333 +39323430306564346635393535313233363235316535656362363931323862303530363136663961 +6139326230353537643537346664623332383863323332633565 diff --git a/files/wireguard-media/xps/fudiggity.key b/files/wireguard-media/xps/fudiggity.key new file mode 100644 index 0000000..939f255 --- /dev/null +++ b/files/wireguard-media/xps/fudiggity.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64663539393065396333623165623833636539633932306437363365656532343565643866616532 +6562373233633237623761376234336331373637393431380a386261306438393837633037383464 +64623965376138313665393239346138383230383565626264393635303835396537663865313237 +6431313635333030390a646466303961663932353830366235643762393039396531316465333837 +61613264356263616332633334386532303761353536663033373639626634396164623335626566 +3632373266313435646338343738656663356635623138623939 diff --git a/files/wireguard-media/xps/fudiggity.pub b/files/wireguard-media/xps/fudiggity.pub new file mode 100644 index 0000000..aec0b05 --- /dev/null +++ b/files/wireguard-media/xps/fudiggity.pub @@ -0,0 +1 @@ +hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/wireguard-media/xps/preshared.psk b/files/wireguard-media/xps/preshared.psk new file mode 100644 index 0000000..ca1d895 --- /dev/null +++ b/files/wireguard-media/xps/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +63643763346434313734663761386539393032613366626230373862643431613963633664353264 +6466616235653963643861643439633537656439363735330a366439356537386662353431643163 +33363830646433336366353363623835373639383663633837313030393162643931353331633133 +6534363438303261320a333364313534336465616336386337383935353631646361623866326232 +64373139636633393236303335396138326638333635663839663734346463303739646431353437 +3838653361383663633632363862306565643531353066623336 diff --git a/files/desktop/wireguard/desktop.key b/files/wireguard/desktop/fudiggity.key similarity index 100% rename from files/desktop/wireguard/desktop.key rename to files/wireguard/desktop/fudiggity.key diff --git a/files/desktop/wireguard/desktop.pub b/files/wireguard/desktop/fudiggity.pub similarity index 100% rename from files/desktop/wireguard/desktop.pub rename to files/wireguard/desktop/fudiggity.pub diff --git a/files/desktop/wireguard/preshared.psk b/files/wireguard/desktop/preshared.psk similarity index 100% rename from files/desktop/wireguard/preshared.psk rename to files/wireguard/desktop/preshared.psk diff --git a/files/laptop/wireguard/laptop.key b/files/wireguard/xps/fudiggity.key similarity index 100% rename from files/laptop/wireguard/laptop.key rename to files/wireguard/xps/fudiggity.key diff --git a/files/laptop/wireguard/laptop.pub b/files/wireguard/xps/fudiggity.pub similarity index 100% rename from files/laptop/wireguard/laptop.pub rename to files/wireguard/xps/fudiggity.pub diff --git a/files/laptop/wireguard/preshared.psk b/files/wireguard/xps/preshared.psk similarity index 100% rename from files/laptop/wireguard/preshared.psk rename to files/wireguard/xps/preshared.psk diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml new file mode 100644 index 0000000..9084ba3 --- /dev/null +++ b/group_vars/all/main.yml @@ -0,0 +1,28 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + +xdg_config_dir: '{{ ansible_env.HOME }}/.config' +xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' + +modprobe_templates: [] +mkinitcpio_templates: [] + +boot_configuration: + +server_domain: fudiggity.nl + +register_uefi_entries: false + +wezterm_font_size: 11 diff --git a/handlers.yml b/handlers.yml index e613358..dae3fe5 100644 --- a/handlers.yml +++ b/handlers.yml @@ -22,10 +22,10 @@ daemon-reload: true scope: user -- name: restart syncthing +- name: start syncthing systemd: name: syncthing - state: restarted + state: started enabled: true scope: user @@ -36,3 +36,56 @@ state: restarted enabled: true daemon-reload: true + +- name: restart systemd-networkd + become: true + systemd: + name: systemd-networkd + state: restarted + enabled: true + +- name: restart systemd-resolved + become: true + systemd: + name: systemd-resolved + state: started + enabled: true + +- name: restart iwd + become: true + systemd: + name: iwd + state: restarted + enabled: true + +- name: stop mpd service + systemd: + name: mpd.service + state: stopped + enabled: false + scope: user + daemon-reload: true + +- name: restart mpd socket + systemd: + name: mpd + state: restarted + enabled: true + scope: user + daemon-reload: true + +- name: reload sysctl configuration + become: true + command: 'sysctl --system' + +- name: restart tmux service + systemd: + name: tmux + state: restarted + enabled: true + scope: user + +- name: user daemon-reload + ansible.builtin.systemd: + daemon-reload: true + scope: user diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml new file mode 100644 index 0000000..1010119 --- /dev/null +++ b/host_vars/desktop/network.yml @@ -0,0 +1,13 @@ +lan_interface: enp1s0 +lan_interface_mac: 00:d8:61:9f:52:65 + +local_network_address: 192.168.2.15/24 +local_network_dns: 9.9.9.9 149.112.112.112 +local_network_gateway: 192.168.2.254 + +hostname: desktop + +wireguard: + ip: 10.0.0.3 +wireguard_media: + ip: 10.0.1.3 diff --git a/host_vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml new file mode 100644 index 0000000..a9f0bc0 --- /dev/null +++ b/host_vars/desktop/syncthing.yml @@ -0,0 +1,45 @@ +syncthing_listen_address: '0.0.0.0' +syncthing_protocol_port: 22000 +syncthing_gui_port: 8384 + +syncthing_config_version: 37 +syncthing_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39643534383666343331666336356662333165633032356532323730316535616363393330376263 + 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 + 34653032646230313063613265313836383033353336333461376432363530633632313234323733 + 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 + 64666465356566313263376330643664313266646139663433663366316232613562663863366334 + 3061663839656563353663373135393233653130383735366538 + +syncthing_devices: + - name: Desktop + id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN + address: dynamic + + - name: Fudiggity + id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV + address: tcp://syncthing.{{ server_domain }}:22000 + + - name: XPS15 + id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH + address: tcp://10.0.0.2:22000 + +syncthing_folders: + - id: default + label: Default + path: '{{ ansible_env.HOME }}/syncthing/default' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id + + - id: pictures + label: Pictures + path: '{{ ansible_env.HOME }}/syncthing/pictures' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml new file mode 100644 index 0000000..93a9275 --- /dev/null +++ b/host_vars/desktop/system.yml @@ -0,0 +1,55 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - aspell-nl + - aspell-en + +modprobe_templates: + - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' + dest: '/etc/modprobe.d/99-amdgpu.conf' + +mkinitcpio_templates: + - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/desktop/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +boot_configuration: + disk: /dev/sdc + partition: 1 diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml new file mode 100644 index 0000000..10fc32b --- /dev/null +++ b/host_vars/htpc/network.yml @@ -0,0 +1,11 @@ +lan_interface: enp1s0 +lan_interface_mac: bc:fc:e7:6e:73:53 + +local_network_address: 192.168.2.30/24 +local_network_dns: 9.9.9.9 149.112.112.112 +local_network_gateway: 192.168.2.254 + +hostname: htpc + +wireguard_media: + ip: 10.0.1.8 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml new file mode 100644 index 0000000..c26db07 --- /dev/null +++ b/host_vars/htpc/system.yml @@ -0,0 +1,47 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + # custom packages + - keepassxc + - firefox + - mpv + - yt-dlp + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - pipewire + - pipewire-pulse + - pipewire-alsa + +wezterm_columns: 90 +wezterm_rows: 18 + +modprobe_templates: [] + +mkinitcpio_templates: + - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' + + - src: 'templates/htpc/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +boot_configuration: + disk: /dev/sda + partition: 1 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml new file mode 100644 index 0000000..864536b --- /dev/null +++ b/host_vars/xps/network.yml @@ -0,0 +1,20 @@ +wireless_interface: wlan0 + +local_network_ssid: KPNAE51C6 +local_network_address: 192.168.2.9/24 +local_network_dns: 9.9.9.9 149.112.112.112 +local_network_gateway: 192.168.2.254 + +frans_network_ssid: KPNDD1056 +frans_network_address: 192.168.2.9/24 +frans_network_dns: 9.9.9.9 149.112.112.112 +frans_network_gateway: 192.168.2.254 + +default_network_dns: 9.9.9.9 149.112.112.112 + +hostname: xps + +wireguard: + ip: 10.0.0.2 +wireguard_media: # TODO: add missing credentials + ip: 10.0.1.2 diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml new file mode 100644 index 0000000..4361051 --- /dev/null +++ b/host_vars/xps/pa-dlna.yml @@ -0,0 +1,2 @@ +pa_dlna_version: 0.16 +pa_dlna_systemd_version: 0.0.9 diff --git a/host_vars/xps/syncthing.yml b/host_vars/xps/syncthing.yml new file mode 100644 index 0000000..a817845 --- /dev/null +++ b/host_vars/xps/syncthing.yml @@ -0,0 +1,45 @@ +syncthing_listen_address: '0.0.0.0' +syncthing_protocol_port: 22000 +syncthing_gui_port: 8384 + +syncthing_config_version: 37 +syncthing_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35346637623066636261633331343438313736356137633466306633613563343630363565643763 + 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 + 65336339383630313837323137613137303862613061326131313437316637383637666638313235 + 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 + 66333431636134366466373533616438326230323965333763316336393764303737663461363636 + 3061373832313462623765353130616237343966333332623262 + +syncthing_devices: + - name: Desktop + id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN + address: tcp://10.0.0.3:22000 + + - name: Fudiggity + id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV + address: tcp://syncthing.