Add public keys

Add missing wireguard media credentials for XPS
Allow customizing wezterm size from vars
2025-10-18 08:24:32 +02:00 · 2025-10-18 08:21:39 +02:00 · 2025-10-12 17:59:38 +02:00 · 2025-10-12 15:33:37 +02:00 · 2025-10-01 19:58:37 +02:00 · 2025-09-26 08:56:48 +02:00
146 changed files with 2422 additions and 1249 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,26 +0,0 @@
-stages:
-  - lint
-  - test
-
-cache:
-  key: $CI_COMMIT_REF_SLUG
-  paths:
-    - .cache/pip
-    - node_modules/
-
-lint:
-  stage: lint
-  image: node:12
-  before_script:
-    - npm install prettier --no-save
-  script:
-    - npx prettier '**/*.yml' --check
-
-syntax-test:
-  stage: test
-  image: python:3.7
-  before_script:
-    - pip install ansible --quiet
-    - ansible-galaxy install -r requirements.yml
-  script:
-    - ansible-playbook playbook.yml --syntax-check
--- a/.prettierrc.yml
+++ b/.prettierrc.yml
@ -1,5 +0,0 @@
-singleQuote: true
-printWidth: 90
-tabWidth: 2
-useTabs: false
-bracketSpacing: true
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,5 +1,7 @@
 [defaults]
 roles_path = ./roles
+inventory = inventory.yml
+ask_vault_pass = true

 [privilege_escalation]
 become_ask_pass = True
--- a/default.yml
+++ b/default.yml
@ -0,0 +1,40 @@
+- name: Arch Linux provisioning
+  gather_facts: true
+  hosts: all
+  roles:
+    - common
+  tasks:
+    - name: Generic provisioning
+      ansible.builtin.import_tasks: 'tasks/setup.yml'
+      tags: setup
+
+    # TODO: provision ssh client config with modern cyphers
+    - name: Network provisioning
+      ansible.builtin.import_tasks: 'tasks/network/main.yml'
+      tags: network
+
+    # - name: Network host specific provisioning
+    #   ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml'
+    #   tags: network-specific
+
+    - name: Systemd provisioning
+      ansible.builtin.import_tasks: 'tasks/systemd.yml'
+      tags: systemd
+
+    - name: Systemd timer provisioning
+      ansible.builtin.import_tasks: 'tasks/timer.yml'
+      tags: timers
+
+    # Note: Disable DoH in Firefox to fallback to system's default DNS 
+    # resolver, see
+    # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings
+    - name: MPV provisioning
+      ansible.builtin.import_tasks: 'tasks/mpv.yml'
+      tags: mpv
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: 'handlers.yml'
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
--- a/desktop.yml
+++ b/desktop.yml
@ -0,0 +1,34 @@
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
+- name: Arch Linux provisioning
+  hosts: desktop
+  gather_facts: true
+  tasks:
+    - name: Wireguard provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard.yml'
+      tags: wireguard
+
+    - name: Wireguard media provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
+      tags: wireguard-media
+
+    - name: MPD provisioning
+      ansible.builtin.import_tasks: 'tasks/mpd.yml'
+      tags: mpd
+
+    - name: Syncthing provisioning
+      ansible.builtin.import_tasks: 'tasks/syncthing.yml'
+      tags: syncthing
+
+    # TODO: provision current macvlan setup
+    - name: Desktop provisioning
+      ansible.builtin.import_tasks: 'tasks/desktop.yml'
+      tags: desktop
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: handlers.yml
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
--- a/files/gpg_key
+++ b/files/gpg_key
@ -1,264 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34663932363439393536333037386165353635363461356133643930373232633664343737396263
-6332613133646434333332356135336164346237383237360a643035653161363964333136346533
-37353332656361653662623137643735326532393234366165316234323364656261343132393831
-3034626136656162350a333362643166383138306136646331373439623232373532633130313262
-36356134386565343333353136616263623265623438653663336435376134346563663365373930
-30616435316364613139666661343633363436343635666661646635393661373739653765373363
-30343434396537666234306561353636323365666165333131623365383535396634623539626565
-39363138323638323234326433333066393933373839623834663632373438613339613963383333
-38333866386466303634363362323964653663613966333032633130613336366363326561363433
-30633737316535303366396563333532313036623236376430613234376637336131323666373762
-61383338303536316462616332613562636263343236616635656238653532336561623334356533
-30313662353662376530353933656464383039336664333935653834303833313230323838373838
-63643766303462306130386130333066336466313862366538383230366661373666306638353137
-62643466306435343739363138313433656336643538333133343764326238336137333939636336
