diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..d9ade6f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,26 @@ +stages: + - lint + - test + +cache: + key: $CI_COMMIT_REF_SLUG + paths: + - .cache/pip + - node_modules/ + +lint: + stage: lint + image: node:12 + before_script: + - npm install prettier --no-save + script: + - npx prettier '**/*.yml' --check + +syntax-test: + stage: test + image: python:3.7 + before_script: + - pip install ansible --quiet + - ansible-galaxy install -r requirements.yml + script: + - ansible-playbook playbook.yml --syntax-check diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/ansible.cfg b/ansible.cfg index 32fe937..4c41b64 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,5 @@ [defaults] roles_path = ./roles -inventory = inventory.yml -ask_vault_pass = true [privilege_escalation] become_ask_pass = True diff --git a/default.yml b/default.yml deleted file mode 100644 index 16df3af..0000000 --- a/default.yml +++ /dev/null @@ -1,40 +0,0 @@ -- name: Arch Linux provisioning - gather_facts: true - hosts: all - roles: - - common - tasks: - - name: Generic provisioning - ansible.builtin.import_tasks: 'tasks/setup.yml' - tags: setup - - # TODO: provision ssh client config with modern cyphers - - name: Network provisioning - ansible.builtin.import_tasks: 'tasks/network/main.yml' - tags: network - - # - name: Network host specific provisioning - # ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml' - # tags: network-specific - - - name: Systemd provisioning - ansible.builtin.import_tasks: 'tasks/systemd.yml' - tags: systemd - - - name: Systemd timer provisioning - ansible.builtin.import_tasks: 'tasks/timer.yml' - tags: timers - - # Note: Disable DoH in Firefox to fallback to system's default DNS - # resolver, see - # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings - - name: MPV provisioning - ansible.builtin.import_tasks: 'tasks/mpv.yml' - tags: mpv - - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: 'handlers.yml' - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/desktop.yml b/desktop.yml deleted file mode 100644 index ab87111..0000000 --- a/desktop.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: Include default playbook - ansible.builtin.import_playbook: default.yml - -- name: Arch Linux provisioning - hosts: desktop - gather_facts: true - tasks: - - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/wireguard.yml' - tags: wireguard - - - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' - tags: wireguard-media - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' - tags: syncthing - - # TODO: provision current macvlan setup - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/desktop.yml' - tags: desktop - - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: handlers.yml - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/files/wireguard/desktop/fudiggity.key b/files/desktop/wireguard/desktop.key similarity index 100% rename from files/wireguard/desktop/fudiggity.key rename to files/desktop/wireguard/desktop.key diff --git a/files/wireguard/desktop/fudiggity.pub b/files/desktop/wireguard/desktop.pub similarity index 100% rename from files/wireguard/desktop/fudiggity.pub rename to files/desktop/wireguard/desktop.pub diff --git a/files/wireguard/desktop/preshared.psk b/files/desktop/wireguard/preshared.psk similarity index 100% rename from files/wireguard/desktop/preshared.psk rename to files/desktop/wireguard/preshared.psk diff --git a/files/gpg_key b/files/gpg_key new file mode 100644 index 0000000..5fcab22 --- /dev/null +++ b/files/gpg_key @@ -0,0 +1,264 @@ +$ANSIBLE_VAULT;1.1;AES256 +34663932363439393536333037386165353635363461356133643930373232633664343737396263 +6332613133646434333332356135336164346237383237360a643035653161363964333136346533 +37353332656361653662623137643735326532393234366165316234323364656261343132393831 +3034626136656162350a333362643166383138306136646331373439623232373532633130313262 +36356134386565343333353136616263623265623438653663336435376134346563663365373930 +30616435316364613139666661343633363436343635666661646635393661373739653765373363 +30343434396537666234306561353636323365666165333131623365383535396634623539626565 +39363138323638323234326433333066393933373839623834663632373438613339613963383333 +38333866386466303634363362323964653663613966333032633130613336366363326561363433 +30633737316535303366396563333532313036623236376430613234376637336131323666373762 +61383338303536316462616332613562636263343236616635656238653532336561623334356533 +30313662353662376530353933656464383039336664333935653834303833313230323838373838 +63643766303462306130386130333066336466313862366538383230366661373666306638353137 +62643466306435343739363138313433656336643538333133343764326238336137333939636336 +65613238396437623866616330393166363462666532373731613232393966323835346566306333 +32646432623833653761363839323237633863383666373862363761346665306265623366363635 +65326237363361353233646661646330386630653961363862363463326339633532346130396134 +31313730613134633133633362393464623663313031623862373937313763653838343935366335 +35626466346666633961363132343933393066303539353239653662373432623432336662343661 +31343434313461326263373264613538653937336336613031313637633564316134323335653638 +66353733386662616162303032363361393661653935633237323131613331613364333264353232 +30626637663366363630343764303863353035653535343931346636633636643365373237383030 +35393734663661323334373436323437393830636637383566366434663666366531323434653535 +38353064373038336362623735386532396433353063616337326636383065633035386134326533 +37323761393465303563306661646433646532643935323665636265323133623265383437336131 +31316366643932356538393932343238353165303565643663396363636135313561626132353635 +37613737356136623061353734353561653332363031613738636362363061646330303432326436 +62633334393066353835653430363561396131646534653138333263646436633038303135383564 +62386639663833346565356362633662626139666431323830323134613633343062626565653837 +37666366643631666639303131656264613665636631333335316462326431393866626131613962 +31393330663537356438623564313164316439313136333033666663303662633763363264346363 +32663634303131303939333639386536363835346539623835326530303334353463316261393665 +35613365316337363664623739323632333062393662336662323330363162636333623031323166 +37626166653166333136643764663161386434393838633566633835616235656666346464313733 +63636333666432666137373366313261656566646338626264633764633164376235326433646163 +35333935666563366631376366626335653261383033633031393631363435346233323230373266 +62333538616339333532353039343932636633363838376230336465303963663932396265613064 +30323034316232343562386261303264353238346262366639366561303931633563666134393632 +63376330663534346466363439393864373536643230316564373463356231393632666161626432 +61636330356330646432663636383764363431376364626331326664666361326636613031323161 +39633965373763326337646436653739643831376661353562663438333562306238613562326136 +64363231616362653965363039356463363735363231396566336562373762333534646430626534 +36643335663037643066656266636237636161336163326237613964393664666339333833393264 +34323235636431316537303964306165613636656465636131373037353530386136343864306466 +33386662613564646332343866313534316534303738366431626662376562346662663231383039 +30636363373336356438656636363966663563353734643230666233343539643838373065313361 +35336338303631333332646266303162383064626237623335663766613931363233366161663438 +64306236366432383663346639626162353365626137353239356531323662613163643635663262 +37666363393331336531653433323038626537336634326164356632373635303236613935643538 +31313064646136373862366535396266633430313338303533383463373933313836633066666535 +64643034316366656534393163633732323339356337616632383036646366656633303435386664 +65663831356432616538336565343639653062623937663766613361623566336463303165313832 +32353466373430386662343165306264333833656339623639383938663330333464616338343230 +34636433333130306635666633383961363366393036373465396432386534653065643231366166 +30643064353638653762363864313931616336386630356630623838373934346633356364386634 +61643632626636313461363862653532636634623563666237616632396233303338356162326536 +33376264383438376364306530653839303062313264366238343834343063363066383534373365 +61633863343939303433396461353963663331326363316333393339633637343933306563663034 +39356665663435336238326230633135383337306662393935353433623437343836376436613864 +31373136633434623130383436383737396232643033633638356536613932663166633461376633 +62623064623064396638343866663931323061383036313961316632636435653435346263323233 +66396465366266363462303165376133656262663664383963386438326635313161643861306237 +32346531303237343161333261323536386366666135386364316233643361366138363633333566 +37333838333433633336343639333134386233383738373563346536323138383733623831613635 +38663237303363386664373236373033623238373933313236383439346564363538613863633466 +33343166653136653264643130346438393238366637376337653835386539656133356361666430 +32373162363134326631333965646562353132623064623430366334616666636632623039623639 +64373334356334646561313031643331643463306566383163393534303936656532303064666235 +30373262373138383438316361653665393833653164346465323438396430343165393735316561 +62653034653565343239663838646362376538653033343863643339356532646238393362346133 +64613330653565623166636264373663623138313362393833353932653361363138623538343164 +38646666323065363034376536656431613936303133396232383166386534326339323061376337 +61396661313030376536363939346365343235616465633264643731316535313863303562353030 +32303530303762303466303262643537326531376264343634646534333932333136636238623138 +34616663643430303865353963633735333762356562373762333265616438313434393938323938 +66336235656530633838653331663263643432323763393963313661323731343365396364616361 +62346335353133383630613963323838323361333166346132323066616239633261613039666532 +32663365356330383438623863626334313962356431333730353264623337643239653465653037 +35316131336565393063656564353132313136366364376535613761326632396162633166313763 +63306562363061376261323064313465346231336539656430643165376337363434393163663238 +34613132316465663561623265313833643964323430376239646262653833633462396134343565 +31613837323362356464633739613464663435613734653432373566353461633366343836623233 +32346432363234343934653432383732346230323932373635643362633530333837313332383165 +37616231346163363734633030333464616438626138616163663161373362623961626362353234 +39353262323664663861663637386634623463626433386538386531653537616633326533323734 +66326530393537363538306337383738353164326161383736653465346265393837633831643732 +63623764393737653062623462626563363561386531386630336639316230633663356235653036 +30363439376637373364373331306564343135633864393934373365376361623937613133613435 +36373036313838373362656134323138346264303333326237356562313164353636396334316237 +31376136323037326139373930663635313864323061656132356239623763623233646562393939 +64636661666139633331343131633731336365623335353633313363346231396336346339346438 +62353266396566386539306132373636646134363962646131313938356135373632383437333865 +32373163616461373464613661623232623162643334646364333535373437333437666665623065 +33326366646338626662636134653965303866646463366630653939623031316564303664623862 +33393661316638663661646434393934313534623465313766643638373134383764333634376333 +30313263613539333638653439303038383835646137653435636338623165386539633463323663 +62323933653733346566666234333930343466613563653365386237373963636536666636393838 +31636266396236633336383434323131626464393061386566316132303064636434623838643039 +62303136373234623961333336323764643034613664653963366336356332393761633233646534 +66623464626165356432303633653338636264386462343233653139626431633466316330356538 +66393035623035653163343231316230316661666337643461633136306663663231313237643038 +65633366643238323162336166613662313536623866616262663965343565646237393861353263 +62653634653131303433353635656239666436623663306464396133656664383430323832336632 +33363066376237323661353330646233633865666439313964396462373733336465326434626336 +32363362393536356463666233633664306235633732626434623033633632636330663463336365 +66363631303836613332643566333930643333333536356234323666353130396230353630376263 +30353530303865636461356634336534633362363763353961383631343061656435623261616363 +36326132386432653065666163373430623435336666653366333065343334643832643730336331 +61386434326434323761323433343838306238643534376238623730613463396337323862303264 +33373966353033623064353562666639343732353965653366623533373034656135633065343463 +37616332663232613865333062383539633531613735653436323337643063653463333937353632 +62303364366134643830303363303633386266343137633134653537356633383832303932643863 +66356662306434346338333536623061333864376539663135383938323238393638656639623436 +39663930356363616138643736303062306136626239626434303062393035333762373933313638 +39646331626464626339663232326430613163663763316232663837633363343432633662393531 +38313462313830653863376637393765366239393734356334323765396632346138303038313834 +32353637343038363039643164646362313866376562633161343763316164393736663565393166 +66653462633936653364636530383333323636313230323030323131383736643262383561333938 +35393934333361383562373935363465373436356662396331633233633566346231323863346637 +38636631656364376335336638666563333466386437366533613564366132316430646562646232 +64393533333933626439313935373335643332326564333932366634316463343039633630616265 +65363162366634613763653061366138616663643630336430386661616564616264636263383932 +32343766373839356539663432643230386263343630326162633363326262663937646564343365 +61316564333365373230313463383731653337326263303935633438643934623135623763616564 +34376363393531353162303163653265386566396135313161393836336439393139646530623438 +31376631316233333234396533653061663461666632313839653531643432343530353132646132 +36373738643465643634316637373763666338666633623263666134346634373836313266613732 +35326539383534353437613962343732646533326139643263343236396462306666316165663665 +37643961623662663836383837303939613864373163303734623663646632376162356564663031 +31626334316565656464326537323163373938316562386166666137356632316363343237346531 +37656166343639343565653433616136353533353531336561633330313861326237343739316165 +39313232663630396136386137633039313561373930386233663862643734373532313632373538 +63353938663434653630633038323665333462663731646537353765323361353762653637613331 +35663331323831313865306664313131336633636264313061316164303137353836366266366261 +32626165646363623663613263633131396264623531386561336563393539363839393433393563 +64633762393838636338353566373864363364646538353536346332623662353034326638633038 +36336566626636666138353334363437363265653331343130653836636335663736653634313662 +38633135623732336166366136316531306565326435346235643563633932383637393236636666 +66616562393564623165646261646533313238346362353431306135653938636663663232323830 +62393333326135396636646662333332303434396235343639633939396664356463333533333430 +66383231616339353932613836666632303064393136366632663439353062356565343634386364 +64303736376639363762386237336630653132633063656363333136303631386430353662316463 +65363666666434346364333937636137343734636163303166653062396330343835616165386663 +35663563353134623336386363356632643138626135366137636563623532373764633966346437 +61353861326535663431623235653665633030626365333134383434626330313930343462353662 +32353965623662353637326562613266633866616334333563646430613763383739333637363034 +35616263393066383138336366353061386364613666633131646262383230393766393864393735 +64643633336136376132303065353630326465366336646435396663616364663036616639393637 +35386633303433616337396262336330376536356366653536363861616539343936323539373766 +65396638353163636664666333663139343762623335646366336564393036353932323561353931 +38373636636464373035663163356562636230616633636565353166663563616365363037656364 +64623861353164323262343532626232646264626164373536653531333938663734323866653636 +30326364333561353966323463623936333266663831383736386233633964613066356461303965 +33343730623936613036333266313533666530313261303765646536346134346331643935376463 +33326630313436653839303663336636373239633232353865366531663138666466306638653265 +34393664646636636366346438313133393961373231333561313366396538363634333264613166 +38353562663732613064396461346231633464626333663736356431323361616236343430613830 +66356361333135363236636434326534323466636531356539613462306533353336373363353330 +37633661303738363436366234633439383138363030323561333564616133306432383336646431 +37653364316165653666633539316539336465643832356133653736313239626466643162363939 +36323562383865633134393232343439353836306364646632636661363339393139386639356661 +63306232326431343532373737626233363036333763343933633832653766376432376235623534 +36323765666133353238393435376262343233633162633964363038643834636537396562333736 +38363935633134326461376530373630343937323036326563626364316335313839626665393837 +38313435323761343139386530346662326265626666353239356462326333333538346161313438 +36313430386332623365393835343862613338343666633930663634336263306361333861636337 +34313334613761386533636337306664613665643334396661316137376135613161353035383633 +31333664396638316465306635656139616265353639333164656666383733373433333762363435 +37666432326462393135616338633330343332383065356265653563346465343234383036316336 +39653438353839386337396530366364323235393463633464313239356333333163656561376330 +35613137636131306630363335343031633161613733376262636336313638326131343165383231 +64326566393536363937623539386235373561323935646366353165616463376237633964633464 +33353732376337323338316166643236303336393034356639623861333766303034353963396236 +38356338643634363765313664643862323061376331376232366165633830626263303163643433 +65626634343339303031653432663531366639613362613039653638383465353434333639333865 +64383030623538646465363363393161633762313135616432386130663164353033343466393132 +35633763636261616434313531663039363662653962333139303138623838363163653866613539 +36323031633230376632376533613435616239323231613635396435373833353064623834653863 +65663163393933323934323364366535383935303233323639373531646165663535356634393464 +34623532333831306563326237373933383832643637326464656666373339303237363232313938 +63373936393563386530646565346563373337383262616338383531396262626134376136303163 +31653839316339616439366135346337366231363630366264373936356538316564636330373766 +33373961636233383231333464663962666136396437373361666538343065366662623364323237 +64666237663236326661313866306336323564666263373334303266306562343239383866666365 +34313665633465353865333362666564336532663766393134363764653736653237653133313833 +63306463326161373639363362333538373263393564303065656236323363663939366638323762 +36663763313537643066623161313035616462343631336264656664643861643232383561636664 +36633836353435373161666662633838623336366161643365363136386466323937646633313731 +64373739623335353966333833316563386237373031633132353638663435646234666263633435 +34663365313863633236343936633865356166366430383339303138646163383237396239663132 +62353465623566613564333039653466666366396436386461326335373662343262386263356264 +30616538666665393561333630383037656131646239336437393737623862333532356463656435 +63623766373934393264613237653363636261333265613438373762353230393835313235633164 +62323335636333376236306261643931616230666465366666373230393438633365323135666233 +39653332643336313537396463623639646364356136303533623764376538353439303037316535 +61643961353364373638366232363461336238343363636230373834346464376261646630393866 +39376633393735646662613834626263333163383534366463333161396165343666626639326639 +32643064366565333432353430636235336238353836363331646166396533313966663664666666 +61626462653134643266353039653033383431626538346430356564353664633439356434383930 +66353736343839383165383064663039333061643363363265383030396333393762393763616638 +31386535653432323661656132343363646661656637313130353137313362373439373032613731 +65333463623961613138396633353837353061353166383837656333643836343635623363613366 +63346336636165326661363533306139643930393437666332386337373965373761393034616631 +63366632306539623633623731313233333966633735626665643562623639396537343434633835 +33383638613031356631643235326138383664376430623463323062663635623732326639396636 +38336331353336663831346530336439376634396338633664616562363135326430666238653261 +64653132613533383738663832316561613232366339316662633630366164393334356332386162 +64393965393534316136653234396162313631646332653539623362353662333337336634383736 +65616335656663393239643533623466656435383732333666396661663662306635313034306362 +38623137653464376431393731636463613866313166643165636630316364326433326132396161 +61343335336664366536656639653238313736633565343533643034646361653430396132616439 +64373231393232346163643262396233613231373561663835333065363461343263356565336530 +35333535646632303039636664306364623839306139343265666632383638333735613837316561 +33323733353937393831383565363436303638353362323432653963326562333532653864616634 +35616632646234343862643531613236636236616534623231643663393633363831663661626138 +35633763366530363339346132643163613739653532626263336565626261646264303334393834 +31663231326562663964643633316438363161653535396435646362383036656363356137663636 +31336163303766633236333465653864663539353633386664303038646663366363646566336466 +33303435393739636131636166656237323436636237353863646365326639636166363739333439 +64373139626465656264313837363233653334393033343663396563666530373538613036653064 +39396231393662396565313066616164353031613833396331666131653031623261663038336563 +36653835333538386561643033623865383338366463646465666431383833633939376565616230 +62643063333631643439643333316563303465383563393130303634333130303330663134363436 +66386132663065656464323034306132613531343037396561626234626438333063393433316633 +63636264306163636631653732396166643934643866393064353364316264333662646665636663 +66393265636230303536656535623962643934316138393532663262653966626536323233623737 +38353730343538323231623531336436333133326334343238616630656531613538316130623761 +34646233613139343231366232636565316232356365643164653933643132356432613761613636 +34363831353935656437633034333232653938613365613066333361393164623864373339313730 +62373537366466356162343663626561316530373365386437656264396433303433623134616464 +36616530363438366238393136663239623362326533636363353435653261386137616361346164 +38653636373063663932336435626361613934393432646139353833306436346662356539333131 +62326361366635643830356639326234656662316435383031343039653830393664373033653735 +61616233313138663438376632336162656139346430326562363231333430626166363031336435 +62333338623339613633313061656332613630383338306534623034316135393233616539376434 +38326234353963616234623232643839373038643933383631636635613538393262303431373364 +63376463656263313230653832626262363537363735336237306636373435616566613832316338 +64393361393064346432666539643364313433336361333262383934633066363535646562383262 +33383334376238653339323362316330303863653762306636373931633534303731336234636532 +34356361346436323363333430313231643732623461366236306338636431303632373264616139 +36376630323265623831636265633866366136316631396239646266666564313062646637636262 +35353165643464346564323937636463643832616331623036396636383133643731613033393432 +61393833656430333537653332313931663435663838646633303435626139306336623762636462 +32313934306531643662343163323630646562363134303266366530323766353138643266396633 +35396662303566343235653131613830323538363263643939666362656665313135306362363037 +36303238616634363337613935373435303931313866333565666638383835656637366464396136 +64303237646138373339376161666265303632626136353261383438386637616564616436306336 +33613164323037303530373431333565643734313636613838373638326234343531613136356566 +30636337393463396436303530653330323639386438353439613761643831316533353166333539 +30393161646239663935393438646334666530363565333964366364353530353861666633646563 +65626262643666656166306633326463363666633731363431626463616433643732353962633464 +39666533396232616130666131613232643762623562383662346366316466333339313836393737 +33353635396536333464663836366262356164666266663039623334666334343939313638346464 +63383664346635633365633962376238653365656331313362313536663138663464666436613132 +62656638396261613136393330623437383561386163653938323831373932353764623865306664 +35393130323464653266353563383663336233313361323133313435643564663063336335626266 +39396239643031666133656461393535663661643036326666663330656130313038636537386562 +39346439613333363061633364316166643135353832386432616362643337373363313931383135 +64613366373464363062386231303736336130613164366661363434346464383936646366613737 +38313730376436306165663466623335646533666138623564363466633938393139323836643865 +37373636653937343937303462663235353238656439353837663264663366396664386466646638 +34653266313135326130613531386239336538666364356234663164353662396565626361323238 +656463383063623064336666333062386432 diff --git a/files/gpg_pub b/files/gpg_pub new file mode 100644 index 0000000..c38c90d --- /dev/null +++ b/files/gpg_pub @@ -0,0 +1,40 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES +AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp +nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI +W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy +a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot +vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF +3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ +vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9 +ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy +xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC +HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT +YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz +ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x +m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au +cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD +1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL +WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp +R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if +0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp +QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U +nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G +0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW +XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua +Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I +tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP +CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK +Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh +BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi +YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL +psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18 +Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU +8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/ +FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA +TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM +ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P +hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g== +=KJ2a +-----END PGP PUBLIC KEY BLOCK----- diff --git a/files/wireguard/xps/fudiggity.key b/files/laptop/wireguard/laptop.key similarity index 100% rename from files/wireguard/xps/fudiggity.key rename to files/laptop/wireguard/laptop.key diff --git a/files/wireguard/xps/fudiggity.pub b/files/laptop/wireguard/laptop.pub similarity index 100% rename from files/wireguard/xps/fudiggity.pub rename to files/laptop/wireguard/laptop.pub diff --git a/files/wireguard/xps/preshared.psk b/files/laptop/wireguard/preshared.psk similarity index 100% rename from files/wireguard/xps/preshared.psk rename to files/laptop/wireguard/preshared.psk diff --git a/files/public-keys/desktop.pub b/files/public-keys/desktop.pub deleted file mode 100644 index 9321cdf..0000000 --- a/files/public-keys/desktop.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop diff --git a/files/public-keys/xps.pub b/files/public-keys/xps.pub deleted file mode 100755 index e36455a..0000000 --- a/files/public-keys/xps.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop diff --git a/files/tmux_start b/files/tmux_start index 56d5770..4e6646d 100755 --- a/files/tmux_start +++ b/files/tmux_start @@ -1,8 +1,16 @@ #!/bin/bash MAIN="main" +DEVELOPMENT="development" tmux start-server tmux new-session -ds $MAIN tmux new-window +tmux new-window +tmux select-window -t 0 + +tmux new-session -ds $DEVELOPMENT +tmux new-window +tmux new-window +tmux new-window tmux select-window -t 0 diff --git a/files/wireguard-media/desktop/fudiggity.key b/files/wireguard-media/desktop/fudiggity.key deleted file mode 100644 index 8782234..0000000 --- a/files/wireguard-media/desktop/fudiggity.