{{ server_domain }}:22000 + + - name: XPS15 + id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH + address: dynamic + +syncthing_folders: + - id: default + label: Default + path: '{{ ansible_env.HOME }}/syncthing/default' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id + + - id: pictures + label: Pictures + path: '{{ ansible_env.HOME }}/syncthing/pictures' + type: sendreceive + devices: + - *syncthing_desktop_id + - *syncthing_server_id + - *syncthing_xps_id diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml new file mode 100644 index 0000000..53ed97b --- /dev/null +++ b/host_vars/xps/system.yml @@ -0,0 +1,62 @@ +packages: + - nftables + - tmux + - unrar + - vim + - git + - openssl + - iproute2 + - curl + - reflector + - otf-monaspace-nerd + - systemd-ukify + - efibootmgr + - git-delta + + - keepassxc + - gimp + - firefox + - mpv + - yt-dlp + - nfs-utils + - syncthing + - mpd + - wireguard-tools + - okular + - postgresql + - plasma-meta + - wezterm + - kmail + - pipewire + - pipewire-pulse + - pipewire-alsa + - merkuro + - kmail + - aspell-nl + - aspell-en + + # custom host packages + - iwd + - nvidia + - nvidia-prime + - nvidia-utils + - lib32-nvidia-utils + +boot_configuration: + disk: /dev/nvme0n1 + partition: 1 + +mkinitcpio_templates: + - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' + dest: '/etc/mkinitcpio.conf.d/1-modules.conf' + + - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2' + dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' + + - src: 'templates/xps/mkinitcpio/linux.preset.j2' + dest: '/etc/mkinitcpio.d/linux.preset' + + - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' + dest: '/etc/mkinitcpio.d/linux-lts.preset' + +wezterm_font_size: 10 diff --git a/htpc.yml b/htpc.yml new file mode 100644 index 0000000..28ffd78 --- /dev/null +++ b/htpc.yml @@ -0,0 +1,19 @@ +- hosts: htpc + gather_facts: true + +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: htpc + tasks: + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..6e289f8 --- /dev/null +++ b/inventory.yml @@ -0,0 +1,11 @@ +all: + hosts: + xps: + ansible_connection: local + ansible_become_method: community.general.run0 + desktop: + ansible_connection: local + ansible_become_method: community.general.run0 + htpc: + ansible_connection: local + ansible_become_method: community.general.run0 diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index eada34f..0000000 --- a/playbook.yml +++ /dev/null @@ -1,32 +0,0 @@ -- hosts: localhost - pre_tasks: - - name: install shared packages - become: true - pacman: - name: '{{ packages }}' - - name: detecting platform - import_tasks: 'tasks/platform.yml' - - name: install platform specific packages - become: true - pacman: - name: '{{ platform_packages }}' - roles: - - common - tasks: - - import_tasks: 'tasks/setup.yml' - - import_tasks: 'tasks/network.yml' - - import_tasks: 'tasks/systemd.yml' - - import_tasks: 'tasks/git.yml' - - import_tasks: 'tasks/mpv.yml' - - import_tasks: 'tasks/mpd.yml' - - import_tasks: 'tasks/syncthing.yml' - - import_tasks: 'tasks/pipewire.yml' - - import_tasks: 'tasks/timer.yml' - handlers: - - import_tasks: 'handlers.yml' - - import_tasks: 'roles/common/handlers/user.yml' - vars_files: - - 'vars/main.yml' - - 'vars/gpg.yml' - - 'vars/vpn.yml' - - 'vars/mpd.yml' diff --git a/requirements.yml b/requirements.yml index ba54c45..b20eeb6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ -- src: git+https://git.fudiggity.nl/ansible/common.git +- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git name: common version: master scm: git diff --git a/tasks/desktop.yml b/tasks/desktop.yml new file mode 100644 index 0000000..a5134cd --- /dev/null +++ b/tasks/desktop.yml @@ -0,0 +1,12 @@ +- name: Create xdg-desktop-portal.service.d directory + ansible.builtin.file: + path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' + state: directory + mode: '0755' + +- name: Copy xdg-desktop-portal.service drop-in + ansible.builtin.template: + src: templates/desktop/xdg-desktop-portal.service.j2 + dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' + mode: '0755' + notify: user daemon-reload diff --git a/tasks/git.yml b/tasks/git.yml deleted file mode 100644 index 3b07f8f..0000000 --- a/tasks/git.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: copy git configuration - template: - src: 'templates/gitconfig.j2' - dest: '{{ ansible_env.HOME }}/.gitconfig' - -- name: copy keys - copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - loop: - - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } - - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } - -- name: import secret key - command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' - -- name: import public key - command: 'gpg --import ~/gpg.pub' - -- name: remove temp keys - file: - path: '{{ item }}' - state: absent - loop: - - '{{ ansible_env.HOME }}/gpg.key' - - '{{ ansible_env.HOME }}/gpg.pub' diff --git a/tasks/mpd.yaml b/tasks/mpd.yaml new file mode 100644 index 0000000..f3e29b7 --- /dev/null +++ b/tasks/mpd.yaml @@ -0,0 +1,71 @@ +- name: Include mpd defaults + ansible.builtin.include_vars: + file: vars/mpd.yml + +- name: Copy systemd configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0644' + loop: + - src: 'templates/mpd/service.j2' + dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' + + - src: 'templates/mpd/socket.j2' + dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' + notify: + - stop mpd service + - restart mpd socket + +- name: Create mpd files + ansible.builtin.file: + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '0755' + loop: + - path: '{{ mpd_configuration_dir }}' + state: 'directory' + - path: '{{ ncmpc_configuration_dir }}' + state: 'directory' + - path: '{{ ncmpcpp_configuration_dir }}' + state: 'directory' + - path: '{{ mpd_configuration_dir }}/playlists' + state: 'directory' + - path: '{{ mpd_configuration_dir }}/state' + state: 'touch' + +- name: Remove previous mpd files + ansible.builtin.file: + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '0755' + loop: + - path: '{{ mpd_configuration_dir }}/log' + state: 'absent' + - path: '{{ mpd_configuration_dir }}/database' + state: 'absent' + - path: '{{ mpd_configuration_dir }}/sticker.sql' + state: 'absent' + - path: '{{ ncmpc_configuration_dir }}' + state: 'absent' + +- name: Copy configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/mpd/mpd.conf.j2' + dest: '{{ mpd_configuration_dir }}/mpd.conf' + - src: 'templates/mpd/ncmpcpp/config.j2' + dest: '{{ ncmpcpp_configuration_dir }}/config' + - src: 'templates/mpd/ncmpcpp/bindings.j2' + dest: '{{ ncmpcpp_configuration_dir }}/bindings' + notify: + - stop mpd service + +# TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR +# Use mpc to control local mpd server. +# Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }} +# to add the HTTP stream to the playlist. +# Use nmcpc to control remote mpd server. diff --git a/tasks/mpd.yml b/tasks/mpd.yml deleted file mode 100644 index 53217f3..0000000 --- a/tasks/mpd.yml +++ /dev/null @@ -1,14 +0,0 @@ -# remote mpd server is used now - -- name: check for mpd socket - stat: - path: '{{ xdg_config_dir }}/systemd/user/mpd.socket' - register: mpd_socket - -- name: disable mpd socket - systemd: - name: mpd.socket - state: stopped - enabled: no - scope: user - when: mpd_socket.stat.exists diff --git a/tasks/mpv.yml b/tasks/mpv.yml index c0e8a8a..3b4c52a 100644 --- a/tasks/mpv.yml +++ b/tasks/mpv.yml @@ -1,20 +1,16 @@ -- name: create configuration directory - file: +- name: Create configuration directory + ansible.builtin.file: path: '{{ ansible_env.HOME }}/.config/mpv' state: directory mode: '0700' -- name: copy configuration files - template: +- name: Copy configuration files + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: '0644' loop: - - { - src: 'templates/mpv/input.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf', - } - - { - src: 'templates/mpv/config.j2', - dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf', - } + - src: 'templates/mpv/input.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' + - src: 'templates/mpv/config.j2' + dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' diff --git a/tasks/network.yml b/tasks/network.yml deleted file mode 100644 index bb6c4eb..0000000 --- a/tasks/network.yml +++ /dev/null @@ -1,133 +0,0 @@ -- name: create wireguard directories - become: true - file: - path: '{{ item | dirname }}' - owner: root - group: systemd-network - mode: '0644' - state: directory - loop: - - '{{ vpn_private_key_path }}' - - '{{ vpn_public_key_path }}' - -- name: copy wireguard credentials - become: true - copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - dest: '{{ vpn_public_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.pub', - } - - { - dest: '{{ vpn_private_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.key', - } - -- name: copy wireguard preshared keys - become: true - copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ vpn_peers }}' - -- name: setup desktop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/desktop/network/enp.network.j2', - dest: '/etc/systemd/network/20-wired.network', - } - - { - src: 'templates/desktop/network/vmbr0.network.j2', - dest: '/etc/systemd/network/30-vmbr0.network', - } - - { - src: 'templates/desktop/network/vmbr0.netdev.j2', - dest: '/etc/systemd/network/30-vmbr0.netdev', - } - - { - src: 'templates/desktop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/desktop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - when: platform == "desktop" - -- name: setup laptop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/laptop/network/wireless.network.j2', - dest: '/etc/systemd/network/20-wireless.network', - } - - { - src: 'templates/laptop/network/vmbr0.network.j2', - dest: '/etc/systemd/network/30-vmbr0.network', - } - - { - src: 'templates/laptop/network/vmbr0.netdev.j2', - dest: '/etc/systemd/network/30-vmbr0.netdev', - } - - { - src: 