default.yml

@@ -14,9 +14,9 @@
       ansible.builtin.import_tasks: "tasks/network/main.yml"
       tags: network
 
-    - name: Network host specific provisioning
-      ansible.builtin.import_tasks: "tasks/network/{{ ansible_hostname }}.yml"
-      tags: network-specific
+    # - name: Network host specific provisioning
+    #   ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml'
+    #   tags: network-specific
 
     - name: Systemd provisioning
       ansible.builtin.import_tasks: "tasks/systemd.yml"

desktop.yml

@@ -1,10 +1,11 @@
 ---
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
 - name: Arch Linux provisioning
   hosts: desktop
+  gather_facts: true
   tasks:
-    - name: Include default playbook
-      ansible.builtin.import_playbook: default.yml
-
     - name: Wireguard provisioning
       ansible.builtin.import_tasks: "tasks/wireguard.yml"
       tags: wireguard

group_vars/all/main.yml

@@ -16,7 +16,6 @@ packages:
 
 xdg_config_dir: "{{ ansible_env.HOME }}/.config"
 xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin"
-xdg_state_dir: "{{ ansible_env.HOME }}/.local/state"
 
 modprobe_templates: []
 mkinitcpio_templates: []

host_vars/desktop/syncthing.yml

@@ -3,7 +3,15 @@ syncthing_listen_address: "0.0.0.0"
 syncthing_protocol_port: 22000
 syncthing_gui_port: 8384
 
-syncthing_config_version: 51
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  39643534383666343331666336356662333165633032356532323730316535616363393330376263
+  6164323430343961646635323739373363623764646361360a666566363736323739313533323562
+  34653032646230313063613265313836383033353336333461376432363530633632313234323733
+  6162646332623837370a646537336139336361666336363861353030633136373063333433643435
+  64666465356566313263376330643664313266646139663433663366316232613562663863366334
+  3061663839656563353663373135393233653130383735366538
 
 syncthing_devices:
   - name: Desktop

host_vars/desktop/system.yml

@@ -28,11 +28,12 @@ packages:
   - postgresql
   - plasma-meta
   - wezterm
-  - thunderbird
+  - kmail
   - pipewire
   - pipewire-pulse
   - pipewire-alsa
   - merkuro
+  - kmail
   - aspell-nl
   - aspell-en
 

host_vars/xps/syncthing.yml

@@ -3,7 +3,15 @@ syncthing_listen_address: "0.0.0.0"
 syncthing_protocol_port: 22000
 syncthing_gui_port: 8384
 
-syncthing_config_version: 51
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35346637623066636261633331343438313736356137633466306633613563343630363565643763
+  6631623461663330633537386539376435356338393537620a666234373932636162653830316339
+  65336339383630313837323137613137303862613061326131313437316637383637666638313235
+  6463333235646536620a316163666431323530353330356633393035663933613761313031656561
+  66333431636134366466373533616438326230323965333763316336393764303737663461363636
+  3061373832313462623765353130616237343966333332623262
 
 syncthing_devices:
   - name: Desktop

host_vars/xps/system.yml

@@ -14,7 +14,6 @@ packages:
   - efibootmgr
   - git-delta
 
-  # custom host packages
   - keepassxc
   - gimp
   - firefox
@@ -28,12 +27,16 @@ packages:
   - postgresql
   - plasma-meta
   - wezterm
-  - thunderbird
+  - kmail
   - pipewire
   - pipewire-pulse
   - pipewire-alsa
+  - merkuro
+  - kmail
   - aspell-nl
   - aspell-en
+
+  # custom host packages
   - iwd
   - nvidia
   - nvidia-prime

tasks/setup.yml

@@ -1,18 +1,11 @@
 ---
-- name: Provision polkit administrator configuration
+- name: Provision pollkit administrator configuration
   become: true
   ansible.builtin.template:
     src: "templates/polkit.j2"
     dest: "/etc/polkit-1/rules.d/49-nopasswd_global.rules"
     mode: "0755"
 
-- name: Provision systemd-boot loader configuration
-  become: true
-  ansible.builtin.template:
-    src: "templates/loader.j2"
-    dest: "/boot/loader/loader.conf"
-    mode: "0755"
-
 - name: Install shared packages
   become: true
   community.general.pacman:

tasks/syncthing.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create configuration dir
   ansible.builtin.file:
-    path: "{{ xdg_state_dir }}/syncthing"
+    path: "{{ xdg_config_dir }}/syncthing"
     state: directory
     mode: "0755"
 