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62383364643761623739623632633261343735343465336235386336333234656631363432623535 -6562623634363937356137616131396264633161363461340a343432363362346664646161656563 -35623334326238326135646261666330666531633831656564396139666261623937626338386632 -3233333039623039640a383931633539363238326164643365316236326435643537303866373835 -66393465663364303134376566623736636664353031336537663036636462613766343739336331 -6438643538326533313433616438386165626537373162393430 diff --git a/files/wireguard-media/desktop/fudiggity.pub b/files/wireguard-media/desktop/fudiggity.pub deleted file mode 100644 index 640bf96..0000000 --- a/files/wireguard-media/desktop/fudiggity.pub +++ /dev/null @@ -1 +0,0 @@ -YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/wireguard-media/desktop/preshared.psk b/files/wireguard-media/desktop/preshared.psk deleted file mode 100644 index 8e41aac..0000000 --- a/files/wireguard-media/desktop/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34303432393930626266313563613636343439623631633163656532363631313039386231623936 -3336636666626237316532346230303961323263613161320a383436636634376162353863386161 -36663064366461333335613633316630633335666335613464333863656536623230383262623733 -3065363835666231630a616362333233643637613762313437626366363365313831363661313336 -66373966656534646462653833343935623466613662333932666666366430663061366261396330 -3064636536643933613738356461313135363033633366396130 diff --git a/files/wireguard-media/htpc/fudiggity.key b/files/wireguard-media/htpc/fudiggity.key deleted file mode 100644 index 118a8a6..0000000 --- a/files/wireguard-media/htpc/fudiggity.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -30313239376562613332383265336333613266663264383636666437643436623462663861333639 -3830623835333263353863363535376532623262323535610a663330316133376131303465326665 -35663564623737636136306338623531653162633237636361643764343030353262616139623735 -3532626238316664310a336335633564396638303236333838363264613861616637343833363665 -39366264306438643662313130396135363461656466626436663339313337613830623364646637 -3735323933323563646563393532306237336165633534353735 diff --git a/files/wireguard-media/htpc/fudiggity.pub b/files/wireguard-media/htpc/fudiggity.pub deleted file mode 100644 index cdbb114..0000000 --- a/files/wireguard-media/htpc/fudiggity.pub +++ /dev/null @@ -1 +0,0 @@ -XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg= diff --git a/files/wireguard-media/htpc/preshared.psk b/files/wireguard-media/htpc/preshared.psk deleted file mode 100644 index 82ca126..0000000 --- a/files/wireguard-media/htpc/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65363636336134323530333461393634666334383464356239613765396465373635353465323262 -3163343634336361323765623365633637663436616539340a376566313735316262366237366435 -33666634663966386434656363633136393565336134323465306264633630333131356539623862 -3666343633396634650a626263653632643333346564303065316634643763303036376332336333 -39323430306564346635393535313233363235316535656362363931323862303530363136663961 -6139326230353537643537346664623332383863323332633565 diff --git a/files/wireguard-media/xps/fudiggity.key b/files/wireguard-media/xps/fudiggity.key deleted file mode 100644 index 939f255..0000000 --- a/files/wireguard-media/xps/fudiggity.key +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64663539393065396333623165623833636539633932306437363365656532343565643866616532 -6562373233633237623761376234336331373637393431380a386261306438393837633037383464 -64623965376138313665393239346138383230383565626264393635303835396537663865313237 -6431313635333030390a646466303961663932353830366235643762393039396531316465333837 -61613264356263616332633334386532303761353536663033373639626634396164623335626566 -3632373266313435646338343738656663356635623138623939 diff --git a/files/wireguard-media/xps/fudiggity.pub b/files/wireguard-media/xps/fudiggity.pub deleted file mode 100644 index aec0b05..0000000 --- a/files/wireguard-media/xps/fudiggity.pub +++ /dev/null @@ -1 +0,0 @@ -hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/wireguard-media/xps/preshared.psk b/files/wireguard-media/xps/preshared.psk deleted file mode 100644 index ca1d895..0000000 --- a/files/wireguard-media/xps/preshared.psk +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63643763346434313734663761386539393032613366626230373862643431613963633664353264 -6466616235653963643861643439633537656439363735330a366439356537386662353431643163 -33363830646433336366353363623835373639383663633837313030393162643931353331633133 -6534363438303261320a333364313534336465616336386337383935353631646361623866326232 -64373139636633393236303335396138326638333635663839663734346463303739646431353437 -3838653361383663633632363862306565643531353066623336 diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml deleted file mode 100644 index 9084ba3..0000000 --- a/group_vars/all/main.yml +++ /dev/null @@ -1,28 +0,0 @@ -packages: - - nftables - - tmux - - unrar - - vim - - git - - openssl - - iproute2 - - curl - - reflector - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - -xdg_config_dir: '{{ ansible_env.HOME }}/.config' -xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' - -modprobe_templates: [] -mkinitcpio_templates: [] - -boot_configuration: - -server_domain: fudiggity.nl - -register_uefi_entries: false - -wezterm_font_size: 11 diff --git a/handlers.yml b/handlers.yml index dae3fe5..e613358 100644 --- a/handlers.yml +++ b/handlers.yml @@ -22,10 +22,10 @@ daemon-reload: true scope: user -- name: start syncthing +- name: restart syncthing systemd: name: syncthing - state: started + state: restarted enabled: true scope: user @@ -36,56 +36,3 @@ state: restarted enabled: true daemon-reload: true - -- name: restart systemd-networkd - become: true - systemd: - name: systemd-networkd - state: restarted - enabled: true - -- name: restart systemd-resolved - become: true - systemd: - name: systemd-resolved - state: started - enabled: true - -- name: restart iwd - become: true - systemd: - name: iwd - state: restarted - enabled: true - -- name: stop mpd service - systemd: - name: mpd.service - state: stopped - enabled: false - scope: user - daemon-reload: true - -- name: restart mpd socket - systemd: - name: mpd - state: restarted - enabled: true - scope: user - daemon-reload: true - -- name: reload sysctl configuration - become: true - command: 'sysctl --system' - -- name: restart tmux service - systemd: - name: tmux - state: restarted - enabled: true - scope: user - -- name: user daemon-reload - ansible.builtin.systemd: - daemon-reload: true - scope: user diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml deleted file mode 100644 index 1010119..0000000 --- a/host_vars/desktop/network.yml +++ /dev/null @@ -1,13 +0,0 @@ -lan_interface: enp1s0 -lan_interface_mac: 00:d8:61:9f:52:65 - -local_network_address: 192.168.2.15/24 -local_network_dns: 9.9.9.9 149.112.112.112 -local_network_gateway: 192.168.2.254 - -hostname: desktop - -wireguard: - ip: 10.0.0.3 -wireguard_media: - ip: 10.0.1.3 diff --git a/host_vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml deleted file mode 100644 index a9f0bc0..0000000 --- a/host_vars/desktop/syncthing.yml +++ /dev/null @@ -1,45 +0,0 @@ -syncthing_listen_address: '0.0.0.0' -syncthing_protocol_port: 22000 -syncthing_gui_port: 8384 - -syncthing_config_version: 37 -syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39643534383666343331666336356662333165633032356532323730316535616363393330376263 - 6164323430343961646635323739373363623764646361360a666566363736323739313533323562 - 34653032646230313063613265313836383033353336333461376432363530633632313234323733 - 6162646332623837370a646537336139336361666336363861353030633136373063333433643435 - 64666465356566313263376330643664313266646139663433663366316232613562663863366334 - 3061663839656563353663373135393233653130383735366538 - -syncthing_devices: - - name: Desktop - id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN - address: dynamic - - - name: Fudiggity - id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV - address: tcp://syncthing.{{ server_domain }}:22000 - - - name: XPS15 - id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH - address: tcp://10.0.0.2:22000 - -syncthing_folders: - - id: default - label: Default - path: '{{ ansible_env.HOME }}/syncthing/default' - type: sendreceive - devices: - - *syncthing_desktop_id - - *syncthing_server_id - - *syncthing_xps_id - - - id: pictures - label: Pictures - path: '{{ ansible_env.HOME }}/syncthing/pictures' - type: sendreceive - devices: - - *syncthing_desktop_id - - *syncthing_server_id - - *syncthing_xps_id diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml deleted file mode 100644 index 93a9275..0000000 --- a/host_vars/desktop/system.yml +++ /dev/null @@ -1,55 +0,0 @@ -packages: - - nftables - - tmux - - unrar - - vim - - git - - openssl - - iproute2 - - curl - - reflector - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - - # custom packages - - keepassxc - - gimp - - firefox - - mpv - - yt-dlp - - nfs-utils - - syncthing - - mpd - - wireguard-tools - - okular - - postgresql - - plasma-meta - - wezterm - - kmail - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - - aspell-nl - - aspell-en - -modprobe_templates: - - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2' - dest: '/etc/modprobe.d/99-amdgpu.conf' - -mkinitcpio_templates: - - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - - src: 'templates/desktop/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - -boot_configuration: - disk: /dev/sdc - partition: 1 diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml deleted file mode 100644 index 10fc32b..0000000 --- a/host_vars/htpc/network.yml +++ /dev/null @@ -1,11 +0,0 @@ -lan_interface: enp1s0 -lan_interface_mac: bc:fc:e7:6e:73:53 - -local_network_address: 192.168.2.30/24 -local_network_dns: 9.9.9.9 149.112.112.112 -local_network_gateway: 192.168.2.254 - -hostname: htpc - -wireguard_media: - ip: 10.0.1.8 diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml deleted file mode 100644 index c26db07..0000000 --- a/host_vars/htpc/system.yml +++ /dev/null @@ -1,47 +0,0 @@ -packages: - - nftables - - tmux - - unrar - - vim - - git - - openssl - - iproute2 - - curl - - reflector - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - - # custom packages - - keepassxc - - firefox - - mpv - - yt-dlp - - wireguard-tools - - okular - - postgresql - - plasma-meta - - wezterm - - pipewire - - pipewire-pulse - - pipewire-alsa - -wezterm_columns: 90 -wezterm_rows: 18 - -modprobe_templates: [] - -mkinitcpio_templates: - - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf' - - - src: 'templates/htpc/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - -boot_configuration: - disk: /dev/sda - partition: 1 diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml deleted file mode 100644 index 864536b..0000000 --- a/host_vars/xps/network.yml +++ /dev/null @@ -1,20 +0,0 @@ -wireless_interface: wlan0 - -local_network_ssid: KPNAE51C6 -local_network_address: 192.168.2.9/24 -local_network_dns: 9.9.9.9 149.112.112.112 -local_network_gateway: 192.168.2.254 - -frans_network_ssid: KPNDD1056 -frans_network_address: 192.168.2.9/24 -frans_network_dns: 9.9.9.9 149.112.112.112 -frans_network_gateway: 192.168.2.254 - -default_network_dns: 9.9.9.9 149.112.112.112 - -hostname: xps - -wireguard: - ip: 10.0.0.2 -wireguard_media: # TODO: add missing credentials - ip: 10.0.1.2 diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml deleted file mode 100644 index 4361051..0000000 --- a/host_vars/xps/pa-dlna.yml +++ /dev/null @@ -1,2 +0,0 @@ -pa_dlna_version: 0.16 -pa_dlna_systemd_version: 0.0.9 diff --git a/host_vars/xps/syncthing.yml b/host_vars/xps/syncthing.yml deleted file mode 100644 index a817845..0000000 --- a/host_vars/xps/syncthing.yml +++ /dev/null @@ -1,45 +0,0 @@ -syncthing_listen_address: '0.0.0.0' -syncthing_protocol_port: 22000 -syncthing_gui_port: 8384 - -syncthing_config_version: 37 -syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35346637623066636261633331343438313736356137633466306633613563343630363565643763 - 6631623461663330633537386539376435356338393537620a666234373932636162653830316339 - 65336339383630313837323137613137303862613061326131313437316637383637666638313235 - 6463333235646536620a316163666431323530353330356633393035663933613761313031656561 - 66333431636134366466373533616438326230323965333763316336393764303737663461363636 - 3061373832313462623765353130616237343966333332623262 - -syncthing_devices: - - name: Desktop - id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN - address: tcp://10.0.0.3:22000 - - - name: Fudiggity - id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV - address: tcp://syncthing.{{ server_domain }}:22000 - - - name: XPS15 - id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH - address: dynamic - -syncthing_folders: - - id: default - label: Default - path: '{{ ansible_env.HOME }}/syncthing/default' - type: sendreceive - devices: - - *syncthing_desktop_id - - *syncthing_server_id - - *syncthing_xps_id - - - id: pictures - label: Pictures - path: '{{ ansible_env.HOME }}/syncthing/pictures' - type: sendreceive - devices: - - *syncthing_desktop_id - - *syncthing_server_id - - *syncthing_xps_id diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml deleted file mode 100644 index 53ed97b..0000000 --- a/host_vars/xps/system.yml +++ /dev/null @@ -1,62 +0,0 @@ -packages: - - nftables - - tmux - - unrar - - vim - - git - - openssl - - iproute2 - - curl - - reflector - - otf-monaspace-nerd - - systemd-ukify - - efibootmgr - - git-delta - - - keepassxc - - gimp - - firefox - - mpv - - yt-dlp - - nfs-utils - - syncthing - - mpd - - wireguard-tools - - okular - - postgresql - - plasma-meta - - wezterm - - kmail - - pipewire - - pipewire-pulse - - pipewire-alsa - - merkuro - - kmail - - aspell-nl - - aspell-en - - # custom host packages - - iwd - - nvidia - - nvidia-prime - - nvidia-utils - - lib32-nvidia-utils - -boot_configuration: - disk: /dev/nvme0n1 - partition: 1 - -mkinitcpio_templates: - - src: 'templates/xps/mkinitcpio/1-modules.conf.j2' - dest: '/etc/mkinitcpio.conf.d/1-modules.conf' - - - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2' - dest: '/etc/mkinitcpio.conf.d/2-hooks.conf' - - - src: 'templates/xps/mkinitcpio/linux.preset.j2' - dest: '/etc/mkinitcpio.d/linux.preset' - - - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2' - dest: '/etc/mkinitcpio.d/linux-lts.preset' - -wezterm_font_size: 10 diff --git a/htpc.yml b/htpc.yml deleted file mode 100644 index 28ffd78..0000000 --- a/htpc.yml +++ /dev/null @@ -1,19 +0,0 @@ -- hosts: htpc - gather_facts: true - -- name: Include default playbook - ansible.builtin.import_playbook: default.yml - -- name: Arch Linux provisioning - hosts: htpc - tasks: - - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' - tags: wireguard-media - - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: handlers.yml - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml' diff --git a/inventory.yml b/inventory.yml deleted file mode 100644 index 6e289f8..0000000 --- a/inventory.yml +++ /dev/null @@ -1,11 +0,0 @@ -all: - hosts: - xps: - ansible_connection: local - ansible_become_method: community.general.run0 - desktop: - ansible_connection: local - ansible_become_method: community.general.run0 - htpc: - ansible_connection: local - ansible_become_method: community.general.run0 diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..eada34f --- /dev/null +++ b/playbook.yml @@ -0,0 +1,32 @@ +- hosts: localhost + pre_tasks: + - name: install shared packages + become: true + pacman: + name: '{{ packages }}' + - name: detecting platform + import_tasks: 'tasks/platform.yml' + - name: install platform specific packages + become: true + pacman: + name: '{{ platform_packages }}' + roles: + - common + tasks: + - import_tasks: 'tasks/setup.yml' + - import_tasks: 'tasks/network.yml' + - import_tasks: 'tasks/systemd.yml' + - import_tasks: 'tasks/git.yml' + - import_tasks: 'tasks/mpv.yml' + - import_tasks: 'tasks/mpd.yml' + - import_tasks: 'tasks/syncthing.yml' + - import_tasks: 'tasks/pipewire.yml' + - import_tasks: 'tasks/timer.yml' + handlers: + - import_tasks: 'handlers.yml' + - import_tasks: 'roles/common/handlers/user.yml' + vars_files: + - 'vars/main.yml' + - 'vars/gpg.yml' + - 'vars/vpn.yml' + - 'vars/mpd.yml' diff --git a/requirements.yml b/requirements.yml index b20eeb6..ba54c45 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ -- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git +- src: git+https://git.fudiggity.nl/ansible/common.git name: common version: master scm: git diff --git a/tasks/desktop.yml b/tasks/desktop.yml deleted file mode 100644 index a5134cd..0000000 --- a/tasks/desktop.