'templates/laptop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/laptop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - when: platform == "laptop" - -- name: restart systemd-networkd - become: true - systemd: - name: systemd-networkd - state: restarted - enabled: true - -- name: start systemd-resolved service - become: true - systemd: - name: systemd-resolved - state: started - enabled: true - -- name: start iwd service - become: true - systemd: - name: iwd - state: started - enabled: true - when: platform == "laptop" - -- name: copy firewall template - become: true - template: - src: 'templates/{{ platform }}/nftables.j2' - dest: '/etc/nftables.conf' - owner: root - group: root - mode: '0600' - notify: restart nftables diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml new file mode 100644 index 0000000..4eb16d8 --- /dev/null +++ b/tasks/network/desktop.yml @@ -0,0 +1,27 @@ +- name: Desktop configuration + notify: + - restart systemd-networkd + - restart systemd-resolved + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/desktop/network/enp1s0.link.j2' + dest: '/etc/systemd/network/20-enp1s0.link' + - src: 'templates/desktop//network/enp1s0.network.j2' + dest: '/etc/systemd/network/20-enp1s0.network' + + - name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' diff --git a/tasks/network/htpc.yml b/tasks/network/htpc.yml new file mode 100644 index 0000000..e69de29 diff --git a/tasks/network/main.yml b/tasks/network/main.yml new file mode 100644 index 0000000..f8586b1 --- /dev/null +++ b/tasks/network/main.yml @@ -0,0 +1,28 @@ +# Note that Wireguard does DNS resolution only once during connection. +# When a client's IP changes, the server should be notified in some way, +# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` +# for example. + +- name: Set hostname + become: true + ansible.builtin.hostname: + name: '{{ hostname }}' + use: systemd + +- name: Copy hosts file + become: true + ansible.builtin.template: + src: templates/hosts.j2 + dest: /etc/hosts + mode: '0644' + owner: root + +- name: Copy firewall template + become: true + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/nftables.j2' + dest: /etc/nftables.conf + owner: root + group: root + mode: '0600' + notify: restart nftables diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml new file mode 100644 index 0000000..0c99843 --- /dev/null +++ b/tasks/network/xps.yml @@ -0,0 +1,47 @@ +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/xps/network/wlan0-local.network.j2' + dest: '/etc/systemd/network/10-wireless.network' + + - src: 'templates/xps/network/wlan0-frans.network.j2' + dest: '/etc/systemd/network/11-wireless.network' + + - src: 'templates/xps/network/wlan0.network.j2' + dest: '/etc/systemd/network/20-wireless.network' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Create iwd directory + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd + mode: '0644' + owner: root + +- name: Provision iwd configuration + become: true + ansible.builtin.template: + src: templates/xps/iwd.j2 + dest: /etc/iwd/main.config + mode: '0755' + owner: root + notify: restart iwd + +- name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/systemd/network/30-vmbr0.network + - /etc/systemd/network/30-vmbr0.netdev + - /etc/systemd/network/10-wlan0.link diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml deleted file mode 100644 index 1a7e7f7..0000000 --- a/tasks/pipewire.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Note that pulsaudio should be removed by installing pipewire-pulse manually - -- name: create pipewire-pulse override directory - file: - path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' - state: directory - -# sets up an post activation script to load the module-native-protocol-tcp -# with given parameters. This is not yet supported through pipewire-pulse's configuration, -# see https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp -- name: copy pipewire-pulse service override - template: - src: 'templates/pipewire-pulse.j2' - dest: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/override.conf' - -- name: copy pipewire-pulse script - template: - src: 'templates/{{ platform }}/pulse-script.j2' - dest: '{{ xdg_script_dir }}/pulse-script' - mode: 0755 - -- name: start pipewire socket - systemd: - name: pipewire.socket - state: started - enabled: true - scope: user - -- name: restart pipewire-pulse - systemd: - name: '{{ item.name }}' - state: restarted - enabled: '{{ item.enabled }}' - scope: user - daemon-reload: true - loop: - - { name: 'pipewire-pulse.socket', enabled: true } - - { name: 'pipewire-pulse.service', enabled: false } diff --git a/tasks/platform.yml b/tasks/platform.yml deleted file mode 100644 index 287b9c7..0000000 --- a/tasks/platform.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: detect platform - command: laptop-detect - register: is_laptop - failed_when: is_laptop.rc == 2 - -- name: set platform (desktop) - set_fact: - platform: 'desktop' - when: is_laptop.rc == 1 - -- name: set platform (laptop) - set_fact: - platform: 'laptop' - when: is_laptop.rc == 0 - -- name: load desktop specific vars - include_vars: 'vars/desktop.yml' - when: platform == "desktop" - -- name: load laptop specific vars - include_vars: 'vars/laptop.yml' - when: platform == "laptop" diff --git a/tasks/setup.yml b/tasks/setup.yml index ff7a6f3..e2c0d73 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,51 +1,205 @@ -- name: copy reflector configuration +- name: Provision pollkit administrator configuration become: true - template: + ansible.builtin.template: + src: 'templates/polkit.j2' + dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules' + mode: '0755' + +- name: Install shared packages + become: true + community.general.pacman: + name: '{{ packages }}' + +- name: Copy reflector configuration + become: true + ansible.builtin.template: src: 'templates/reflector.j2' dest: '/etc/xdg/reflector/reflector.conf' - owner: root - group: root mode: '0600' # started by weekly timer -- name: disable reflector +- name: Disable reflector become: true - systemd: + ansible.builtin.systemd: name: reflector state: stopped enabled: false -- name: copy pacman configuration +- name: Copy pacman configuration become: true - template: + ansible.builtin.template: src: 'templates/pacman.j2' dest: '/etc/pacman.conf' owner: root group: root mode: '0644' -- name: create extra conf +- name: Create extra conf become: true - file: + ansible.builtin.file: path: '/etc/pacman.d/extra.conf' owner: root group: root state: touch mode: '0644' -- name: copy powertop service - become: true - template: - src: 'templates/{{ platform }}/powertop.j2' - dest: '/etc/systemd/system/powertop.service' - owner: root - group: root - mode: '0644' - notify: restart powertop - when: platform == "laptop" +- name: Setup Wezterm + when: "'wezterm' in packages" + block: + - name: Create wezterm configuration dir + ansible.builtin.file: + path: '{{ xdg_config_dir }}/wezterm/includes' + state: directory + mode: '0755' -- name: enable fstrim timer + - name: Copy wezterm configuration files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/wezterm/wezterm.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' + + - src: 'templates/wezterm/includes/colors.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' + + - src: 'templates/wezterm/includes/fonts.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' + + - src: 'templates/wezterm/includes/window.lua.j2' + dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' + +- name: Enable fstrim timer become: true - systemd: + ansible.builtin.systemd: name: fstrim.timer enabled: true + +- name: Remove the sysctl.d directory + become: true + ansible.builtin.file: + path: /etc/sysctl.d + state: absent + +- name: Recreate the sysctl.d directory + become: true + ansible.builtin.file: + path: /etc/sysctl.d + state: directory + mode: '0755' + +- name: Copy sysctl files + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: + - src: 'templates/sysctl/99-sysrq.conf.j2' + dest: '/etc/sysctl.d/99-sysrq.conf' + - src: 'templates/sysctl/98-forward.conf.j2' + dest: '/etc/sysctl.d/98-foward.conf' + notify: reload sysctl configuration + +- name: Remove the modprobe.d directory + become: true + ansible.builtin.file: + path: /etc/modprobe.d + state: absent + +- name: Recreate the modprobe.d directory + become: true + ansible.builtin.file: + path: /etc/modprobe.d + state: directory + mode: '0755' + +- name: Copy modprobe configuration files + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: '{{ modprobe_templates }}' + when: modprobe_templates + +- name: Copy kernel parameters template + become: true + ansible.builtin.template: + src: 'templates/{{ ansible_hostname }}/cmdline.j2' + dest: '/etc/kernel/cmdline' + mode: '0755' + +- name: Remove the mkinitcpio directories + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: Recreate the mkinitcpio directories + become: true + ansible.builtin.file: + path: '{{ item }}' + state: directory + mode: '0755' + loop: + - /etc/mkinitcpio.conf.d + - /etc/mkinitcpio.d + +- name: Copy mkinitcpio configuration files + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0755' + loop: '{{ mkinitcpio_templates }}' + when: '{{ mkinitcpio_templates | length > 0 }}' + +- name: Regenerate initramfs images + become: true + ansible.builtin.command: 'mkinitcpio --allpresets' + register: mkinitcpio_stats + +- name: Log mkinitcpio stdout + ansible.builtin.debug: + var: mkinitcpio_stats.stdout_lines + +- name: Create a Linux UEFI boot entry + become: true + ansible.builtin.command: efibootmgr \ + --create \ + --disk '{{ boot_configuration.disk }}' \ + --part '{{ boot_configuration.partition }}' \ + --label 'Arch Linux' \ + --loader '\EFI\Linux\linux.efi'\ + --unicode + --index 0 + register: efi_linux_stats + when: register_uefi_entries + +- name: Log efibootmgr stdout + ansible.builtin.debug: + var: efi_linux_stats.stdout_lines + when: register_uefi_entries + +- name: Create a Linux LTS UEFI boot entry + become: true + ansible.builtin.command: efibootmgr \ + --create \ + --disk '{{ boot_configuration.disk }}' \ + --part '{{ boot_configuration.partition }}' \ + --label 'Arch Linux LTS' \ + --loader '\EFI\Linux\linux-lts.efi'\ + --unicode + --index 1 + register: efi_linux_lts_stats + when: register_uefi_entries + +- name: Log efibootmgr LTS stdout + ansible.builtin.debug: + var: efi_linux_lts_stats.stdout_lines + when: register_uefi_entries diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index 5f9b44c..c54fde5 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,11 +1,18 @@ -- name: create configuration dir - file: +- name: Create configuration dir + ansible.builtin.file: path: '{{ xdg_config_dir }}/syncthing' state: directory + mode: '0755' -- name: copy configuration file - template: - src: 'templates/{{ platform }}/syncthing.j2' +- name: Stop syncthing service + ansible.builtin.systemd: + name: syncthing + scope: user + state: stopped + +- name: Copy configuration file + ansible.builtin.template: + src: 'templates/syncthing/config.