-65613238396437623866616330393166363462666532373731613232393966323835346566306333
-32646432623833653761363839323237633863383666373862363761346665306265623366363635
-65326237363361353233646661646330386630653961363862363463326339633532346130396134
-31313730613134633133633362393464623663313031623862373937313763653838343935366335
-35626466346666633961363132343933393066303539353239653662373432623432336662343661
-31343434313461326263373264613538653937336336613031313637633564316134323335653638
-66353733386662616162303032363361393661653935633237323131613331613364333264353232
-30626637663366363630343764303863353035653535343931346636633636643365373237383030
-35393734663661323334373436323437393830636637383566366434663666366531323434653535
-38353064373038336362623735386532396433353063616337326636383065633035386134326533
-37323761393465303563306661646433646532643935323665636265323133623265383437336131
-31316366643932356538393932343238353165303565643663396363636135313561626132353635
-37613737356136623061353734353561653332363031613738636362363061646330303432326436
-62633334393066353835653430363561396131646534653138333263646436633038303135383564
-62386639663833346565356362633662626139666431323830323134613633343062626565653837
-37666366643631666639303131656264613665636631333335316462326431393866626131613962
-31393330663537356438623564313164316439313136333033666663303662633763363264346363
-32663634303131303939333639386536363835346539623835326530303334353463316261393665
-35613365316337363664623739323632333062393662336662323330363162636333623031323166
-37626166653166333136643764663161386434393838633566633835616235656666346464313733
-63636333666432666137373366313261656566646338626264633764633164376235326433646163
-35333935666563366631376366626335653261383033633031393631363435346233323230373266
-62333538616339333532353039343932636633363838376230336465303963663932396265613064
-30323034316232343562386261303264353238346262366639366561303931633563666134393632
-63376330663534346466363439393864373536643230316564373463356231393632666161626432
-61636330356330646432663636383764363431376364626331326664666361326636613031323161
-39633965373763326337646436653739643831376661353562663438333562306238613562326136
-64363231616362653965363039356463363735363231396566336562373762333534646430626534
-36643335663037643066656266636237636161336163326237613964393664666339333833393264
-34323235636431316537303964306165613636656465636131373037353530386136343864306466
-33386662613564646332343866313534316534303738366431626662376562346662663231383039
-30636363373336356438656636363966663563353734643230666233343539643838373065313361
-35336338303631333332646266303162383064626237623335663766613931363233366161663438
-64306236366432383663346639626162353365626137353239356531323662613163643635663262
-37666363393331336531653433323038626537336634326164356632373635303236613935643538
-31313064646136373862366535396266633430313338303533383463373933313836633066666535
-64643034316366656534393163633732323339356337616632383036646366656633303435386664
-65663831356432616538336565343639653062623937663766613361623566336463303165313832
-32353466373430386662343165306264333833656339623639383938663330333464616338343230
-34636433333130306635666633383961363366393036373465396432386534653065643231366166
-30643064353638653762363864313931616336386630356630623838373934346633356364386634
-61643632626636313461363862653532636634623563666237616632396233303338356162326536
-33376264383438376364306530653839303062313264366238343834343063363066383534373365
-61633863343939303433396461353963663331326363316333393339633637343933306563663034
-39356665663435336238326230633135383337306662393935353433623437343836376436613864
-31373136633434623130383436383737396232643033633638356536613932663166633461376633
-62623064623064396638343866663931323061383036313961316632636435653435346263323233
-66396465366266363462303165376133656262663664383963386438326635313161643861306237
-32346531303237343161333261323536386366666135386364316233643361366138363633333566
-37333838333433633336343639333134386233383738373563346536323138383733623831613635
-38663237303363386664373236373033623238373933313236383439346564363538613863633466
-33343166653136653264643130346438393238366637376337653835386539656133356361666430
-32373162363134326631333965646562353132623064623430366334616666636632623039623639
-64373334356334646561313031643331643463306566383163393534303936656532303064666235
-30373262373138383438316361653665393833653164346465323438396430343165393735316561