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Create xdg-desktop-portal.service.d directory - ansible.builtin.file: - path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d' - state: directory - mode: '0755' - -- name: Copy xdg-desktop-portal.service drop-in - ansible.builtin.template: - src: templates/desktop/xdg-desktop-portal.service.j2 - dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf' - mode: '0755' - notify: user daemon-reload diff --git a/tasks/git.yml b/tasks/git.yml new file mode 100644 index 0000000..3b07f8f --- /dev/null +++ b/tasks/git.yml @@ -0,0 +1,26 @@ +- name: copy git configuration + template: + src: 'templates/gitconfig.j2' + dest: '{{ ansible_env.HOME }}/.gitconfig' + +- name: copy keys + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + loop: + - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' } + - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' } + +- name: import secret key + command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key' + +- name: import public key + command: 'gpg --import ~/gpg.pub' + +- name: remove temp keys + file: + path: '{{ item }}' + state: absent + loop: + - '{{ ansible_env.HOME }}/gpg.key' + - '{{ ansible_env.HOME }}/gpg.pub' diff --git a/tasks/mpd.yaml b/tasks/mpd.yaml deleted file mode 100644 index f3e29b7..0000000 --- a/tasks/mpd.yaml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Include mpd defaults - ansible.builtin.include_vars: - file: vars/mpd.yml - -- name: Copy systemd configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0644' - loop: - - src: 'templates/mpd/service.j2' - dest: '{{ xdg_config_dir }}/systemd/user/mpd.service' - - - src: 'templates/mpd/socket.j2' - dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket' - notify: - - stop mpd service - - restart mpd socket - -- name: Create mpd files - ansible.builtin.file: - path: '{{ item.path }}' - state: '{{ item.state }}' - mode: '0755' - loop: - - path: '{{ mpd_configuration_dir }}' - state: 'directory' - - path: '{{ ncmpc_configuration_dir }}' - state: 'directory' - - path: '{{ ncmpcpp_configuration_dir }}' - state: 'directory' - - path: '{{ mpd_configuration_dir }}/playlists' - state: 'directory' - - path: '{{ mpd_configuration_dir }}/state' - state: 'touch' - -- name: Remove previous mpd files - ansible.builtin.file: - path: '{{ item.path }}' - state: '{{ item.state }}' - mode: '0755' - loop: - - path: '{{ mpd_configuration_dir }}/log' - state: 'absent' - - path: '{{ mpd_configuration_dir }}/database' - state: 'absent' - - path: '{{ mpd_configuration_dir }}/sticker.sql' - state: 'absent' - - path: '{{ ncmpc_configuration_dir }}' - state: 'absent' - -- name: Copy configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/mpd/mpd.conf.j2' - dest: '{{ mpd_configuration_dir }}/mpd.conf' - - src: 'templates/mpd/ncmpcpp/config.j2' - dest: '{{ ncmpcpp_configuration_dir }}/config' - - src: 'templates/mpd/ncmpcpp/bindings.j2' - dest: '{{ ncmpcpp_configuration_dir }}/bindings' - notify: - - stop mpd service - -# TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR -# Use mpc to control local mpd server. -# Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }} -# to add the HTTP stream to the playlist. -# Use nmcpc to control remote mpd server. diff --git a/tasks/mpd.yml b/tasks/mpd.yml new file mode 100644 index 0000000..53217f3 --- /dev/null +++ b/tasks/mpd.yml @@ -0,0 +1,14 @@ +# remote mpd server is used now + +- name: check for mpd socket + stat: + path: '{{ xdg_config_dir }}/systemd/user/mpd.socket' + register: mpd_socket + +- name: disable mpd socket + systemd: + name: mpd.socket + state: stopped + enabled: no + scope: user + when: mpd_socket.stat.exists diff --git a/tasks/mpv.yml b/tasks/mpv.yml index 3b4c52a..c0e8a8a 100644 --- a/tasks/mpv.yml +++ b/tasks/mpv.yml @@ -1,16 +1,20 @@ -- name: Create configuration directory - ansible.builtin.file: +- name: create configuration directory + file: path: '{{ ansible_env.HOME }}/.config/mpv' state: directory mode: '0700' -- name: Copy configuration files - ansible.builtin.template: +- name: copy configuration files + template: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: '0644' loop: - - src: 'templates/mpv/input.j2' - dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf' - - src: 'templates/mpv/config.j2' - dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf' + - { + src: 'templates/mpv/input.j2', + dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf', + } + - { + src: 'templates/mpv/config.j2', + dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf', + } diff --git a/tasks/network.yml b/tasks/network.yml new file mode 100644 index 0000000..bb6c4eb --- /dev/null +++ b/tasks/network.yml @@ -0,0 +1,133 @@ +- name: create wireguard directories + become: true + file: + path: '{{ item | dirname }}' + owner: root + group: systemd-network + mode: '0644' + state: directory + loop: + - '{{ vpn_private_key_path }}' + - '{{ vpn_public_key_path }}' + +- name: copy wireguard credentials + become: true + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + dest: '{{ vpn_public_key_path }}', + src: 'files/{{ platform }}/wireguard/{{ platform }}.pub', + } + - { + dest: '{{ vpn_private_key_path }}', + src: 'files/{{ platform }}/wireguard/{{ platform }}.key', + } + +- name: copy wireguard preshared keys + become: true + copy: + src: '{{ item.preshared_key_source_path }}' + dest: '{{ item.preshared_key_path }}' + owner: root + group: systemd-network + mode: '0640' + loop: '{{ vpn_peers }}' + +- name: setup desktop network configuration + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/desktop/network/enp.network.j2', + dest: '/etc/systemd/network/20-wired.network', + } + - { + src: 'templates/desktop/network/vmbr0.network.j2', + dest: '/etc/systemd/network/30-vmbr0.network', + } + - { + src: 'templates/desktop/network/vmbr0.netdev.j2', + dest: '/etc/systemd/network/30-vmbr0.netdev', + } + - { + src: 'templates/desktop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/desktop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } + when: platform == "desktop" + +- name: setup laptop network configuration + become: true + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - { + src: 'templates/laptop/network/wireless.network.j2', + dest: '/etc/systemd/network/20-wireless.network', + } + - { + src: 'templates/laptop/network/vmbr0.network.j2', + dest: '/etc/systemd/network/30-vmbr0.network', + } + - { + src: 'templates/laptop/network/vmbr0.netdev.j2', + dest: '/etc/systemd/network/30-vmbr0.netdev', + } + - { + src: 'templates/laptop/network/wg0.network.j2', + dest: '/etc/systemd/network/40-wg0.network', + } + - { + src: 'templates/laptop/network/wg0.netdev.j2', + dest: '/etc/systemd/network/40-wg0.netdev', + } + when: platform == "laptop" + +- name: restart systemd-networkd + become: true + systemd: + name: systemd-networkd + state: restarted + enabled: true + +- name: start systemd-resolved service + become: true + systemd: + name: systemd-resolved + state: started + enabled: true + +- name: start iwd service + become: true + systemd: + name: iwd + state: started + enabled: true + when: platform == "laptop" + +- name: copy firewall template + become: true + template: + src: 'templates/{{ platform }}/nftables.j2' + dest: '/etc/nftables.conf' + owner: root + group: root + mode: '0600' + notify: restart nftables diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml deleted file mode 100644 index 4eb16d8..0000000 --- a/tasks/network/desktop.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: Desktop configuration - notify: - - restart systemd-networkd - - restart systemd-resolved - block: - - name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/desktop/network/enp1s0.link.j2' - dest: '/etc/systemd/network/20-enp1s0.link' - - src: 'templates/desktop//network/enp1s0.network.j2' - dest: '/etc/systemd/network/20-enp1s0.network' - - - name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' diff --git a/tasks/network/htpc.yml b/tasks/network/htpc.yml deleted file mode 100644 index e69de29..0000000 diff --git a/tasks/network/main.yml b/tasks/network/main.yml deleted file mode 100644 index f8586b1..0000000 --- a/tasks/network/main.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Note that Wireguard does DNS resolution only once during connection. -# When a client's IP changes, the server should be notified in some way, -# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` -# for example. - -- name: Set hostname - become: true - ansible.builtin.hostname: - name: '{{ hostname }}' - use: systemd - -- name: Copy hosts file - become: true - ansible.builtin.template: - src: templates/hosts.j2 - dest: /etc/hosts - mode: '0644' - owner: root - -- name: Copy firewall template - become: true - ansible.builtin.template: - src: 'templates/{{ ansible_hostname }}/nftables.j2' - dest: /etc/nftables.conf - owner: root - group: root - mode: '0600' - notify: restart nftables diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml deleted file mode 100644 index 0c99843..0000000 --- a/tasks/network/xps.yml +++ /dev/null @@ -1,47 +0,0 @@ -- name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/xps/network/wlan0-local.network.j2' - dest: '/etc/systemd/network/10-wireless.network' - - - src: 'templates/xps/network/wlan0-frans.network.j2' - dest: '/etc/systemd/network/11-wireless.network' - - - src: 'templates/xps/network/wlan0.network.j2' - dest: '/etc/systemd/network/20-wireless.network' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Create iwd directory - become: true - ansible.builtin.template: - src: templates/xps/iwd.j2 - dest: /etc/iwd - mode: '0644' - owner: root - -- name: Provision iwd configuration - become: true - ansible.builtin.template: - src: templates/xps/iwd.j2 - dest: /etc/iwd/main.config - mode: '0755' - owner: root - notify: restart iwd - -- name: Remove leftover configuration files - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - /etc/systemd/network/30-vmbr0.network - - /etc/systemd/network/30-vmbr0.netdev - - /etc/systemd/network/10-wlan0.link diff --git a/tasks/pipewire.yml b/tasks/pipewire.yml new file mode 100644 index 0000000..1a7e7f7 --- /dev/null +++ b/tasks/pipewire.yml @@ -0,0 +1,38 @@ +# Note that pulsaudio should be removed by installing pipewire-pulse manually + +- name: create pipewire-pulse override directory + file: + path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/' + state: directory + +# sets up an post activation script to load the module-native-protocol-tcp +# with given parameters. This is not yet supported through pipewire-pulse's configuration, +# see https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp +- name: copy pipewire-pulse service override + template: + src: 'templates/pipewire-pulse.j2' + dest: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/override.conf' + +- name: copy pipewire-pulse script + template: + src: 'templates/{{ platform }}/pulse-script.j2' + dest: '{{ xdg_script_dir }}/pulse-script' + mode: 0755 + +- name: start pipewire socket + systemd: + name: pipewire.socket + state: started + enabled: true + scope: user + +- name: restart pipewire-pulse + systemd: + name: '{{ item.name }}' + state: restarted + enabled: '{{ item.enabled }}' + scope: user + daemon-reload: true + loop: + - { name: 'pipewire-pulse.socket', enabled: true } + - { name: 'pipewire-pulse.service', enabled: false } diff --git a/tasks/platform.yml b/tasks/platform.yml new file mode 100644 index 0000000..287b9c7 --- /dev/null +++ b/tasks/platform.yml @@ -0,0 +1,22 @@ +- name: detect platform + command: laptop-detect + register: is_laptop + failed_when: is_laptop.rc == 2 + +- name: set platform (desktop) + set_fact: + platform: 'desktop' + when: is_laptop.rc == 1 + +- name: set platform (laptop) + set_fact: + platform: 'laptop' + when: is_laptop.rc == 0 + +- name: load desktop specific vars + include_vars: 'vars/desktop.yml' + when: platform == "desktop" + +- name: load laptop specific vars + include_vars: 'vars/laptop.yml' + when: platform == "laptop" diff --git a/tasks/setup.yml b/tasks/setup.yml index e2c0d73..ff7a6f3 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,205 +1,51 @@ -- name: Provision pollkit administrator configuration +- name: copy reflector configuration become: true - ansible.builtin.template: - src: 'templates/polkit.j2' - dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules' - mode: '0755' - -- name: Install shared packages - become: true - community.general.pacman: - name: '{{ packages }}' - -- name: Copy reflector configuration - become: true - ansible.builtin.template: + template: src: 'templates/reflector.j2' dest: '/etc/xdg/reflector/reflector.conf' + owner: root + group: root mode: '0600' # started by weekly timer -- name: Disable reflector +- name: disable reflector become: true - ansible.builtin.systemd: + systemd: name: reflector state: stopped enabled: false -- name: Copy pacman configuration +- name: copy pacman configuration become: true - ansible.builtin.template: + template: src: 'templates/pacman.j2' dest: '/etc/pacman.conf' owner: root group: root mode: '0644' -- name: Create extra conf +- name: create extra conf become: true - ansible.builtin.file: + file: path: '/etc/pacman.d/extra.conf' owner: root group: root state: touch mode: '0644' -- name: Setup Wezterm - when: "'wezterm' in packages" - block: - - name: Create wezterm configuration dir - ansible.builtin.file: - path: '{{ xdg_config_dir }}/wezterm/includes' - state: directory - mode: '0755' - - - name: Copy wezterm configuration files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/wezterm/wezterm.