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' - mode: '0600' - notify: restart syncthing + mode: '0640' + notify: start syncthing diff --git a/tasks/systemd.yml b/tasks/systemd.yml index baee82e..4b6e6e5 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,24 +1,27 @@ -- name: setup systemd user service folder - file: +- name: Setup systemd user service folder + ansible.builtin.file: path: '{{ xdg_config_dir }}/systemd/user' state: directory mode: '0755' -- name: add ssh-agent service - template: +- name: Add ssh-agent service + ansible.builtin.template: src: 'templates/ssh-agent.j2' dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' mode: '0644' notify: restart user ssh-agent -- name: copy tmux service - template: +- name: Copy tmux service + ansible.builtin.template: src: 'templates/tmux.j2' dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' mode: '0644' + notify: + - user daemon-reload + - restart tmux service -- name: copy tmux startup script - copy: +- name: Copy tmux startup script + ansible.builtin.copy: src: 'files/tmux_start' dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' mode: '0740' diff --git a/tasks/timer.yml b/tasks/timer.yml index 14702b3..7a2aa56 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -1,5 +1,5 @@ - name: copy timer files - become: yes + become: true template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -13,7 +13,7 @@ - enable weekly timer - name: copy target files - become: yes + become: true template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -22,12 +22,12 @@ loop: - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } - { - src: 'templates/timer/weekly_target.j2', - dest: '/etc/systemd/system/weekly.target', - } + src: 'templates/timer/weekly_target.j2', + dest: '/etc/systemd/system/weekly.target', + } - name: create target directories - become: yes + become: true file: path: '{{ item }}' state: directory @@ -38,7 +38,7 @@ - '/etc/systemd/system/weekly.target.wants' - name: add reflector to weekly timer - become: yes + become: true file: src: '/usr/lib/systemd/system/reflector.service' dest: '/etc/systemd/system/weekly.target.wants/reflector.service' diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml new file mode 100644 index 0000000..b22e477 --- /dev/null +++ b/tasks/wireguard-media.yml @@ -0,0 +1,71 @@ +- name: Include wireguard media defaults + ansible.builtin.include_vars: + file: vars/wireguard-media.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_media_defaults.private_key_path | dirname }}' + - '{{ wireguard_media_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_media_defaults.public_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_media_defaults.private_key_path }}' + src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_media_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml new file mode 100644 index 0000000..bfd9418 --- /dev/null +++ b/tasks/wireguard.yml @@ -0,0 +1,71 @@ +- name: Include wireguard defaults + ansible.builtin.include_vars: + file: vars/wireguard.yml + +- name: Create Wireguard directories + become: true + ansible.builtin.file: + path: '{{ item }}' + owner: root + group: systemd-network + mode: '0750' + state: directory + recurse: true + loop: + - '{{ vpn_config_dir }}' + - '{{ wireguard_defaults.private_key_path | dirname }}' + - '{{ wireguard_defaults.public_key_path | dirname }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard credentials + become: true + ansible.builtin.copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - dest: '{{ wireguard_defaults.public_key_path }}' + src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub' + + - dest: '{{ wireguard_defaults.private_key_path }}' + src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Copy Wireguard preshared keys + become: true + ansible.builtin.copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ wireguard_defaults.peers }}' + notify: + - restart systemd-networkd + - restart systemd-resolved + +- name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + notify: + - restart systemd-networkd + - restart systemd-resolved + vars: + wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}" diff --git a/tasks/xps.yml b/tasks/xps.yml new file mode 100644 index 0000000..06aeb90 --- /dev/null +++ b/tasks/xps.yml @@ -0,0 +1,46 @@ +- name: Provision powertop systemd service + become: true + ansible.builtin.file: + path: /etc/systemd/system/powertop.service + state: absent + +- name: Provision python pa-dlna + block: + - name: Create configuration directory + ansible.builtin.file: + path: '{{ xdg_config_dir }}/pa-dlna' + state: directory + mode: '0755' + + - name: Copy configuration file + ansible.builtin.template: + src: templates/xps/pa-dlna/config.j2 + dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' + mode: '0755' + + - name: Copy systemd service + ansible.builtin.template: + src: templates/xps/pa-dlna/service.j2 + dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' + mode: '0755' + + - name: Create virtualenv directory + become: true + ansible.builtin.file: + path: /opt/virtualenv/pa-dlna + state: directory + owner: sonny + group: sonny + mode: '0755' + + - name: Install pa-dlna + ansible.builtin.pip: + name: 'pa-dlna=={{ pa_dlna_version }}' + virtualenv: /opt/virtualenv/pa-dlna + virtualenv_command: python3.13 -m venv + + - name: Install python-systemd + ansible.builtin.pip: + name: 'python-systemd=={{ pa_dlna_systemd_version }}' + virtualenv: /opt/virtualenv/pa-dlna + virtualenv_command: python3.13 -m venv diff --git a/templates/desktop/cmdline.j2 b/templates/desktop/cmdline.j2 new file mode 100644 index 0000000..08259b5 --- /dev/null +++ b/templates/desktop/cmdline.j2 @@ -0,0 +1 @@ +root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable diff --git a/templates/desktop/mkinitcpio/1-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2 new file mode 100644 index 0000000..82581fb --- /dev/null +++ b/templates/desktop/mkinitcpio/1-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(amdgpu) diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/desktop/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2 new file mode 100644 index 0000000..2ef56d7 --- /dev/null +++ b/templates/desktop/modprobe/99-amdgpu.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +# disable Panel Self Refresh for 6.10 +# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514 +options amdgpu dcdebugmask=0x12 diff --git a/templates/desktop/network/enp.network.j2 b/templates/desktop/network/enp.network.j2 deleted file mode 100644 index 3329399..0000000 --- a/templates/desktop/network/enp.network.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=enp* - -[Network] -DHCP=yes diff --git a/templates/desktop/network/enp1s0.link.j2 b/templates/desktop/network/enp1s0.link.j2 new file mode 100644 index 0000000..4ed6b79 --- /dev/null +++ b/templates/desktop/network/enp1s0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ lan_interface_mac }} + +[Link] +Name={{ lan_interface }} diff --git a/templates/desktop/network/enp1s0.network.j2 b/templates/desktop/network/enp1s0.network.j2 new file mode 100644 index 0000000..af57302 --- /dev/null +++ b/templates/desktop/network/enp1s0.network.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Match] +Name={{ lan_interface }} + +[Network] +Address={{ local_network_address }} +Gateway={{ local_network_gateway }} +DNS={{ local_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no +RequiredForOnline=routable diff --git a/templates/desktop/network/vmbr0.netdev.j2 b/templates/desktop/network/vmbr0.netdev.j2 deleted file mode 100644 index 54f171b..0000000 --- a/templates/desktop/network/vmbr0.netdev.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name=vmbr0 -Kind=bridge diff --git a/templates/desktop/network/vmbr0.network.j2 b/templates/desktop/network/vmbr0.network.j2 deleted file mode 100644 index a3ca139..0000000 --- a/templates/desktop/network/vmbr0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=vmbr0 - -[Network] -Address=10.4.0.1/24 -DHCP=yes -IPForward=yes -ConfigureWithoutCarrier=yes diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index de4e81e..85ba97e 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,20 +1,21 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} [NetDev] -Name={{ vpn_interface }} +Name={{ wireguard.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} +Description=WireGuard tunnel {{ wireguard.interface }} [WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main -{% for peer in vpn_peers %} +{% for peer in wireguard.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} -AllowedIPs={{ peer.allowd_ips }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 81fbe8a..76731d3 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -1,7 +1,10 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} [Match] -Name={{ vpn_interface }} +Name={{ wireguard.interface }} [Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/desktop/network/wg1.