@@ -14,6 +14,6 @@
 - name: Copy configuration file
   ansible.builtin.template:
     src: "templates/syncthing/config.j2"
-    dest: "{{ xdg_state_dir }}/syncthing/config.xml"
+    dest: "{{ xdg_config_dir }}/syncthing/config.xml"
     mode: "0640"
-  notify: Start syncthing
+  notify: start syncthing

tasks/systemd.yml

@@ -27,3 +27,4 @@
     dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start"
     mode: "0740"
     force: false
+# setup systemd-boot pacman hook

templates/loader.j2

@@ -1,9 +0,0 @@
-# {{ ansible_managed }}
-
-timeout 5
-editor yes
-console-mode max
-auto-entries yes
-auto-firmware yes
-auto-reboot yes
-auto-poweroff yes

templates/polkit.j2

@@ -2,6 +2,7 @@
  *
  * Allow members of the wheel group to execute any actions
  * without password authentication, similar to "sudo NOPASSWD:"
+ * without password authentication, similar to "sudo NOPASSWD:"
  */
 polkit.addRule(function(action, subject) {
     if (subject.isInGroup("wheel")) {

templates/syncthing/config.j2

@@ -14,7 +14,39 @@
         </device>
       {%- endfor %}
 
+      <filesystemType>basic</filesystemType>
       <minDiskFree unit="%">20</minDiskFree>
+      <versioning>
+        <cleanupIntervalS>3600</cleanupIntervalS>
+        <fsPath></fsPath>
+        <fsType>basic</fsType>
+      </versioning>
+
+      <copiers>0</copiers>
+      <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+      <hashers>0</hashers>
+      <order>random</order>
+      <ignoreDelete>false</ignoreDelete>
+      <scanProgressIntervalS>0</scanProgressIntervalS>
+      <pullerPauseS>0</pullerPauseS>
+      <maxConflicts>-1</maxConflicts>
+      <disableSparseFiles>false</disableSparseFiles>
+      <disableTempIndexes>false</disableTempIndexes>
+      <paused>false</paused>
+      <weakHashThresholdPct>25</weakHashThresholdPct>
+      <markerName>.stfolder</markerName>
+      <copyOwnershipFromParent>false</copyOwnershipFromParent>
+      <modTimeWindowS>0</modTimeWindowS>
+      <maxConcurrentWrites>2</maxConcurrentWrites>
+      <disableFsync>false</disableFsync>
+      <blockPullOrder>standard</blockPullOrder>
+      <copyRangeMethod>standard</copyRangeMethod>
+      <caseSensitiveFS>false</caseSensitiveFS>
+      <junctionsAsDirs>false</junctionsAsDirs>
+      <syncOwnership>false</syncOwnership>
+      <sendOwnership>false</sendOwnership>
+      <syncXattrs>false</syncXattrs>
+      <sendXattrs>false</sendXattrs>
     </folder>
   {%- endfor %}
 
@@ -24,12 +56,20 @@
       name="{{ device.name }}"
       compression="metadata">
         <address>{{ device.address }}</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
         <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+        <numConnections>0</numConnections>
     </device>
   {%- endfor %}
 
   <gui enabled="true" tls="true" debugging="false">
     <address>{{ syncthing_listen_address }}:{{ syncthing_gui_port }}</address>
+    <apikey>{{ syncthing_api_key }}</apikey>
     <theme>default</theme>
     <insecureAdminAccess>true</insecureAdminAccess>
   </gui>
@@ -37,4 +77,76 @@
   <options>
     <listenAddress>tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }}</listenAddress>
   </options>
+
+  <defaults>
+    <folder 
+      id=""
+      label=""
+      path="~"
+      type="sendreceive"
+      rescanIntervalS="3600"
+      fsWatcherEnabled="true"
+      fsWatcherDelayS="10"
+      fsWatcherTimeoutS="0"
+      ignorePerms="false"
+      autoNormalize="true">
+
+        <filesystemType>basic</filesystemType>
+
+        <device id="S7UKX27-GI7ZTXS-GC6RKUA-7AJGZ44-C6NAYEB-HSKTJQK-KJHU2NO-CWV7EQW" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+
+        <minDiskFree unit="%">1</minDiskFree>
+
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>false</junctionsAsDirs>
+    </folder>
+
+    <device
+      id=""
+      compression="metadata"
+      introducer="false"
+      skipIntroductionRemovals="false"
+      introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+        <numConnections>0</numConnections>
+    </device>
+
+    <ignores>
+        <line>(?d).DS_Store</line>
+    </ignores>
+  </defaults>
 </configuration>