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua' - - - src: 'templates/wezterm/includes/colors.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua' - - - src: 'templates/wezterm/includes/fonts.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua' - - - src: 'templates/wezterm/includes/window.lua.j2' - dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua' - -- name: Enable fstrim timer +- name: copy powertop service become: true - ansible.builtin.systemd: + template: + src: 'templates/{{ platform }}/powertop.j2' + dest: '/etc/systemd/system/powertop.service' + owner: root + group: root + mode: '0644' + notify: restart powertop + when: platform == "laptop" + +- name: enable fstrim timer + become: true + systemd: name: fstrim.timer enabled: true - -- name: Remove the sysctl.d directory - become: true - ansible.builtin.file: - path: /etc/sysctl.d - state: absent - -- name: Recreate the sysctl.d directory - become: true - ansible.builtin.file: - path: /etc/sysctl.d - state: directory - mode: '0755' - -- name: Copy sysctl files - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: - - src: 'templates/sysctl/99-sysrq.conf.j2' - dest: '/etc/sysctl.d/99-sysrq.conf' - - src: 'templates/sysctl/98-forward.conf.j2' - dest: '/etc/sysctl.d/98-foward.conf' - notify: reload sysctl configuration - -- name: Remove the modprobe.d directory - become: true - ansible.builtin.file: - path: /etc/modprobe.d - state: absent - -- name: Recreate the modprobe.d directory - become: true - ansible.builtin.file: - path: /etc/modprobe.d - state: directory - mode: '0755' - -- name: Copy modprobe configuration files - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: '{{ modprobe_templates }}' - when: modprobe_templates - -- name: Copy kernel parameters template - become: true - ansible.builtin.template: - src: 'templates/{{ ansible_hostname }}/cmdline.j2' - dest: '/etc/kernel/cmdline' - mode: '0755' - -- name: Remove the mkinitcpio directories - become: true - ansible.builtin.file: - path: '{{ item }}' - state: absent - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: Recreate the mkinitcpio directories - become: true - ansible.builtin.file: - path: '{{ item }}' - state: directory - mode: '0755' - loop: - - /etc/mkinitcpio.conf.d - - /etc/mkinitcpio.d - -- name: Copy mkinitcpio configuration files - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0755' - loop: '{{ mkinitcpio_templates }}' - when: '{{ mkinitcpio_templates | length > 0 }}' - -- name: Regenerate initramfs images - become: true - ansible.builtin.command: 'mkinitcpio --allpresets' - register: mkinitcpio_stats - -- name: Log mkinitcpio stdout - ansible.builtin.debug: - var: mkinitcpio_stats.stdout_lines - -- name: Create a Linux UEFI boot entry - become: true - ansible.builtin.command: efibootmgr \ - --create \ - --disk '{{ boot_configuration.disk }}' \ - --part '{{ boot_configuration.partition }}' \ - --label 'Arch Linux' \ - --loader '\EFI\Linux\linux.efi'\ - --unicode - --index 0 - register: efi_linux_stats - when: register_uefi_entries - -- name: Log efibootmgr stdout - ansible.builtin.debug: - var: efi_linux_stats.stdout_lines - when: register_uefi_entries - -- name: Create a Linux LTS UEFI boot entry - become: true - ansible.builtin.command: efibootmgr \ - --create \ - --disk '{{ boot_configuration.disk }}' \ - --part '{{ boot_configuration.partition }}' \ - --label 'Arch Linux LTS' \ - --loader '\EFI\Linux\linux-lts.efi'\ - --unicode - --index 1 - register: efi_linux_lts_stats - when: register_uefi_entries - -- name: Log efibootmgr LTS stdout - ansible.builtin.debug: - var: efi_linux_lts_stats.stdout_lines - when: register_uefi_entries diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index c54fde5..5f9b44c 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,18 +1,11 @@ -- name: Create configuration dir - ansible.builtin.file: +- name: create configuration dir + file: path: '{{ xdg_config_dir }}/syncthing' state: directory - mode: '0755' -- name: Stop syncthing service - ansible.builtin.systemd: - name: syncthing - scope: user - state: stopped - -- name: Copy configuration file - ansible.builtin.template: - src: 'templates/syncthing/config.j2' +- name: copy configuration file + template: + src: 'templates/{{ platform }}/syncthing.j2' dest: '{{ xdg_config_dir }}/syncthing/config.xml' - mode: '0640' - notify: start syncthing + mode: '0600' + notify: restart syncthing diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 4b6e6e5..baee82e 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,27 +1,24 @@ -- name: Setup systemd user service folder - ansible.builtin.file: +- name: setup systemd user service folder + file: path: '{{ xdg_config_dir }}/systemd/user' state: directory mode: '0755' -- name: Add ssh-agent service - ansible.builtin.template: +- name: add ssh-agent service + template: src: 'templates/ssh-agent.j2' dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service' mode: '0644' notify: restart user ssh-agent -- name: Copy tmux service - ansible.builtin.template: +- name: copy tmux service + template: src: 'templates/tmux.j2' dest: '{{ xdg_config_dir }}/systemd/user/tmux.service' mode: '0644' - notify: - - user daemon-reload - - restart tmux service -- name: Copy tmux startup script - ansible.builtin.copy: +- name: copy tmux startup script + copy: src: 'files/tmux_start' dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start' mode: '0740' diff --git a/tasks/timer.yml b/tasks/timer.yml index 7a2aa56..14702b3 100644 --- a/tasks/timer.yml +++ b/tasks/timer.yml @@ -1,5 +1,5 @@ - name: copy timer files - become: true + become: yes template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -13,7 +13,7 @@ - enable weekly timer - name: copy target files - become: true + become: yes template: src: '{{ item.src }}' dest: '{{ item.dest }}' @@ -22,12 +22,12 @@ loop: - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' } - { - src: 'templates/timer/weekly_target.j2', - dest: '/etc/systemd/system/weekly.target', - } + src: 'templates/timer/weekly_target.j2', + dest: '/etc/systemd/system/weekly.target', + } - name: create target directories - become: true + become: yes file: path: '{{ item }}' state: directory @@ -38,7 +38,7 @@ - '/etc/systemd/system/weekly.target.wants' - name: add reflector to weekly timer - become: true + become: yes file: src: '/usr/lib/systemd/system/reflector.service' dest: '/etc/systemd/system/weekly.target.wants/reflector.service' diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml deleted file mode 100644 index b22e477..0000000 --- a/tasks/wireguard-media.yml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Include wireguard media defaults - ansible.builtin.include_vars: - file: vars/wireguard-media.yml - -- name: Create Wireguard directories - become: true - ansible.builtin.file: - path: '{{ item }}' - owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ wireguard_media_defaults.private_key_path | dirname }}' - - '{{ wireguard_media_defaults.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ wireguard_media_defaults.public_key_path }}' - src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub' - - - dest: '{{ wireguard_media_defaults.private_key_path }}' - src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ wireguard_media_defaults.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2' - dest: '/etc/systemd/network/40-wg1.network' - - - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2' - dest: '/etc/systemd/network/40-wg1.netdev' - notify: - - restart systemd-networkd - - restart systemd-resolved - vars: - wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml deleted file mode 100644 index bfd9418..0000000 --- a/tasks/wireguard.yml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Include wireguard defaults - ansible.builtin.include_vars: - file: vars/wireguard.yml - -- name: Create Wireguard directories - become: true - ansible.builtin.file: - path: '{{ item }}' - owner: root - group: systemd-network - mode: '0750' - state: directory - recurse: true - loop: - - '{{ vpn_config_dir }}' - - '{{ wireguard_defaults.private_key_path | dirname }}' - - '{{ wireguard_defaults.public_key_path | dirname }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard credentials - become: true - ansible.builtin.copy: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - dest: '{{ wireguard_defaults.public_key_path }}' - src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub' - - - dest: '{{ wireguard_defaults.private_key_path }}' - src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Copy Wireguard preshared keys - become: true - ansible.builtin.copy: - src: '{{ item.preshared_key_source_path }}' - dest: '{{ item.preshared_key_path }}' - owner: root - group: systemd-network - mode: '0640' - loop: '{{ wireguard_defaults.peers }}' - notify: - - restart systemd-networkd - - restart systemd-resolved - -- name: Setup network configuration - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2' - dest: '/etc/systemd/network/40-wg0.network' - - - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2' - dest: '/etc/systemd/network/40-wg0.netdev' - notify: - - restart systemd-networkd - - restart systemd-resolved - vars: - wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}" diff --git a/tasks/xps.yml b/tasks/xps.yml deleted file mode 100644 index 06aeb90..0000000 --- a/tasks/xps.yml +++ /dev/null @@ -1,46 +0,0 @@ -- name: Provision powertop systemd service - become: true - ansible.builtin.file: - path: /etc/systemd/system/powertop.service - state: absent - -- name: Provision python pa-dlna - block: - - name: Create configuration directory - ansible.builtin.file: - path: '{{ xdg_config_dir }}/pa-dlna' - state: directory - mode: '0755' - - - name: Copy configuration file - ansible.builtin.template: - src: templates/xps/pa-dlna/config.j2 - dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf' - mode: '0755' - - - name: Copy systemd service - ansible.builtin.template: - src: templates/xps/pa-dlna/service.j2 - dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service' - mode: '0755' - - - name: Create virtualenv directory - become: true - ansible.builtin.file: - path: /opt/virtualenv/pa-dlna - state: directory - owner: sonny - group: sonny - mode: '0755' - - - name: Install pa-dlna - ansible.builtin.pip: - name: 'pa-dlna=={{ pa_dlna_version }}' - virtualenv: /opt/virtualenv/pa-dlna - virtualenv_command: python3.13 -m venv - - - name: Install python-systemd - ansible.builtin.pip: - name: 'python-systemd=={{ pa_dlna_systemd_version }}' - virtualenv: /opt/virtualenv/pa-dlna - virtualenv_command: python3.13 -m venv diff --git a/templates/desktop/cmdline.j2 b/templates/desktop/cmdline.j2 deleted file mode 100644 index 08259b5..0000000 --- a/templates/desktop/cmdline.j2 +++ /dev/null @@ -1 +0,0 @@ -root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable diff --git a/templates/desktop/mkinitcpio/1-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2 deleted file mode 100644 index 82581fb..0000000 --- a/templates/desktop/mkinitcpio/1-modules.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -MODULES=(amdgpu) diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2 deleted file mode 100644 index 71d2550..0000000 --- a/templates/desktop/mkinitcpio/linux-lts.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux-lts.efi" -default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2 deleted file mode 100644 index 22097bb..0000000 --- a/templates/desktop/mkinitcpio/linux.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux.efi" -default_kver="/boot/vmlinuz-linux" diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2 deleted file mode 100644 index 2ef56d7..0000000 --- a/templates/desktop/modprobe/99-amdgpu.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -# disable Panel Self Refresh for 6.10 -# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514 -options amdgpu dcdebugmask=0x12 diff --git a/templates/desktop/network/enp.network.j2 b/templates/desktop/network/enp.network.j2 new file mode 100644 index 0000000..3329399 --- /dev/null +++ b/templates/desktop/network/enp.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=enp* + +[Network] +DHCP=yes diff --git a/templates/desktop/network/enp1s0.link.j2 b/templates/desktop/network/enp1s0.link.j2 deleted file mode 100644 index 4ed6b79..0000000 --- a/templates/desktop/network/enp1s0.link.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -[Match] -MACAddress={{ lan_interface_mac }} - -[Link] -Name={{ lan_interface }} diff --git a/templates/desktop/network/enp1s0.network.j2 b/templates/desktop/network/enp1s0.network.j2 deleted file mode 100644 index af57302..0000000 --- a/templates/desktop/network/enp1s0.network.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ lan_interface }} - -[Network] -Address={{ local_network_address }} -Gateway={{ local_network_gateway }} -DNS={{ local_network_dns }} -MulticastDNS=yes -DNSOverTLS=yes -DNSSEC=yes -DHCP=no -LinkLocalAddressing=no -IPv6AcceptRA=no -IPv6SendRA=no -RequiredForOnline=routable diff --git a/templates/desktop/network/vmbr0.netdev.j2 b/templates/desktop/network/vmbr0.netdev.j2 new file mode 100644 index 0000000..54f171b --- /dev/null +++ b/templates/desktop/network/vmbr0.netdev.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name=vmbr0 +Kind=bridge diff --git a/templates/desktop/network/vmbr0.network.j2 b/templates/desktop/network/vmbr0.network.j2 new file mode 100644 index 0000000..a3ca139 --- /dev/null +++ b/templates/desktop/network/vmbr0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=vmbr0 + +[Network] +Address=10.4.0.1/24 +DHCP=yes +IPForward=yes +ConfigureWithoutCarrier=yes diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 85ba97e..de4e81e 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,21 +1,20 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} [NetDev] -Name={{ wireguard.interface }} +Name={{ vpn_interface }} Kind=wireguard -Description=WireGuard tunnel {{ wireguard.interface }} +Description=WireGuard tunnel {{ vpn_interface }} [WireGuard] -PrivateKeyFile={{ wireguard.private_key_path }} -RouteTable=main +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_private_key }} -{% for peer in wireguard.peers %} +{% for peer in vpn_peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} -PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 76731d3..81fbe8a 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -1,10 +1,7 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} [Match] -Name={{ wireguard.interface }} +Name={{ vpn_interface }} [Network] -Address={{ wireguard.ip }}/{{ wireguard.prefix }} -DNS={{ wireguard.dns }} -Domains={{ wireguard.domains | join(' ') }} -BindCarrier={{ lan_interface }} +Address={{ vpn_ip }}/{{ vpn_subnet }} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 deleted file mode 100644 index 85ba97e..0000000 --- a/templates/desktop/network/wg1.netdev.