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/desktop/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index 502770a..29f4cd1 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -1,12 +1,11 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# +#!/usr/bin/nft -f # vim:set ts=2 sw=2 et: flush ruleset table inet filter { chain input { - type filter hook input priority 0; + type filter hook input priority 0; policy drop; # allow established/related connections ct state { established, related } accept @@ -21,20 +20,14 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept + # allow mDNS + udp dport 5353 accept + # allow ssh tcp dport ssh accept # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept - - # allow remote pulse audio - ip saddr 10.0.0.1 tcp dport 4713 accept - - # allow dhcp requests for bridget connections - iifname "vmbr0" udp dport { 53, 67 } accept - - # everything else - reject with icmpx type port-unreachable } chain forward { @@ -43,9 +36,6 @@ table inet filter { ct state { established, related } accept; mark 1 accept - - iifname "vmbr0" oifname "enp34s0" accept - iifname "enp34s0" oifname "vmbr0" accept } } @@ -54,16 +44,3 @@ table ip filter { mark set 1 } } - -table ip nat { - chain prerouting { - type nat hook prerouting priority 0; policy accept; - - # iifname "enp34s0" tcp dport { http } dnat to 10.4.0.243 - } - - chain postrouting { - type nat hook postrouting priority 0; policy accept; - oifname "enp34s0" masquerade - } -} diff --git a/templates/desktop/pulse-script.j2 b/templates/desktop/pulse-script.j2 deleted file mode 100644 index 8bcc1ea..0000000 --- a/templates/desktop/pulse-script.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/sh -# -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen={{ vpn_ip }} diff --git a/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 deleted file mode 100644 index d9e59f9..0000000 --- a/templates/desktop/syncthing.j2 +++ /dev/null @@ -1,134 +0,0 @@ - - - - - basic - - - 0 - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - - basic - - - 0 - - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - -1 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - -
dynamic
- false - false - 0 - 0 - 0 - - -
tcp://10.0.0.1:22000
- false - false - 0 - 0 - 0 - - -
127.0.0.1:8384
- Qo5fAhxR7LnwvJ7eGYr4gigkHm2LrT6y - dark - - - - default - default - true - true - 21027 - [ff12::8384]:21027 - 0 - 0 - 60 - true - 10 - true - true - 60 - 30 - 10 - 3 - 0 - rxdDP3h2 - https://data.syncthing.net/newdata - false - 1800 - true - 12 - false - 24 - false - 5 - false - 1 - https://upgrades.syncthing.net/meta.json - false - 10 - authenticationUserAndPassword - 0 - ~ - true - 0 - https://crash.syncthing.net/newcrash - true - 180 - 20 - default - auto - 0 - - diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2 new file mode 100644 index 0000000..7d06561 --- /dev/null +++ b/templates/desktop/xdg-desktop-portal.service.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Unit] +Requires=plasma-core.target +After=plasma-core.target diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 deleted file mode 100644 index 00bfd77..0000000 --- a/templates/gitconfig.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# - -[user] -email = sonny871@hotmail.com -name = Sonny Bakker -signingkey = {{ gpg_pub_key }} - -[pull] -rebase = false diff --git a/templates/hosts.j2 b/templates/hosts.j2 new file mode 100644 index 0000000..58cf68c --- /dev/null +++ b/templates/hosts.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +127.0.0.1 localhost.localdomain localhost +127.0.1.1 localhost.localdomain {{ hostname }} +::1 localhost.localdomain localhost diff --git a/templates/htpc/cmdline.j2 b/templates/htpc/cmdline.j2 new file mode 100644 index 0000000..f1e2797 --- /dev/null +++ b/templates/htpc/cmdline.j2 @@ -0,0 +1 @@ +rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap diff --git a/templates/htpc/mkinitcpio/1-modules.conf.j2 b/templates/htpc/mkinitcpio/1-modules.conf.j2 new file mode 100644 index 0000000..82581fb --- /dev/null +++ b/templates/htpc/mkinitcpio/1-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(amdgpu) diff --git a/templates/htpc/mkinitcpio/linux-lts.preset.j2 b/templates/htpc/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/htpc/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/htpc/mkinitcpio/linux.preset.j2 b/templates/htpc/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/htpc/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/htpc/network/enp1s0.link.j2 b/templates/htpc/network/enp1s0.link.j2 new file mode 100644 index 0000000..4ed6b79 --- /dev/null +++ b/templates/htpc/network/enp1s0.link.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +MACAddress={{ lan_interface_mac }} + +[Link] +Name={{ lan_interface }} diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2 new file mode 100644 index 0000000..af57302 --- /dev/null +++ b/templates/htpc/network/enp1s0.network.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Match] +Name={{ lan_interface }} + +[Network] +Address={{ local_network_address }} +Gateway={{ local_network_gateway }} +DNS={{ local_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no +RequiredForOnline=routable diff --git a/templates/htpc/network/wg1.netdev.j2 b/templates/htpc/network/wg1.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/htpc/network/wg1.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/htpc/network/wg1.network.j2 b/templates/htpc/network/wg1.network.j2 new file mode 100644 index 0000000..76731d3 --- /dev/null +++ b/templates/htpc/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ lan_interface }} diff --git a/templates/htpc/nftables.j2 b/templates/htpc/nftables.j2 new file mode 100644 index 0000000..9a8cb01 --- /dev/null +++ b/templates/htpc/nftables.j2 @@ -0,0 +1,29 @@ +#!/usr/bin/nft -f +# vim:set ts=2 sw=2 et: + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # allow established/related connections + ct state { established, related } accept + + # early drop of invalid connections + ct state invalid drop + + # allow from loopback + iifname lo accept + + # allow icmp + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # allow mDNS + udp dport 5353 accept + + # allow ssh + tcp dport ssh accept + } +} diff --git a/templates/laptop/network/vmbr0.netdev.j2 b/templates/laptop/network/vmbr0.netdev.j2 deleted file mode 100644 index 54f171b..0000000 --- a/templates/laptop/network/vmbr0.netdev.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name=vmbr0 -Kind=bridge diff --git a/templates/laptop/network/vmbr0.network.j2 b/templates/laptop/network/vmbr0.network.j2 deleted file mode 100644 index 4bbbfa2..0000000 --- a/templates/laptop/network/vmbr0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=vmbr0 - -[Network] -Address=10.5.0.1/24 -DHCP=ipv4 -IPForward=ipv4 -ConfigureWithoutCarrier=yes diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 deleted file mode 100644 index de4e81e..0000000 --- a/templates/laptop/network/wg0.netdev.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[NetDev] -Name={{ vpn_interface }} -Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} - -[WireGuard] -# PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} - -{% for peer in vpn_peers %} -[WireGuardPeer] -PublicKey={{ peer.public_key }} -# PresharedKeyFile option does not seem to work, perhaps a bug? -PresharedKey={{ peer.preshared_key }} -AllowedIPs={{ peer.allowd_ips }} -{% if peer.endpoint %} -Endpoint={{ peer.endpoint }} -{% endif %} -{% if not loop.last %} - -{% endif %} -{% endfor %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 deleted file mode 100644 index 81fbe8a..0000000 --- a/templates/laptop/network/wg0.network.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name={{ vpn_interface }} - -[Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} diff --git a/templates/laptop/network/wireless.network.j2 b/templates/laptop/network/wireless.network.j2 deleted file mode 100644 index 894c5db..0000000 --- a/templates/laptop/network/wireless.network.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Match] -Name=wlan0 - -[Network] -DHCP=ipv4 diff --git a/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 deleted file mode 100644 index 6b15cc7..0000000 --- a/templates/laptop/powertop.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Unit] -Description=Powertop tunings - -[Service] -ExecStart=/usr/bin/powertop --auto-tune -RemainAfterExit=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/laptop/pulse-script.j2 b/templates/laptop/pulse-script.j2 deleted file mode 100644 index 6d9e623..0000000 --- a/templates/laptop/pulse-script.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/sh -# -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.0.0.2 diff --git a/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 deleted file mode 100644 index e653f67..0000000 --- a/templates/laptop/syncthing.j2 +++ /dev/null @@ -1,134 +0,0 @@ - - - - - basic - - - 0 - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - - basic - - - 0 - - - 3600 - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 0 - false - standard - standard - false - true - - -
tcp://10.0.0.1:22000
- false - false - 0 - 0 - 0 - - -
dynamic
- false - false - 0 - 0 - 0 - - -
127.0.0.1:8384