-62653034653565343239663838646362376538653033343863643339356532646238393362346133
-64613330653565623166636264373663623138313362393833353932653361363138623538343164
-38646666323065363034376536656431613936303133396232383166386534326339323061376337
-61396661313030376536363939346365343235616465633264643731316535313863303562353030
-32303530303762303466303262643537326531376264343634646534333932333136636238623138
-34616663643430303865353963633735333762356562373762333265616438313434393938323938
-66336235656530633838653331663263643432323763393963313661323731343365396364616361
-62346335353133383630613963323838323361333166346132323066616239633261613039666532
-32663365356330383438623863626334313962356431333730353264623337643239653465653037
-35316131336565393063656564353132313136366364376535613761326632396162633166313763
-63306562363061376261323064313465346231336539656430643165376337363434393163663238
-34613132316465663561623265313833643964323430376239646262653833633462396134343565
-31613837323362356464633739613464663435613734653432373566353461633366343836623233
-32346432363234343934653432383732346230323932373635643362633530333837313332383165
-37616231346163363734633030333464616438626138616163663161373362623961626362353234
-39353262323664663861663637386634623463626433386538386531653537616633326533323734
-66326530393537363538306337383738353164326161383736653465346265393837633831643732
-63623764393737653062623462626563363561386531386630336639316230633663356235653036
-30363439376637373364373331306564343135633864393934373365376361623937613133613435
-36373036313838373362656134323138346264303333326237356562313164353636396334316237
-31376136323037326139373930663635313864323061656132356239623763623233646562393939
-64636661666139633331343131633731336365623335353633313363346231396336346339346438
-62353266396566386539306132373636646134363962646131313938356135373632383437333865
-32373163616461373464613661623232623162643334646364333535373437333437666665623065
-33326366646338626662636134653965303866646463366630653939623031316564303664623862
-33393661316638663661646434393934313534623465313766643638373134383764333634376333
-30313263613539333638653439303038383835646137653435636338623165386539633463323663
-62323933653733346566666234333930343466613563653365386237373963636536666636393838
-31636266396236633336383434323131626464393061386566316132303064636434623838643039
-62303136373234623961333336323764643034613664653963366336356332393761633233646534
-66623464626165356432303633653338636264386462343233653139626431633466316330356538
-66393035623035653163343231316230316661666337643461633136306663663231313237643038
-65633366643238323162336166613662313536623866616262663965343565646237393861353263
-62653634653131303433353635656239666436623663306464396133656664383430323832336632
-33363066376237323661353330646233633865666439313964396462373733336465326434626336
-32363362393536356463666233633664306235633732626434623033633632636330663463336365
-66363631303836613332643566333930643333333536356234323666353130396230353630376263
-30353530303865636461356634336534633362363763353961383631343061656435623261616363
-36326132386432653065666163373430623435336666653366333065343334643832643730336331
-61386434326434323761323433343838306238643534376238623730613463396337323862303264
-33373966353033623064353562666639343732353965653366623533373034656135633065343463
-37616332663232613865333062383539633531613735653436323337643063653463333937353632
-62303364366134643830303363303633386266343137633134653537356633383832303932643863
-66356662306434346338333536623061333864376539663135383938323238393638656639623436
-39663930356363616138643736303062306136626239626434303062393035333762373933313638
-39646331626464626339663232326430613163663763316232663837633363343432633662393531
-38313462313830653863376637393765366239393734356334323765396632346138303038313834
-32353637343038363039643164646362313866376562633161343763316164393736663565393166
-66653462633936653364636530383333323636313230323030323131383736643262383561333938
-35393934333361383562373935363465373436356662396331633233633566346231323863346637
-38636631656364376335336638666563333466386437366533613564366132316430646562646232
-64393533333933626439313935373335643332326564333932366634316463343039633630616265
-65363162366634613763653061366138616663643630336430386661616564616264636263383932
-32343766373839356539663432643230386263343630326162633363326262663937646564343365
-61316564333365373230313463383731653337326263303935633438643934623135623763616564
-34376363393531353162303163653265386566396135313161393836336439393139646530623438