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# {{ ansible_managed }} - -[NetDev] -Name={{ wireguard.interface }} -Kind=wireguard -Description=WireGuard tunnel {{ wireguard.interface }} - -[WireGuard] -PrivateKeyFile={{ wireguard.private_key_path }} -RouteTable=main - -{% for peer in wireguard.peers %} -[WireGuardPeer] -PublicKey={{ peer.public_key }} -PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} -{% if peer.endpoint %} -Endpoint={{ peer.endpoint }} -{% endif %} -{% if not loop.last %} - -{% endif %} -{% endfor %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 deleted file mode 100644 index 76731d3..0000000 --- a/templates/desktop/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireguard.interface }} - -[Network] -Address={{ wireguard.ip }}/{{ wireguard.prefix }} -DNS={{ wireguard.dns }} -Domains={{ wireguard.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2 index 29f4cd1..502770a 100644 --- a/templates/desktop/nftables.j2 +++ b/templates/desktop/nftables.j2 @@ -1,11 +1,12 @@ -#!/usr/bin/nft -f +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# # vim:set ts=2 sw=2 et: flush ruleset table inet filter { chain input { - type filter hook input priority 0; policy drop; + type filter hook input priority 0; # allow established/related connections ct state { established, related } accept @@ -20,14 +21,20 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept - # allow mDNS - udp dport 5353 accept - # allow ssh tcp dport ssh accept # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept + + # allow remote pulse audio + ip saddr 10.0.0.1 tcp dport 4713 accept + + # allow dhcp requests for bridget connections + iifname "vmbr0" udp dport { 53, 67 } accept + + # everything else + reject with icmpx type port-unreachable } chain forward { @@ -36,6 +43,9 @@ table inet filter { ct state { established, related } accept; mark 1 accept + + iifname "vmbr0" oifname "enp34s0" accept + iifname "enp34s0" oifname "vmbr0" accept } } @@ -44,3 +54,16 @@ table ip filter { mark set 1 } } + +table ip nat { + chain prerouting { + type nat hook prerouting priority 0; policy accept; + + # iifname "enp34s0" tcp dport { http } dnat to 10.4.0.243 + } + + chain postrouting { + type nat hook postrouting priority 0; policy accept; + oifname "enp34s0" masquerade + } +} diff --git a/templates/desktop/pulse-script.j2 b/templates/desktop/pulse-script.j2 new file mode 100644 index 0000000..8bcc1ea --- /dev/null +++ b/templates/desktop/pulse-script.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/sh +# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen={{ vpn_ip }} diff --git a/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2 new file mode 100644 index 0000000..d9e59f9 --- /dev/null +++ b/templates/desktop/syncthing.j2 @@ -0,0 +1,134 @@ + + + + + basic + + + 0 + + 3600 + + 0 + 0 + 0 + random + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 0 + false + standard + standard + false + true + + + basic + + + 0 + + + 3600 + + 0 + 0 + 0 + random + false + 0 + 0 + -1 + false + false + false + 25 + .stfolder + false + 0 + 0 + false + standard + standard + false + true + + +
dynamic
+ false + false + 0 + 0 + 0 + + +
tcp://10.0.0.1:22000
+ false + false + 0 + 0 + 0 + + +
127.0.0.1:8384
+ Qo5fAhxR7LnwvJ7eGYr4gigkHm2LrT6y + dark + + + + default + default + true + true + 21027 + [ff12::8384]:21027 + 0 + 0 + 60 + true + 10 + true + true + 60 + 30 + 10 + 3 + 0 + rxdDP3h2 + https://data.syncthing.net/newdata + false + 1800 + true + 12 + false + 24 + false + 5 + false + 1 + https://upgrades.syncthing.net/meta.json + false + 10 + authenticationUserAndPassword + 0 + ~ + true + 0 + https://crash.syncthing.net/newcrash + true + 180 + 20 + default + auto + 0 + + diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2 deleted file mode 100644 index 7d06561..0000000 --- a/templates/desktop/xdg-desktop-portal.service.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Requires=plasma-core.target -After=plasma-core.target diff --git a/templates/gitconfig.j2 b/templates/gitconfig.j2 new file mode 100644 index 0000000..00bfd77 --- /dev/null +++ b/templates/gitconfig.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# + +[user] +email = sonny871@hotmail.com +name = Sonny Bakker +signingkey = {{ gpg_pub_key }} + +[pull] +rebase = false diff --git a/templates/hosts.j2 b/templates/hosts.j2 deleted file mode 100644 index 58cf68c..0000000 --- a/templates/hosts.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -127.0.0.1 localhost.localdomain localhost -127.0.1.1 localhost.localdomain {{ hostname }} -::1 localhost.localdomain localhost diff --git a/templates/htpc/cmdline.j2 b/templates/htpc/cmdline.j2 deleted file mode 100644 index f1e2797..0000000 --- a/templates/htpc/cmdline.j2 +++ /dev/null @@ -1 +0,0 @@ -rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap diff --git a/templates/htpc/mkinitcpio/1-modules.conf.j2 b/templates/htpc/mkinitcpio/1-modules.conf.j2 deleted file mode 100644 index 82581fb..0000000 --- a/templates/htpc/mkinitcpio/1-modules.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -MODULES=(amdgpu) diff --git a/templates/htpc/mkinitcpio/linux-lts.preset.j2 b/templates/htpc/mkinitcpio/linux-lts.preset.j2 deleted file mode 100644 index 71d2550..0000000 --- a/templates/htpc/mkinitcpio/linux-lts.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux-lts.efi" -default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/htpc/mkinitcpio/linux.preset.j2 b/templates/htpc/mkinitcpio/linux.preset.j2 deleted file mode 100644 index 22097bb..0000000 --- a/templates/htpc/mkinitcpio/linux.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux.efi" -default_kver="/boot/vmlinuz-linux" diff --git a/templates/htpc/network/enp1s0.link.j2 b/templates/htpc/network/enp1s0.link.j2 deleted file mode 100644 index 4ed6b79..0000000 --- a/templates/htpc/network/enp1s0.link.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} - -[Match] -MACAddress={{ lan_interface_mac }} - -[Link] -Name={{ lan_interface }} diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2 deleted file mode 100644 index af57302..0000000 --- a/templates/htpc/network/enp1s0.network.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ lan_interface }} - -[Network] -Address={{ local_network_address }} -Gateway={{ local_network_gateway }} -DNS={{ local_network_dns }} -MulticastDNS=yes -DNSOverTLS=yes -DNSSEC=yes -DHCP=no -LinkLocalAddressing=no -IPv6AcceptRA=no -IPv6SendRA=no -RequiredForOnline=routable diff --git a/templates/htpc/network/wg1.netdev.j2 b/templates/htpc/network/wg1.netdev.j2 deleted file mode 100644 index 85ba97e..0000000 --- a/templates/htpc/network/wg1.netdev.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# {{ ansible_managed }} - -[NetDev] -Name={{ wireguard.interface }} -Kind=wireguard -Description=WireGuard tunnel {{ wireguard.interface }} - -[WireGuard] -PrivateKeyFile={{ wireguard.private_key_path }} -RouteTable=main - -{% for peer in wireguard.peers %} -[WireGuardPeer] -PublicKey={{ peer.public_key }} -PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} -{% if peer.endpoint %} -Endpoint={{ peer.endpoint }} -{% endif %} -{% if not loop.last %} - -{% endif %} -{% endfor %} diff --git a/templates/htpc/network/wg1.network.j2 b/templates/htpc/network/wg1.network.j2 deleted file mode 100644 index 76731d3..0000000 --- a/templates/htpc/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireguard.interface }} - -[Network] -Address={{ wireguard.ip }}/{{ wireguard.prefix }} -DNS={{ wireguard.dns }} -Domains={{ wireguard.domains | join(' ') }} -BindCarrier={{ lan_interface }} diff --git a/templates/htpc/nftables.j2 b/templates/htpc/nftables.j2 deleted file mode 100644 index 9a8cb01..0000000 --- a/templates/htpc/nftables.j2 +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/nft -f -# vim:set ts=2 sw=2 et: - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - - # allow established/related connections - ct state { established, related } accept - - # early drop of invalid connections - ct state invalid drop - - # allow from loopback - iifname lo accept - - # allow icmp - ip protocol icmp accept - ip6 nexthdr icmpv6 accept - - # allow mDNS - udp dport 5353 accept - - # allow ssh - tcp dport ssh accept - } -} diff --git a/templates/laptop/network/vmbr0.netdev.j2 b/templates/laptop/network/vmbr0.netdev.j2 new file mode 100644 index 0000000..54f171b --- /dev/null +++ b/templates/laptop/network/vmbr0.netdev.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name=vmbr0 +Kind=bridge diff --git a/templates/laptop/network/vmbr0.network.j2 b/templates/laptop/network/vmbr0.network.j2 new file mode 100644 index 0000000..4bbbfa2 --- /dev/null +++ b/templates/laptop/network/vmbr0.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=vmbr0 + +[Network] +Address=10.5.0.1/24 +DHCP=ipv4 +IPForward=ipv4 +ConfigureWithoutCarrier=yes diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 new file mode 100644 index 0000000..de4e81e --- /dev/null +++ b/templates/laptop/network/wg0.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[NetDev] +Name={{ vpn_interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_private_key }} + +{% for peer in vpn_peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 new file mode 100644 index 0000000..81fbe8a --- /dev/null +++ b/templates/laptop/network/wg0.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name={{ vpn_interface }} + +[Network] +Address={{ vpn_ip }}/{{ vpn_subnet }} diff --git a/templates/laptop/network/wireless.network.j2 b/templates/laptop/network/wireless.network.j2 new file mode 100644 index 0000000..894c5db --- /dev/null +++ b/templates/laptop/network/wireless.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Match] +Name=wlan0 + +[Network] +DHCP=ipv4 diff --git a/templates/xps/nftables.j2 b/templates/laptop/nftables.j2 similarity index 57% rename from templates/xps/nftables.j2 rename to templates/laptop/nftables.j2 index f1f7d40..7d01d39 100644 --- a/templates/xps/nftables.j2 +++ b/templates/laptop/nftables.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} +# #!/usr/bin/nft -f # vim:set ts=2 sw=2 et: @@ -20,17 +22,14 @@ table inet filter { ip protocol icmp accept ip6 nexthdr icmpv6 accept - # allow mDNS - udp dport 5353 accept - # allow ssh tcp dport ssh accept - ip saddr 192.168.2.11 tcp dport 8080 accept comment "HTTP pa-dlna server" - ip saddr 192.168.2.11 udp dport 1900 accept comment "UPnP" - # syncthing ip saddr 10.0.0.1 tcp dport 22000 accept + + # allow dhcp requests for bridged connections + iifname "vmbr0" udp dport { 53, 67 } accept } chain forward { @@ -39,6 +38,9 @@ table inet filter { ct state { established, related } accept; mark 1 accept + + iifname "vmbr0" oifname "wlan0" accept + iifname "wlan0" oifname "vmbr0" accept } } @@ -47,3 +49,18 @@ table ip filter { mark set 1 } } + +table ip nat { + chain prerouting { + type nat hook prerouting priority 0; policy accept; + + # iifname "wlan0" tcp dport { http } dnat to 10.4.0.243 + } + + chain postrouting { + type nat hook postrouting priority 0; policy accept; + + oifname "wlan0" masquerade + } +} + diff --git a/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2 new file mode 100644 index 0000000..6b15cc7 --- /dev/null +++ b/templates/laptop/powertop.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Unit] +Description=Powertop tunings + +[Service] +ExecStart=/usr/bin/powertop --auto-tune +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/templates/laptop/pulse-script.j2 b/templates/laptop/pulse-script.j2 new file mode 100644 index 0000000..6d9e623 --- /dev/null +++ b/templates/laptop/pulse-script.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/sh +# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.0.0.2 diff --git a/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2 new file mode 100644 index 0000000..e653f67 --- /dev/null +++ b/templates/laptop/syncthing.j2 @@ -0,0 +1,134 @@ + + + + + basic + + + 0 + + 3600 + + 0 + 0 + 0 + random + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 0 + false + standard + standard + false + true + + + basic + + + 0 + + + 3600 + + 0 + 0 + 0 + random + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 0 + false + standard + standard + false + true + + +
tcp://10.0.0.1:22000
+ false + false + 0 + 0 + 0 + + +
dynamic
+ false + false + 0 + 0 + 0 + + +
127.0.0.1:8384
+ 2y25PxNtQjtDoe6qnDSiWpmSMpJnvoyi + dark + + + + default + default + true + true + 21027 + [ff12::8384]:21027 + 0 + 0 + 60 + true + 10 + true + true + 60 + 30 + 10 + -1 + 0 + A3FvpLVX + https://data.syncthing.net/newdata + false + 1800 + true + 12 + false + 24 + false + 5 + false + 1 + https://upgrades.syncthing.net/meta.json + false + 10 + authenticationUserAndPassword + 0 + ~ + true + 0 + https://crash.syncthing.net/newcrash + true + 180 + 20 + default + auto + 0 + + diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2 deleted file mode 100644 index af43ed2..0000000 --- a/templates/mpd/mpd.conf.j2 +++ /dev/null @@ -1,40 +0,0 @@ -# {{ ansible_managed }} -# -bind_to_address "{{ mpd_listen_address }}" -port "{{ mpd_listen_port }}" - -playlist_directory "{{ mpd_configuration_dir }}/playlists" -state_file "{{ mpd_configuration_dir }}/state" - -database { - plugin "proxy" - host "{{ mpd_remote_address }}" - port "{{ mpd_remote_port }}" -} - -audio_output { - name "mpd" - type "pipewire" - dsd "yes" -} - -audio_output { - type "fifo" - name "my_fifo" - path "/tmp/mpd.fifo" -} - -input { - enabled "no" - plugin "tidal" -} - -input { - enabled "no" - plugin "qobuz" -} - -decoder { - enabled "no" - plugin "wildmidi" -} diff --git a/templates/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2 deleted file mode 100644 index 2b02e99..0000000 --- a/templates/mpd/ncmpc.j2 +++ /dev/null @@ -1,32 +0,0 @@ -## {{ ansible_managed }} -# -## -## Configuration file for ncmpc (~/.config/ncmpc/config) -## - -############## Connection ################### -## Connect to mpd running on a specified host -host = {{ mpd_remote_address }} - -## Connect to mpd on the specified port. -port = {{ mpd_remote_port }} - -############## Theme ################### -# Topbar -color title = 0/254 -color line = 0/254 - -# Main window -color background = 15 -color list = 239/15 -color browser-directory = 239/15 -color browser-playlist = 239/15 - -# Selected -color list-bold = 147/255 - -# Bottombar -color progressbar = 0 -color status-state = 0/255 -color status-song = 0/255 -color status-time = 0/255 diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2 deleted file mode 100644 index 1f85833..0000000 --- a/templates/mpd/ncmpcpp/bindings.j2 +++ /dev/null @@ -1,323 +0,0 @@ -# {{ ansible_managed }} - -# enabled