- 2y25PxNtQjtDoe6qnDSiWpmSMpJnvoyi - dark - - - - default - default - true - true - 21027 - [ff12::8384]:21027 - 0 - 0 - 60 - true - 10 - true - true - 60 - 30 - 10 - -1 - 0 - A3FvpLVX - https://data.syncthing.net/newdata - false - 1800 - true - 12 - false - 24 - false - 5 - false - 1 - https://upgrades.syncthing.net/meta.json - false - 10 - authenticationUserAndPassword - 0 - ~ - true - 0 - https://crash.syncthing.net/newcrash - true - 180 - 20 - default - auto - 0 - - diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 new file mode 100644 index 0000000..af43ed2 --- /dev/null +++ b/templates/mpd/mpd.conf.j2 @@ -0,0 +1,40 @@ +# {{ ansible_managed }} +# +bind_to_address "{{ mpd_listen_address }}" +port "{{ mpd_listen_port }}" + +playlist_directory "{{ mpd_configuration_dir }}/playlists" +state_file "{{ mpd_configuration_dir }}/state" + +database { + plugin "proxy" + host "{{ mpd_remote_address }}" + port "{{ mpd_remote_port }}" +} + +audio_output { + name "mpd" + type "pipewire" + dsd "yes" +} + +audio_output { + type "fifo" + name "my_fifo" + path "/tmp/mpd.fifo" +} + +input { + enabled "no" + plugin "tidal" +} + +input { + enabled "no" + plugin "qobuz" +} + +decoder { + enabled "no" + plugin "wildmidi" +} diff --git a/templates/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 new file mode 100644 index 0000000..2b02e99 --- /dev/null +++ b/templates/mpd/ncmpc.j2 @@ -0,0 +1,32 @@ +## {{ ansible_managed }} +# +## +## Configuration file for ncmpc (~/.config/ncmpc/config) +## + +############## Connection ################### +## Connect to mpd running on a specified host +host = {{ mpd_remote_address }} + +## Connect to mpd on the specified port. +port = {{ mpd_remote_port }} + +############## Theme ################### +# Topbar +color title = 0/254 +color line = 0/254 + +# Main window +color background = 15 +color list = 239/15 +color browser-directory = 239/15 +color browser-playlist = 239/15 + +# Selected +color list-bold = 147/255 + +# Bottombar +color progressbar = 0 +color status-state = 0/255 +color status-song = 0/255 +color status-time = 0/255 diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 new file mode 100644 index 0000000..1f85833 --- /dev/null +++ b/templates/mpd/ncmpcpp/bindings.j2 @@ -0,0 +1,323 @@ +# {{ ansible_managed }} + +# enabled bindings +def_key "a" + add_item_to_playlist + +def_key "l" + jump_to_playing_song + +def_key "l" + next_column + +def_key "h" + previous_column + +def_key "k" + scroll_up + +def_key "j" + scroll_down + +def_key "tab" + next_screen + +def_key "shift-tab" + previous_screen + +def_key "f1" + show_help + +def_key "1" + show_playlist + +def_key "2" + show_browser + +def_key "2" + change_browse_mode + +def_key "3" + show_search_engine + +def_key "3" + reset_search_engine + +def_key "4" + show_media_library + +def_key "4" + toggle_media_library_columns_mode + +def_key "5" + show_playlist_editor + +def_key "6" + show_tag_editor + +def_key "7" + show_outputs + +def_key "8" + show_visualizer + +def_key "[" + scroll_up_album + +def_key "]" + scroll_down_album + +def_key "{" + scroll_up_artist + +def_key "}" + scroll_down_artist + +def_key "page_up" + page_up + +def_key "page_down" + page_down + +def_key "home" + move_home + +def_key "end" + move_end + +def_key "enter" + enter_directory + +def_key "enter" + toggle_output + +def_key "enter" + run_action + +def_key "enter" + play_item + +def_key "delete" + delete_playlist_items + +def_key "delete" + delete_browser_items + +def_key "delete" + delete_stored_playlist + +def_key "s" + stop + +def_key "p" + pause + +def_key ">" + next + +def_key "<" + previous + +def_key "ctrl-h" + replay_song + +def_key "f" + seek_forward + +def_key "b" + seek_backward + +def_key "ctrl-r" + toggle_repeat + +def_key "ctrl-z" + toggle_random + +def_key "ctrl-s" + toggle_single + +def_key "u" + update_database + +def_key "/" + find_item_forward + find + +def_key "q" + quit + +def_key "v" + select_range + +def_key "c" + remove_selection + +def_key "C" + clear_playlist + + +# default dummy bindings +def_key "mouse" + dummy + +def_key "up" + dummy + +def_key "shift-up" + dummy + +def_key "down" + dummy + +def_key "shift-down" + dummy + +def_key "insert" + dummy + +def_key "space" + dummy + +def_key "right" + dummy + +def_key "+" + dummy + +def_key "left" + dummy + +def_key "-" + dummy + +def_key ":" + dummy + +def_key "=" + dummy + +def_key "@" + dummy + +def_key "backspace" + dummy + +def_key "y" + dummy + +def_key "R" + dummy + +def_key "Y" + dummy + +def_key "T" + dummy + +def_key "|" + dummy + +def_key "#" + dummy + +def_key "Z" + dummy + +def_key "x" + dummy + +def_key "X" + dummy + +def_key "ctrl-f" + dummy + +def_key "ctrl-_" + dummy + +def_key "?" + dummy + +def_key "." + dummy + +def_key "," + dummy + +def_key "w" + dummy + +def_key "e" + dummy + +def_key "i" + dummy + +def_key "I" + dummy + +def_key "g" + dummy + +def_key "ctrl-v" + dummy + +def_key "B" + dummy + +def_key "m" + dummy + +def_key "n" + dummy + +def_key "M" + dummy + +def_key "A" + dummy + +def_key "S" + dummy + +def_key "o" + dummy + +def_key "G" + dummy + +def_key "~" + dummy + +def_key "E" + dummy + +def_key "U" + dummy + +def_key "P" + dummy + +def_key "\\" + dummy + +def_key "!" + dummy + +def_key "L" + dummy + +def_key "F" + dummy + +def_key "alt-l" + dummy + +def_key "ctrl-l" + dummy + +def_key "`" + dummy + +def_key "ctrl-p" + dummy diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 new file mode 100644 index 0000000..a7cc08a --- /dev/null +++ b/templates/mpd/ncmpcpp/config.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} +# + +############## Connection ################### +## Connect to mpd running on a specified host +mpd_host = {{ mpd_remote_address }} + +## Connect to mpd on the specified port. +mpd_port = {{ mpd_remote_port }} + +# header_visibility = yes +# playlist_show_mpd_host = yes +# titles_visibility = yes +# enable_window_title = yes + + +connected_message_on_startup = no + +display_bitrate = yes + +visualizer_data_source = "/tmp/mpd.fifo" +visualizer_output_name = "my_fifo" +visualizer_in_stereo = "yes" +visualizer_type = "spectrum" +visualizer_look = "+|" + +############## Theme ################### + +user_interface = classic + +song_columns_list_format = "(40)[9]{t|f} (25)[245]{a} (25)[245]{b} (25)[245]{l}" +song_list_format = "{$5 %a$9 $1│$9 $8%t$9 }|{ $8%f$9}$R{$5%b $7}" + +# Column Names +header_window_color = 1 + +# Main window +main_window_color = 1 + +# Bottombar +progressbar_color = 1 +player_state_color = 1 diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2 new file mode 100644 index 0000000..54d1304 --- /dev/null +++ b/templates/mpd/service.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# + +[Unit] +Description=Music Player Daemon +Documentation=man:mpd(1) man:mpd.conf(5) + +[Service] +Type=notify +ExecStart=/usr/bin/mpd --systemd +Restart=on-failure +RestartSec=15s +TimeoutStopSec=3 diff --git a/templates/mpd/socket.j2 b/templates/mpd/socket.j2 new file mode 100644 index 0000000..f6c6d2f --- /dev/null +++ b/templates/mpd/socket.j2 @@ -0,0 +1,12 @@ +# {{ ansible_managed }} +# + +[Socket] +ListenStream=/run/user/1000/mpd.socket +ListenStream={{ mpd_listen_port }} +Backlog=5 +KeepAlive=true +PassCredentials=true + +[Install] +WantedBy=sockets.target diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index 706daf1..cb9323b 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -1,12 +1,14 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -volume=100 -sub-auto=fuzzy -gpu-api=vulkan +# {{ ansible_managed }} +# +gpu-api=opengl vo=gpu hwdec=vaapi -ytdl-format=best - -audio-samplerate=96000 +audio-samplerate=128000 audio-format=s64 +volume=100 + +keep-open=yes # do not close the window on exit +keepaspect-window=no # add black bars if window aspect and video aspect mismatch + +sub-auto=fuzzy # load all subs containing the media filename diff --git a/templates/mpv/input.j2 b/templates/mpv/input.j2 index b63757d..a405e81 100644 --- a/templates/mpv/input.j2 +++ b/templates/mpv/input.j2 @@ -1,14 +1,13 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # -## Seek units are in seconds, but note that these are limited by keyframes +# See /usr/share/doc/mpv/input.conf for more options. +# +## Seek units are in seconds, but note that these are limited by keyframes. RIGHT seek 5 LEFT seek -5 SHIFT+RIGHT seek 60 SHIFT+LEFT seek -60 -# UP add volume 2 -# DOWN add volume -2 - UP add ao-volume 2 DOWN add ao-volume -2 m cycle ao-mute @@ -19,8 +18,7 @@ PGDWN add chapter -1 # skip to previous chapter q quit j cycle sub # cycle through subtitles - -#SHARP cycle audio # switch audio streams +- cycle audio # switch audio track f cycle fullscreen # toggle fullscreen s screenshot # take a screenshot diff --git a/templates/pacman.j2 b/templates/pacman.j2 index 683ec24..76ce942 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # # /etc/pacman.conf # @@ -37,10 +37,11 @@ Architecture = auto #UseSyslog #Color #NoProgressBar -#TotalDownload CheckSpace VerbosePkgLists ParallelDownloads = 5 +DownloadUser = alpm +#DisableSandbox # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. @@ -75,19 +76,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/templates/pipewire-pulse.j2 b/templates/pipewire-pulse.j2 deleted file mode 100644 index a0aa782..0000000 --- a/templates/pipewire-pulse.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - -[Service] -ExecStartPost={{ xdg_script_dir }}/pulse-script diff --git a/templates/polkit.j2 b/templates/polkit.j2 new file mode 100644 index 0000000..86a4b5f --- /dev/null +++ b/templates/polkit.j2 @@ -0,0 +1,11 @@ +/* {{ ansible_managed }} + * + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:" + * without password authentication, similar to "sudo NOPASSWD:" + */ +polkit.addRule(function(action, subject) { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); diff --git a/templates/reflector.j2 b/templates/reflector.j2 index fbd1a42..6d6eb4d 100644 --- a/templates/reflector.j2 +++ b/templates/reflector.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # # Reflector configuration file for the systemd service. # diff --git a/templates/ssh-agent.j2 b/templates/ssh-agent.j2 index 67fdbea..d625c48 100644 --- a/templates/ssh-agent.j2 +++ b/templates/ssh-agent.j2 @@ -1,5 +1,5 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - +# {{ ansible_managed }} +# [Unit] Description=SSH key agent diff --git a/templates/syncthing/config.j2 b/templates/syncthing/config.j2 new file mode 100644 index 0000000..c48c0d8 --- /dev/null +++ b/templates/syncthing/config.j2 @@ -0,0 +1,152 @@ + + + + {% for folder in syncthing_folders -%} + + + {% for id in folder.devices -%} + + + + {%- endfor %} + + basic + 20 + + 3600 + + basic + + + 0 + 0 + 0 + random + false + 0 + 0 + -1 + false + false + false + 25 + .stfolder + false + 0 + 2 + false + standard + standard + false + false + false + false + false + false + + {%- endfor %} + + {% for device in syncthing_devices -%} + +