-31376631316233333234396533653061663461666632313839653531643432343530353132646132
-36373738643465643634316637373763666338666633623263666134346634373836313266613732
-35326539383534353437613962343732646533326139643263343236396462306666316165663665
-37643961623662663836383837303939613864373163303734623663646632376162356564663031
-31626334316565656464326537323163373938316562386166666137356632316363343237346531
-37656166343639343565653433616136353533353531336561633330313861326237343739316165
-39313232663630396136386137633039313561373930386233663862643734373532313632373538
-63353938663434653630633038323665333462663731646537353765323361353762653637613331
-35663331323831313865306664313131336633636264313061316164303137353836366266366261
-32626165646363623663613263633131396264623531386561336563393539363839393433393563
-64633762393838636338353566373864363364646538353536346332623662353034326638633038
-36336566626636666138353334363437363265653331343130653836636335663736653634313662
-38633135623732336166366136316531306565326435346235643563633932383637393236636666
-66616562393564623165646261646533313238346362353431306135653938636663663232323830
-62393333326135396636646662333332303434396235343639633939396664356463333533333430
-66383231616339353932613836666632303064393136366632663439353062356565343634386364
-64303736376639363762386237336630653132633063656363333136303631386430353662316463
-65363666666434346364333937636137343734636163303166653062396330343835616165386663
-35663563353134623336386363356632643138626135366137636563623532373764633966346437
-61353861326535663431623235653665633030626365333134383434626330313930343462353662
-32353965623662353637326562613266633866616334333563646430613763383739333637363034
-35616263393066383138336366353061386364613666633131646262383230393766393864393735
-64643633336136376132303065353630326465366336646435396663616364663036616639393637
-35386633303433616337396262336330376536356366653536363861616539343936323539373766
-65396638353163636664666333663139343762623335646366336564393036353932323561353931
-38373636636464373035663163356562636230616633636565353166663563616365363037656364
-64623861353164323262343532626232646264626164373536653531333938663734323866653636
-30326364333561353966323463623936333266663831383736386233633964613066356461303965
-33343730623936613036333266313533666530313261303765646536346134346331643935376463
-33326630313436653839303663336636373239633232353865366531663138666466306638653265
-34393664646636636366346438313133393961373231333561313366396538363634333264613166
-38353562663732613064396461346231633464626333663736356431323361616236343430613830
-66356361333135363236636434326534323466636531356539613462306533353336373363353330
-37633661303738363436366234633439383138363030323561333564616133306432383336646431
-37653364316165653666633539316539336465643832356133653736313239626466643162363939
-36323562383865633134393232343439353836306364646632636661363339393139386639356661
-63306232326431343532373737626233363036333763343933633832653766376432376235623534
-36323765666133353238393435376262343233633162633964363038643834636537396562333736
-38363935633134326461376530373630343937323036326563626364316335313839626665393837
-38313435323761343139386530346662326265626666353239356462326333333538346161313438
-36313430386332623365393835343862613338343666633930663634336263306361333861636337
-34313334613761386533636337306664613665643334396661316137376135613161353035383633
-31333664396638316465306635656139616265353639333164656666383733373433333762363435
-37666432326462393135616338633330343332383065356265653563346465343234383036316336
-39653438353839386337396530366364323235393463633464313239356333333163656561376330
-35613137636131306630363335343031633161613733376262636336313638326131343165383231
-64326566393536363937623539386235373561323935646366353165616463376237633964633464
-33353732376337323338316166643236303336393034356639623861333766303034353963396236
-38356338643634363765313664643862323061376331376232366165633830626263303163643433
-65626634343339303031653432663531366639613362613039653638383465353434333639333865
-64383030623538646465363363393161633762313135616432386130663164353033343466393132
-35633763636261616434313531663039363662653962333139303138623838363163653866613539
-36323031633230376632376533613435616239323231613635396435373833353064623834653863
-65663163393933323934323364366535383935303233323639373531646165663535356634393464
-34623532333831306563326237373933383832643637326464656666373339303237363232313938