bindings -def_key "a" - add_item_to_playlist - -def_key "l" - jump_to_playing_song - -def_key "l" - next_column - -def_key "h" - previous_column - -def_key "k" - scroll_up - -def_key "j" - scroll_down - -def_key "tab" - next_screen - -def_key "shift-tab" - previous_screen - -def_key "f1" - show_help - -def_key "1" - show_playlist - -def_key "2" - show_browser - -def_key "2" - change_browse_mode - -def_key "3" - show_search_engine - -def_key "3" - reset_search_engine - -def_key "4" - show_media_library - -def_key "4" - toggle_media_library_columns_mode - -def_key "5" - show_playlist_editor - -def_key "6" - show_tag_editor - -def_key "7" - show_outputs - -def_key "8" - show_visualizer - -def_key "[" - scroll_up_album - -def_key "]" - scroll_down_album - -def_key "{" - scroll_up_artist - -def_key "}" - scroll_down_artist - -def_key "page_up" - page_up - -def_key "page_down" - page_down - -def_key "home" - move_home - -def_key "end" - move_end - -def_key "enter" - enter_directory - -def_key "enter" - toggle_output - -def_key "enter" - run_action - -def_key "enter" - play_item - -def_key "delete" - delete_playlist_items - -def_key "delete" - delete_browser_items - -def_key "delete" - delete_stored_playlist - -def_key "s" - stop - -def_key "p" - pause - -def_key ">" - next - -def_key "<" - previous - -def_key "ctrl-h" - replay_song - -def_key "f" - seek_forward - -def_key "b" - seek_backward - -def_key "ctrl-r" - toggle_repeat - -def_key "ctrl-z" - toggle_random - -def_key "ctrl-s" - toggle_single - -def_key "u" - update_database - -def_key "/" - find_item_forward - find - -def_key "q" - quit - -def_key "v" - select_range - -def_key "c" - remove_selection - -def_key "C" - clear_playlist - - -# default dummy bindings -def_key "mouse" - dummy - -def_key "up" - dummy - -def_key "shift-up" - dummy - -def_key "down" - dummy - -def_key "shift-down" - dummy - -def_key "insert" - dummy - -def_key "space" - dummy - -def_key "right" - dummy - -def_key "+" - dummy - -def_key "left" - dummy - -def_key "-" - dummy - -def_key ":" - dummy - -def_key "=" - dummy - -def_key "@" - dummy - -def_key "backspace" - dummy - -def_key "y" - dummy - -def_key "R" - dummy - -def_key "Y" - dummy - -def_key "T" - dummy - -def_key "|" - dummy - -def_key "#" - dummy - -def_key "Z" - dummy - -def_key "x" - dummy - -def_key "X" - dummy - -def_key "ctrl-f" - dummy - -def_key "ctrl-_" - dummy - -def_key "?" - dummy - -def_key "." - dummy - -def_key "," - dummy - -def_key "w" - dummy - -def_key "e" - dummy - -def_key "i" - dummy - -def_key "I" - dummy - -def_key "g" - dummy - -def_key "ctrl-v" - dummy - -def_key "B" - dummy - -def_key "m" - dummy - -def_key "n" - dummy - -def_key "M" - dummy - -def_key "A" - dummy - -def_key "S" - dummy - -def_key "o" - dummy - -def_key "G" - dummy - -def_key "~" - dummy - -def_key "E" - dummy - -def_key "U" - dummy - -def_key "P" - dummy - -def_key "\\" - dummy - -def_key "!" - dummy - -def_key "L" - dummy - -def_key "F" - dummy - -def_key "alt-l" - dummy - -def_key "ctrl-l" - dummy - -def_key "`" - dummy - -def_key "ctrl-p" - dummy diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2 deleted file mode 100644 index a7cc08a..0000000 --- a/templates/mpd/ncmpcpp/config.j2 +++ /dev/null @@ -1,42 +0,0 @@ -# {{ ansible_managed }} -# - -############## Connection ################### -## Connect to mpd running on a specified host -mpd_host = {{ mpd_remote_address }} - -## Connect to mpd on the specified port. -mpd_port = {{ mpd_remote_port }} - -# header_visibility = yes -# playlist_show_mpd_host = yes -# titles_visibility = yes -# enable_window_title = yes - - -connected_message_on_startup = no - -display_bitrate = yes - -visualizer_data_source = "/tmp/mpd.fifo" -visualizer_output_name = "my_fifo" -visualizer_in_stereo = "yes" -visualizer_type = "spectrum" -visualizer_look = "+|" - -############## Theme ################### - -user_interface = classic - -song_columns_list_format = "(40)[9]{t|f} (25)[245]{a} (25)[245]{b} (25)[245]{l}" -song_list_format = "{$5 %a$9 $1│$9 $8%t$9 }|{ $8%f$9}$R{$5%b $7}" - -# Column Names -header_window_color = 1 - -# Main window -main_window_color = 1 - -# Bottombar -progressbar_color = 1 -player_state_color = 1 diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2 deleted file mode 100644 index 54d1304..0000000 --- a/templates/mpd/service.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# {{ ansible_managed }} -# - -[Unit] -Description=Music Player Daemon -Documentation=man:mpd(1) man:mpd.conf(5) - -[Service] -Type=notify -ExecStart=/usr/bin/mpd --systemd -Restart=on-failure -RestartSec=15s -TimeoutStopSec=3 diff --git a/templates/mpd/socket.j2 b/templates/mpd/socket.j2 deleted file mode 100644 index f6c6d2f..0000000 --- a/templates/mpd/socket.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# {{ ansible_managed }} -# - -[Socket] -ListenStream=/run/user/1000/mpd.socket -ListenStream={{ mpd_listen_port }} -Backlog=5 -KeepAlive=true -PassCredentials=true - -[Install] -WantedBy=sockets.target diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2 index cb9323b..706daf1 100644 --- a/templates/mpv/config.j2 +++ b/templates/mpv/config.j2 @@ -1,14 +1,12 @@ -# {{ ansible_managed }} -# -gpu-api=opengl +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +volume=100 +sub-auto=fuzzy +gpu-api=vulkan vo=gpu hwdec=vaapi -audio-samplerate=128000 +ytdl-format=best + +audio-samplerate=96000 audio-format=s64 -volume=100 - -keep-open=yes # do not close the window on exit -keepaspect-window=no # add black bars if window aspect and video aspect mismatch - -sub-auto=fuzzy # load all subs containing the media filename diff --git a/templates/mpv/input.j2 b/templates/mpv/input.j2 index a405e81..b63757d 100644 --- a/templates/mpv/input.j2 +++ b/templates/mpv/input.j2 @@ -1,13 +1,14 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # -# See /usr/share/doc/mpv/input.conf for more options. -# -## Seek units are in seconds, but note that these are limited by keyframes. +## Seek units are in seconds, but note that these are limited by keyframes RIGHT seek 5 LEFT seek -5 SHIFT+RIGHT seek 60 SHIFT+LEFT seek -60 +# UP add volume 2 +# DOWN add volume -2 + UP add ao-volume 2 DOWN add ao-volume -2 m cycle ao-mute @@ -18,7 +19,8 @@ PGDWN add chapter -1 # skip to previous chapter q quit j cycle sub # cycle through subtitles -- cycle audio # switch audio track + +#SHARP cycle audio # switch audio streams f cycle fullscreen # toggle fullscreen s screenshot # take a screenshot diff --git a/templates/pacman.j2 b/templates/pacman.j2 index 76ce942..683ec24 100644 --- a/templates/pacman.j2 +++ b/templates/pacman.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # # /etc/pacman.conf # @@ -37,11 +37,10 @@ Architecture = auto #UseSyslog #Color #NoProgressBar +#TotalDownload CheckSpace VerbosePkgLists ParallelDownloads = 5 -DownloadUser = alpm -#DisableSandbox # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. @@ -76,16 +75,19 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[core-testing] +#[testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -#[extra-testing] +[extra] +Include = /etc/pacman.d/mirrorlist + +#[community-testing] #Include = /etc/pacman.d/mirrorlist -[extra] +[community] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/templates/pipewire-pulse.j2 b/templates/pipewire-pulse.j2 new file mode 100644 index 0000000..a0aa782 --- /dev/null +++ b/templates/pipewire-pulse.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + +[Service] +ExecStartPost={{ xdg_script_dir }}/pulse-script diff --git a/templates/polkit.j2 b/templates/polkit.j2 deleted file mode 100644 index 86a4b5f..0000000 --- a/templates/polkit.j2 +++ /dev/null @@ -1,11 +0,0 @@ -/* {{ ansible_managed }} - * - * Allow members of the wheel group to execute any actions - * without password authentication, similar to "sudo NOPASSWD:" - * without password authentication, similar to "sudo NOPASSWD:" - */ -polkit.addRule(function(action, subject) { - if (subject.isInGroup("wheel")) { - return polkit.Result.YES; - } -}); diff --git a/templates/reflector.j2 b/templates/reflector.j2 index 6d6eb4d..fbd1a42 100644 --- a/templates/reflector.j2 +++ b/templates/reflector.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # # Reflector configuration file for the systemd service. # diff --git a/templates/ssh-agent.j2 b/templates/ssh-agent.j2 index d625c48..67fdbea 100644 --- a/templates/ssh-agent.j2 +++ b/templates/ssh-agent.j2 @@ -1,5 +1,5 @@ -# {{ ansible_managed }} -# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + [Unit] Description=SSH key agent diff --git a/templates/syncthing/config.j2 b/templates/syncthing/config.j2 deleted file mode 100644 index c48c0d8..0000000 --- a/templates/syncthing/config.j2 +++ /dev/null @@ -1,152 +0,0 @@ - - - - {% for folder in syncthing_folders -%} - - - {% for id in folder.devices -%} - - - - {%- endfor %} - - basic - 20 - - 3600 - - basic - - - 0 - 0 - 0 - random - false - 0 - 0 - -1 - false - false - false - 25 - .stfolder - false - 0 - 2 - false - standard - standard - false - false - false - false - false - false - - {%- endfor %} - - {% for device in syncthing_devices -%} - -
{{ device.address }}
- false - false - 0 - 0 - 0 - false - 0 - 0 - - {%- endfor %} - - -
{{ syncthing_listen_address }}:{{ syncthing_gui_port }}
- {{ syncthing_api_key }} - default - true - - - - tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }} - - - - - - basic - - - - - - 1 - - - 3600 - - basic - - - 0 - 0 - 0 - random - false - 0 - 0 - 10 - false - false - false - 25 - .stfolder - false - 0 - 2 - false - standard - standard - false - false - - - -
dynamic
- false - false - 0 - 0 - 0 - false - 0 - 0 - - - - (?d).DS_Store - - - diff --git a/templates/sysctl/98-forward.conf.j2 b/templates/sysctl/98-forward.conf.j2 deleted file mode 100644 index 16f90a8..0000000 --- a/templates/sysctl/98-forward.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -net.ipv4.ip_forward = 1 diff --git a/templates/sysctl/99-sysrq.conf.j2 b/templates/sysctl/99-sysrq.conf.j2 deleted file mode 100644 index a4c7283..0000000 --- a/templates/sysctl/99-sysrq.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -kernel.sysrq = 1 diff --git a/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2 index e562de4..bf4d594 100644 --- a/templates/timer/daily_target.j2 +++ b/templates/timer/daily_target.j2 @@ -1,5 +1,4 @@ -# {{ ansible_managed }} -# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # # Add the following to your service unit to make use of this target: # Wants=daily.target diff --git a/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2 index 4290470..cdc47f0 100644 --- a/templates/timer/daily_timer.j2 +++ b/templates/timer/daily_timer.j2 @@ -1,5 +1,6 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # + [Unit] Description=Timer which runs all services on a daily basis inside the daily.target.wants directory diff --git a/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2 index 88109e6..7e944cb 100644 --- a/templates/timer/weekly_target.j2 +++ b/templates/timer/weekly_target.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # # Add the following to your service unit to make use of this target: # Wants=weekly.target diff --git a/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2 index 00117a1..e4c33f4 100644 --- a/templates/timer/weekly_timer.j2 +++ b/templates/timer/weekly_timer.j2 @@ -1,5 +1,6 @@ -# {{ ansible_managed }} +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} # + [Unit] Description=Timer which runs all services on a weekly basis inside the weekly.target.wants directory diff --git a/templates/tmux.j2 b/templates/tmux.j2 index 3044e2b..8fa1473 100644 --- a/templates/tmux.j2 +++ b/templates/tmux.j2 @@ -1,10 +1,10 @@ -# {{ ansible_managed }} -# +# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} + [Unit] Description=Tmux startup script [Service] -Environment=WAYLAND_DISPLAY=wayland-0 +Environment=DISPLAY=:0 ExecStart=/home/sonny/.local/bin/tmux_start Type=forking RemainAfterExit=yes diff --git a/templates/wezterm/includes/colors.lua.j2 b/templates/wezterm/includes/colors.lua.j2 deleted file mode 100644 index 46a1194..0000000 --- a/templates/wezterm/includes/colors.lua.j2 +++ /dev/null @@ -1,35 +0,0 @@ --- {{ ansible_managed }} - -local wezterm = require 'wezterm' - --- wezterm.gui is not available to the mux server, so take care to --- do something reasonable when this config is evaluated by the mux -local function get_appearance() - if wezterm.gui then - return wezterm.gui.get_appearance() - end - return 'Dark' -end - -local function scheme_for_appearance(appearance) - if appearance:find 'Dark' then - return 'Dark' - else - return 'Light' - end -end - -return { - color_schemes = { - ['Dark'] = { - background = 'rgb(41, 46, 50)', - foreground = 'white' - }, - ['Light'] = { - background = 'white', - foreground = 'black' - }, - }, - - color_scheme = scheme_for_appearance(get_appearance()), -} diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2 deleted file mode 100644 index fb2735d..0000000 --- a/templates/wezterm/includes/fonts.lua.j2 +++ /dev/null @@ -1,26 +0,0 @@ --- {{ ansible_managed }} - -local wezterm = require 'wezterm'; - -return { - font = wezterm.font( - 'MonaspiceNe Nerd Font Mono', - { weight = 'Regular', stretch = 'Normal', style = 'Normal' } - ), - - font_size = {{ wezterm_font_size }}, - freetype_load_target = 'Light', - freetype_render_target = 'HorizontalLcd', - harfbuzz_features = { - 'calt', -- texture healing - 'ss01', - 'ss02', - 'ss03', - 'ss04', - 'ss05', - 'ss06', - 'ss07', - 'ss08', - 'liga' - } -} diff --git a/templates/wezterm/includes/window.lua.j2 b/templates/wezterm/includes/window.lua.j2 deleted file mode 100644 index b822f71..0000000 --- a/templates/wezterm/includes/window.lua.j2 +++ /dev/null @@ -1,17 +0,0 @@ --- {{ ansible_managed }} - -return { - -- disable the tabbar - enable_tab_bar = false, - - -- window size - initial_cols = {{ wezterm_columns | default(145) }}, - initial_rows = {{ wezterm_rows | default(35) }}, - - window_padding = { - left = 0, - right = 0, - top = 0, - bottom = 0, - } -} diff --git a/templates/wezterm/wezterm.lua.j2 b/templates/wezterm/wezterm.lua.j2 deleted file mode 100644 index 557bebb..0000000 --- a/templates/wezterm/wezterm.lua.j2 +++ /dev/null @@ -1,22 +0,0 @@ --- {{ ansible_managed }} - -local wezterm = require 'wezterm'; -local config = wezterm.config_builder(); - -config.term = 'wezterm'; - -local modules = { - 'colors', - 'fonts', - 'window', -} - -for _, module_name in pairs(modules) do - local module_path = string.format('includes.