{{ device.address }}
+ false + false + 0 + 0 + 0 + false + 0 + 0 + + {%- endfor %} + + +
{{ syncthing_listen_address }}:{{ syncthing_gui_port }}
+ {{ syncthing_api_key }} + default + true + + + + tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }} + + + + + + basic + + + + + + 1 + + + 3600 + + basic + + + 0 + 0 + 0 + random + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 2 + false + standard + standard + false + false + + + +
dynamic
+ false + false + 0 + 0 + 0 + false + 0 + 0 + + + + (?d).DS_Store + + + diff --git a/templates/sysctl/98-forward.conf.j2 b/templates/sysctl/98-forward.conf.j2 new file mode 100644 index 0000000..16f90a8 --- /dev/null +++ b/templates/sysctl/98-forward.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +net.ipv4.ip_forward = 1 diff --git a/templates/sysctl/99-sysrq.conf.j2 b/templates/sysctl/99-sysrq.conf.j2 new file mode 100644 index 0000000..a4c7283 --- /dev/null +++ b/templates/sysctl/99-sysrq.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +kernel.sysrq = 1 diff --git a/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 index bf4d594..e562de4 100644 --- a/templates/timer/daily_target.j2 +++ b/templates/timer/daily_target.j2 @@ -1,4 +1,5 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} +# # # Add the following to your service unit to make use of this target: # Wants=daily.target diff --git a/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 index cdc47f0..4290470 100644 --- a/templates/timer/daily_timer.j2 +++ b/templates/timer/daily_timer.j2 @@ -1,6 +1,5 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # - [Unit] Description=Timer which runs all services on a daily basis inside the daily.target.wants directory diff --git a/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 index 7e944cb..88109e6 100644 --- a/templates/timer/weekly_target.j2 +++ b/templates/timer/weekly_target.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # # Add the following to your service unit to make use of this target: # Wants=weekly.target diff --git a/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 index e4c33f4..00117a1 100644 --- a/templates/timer/weekly_timer.j2 +++ b/templates/timer/weekly_timer.j2 @@ -1,6 +1,5 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# {{ ansible_managed }} # - [Unit] Description=Timer which runs all services on a weekly basis inside the weekly.target.wants directory diff --git a/templates/tmux.j2 b/templates/tmux.j2 index 8fa1473..3044e2b 100644 --- a/templates/tmux.j2 +++ b/templates/tmux.j2 @@ -1,10 +1,10 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} - +# {{ ansible_managed }} +# [Unit] Description=Tmux startup script [Service] -Environment=DISPLAY=:0 +Environment=WAYLAND_DISPLAY=wayland-0 ExecStart=/home/sonny/.local/bin/tmux_start Type=forking RemainAfterExit=yes diff --git a/templates/wezterm/includes/colors.lua.j2 b/templates/wezterm/includes/colors.lua.j2 new file mode 100644 index 0000000..46a1194 --- /dev/null +++ b/templates/wezterm/includes/colors.lua.j2 @@ -0,0 +1,35 @@ +-- {{ ansible_managed }} + +local wezterm = require 'wezterm' + +-- wezterm.gui is not available to the mux server, so take care to +-- do something reasonable when this config is evaluated by the mux +local function get_appearance() + if wezterm.gui then + return wezterm.gui.get_appearance() + end + return 'Dark' +end + +local function scheme_for_appearance(appearance) + if appearance:find 'Dark' then + return 'Dark' + else + return 'Light' + end +end + +return { + color_schemes = { + ['Dark'] = { + background = 'rgb(41, 46, 50)', + foreground = 'white' + }, + ['Light'] = { + background = 'white', + foreground = 'black' + }, + }, + + color_scheme = scheme_for_appearance(get_appearance()), +} diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 new file mode 100644 index 0000000..fb2735d --- /dev/null +++ b/templates/wezterm/includes/fonts.lua.j2 @@ -0,0 +1,26 @@ +-- {{ ansible_managed }} + +local wezterm = require 'wezterm'; + +return { + font = wezterm.font( + 'MonaspiceNe Nerd Font Mono', + { weight = 'Regular', stretch = 'Normal', style = 'Normal' } + ), + + font_size = {{ wezterm_font_size }}, + freetype_load_target = 'Light', + freetype_render_target = 'HorizontalLcd', + harfbuzz_features = { + 'calt', -- texture healing + 'ss01', + 'ss02', + 'ss03', + 'ss04', + 'ss05', + 'ss06', + 'ss07', + 'ss08', + 'liga' + } +} diff --git a/templates/wezterm/includes/window.lua.j2 b/templates/wezterm/includes/window.lua.j2 new file mode 100644 index 0000000..b822f71 --- /dev/null +++ b/templates/wezterm/includes/window.lua.j2 @@ -0,0 +1,17 @@ +-- {{ ansible_managed }} + +return { + -- disable the tabbar + enable_tab_bar = false, + + -- window size + initial_cols = {{ wezterm_columns | default(145) }}, + initial_rows = {{ wezterm_rows | default(35) }}, + + window_padding = { + left = 0, + right = 0, + top = 0, + bottom = 0, + } +} diff --git a/templates/wezterm/wezterm.lua.j2 b/templates/wezterm/wezterm.lua.j2 new file mode 100644 index 0000000..557bebb --- /dev/null +++ b/templates/wezterm/wezterm.lua.j2 @@ -0,0 +1,22 @@ +-- {{ ansible_managed }} + +local wezterm = require 'wezterm'; +local config = wezterm.config_builder(); + +config.term = 'wezterm'; + +local modules = { + 'colors', + 'fonts', + 'window', +} + +for _, module_name in pairs(modules) do + local module_path = string.format('includes.%s', module_name) + local module = require(module_path) + for key, value in pairs(module) do + config[key] = value; + end +end + +return config diff --git a/templates/xps/cmdline.j2 b/templates/xps/cmdline.j2 new file mode 100644 index 0000000..e23cec7 --- /dev/null +++ b/templates/xps/cmdline.j2 @@ -0,0 +1 @@ +rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_port_pm=off acpi_rev_override=1 diff --git a/templates/xps/iwd.j2 b/templates/xps/iwd.j2 new file mode 100644 index 0000000..ece78b8 --- /dev/null +++ b/templates/xps/iwd.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[General] +AddressRandomization=network diff --git a/templates/xps/mkinitcpio/1-modules.conf.j2 b/templates/xps/mkinitcpio/1-modules.conf.j2 new file mode 100644 index 0000000..0095973 --- /dev/null +++ b/templates/xps/mkinitcpio/1-modules.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +MODULES=(intel_agp i915 i8k) diff --git a/templates/xps/mkinitcpio/2-hooks.conf.j2 b/templates/xps/mkinitcpio/2-hooks.conf.j2 new file mode 100644 index 0000000..0a885cd --- /dev/null +++ b/templates/xps/mkinitcpio/2-hooks.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +HOOKS=(base systemd autodetect modconf keyboard sd-vconsole sd-encrypt block lvm2 filesystems fsck) diff --git a/templates/xps/mkinitcpio/linux-lts.preset.j2 b/templates/xps/mkinitcpio/linux-lts.preset.j2 new file mode 100644 index 0000000..71d2550 --- /dev/null +++ b/templates/xps/mkinitcpio/linux-lts.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux-lts.efi" +default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/xps/mkinitcpio/linux.preset.j2 b/templates/xps/mkinitcpio/linux.preset.j2 new file mode 100644 index 0000000..22097bb --- /dev/null +++ b/templates/xps/mkinitcpio/linux.preset.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# +# mkinitcpio preset file for the 'linux' package + +PRESETS=('default') + +default_uki="/boot/EFI/Linux/linux.efi" +default_kver="/boot/vmlinuz-linux" diff --git a/templates/xps/network/wg0.netdev.j2 b/templates/xps/network/wg0.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/xps/network/wg0.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/xps/network/wg0.network.j2 b/templates/xps/network/wg0.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wg1.netdev.j2 b/templates/xps/network/wg1.netdev.j2 new file mode 100644 index 0000000..85ba97e --- /dev/null +++ b/templates/xps/network/wg1.netdev.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ wireguard.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ wireguard.interface }} + +[WireGuard] +PrivateKeyFile={{ wireguard.private_key_path }} +RouteTable=main + +{% for peer in wireguard.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +PresharedKeyFile={{ peer.preshared_key_path }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/xps/network/wg1.network.j2 b/templates/xps/network/wg1.network.j2 new file mode 100644 index 0000000..0254f34 --- /dev/null +++ b/templates/xps/network/wg1.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireguard.interface }} + +[Network] +Address={{ wireguard.ip }}/{{ wireguard.prefix }} +DNS={{ wireguard.dns }} +Domains={{ wireguard.domains | join(' ') }} +BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wlan0-frans.network.j2 b/templates/xps/network/wlan0-frans.network.j2 new file mode 100644 index 0000000..8ff0b0d --- /dev/null +++ b/templates/xps/network/wlan0-frans.network.j2 @@ -0,0 +1,20 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireless_interface }} +SSID={{ frans_network_ssid }} + +[Network] +Address={{ frans_network_address }} +Gateway={{ frans_network_gateway }} +DNS={{ frans_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no + +[Link] +RequiredForOnline=routable diff --git a/templates/xps/network/wlan0-local.network.j2 b/templates/xps/network/wlan0-local.network.j2 new file mode 100644 index 0000000..880606c --- /dev/null +++ b/templates/xps/network/wlan0-local.network.j2 @@ -0,0 +1,20 @@ +# {{ ansible_managed }} + +[Match] +Name={{ wireless_interface }} +SSID={{ local_network_ssid }} + +[Network] +Address={{ local_network_address }} +Gateway={{ local_network_gateway }} +DNS={{ local_network_dns }} +MulticastDNS=yes +DNSOverTLS=yes +DNSSEC=yes +DHCP=no +LinkLocalAddressing=no +IPv6AcceptRA=no +IPv6SendRA=no + +[Link] +RequiredForOnline=routable diff --git a/templates/xps/network/wlan0.network.j2 b/templates/xps/network/wlan0.network.j2 new file mode 100644 index 0000000..30d588b --- /dev/null +++ b/templates/xps/network/wlan0.network.j2 @@ -0,0 +1,12 @@ +[Match] +Name={{ wireless_interface }} + +[Network] +DNS={{ default_network_dns }} +DNSOverTLS=yes +DNSSEC=yes +DHCP=yes +IgnoreCarrierLoss=3s + +[Link] +RequiredForOnline=routable diff --git a/templates/laptop/nftables.j2 b/templates/xps/nftables.j2 similarity index 57% rename from templates/laptop/nftables.j2 rename to templates/xps/nftables.j2 index 7d01d39..f1f7d40 100644 --- a/templates/laptop/nftables.j2 +++ b/templates/xps/nftables.j2 @@ -1,5 +1,3 @@ -# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -# #!