-63373936393563386530646565346563373337383262616338383531396262626134376136303163
-31653839316339616439366135346337366231363630366264373936356538316564636330373766
-33373961636233383231333464663962666136396437373361666538343065366662623364323237
-64666237663236326661313866306336323564666263373334303266306562343239383866666365
-34313665633465353865333362666564336532663766393134363764653736653237653133313833
-63306463326161373639363362333538373263393564303065656236323363663939366638323762
-36663763313537643066623161313035616462343631336264656664643861643232383561636664
-36633836353435373161666662633838623336366161643365363136386466323937646633313731
-64373739623335353966333833316563386237373031633132353638663435646234666263633435
-34663365313863633236343936633865356166366430383339303138646163383237396239663132
-62353465623566613564333039653466666366396436386461326335373662343262386263356264
-30616538666665393561333630383037656131646239336437393737623862333532356463656435
-63623766373934393264613237653363636261333265613438373762353230393835313235633164
-62323335636333376236306261643931616230666465366666373230393438633365323135666233
-39653332643336313537396463623639646364356136303533623764376538353439303037316535
-61643961353364373638366232363461336238343363636230373834346464376261646630393866
-39376633393735646662613834626263333163383534366463333161396165343666626639326639
-32643064366565333432353430636235336238353836363331646166396533313966663664666666
-61626462653134643266353039653033383431626538346430356564353664633439356434383930
-66353736343839383165383064663039333061643363363265383030396333393762393763616638
-31386535653432323661656132343363646661656637313130353137313362373439373032613731
-65333463623961613138396633353837353061353166383837656333643836343635623363613366
-63346336636165326661363533306139643930393437666332386337373965373761393034616631
-63366632306539623633623731313233333966633735626665643562623639396537343434633835
-33383638613031356631643235326138383664376430623463323062663635623732326639396636
-38336331353336663831346530336439376634396338633664616562363135326430666238653261
-64653132613533383738663832316561613232366339316662633630366164393334356332386162
-64393965393534316136653234396162313631646332653539623362353662333337336634383736
-65616335656663393239643533623466656435383732333666396661663662306635313034306362
-38623137653464376431393731636463613866313166643165636630316364326433326132396161
-61343335336664366536656639653238313736633565343533643034646361653430396132616439
-64373231393232346163643262396233613231373561663835333065363461343263356565336530
-35333535646632303039636664306364623839306139343265666632383638333735613837316561
-33323733353937393831383565363436303638353362323432653963326562333532653864616634
-35616632646234343862643531613236636236616534623231643663393633363831663661626138
-35633763366530363339346132643163613739653532626263336565626261646264303334393834
-31663231326562663964643633316438363161653535396435646362383036656363356137663636
-31336163303766633236333465653864663539353633386664303038646663366363646566336466
-33303435393739636131636166656237323436636237353863646365326639636166363739333439
-64373139626465656264313837363233653334393033343663396563666530373538613036653064
-39396231393662396565313066616164353031613833396331666131653031623261663038336563
-36653835333538386561643033623865383338366463646465666431383833633939376565616230
-62643063333631643439643333316563303465383563393130303634333130303330663134363436
-66386132663065656464323034306132613531343037396561626234626438333063393433316633
-63636264306163636631653732396166643934643866393064353364316264333662646665636663
-66393265636230303536656535623962643934316138393532663262653966626536323233623737
-38353730343538323231623531336436333133326334343238616630656531613538316130623761
-34646233613139343231366232636565316232356365643164653933643132356432613761613636
-34363831353935656437633034333232653938613365613066333361393164623864373339313730
-62373537366466356162343663626561316530373365386437656264396433303433623134616464
-36616530363438366238393136663239623362326533636363353435653261386137616361346164
-38653636373063663932336435626361613934393432646139353833306436346662356539333131
-62326361366635643830356639326234656662316435383031343039653830393664373033653735
-61616233313138663438376632336162656139346430326562363231333430626166363031336435
-62333338623339613633313061656332613630383338306534623034316135393233616539376434
-38326234353963616234623232643839373038643933383631636635613538393262303431373364