%s', module_name) - local module = require(module_path) - for key, value in pairs(module) do - config[key] = value; - end -end - -return config diff --git a/templates/xps/cmdline.j2 b/templates/xps/cmdline.j2 deleted file mode 100644 index e23cec7..0000000 --- a/templates/xps/cmdline.j2 +++ /dev/null @@ -1 +0,0 @@ -rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_port_pm=off acpi_rev_override=1 diff --git a/templates/xps/iwd.j2 b/templates/xps/iwd.j2 deleted file mode 100644 index ece78b8..0000000 --- a/templates/xps/iwd.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} - -[General] -AddressRandomization=network diff --git a/templates/xps/mkinitcpio/1-modules.conf.j2 b/templates/xps/mkinitcpio/1-modules.conf.j2 deleted file mode 100644 index 0095973..0000000 --- a/templates/xps/mkinitcpio/1-modules.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -MODULES=(intel_agp i915 i8k) diff --git a/templates/xps/mkinitcpio/2-hooks.conf.j2 b/templates/xps/mkinitcpio/2-hooks.conf.j2 deleted file mode 100644 index 0a885cd..0000000 --- a/templates/xps/mkinitcpio/2-hooks.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -HOOKS=(base systemd autodetect modconf keyboard sd-vconsole sd-encrypt block lvm2 filesystems fsck) diff --git a/templates/xps/mkinitcpio/linux-lts.preset.j2 b/templates/xps/mkinitcpio/linux-lts.preset.j2 deleted file mode 100644 index 71d2550..0000000 --- a/templates/xps/mkinitcpio/linux-lts.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux-lts.efi" -default_kver="/boot/vmlinuz-linux-lts" diff --git a/templates/xps/mkinitcpio/linux.preset.j2 b/templates/xps/mkinitcpio/linux.preset.j2 deleted file mode 100644 index 22097bb..0000000 --- a/templates/xps/mkinitcpio/linux.preset.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} -# -# mkinitcpio preset file for the 'linux' package - -PRESETS=('default') - -default_uki="/boot/EFI/Linux/linux.efi" -default_kver="/boot/vmlinuz-linux" diff --git a/templates/xps/network/wg0.netdev.j2 b/templates/xps/network/wg0.netdev.j2 deleted file mode 100644 index 85ba97e..0000000 --- a/templates/xps/network/wg0.netdev.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# {{ ansible_managed }} - -[NetDev] -Name={{ wireguard.interface }} -Kind=wireguard -Description=WireGuard tunnel {{ wireguard.interface }} - -[WireGuard] -PrivateKeyFile={{ wireguard.private_key_path }} -RouteTable=main - -{% for peer in wireguard.peers %} -[WireGuardPeer] -PublicKey={{ peer.public_key }} -PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} -{% if peer.endpoint %} -Endpoint={{ peer.endpoint }} -{% endif %} -{% if not loop.last %} - -{% endif %} -{% endfor %} diff --git a/templates/xps/network/wg0.network.j2 b/templates/xps/network/wg0.network.j2 deleted file mode 100644 index 0254f34..0000000 --- a/templates/xps/network/wg0.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireguard.interface }} - -[Network] -Address={{ wireguard.ip }}/{{ wireguard.prefix }} -DNS={{ wireguard.dns }} -Domains={{ wireguard.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wg1.netdev.j2 b/templates/xps/network/wg1.netdev.j2 deleted file mode 100644 index 85ba97e..0000000 --- a/templates/xps/network/wg1.netdev.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# {{ ansible_managed }} - -[NetDev] -Name={{ wireguard.interface }} -Kind=wireguard -Description=WireGuard tunnel {{ wireguard.interface }} - -[WireGuard] -PrivateKeyFile={{ wireguard.private_key_path }} -RouteTable=main - -{% for peer in wireguard.peers %} -[WireGuardPeer] -PublicKey={{ peer.public_key }} -PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} -{% if peer.endpoint %} -Endpoint={{ peer.endpoint }} -{% endif %} -{% if not loop.last %} - -{% endif %} -{% endfor %} diff --git a/templates/xps/network/wg1.network.j2 b/templates/xps/network/wg1.network.j2 deleted file mode 100644 index 0254f34..0000000 --- a/templates/xps/network/wg1.network.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireguard.interface }} - -[Network] -Address={{ wireguard.ip }}/{{ wireguard.prefix }} -DNS={{ wireguard.dns }} -Domains={{ wireguard.domains | join(' ') }} -BindCarrier={{ wireless_interface }} diff --git a/templates/xps/network/wlan0-frans.network.j2 b/templates/xps/network/wlan0-frans.network.j2 deleted file mode 100644 index 8ff0b0d..0000000 --- a/templates/xps/network/wlan0-frans.network.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireless_interface }} -SSID={{ frans_network_ssid }} - -[Network] -Address={{ frans_network_address }} -Gateway={{ frans_network_gateway }} -DNS={{ frans_network_dns }} -MulticastDNS=yes -DNSOverTLS=yes -DNSSEC=yes -DHCP=no -LinkLocalAddressing=no -IPv6AcceptRA=no -IPv6SendRA=no - -[Link] -RequiredForOnline=routable diff --git a/templates/xps/network/wlan0-local.network.j2 b/templates/xps/network/wlan0-local.network.j2 deleted file mode 100644 index 880606c..0000000 --- a/templates/xps/network/wlan0-local.network.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# {{ ansible_managed }} - -[Match] -Name={{ wireless_interface }} -SSID={{ local_network_ssid }} - -[Network] -Address={{ local_network_address }} -Gateway={{ local_network_gateway }} -DNS={{ local_network_dns }} -MulticastDNS=yes -DNSOverTLS=yes -DNSSEC=yes -DHCP=no -LinkLocalAddressing=no -IPv6AcceptRA=no -IPv6SendRA=no - -[Link] -RequiredForOnline=routable diff --git a/templates/xps/network/wlan0.network.j2 b/templates/xps/network/wlan0.network.j2 deleted file mode 100644 index 30d588b..0000000 --- a/templates/xps/network/wlan0.network.j2 +++ /dev/null @@ -1,12 +0,0 @@ -[Match] -Name={{ wireless_interface }} - -[Network] -DNS={{ default_network_dns }} -DNSOverTLS=yes -DNSSEC=yes -DHCP=yes -IgnoreCarrierLoss=3s - -[Link] -RequiredForOnline=routable diff --git a/templates/xps/pa-dlna/config.j2 b/templates/xps/pa-dlna/config.j2 deleted file mode 100644 index 865a203..0000000 --- a/templates/xps/pa-dlna/config.j2 +++ /dev/null @@ -1,26 +0,0 @@ -# {{ ansible_managed }} -# -# This is the built-in pa-dlna configuration written as text. It can be -# parsed by a Python Configuration parser and consists of sections, each led -# by a [section] header, followed by option/value entries separated by -# '='. See https://docs.python.org/3/library/configparser.html. -# -# The 'selection' option is written as a multi-line in which case all the -# lines after the first line start with a white space. -# -# The default value of 'selection' lists the encoders in this order: -# - mp3 encoders first as mp3 is the most common encoding -# - lossless encoders -# - then lossy encoders -# See https://trac.ffmpeg.org/wiki/Encode/HighQualityAudio. - -[DEFAULT] -selection = - FFMpegFlacEncoder, - FFMpegOpusEncoder, -sample_format = s24be -rate = 96000 -channels = 2 -track_metadata = yes -soap_minimum_interval = 5 -args = None diff --git a/templates/xps/pa-dlna/service.j2 b/templates/xps/pa-dlna/service.j2 deleted file mode 100644 index feef6f1..0000000 --- a/templates/xps/pa-dlna/service.j2 +++ /dev/null @@ -1,40 +0,0 @@ -# {{ ansible_managed }} -# -# When enabled, the pa-dlna service unit is started automatically after the -# pulseaudio or pipewire service unit is started. It will also stop when the -# pulseaudio or pipewire service unit stops. However it will stop when the -# pulseaudio or pipewire service unit is restarted but it will not start. -# -# Both pa-dlna and pulseaudio service units are of 'Type=notify'. This means -# that pa-dlna will only start after pulseaudio has notified systemd that it -# is ready and pa-dlna may connect successfully to libpulse. -# -# However the pipewire service unit is of 'Type=simple'. In that case and if -# pa-dlna fails to start with the error: -# LibPulseStateError(('PA_CONTEXT_FAILED', 'Connection refused')) -# add a delay to the pa-dlna start up sequence with the directive: -# ExecStartPre=/bin/sleep 1 -# -# Any pa-dlna option may be added to the 'ExecStart' directive, for example to -# restrict the allowed NICs or IP addresses (recommended) or to change the -# log level. -# The '--systemd' option is required. -# -# The 'python-systemd' package is required. - -[Unit] -Description=Pa-dlna Service -Documentation=https://pa-dlna.readthedocs.io/en/stable/ - -After=pipewire-session-manager.service - -[Service] -Type=simple -ExecStart=/opt/virtualenv/pa-dlna/bin/pa-dlna -Slice=session.slice - -NoNewPrivileges=yes -UMask=0077 - -[Install] -WantedBy=pipewire-session-manager.service diff --git a/vars/desktop.yml b/vars/desktop.yml new file mode 100644 index 0000000..7cf4afa --- /dev/null +++ b/vars/desktop.yml @@ -0,0 +1,26 @@ +platform_packages: [] + +vpn_ip: '10.0.0.3' +vpn_subnet: '24' + +vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' +vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' +vpn_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65386334366166306164363464633364383935313739373730373139663139373964336665636264 + 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 + 63366239333230663531306333383962353937353736663336343434663633303232386531353832 + 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 + 62303035386634636333353664373231633434656538303866386262353139363439363435346637 + 6637363334623133376134306165626564343864633032613763 + +vpn_peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: '178.85.119.159:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', + preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263" + } diff --git a/vars/gpg.yml b/vars/gpg.yml new file mode 100644 index 0000000..542a8a9 --- /dev/null +++ b/vars/gpg.yml @@ -0,0 +1,8 @@ +gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1' +gpg_passphrase: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61383265343062663836623033343538333562636433383735383862306465316439376333373563 + 6131336136653533323561633434633961393061623233640a366430396532326465326530356136 + 36616636363134386333616137656333353439633832633731373834336239393337316366626462 + 6164343331613663620a303363353064376630633939363831373339383961626137376361323438 + 3463 diff --git a/vars/laptop.yml b/vars/laptop.yml new file mode 100644 index 0000000..f07a3b4 --- /dev/null +++ b/vars/laptop.yml @@ -0,0 +1,29 @@ +platform_packages: + - iwd + - powertop + +vpn_ip: '10.0.0.2' +vpn_subnet: '24' + +vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' +vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' + +vpn_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36393066313764386361376662376266623331313765373666616334356362656332653838346330 + 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 + 61616165376631353433353463313532643564343664346335363835306430386364303635343432 + 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 + 33656632343262373463306438333764393031623666393161356539636663346331613539396637 + 3631363333623539636561366436613861363932323966666238 + +vpn_peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: '178.85.119.159:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437" + } diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..b8c5488 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,33 @@ +xdg_config_dir: '{{ ansible_env.HOME }}/.config' +xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin' + +packages: + - firefox + - mpv + - youtube-dl + - keepassxc + - gimp + - nftables + - mpd + - nfs-utils + - okular + - postgresql + - plasma-meta + - syncthing + - tmux + - unrar + - vim + - git + - openssl + - kmail + - iproute2 + - curl + - cantata + - reflector + - laptop-detect + - pipewire + - pipewire-pulse + - pipewire-alsa + - wireguard-tools + +platform_packages: [] diff --git a/vars/mpd.yml b/vars/mpd.yml index f28520a..7247e78 100644 --- a/vars/mpd.yml +++ b/vars/mpd.yml @@ -1,10 +1,11 @@ -mpd_listen_address: 127.0.0.1 -mpd_listen_port: 6600 +mpd_listen_address: '127.0.0.1' +mpd_listen_port: '6600' -mpd_remote_address: 'mpd.{{ server_domain }}' -mpd_remote_port: 21000 -mpd_remote_stream_port: 8000 +mpd_database_address: '10.8.0.1' +mpd_database_port: '21000' mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd' -ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc' -ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp' +mpd_music_dir: '{{ ansible_env.HOME }}/music' +mpd_playlist_dir: '{{ mpd_configuration_dir }}/playlists' +mpd_state_path: '{{ mpd_configuration_dir }}/state' +mpd_sticker_path: '{{ mpd_configuration_dir }}/sticker.sql' diff --git a/vars/vpn.yml b/vars/vpn.yml new file mode 100644 index 0000000..194c351 --- /dev/null +++ b/vars/vpn.yml @@ -0,0 +1,2 @@ +vpn_interface: 'wg0' +vpn_protocol: 'udp' diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml deleted file mode 100644 index 71c9f9c..0000000 --- a/vars/wireguard-media.yml +++ /dev/null @@ -1,22 +0,0 @@ -vpn_config_dir: '/etc/wireguard' - -wireguard_media_defaults: - prefix: 24 - interface: wg1 - dns: 10.0.1.1 - domains: - - '~media-vpn.{{ server_domain }}' - - '~jellyfin.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.1.0/24 - - 172.8.238.0/24 - endpoint: '{{ server_domain }}:51903' - public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk' - preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk diff --git a/vars/wireguard.yml b/vars/wireguard.yml deleted file mode 100644 index 4109b86..0000000 --- a/vars/wireguard.yml +++ /dev/null @@ -1,28 +0,0 @@ -vpn_config_dir: '/etc/wireguard' - -wireguard_defaults: - prefix: 24 - interface: wg0 - dns: 10.0.0.1 - domains: - - '~vpn.{{ server_domain }}' - - '~transmission.{{ server_domain }}' - - '~syncthing.{{ server_domain }}' - - '~radicale.{{ server_domain }}' - - '~mpd.{{ server_domain }}' - - public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub' - private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key' - - peers: - - name: fudiggity - allowed_ips: - - 10.0.0.0/24 - - 172.16.238.0/24 - - 172.32.238.0/24 - - 172.64.238.0/24 - - 172.128.238.0/24 - endpoint: '{{ server_domain }}:51902' - public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= - preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk' - preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk diff --git a/xps.yml b/xps.yml deleted file mode 100644 index ca3ab0d..0000000 --- a/xps.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: Include default playbook - ansible.builtin.import_playbook: default.yml - -- name: Arch Linux provisioning - hosts: xps - gather_facts: true - tasks: - - - name: Wireguard provisioning - ansible.builtin.import_tasks: 'tasks/wireguard.yml' - tags: wireguard - - - name: Wireguard media provisioning - ansible.builtin.import_tasks: 'tasks/wireguard-media.yml' - tags: wireguard-media - - - name: MPD provisioning - ansible.builtin.import_tasks: 'tasks/mpd.yml' - tags: mpd - - - name: Syncthing provisioning - ansible.builtin.import_tasks: 'tasks/syncthing.yml' - tags: syncthing - - - name: Desktop provisioning - ansible.builtin.import_tasks: 'tasks/xps.yml' - tags: xps - - handlers: - - name: Import default handlers - ansible.builtin.import_tasks: handlers.yml - - - name: Import common role handlers - ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'