/usr/bin/nft -f # vim:set ts=2 sw=2 et: @@ -22,14 +20,17 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept + # allow mDNS + udp dport 5353 accept + # allow ssh tcp dport ssh accept + ip saddr 192.168.2.11 tcp dport 8080 accept comment "HTTP pa-dlna server" + ip saddr 192.168.2.11 udp dport 1900 accept comment "UPnP" + # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept - - # allow dhcp requests for bridged connections - iifname "vmbr0" udp dport { 53, 67 } accept } chain forward { @@ -38,9 +39,6 @@ table inet filter { ct state { established, related } accept; mark 1 accept - - iifname "vmbr0" oifname "wlan0" accept - iifname "wlan0" oifname "vmbr0" accept } } @@ -49,18 +47,3 @@ table ip filter { mark set 1 } } - -table ip nat { - chain prerouting { - type nat hook prerouting priority 0; policy accept; - - # iifname "wlan0" tcp dport { http } dnat to 10.4.0.243 - } - - chain postrouting { - type nat hook postrouting priority 0; policy accept; - - oifname "wlan0" masquerade - } -} - diff --git a/templates/xps/pa-dlna/config.j2 b/templates/xps/pa-dlna/config.j2 new file mode 100644 index 0000000..865a203 --- /dev/null +++ b/templates/xps/pa-dlna/config.j2 @@ -0,0 +1,26 @@ +# {{ ansible_managed }} +# +# This is the built-in pa-dlna configuration written as text. It can be +# parsed by a Python Configuration parser and consists of sections, each led +# by a [section] header, followed by option/value entries separated by +# '='. See https://docs.python.org/3/library/configparser.html. +# +# The 'selection' option is written as a multi-line in which case all the +# lines after the first line start with a white space. +# +# The default value of 'selection' lists the encoders in this order: +# - mp3 encoders first as mp3 is the most common encoding +# - lossless encoders +# - then lossy encoders +# See https://trac.ffmpeg.org/wiki/Encode/HighQualityAudio. + +[DEFAULT] +selection = + FFMpegFlacEncoder, + FFMpegOpusEncoder, +sample_format = s24be +rate = 96000 +channels = 2 +track_metadata = yes +soap_minimum_interval = 5 +args = None diff --git a/templates/xps/pa-dlna/service.j2 b/templates/xps/pa-dlna/service.j2 new file mode 100644 index 0000000..feef6f1 --- /dev/null +++ b/templates/xps/pa-dlna/service.j2 @@ -0,0 +1,40 @@ +# {{ ansible_managed }} +# +# When enabled, the pa-dlna service unit is started automatically after the +# pulseaudio or pipewire service unit is started. It will also stop when the +# pulseaudio or pipewire service unit stops. However it will stop when the +# pulseaudio or pipewire service unit is restarted but it will not start. +# +# Both pa-dlna and pulseaudio service units are of 'Type=notify'. This means +# that pa-dlna will only start after pulseaudio has notified systemd that it +# is ready and pa-dlna may connect successfully to libpulse. +# +# However the pipewire service unit is of 'Type=simple'. In that case and if +# pa-dlna fails to start with the error: +# LibPulseStateError(('PA_CONTEXT_FAILED', 'Connection refused')) +# add a delay to the pa-dlna start up sequence with the directive: +# ExecStartPre=/bin/sleep 1 +# +# Any pa-dlna option may be added to the 'ExecStart' directive, for example to +# restrict the allowed NICs or IP addresses (recommended) or to change the +# log level. +# The '--systemd' option is required. +# +# The 'python-systemd' package is required. + +[Unit] +Description=Pa-dlna Service +Documentation=https://pa-dlna.readthedocs.io/en/stable/ + +After=pipewire-session-manager.service + +[Service] +Type=simple +ExecStart=/opt/virtualenv/pa-dlna/bin/pa-dlna +Slice=session.slice + +NoNewPrivileges=yes +UMask=0077 + +[Install] +WantedBy=pipewire-session-manager.service diff --git a/vars/desktop.yml b/vars/desktop.yml deleted file mode 100644 index 7cf4afa..0000000 --- a/vars/desktop.yml +++ /dev/null @@ -1,26 +0,0 @@ -platform_packages: [] - -vpn_ip: '10.0.0.3' -vpn_subnet: '24' - -vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386334366166306164363464633364383935313739373730373139663139373964336665636264 - 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 - 63366239333230663531306333383962353937353736663336343434663633303232386531353832 - 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 - 62303035386634636333353664373231633434656538303866386262353139363439363435346637 - 6637363334623133376134306165626564343864633032613763 - -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: '178.85.119.159:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263" - } diff --git a/vars/gpg.yml b/vars/gpg.yml deleted file mode 100644 index 542a8a9..0000000 --- a/vars/gpg.yml +++ /dev/null @@ -1,8 +0,0 @@ -gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1' -gpg_passphrase: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61383265343062663836623033343538333562636433383735383862306465316439376333373563 - 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 - 36616636363134386333616137656333353439633832633731373834336239393337316366626462 - 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 - 3463 diff --git a/vars/laptop.yml b/vars/laptop.yml deleted file mode 100644 index f07a3b4..0000000 --- a/vars/laptop.yml +++ /dev/null @@ -1,29 +0,0 @@ -platform_packages: - - iwd - - powertop - -vpn_ip: '10.0.0.2' -vpn_subnet: '24' - -vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' - -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36393066313764386361376662376266623331313765373666616334356362656332653838346330 - 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 - 61616165376631353433353463313532643564343664346335363835306430386364303635343432 - 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 - 33656632343262373463306438333764393031623666393161356539636663346331613539396637 - 3631363333623539636561366436613861363932323966666238 - -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: '178.85.119.159:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437" - } diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index b8c5488..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,33 +0,0 @@ -xdg_config_dir: '{{ ansible_env.HOME }}/.config' -xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' - -packages: - - firefox - - mpv - - youtube-dl - - keepassxc - - gimp - - nftables - - mpd - - nfs-utils - - okular - - postgresql - - plasma-meta - - syncthing - - tmux - - unrar - - vim - - git - - openssl - - kmail - - iproute2 - - curl - - cantata - - reflector - - laptop-detect - - pipewire - - pipewire-pulse - - pipewire-alsa - - wireguard-tools - -platform_packages: [] diff --git a/vars/mpd.yml b/vars/mpd.yml index 7247e78..f28520a 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,11 +1,10 @@ -mpd_listen_address: '127.0.0.1' -mpd_listen_port: '6600' +mpd_listen_address: 127.0.0.1 +mpd_listen_port: 6600 -mpd_database_address: '10.8.0.1' -mpd_database_port: '21000' +mpd_remote_address: 'mpd.{{ server_domain }}' +mpd_remote_port: 21000 +mpd_remote_stream_port: 8000 mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' -mpd_music_dir: '{{ ansible_env.HOME }}/music' -mpd_playlist_dir: '{{ mpd_configuration_dir }}/playlists' -mpd_state_path: '{{ mpd_configuration_dir }}/state' -mpd_sticker_path: '{{ mpd_configuration_dir }}/sticker.sql' +ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' +ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp' diff --git a/vars/vpn.yml b/vars/vpn.yml deleted file mode 100644 index 194c351..0000000 --- a/vars/vpn.yml +++ /dev/null @@ -1,2 +0,0 @@ -vpn_interface: 'wg0' -vpn_protocol: 'udp' diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml new file mode 100644 index 0000000..71c9f9c --- /dev/null +++ b/vars/wireguard-media.yml @@ -0,0 +1,22 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_media_defaults: + prefix: 24 + interface: wg1 + dns: 10.0.1.1 + domains: + - '~media-vpn.{{ server_domain }}' + - '~jellyfin.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.1.0/24 + - 172.8.238.0/24 + endpoint: '{{ server_domain }}:51903' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk' + preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk diff --git a/vars/wireguard.yml b/vars/wireguard.yml new file mode 100644 index 0000000..4109b86 --- /dev/null +++ b/vars/wireguard.yml @@ -0,0 +1,28 @@ +vpn_config_dir: '/etc/wireguard' + +wireguard_defaults: + prefix: 24 + interface: wg0 + dns: 10.0.0.1 + domains: + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' + - '~mpd.{{ server_domain }}' + + public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub' + private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key' + + peers: + - name: fudiggity + allowed_ips: + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 + - 172.128.238.0/24 + endpoint: '{{ server_domain }}:51902' + public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= + preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk' + preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk diff --git a/xps.yml b/xps.yml new file mode 100644 index 0000000..ca3ab0d --- /dev/null +++ b/xps.yml @@ -0,0 +1,34 @@ +- name: Include default playbook + ansible.builtin.import_playbook: default.yml + +- name: Arch Linux provisioning + hosts: xps + gather_facts: true + tasks: + + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' + tags: wireguard-media + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + - name: Desktop provisioning + ansible.builtin.import_tasks: 'tasks/xps.yml' + tags: xps + + handlers: + - name: Import default handlers + ansible.builtin.import_tasks: handlers.yml + + - name: Import common role handlers + ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'