-63376463656263313230653832626262363537363735336237306636373435616566613832316338
-64393361393064346432666539643364313433336361333262383934633066363535646562383262
-33383334376238653339323362316330303863653762306636373931633534303731336234636532
-34356361346436323363333430313231643732623461366236306338636431303632373264616139
-36376630323265623831636265633866366136316631396239646266666564313062646637636262
-35353165643464346564323937636463643832616331623036396636383133643731613033393432
-61393833656430333537653332313931663435663838646633303435626139306336623762636462
-32313934306531643662343163323630646562363134303266366530323766353138643266396633
-35396662303566343235653131613830323538363263643939666362656665313135306362363037
-36303238616634363337613935373435303931313866333565666638383835656637366464396136
-64303237646138373339376161666265303632626136353261383438386637616564616436306336
-33613164323037303530373431333565643734313636613838373638326234343531613136356566
-30636337393463396436303530653330323639386438353439613761643831316533353166333539
-30393161646239663935393438646334666530363565333964366364353530353861666633646563
-65626262643666656166306633326463363666633731363431626463616433643732353962633464
-39666533396232616130666131613232643762623562383662346366316466333339313836393737
-33353635396536333464663836366262356164666266663039623334666334343939313638346464
-63383664346635633365633962376238653365656331313362313536663138663464666436613132
-62656638396261613136393330623437383561386163653938323831373932353764623865306664
-35393130323464653266353563383663336233313361323133313435643564663063336335626266
-39396239643031666133656461393535663661643036326666663330656130313038636537386562
-39346439613333363061633364316166643135353832386432616362643337373363313931383135
-64613366373464363062386231303736336130613164366661363434346464383936646366613737
-38313730376436306165663466623335646533666138623564363466633938393139323836643865
-37373636653937343937303462663235353238656439353837663264663366396664386466646638
-34653266313135326130613531386239336538666364356234663164353662396565626361323238
-656463383063623064336666333062386432
--- a/files/gpg_pub
+++ b/files/gpg_pub
@ -1,40 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES
-AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp
-nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI
-W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy
-a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot
-vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF
-3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ
-vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9
-ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy
-xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT
-YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz
-ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x
-m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au
-cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD
-1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL
-WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp
-R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if
-0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp
-QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U
-nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G
-0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW
-XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua
-Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I
-tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP
-CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK
-Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh
-BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi
-YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL
-psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18
-Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU
-8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/
-FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA
-TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM
-ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P
-hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g==
-=KJ2a
-----END PGP PUBLIC KEY BLOCK-----
--- a/files/public-keys/desktop.pub
+++ b/files/public-keys/desktop.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop
--- a/files/public-keys/xps.pub
+++ b/files/public-keys/xps.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop
--- a/files/tmux_start
+++ b/files/tmux_start
@ -1,16 +1,8 @@
 #!/bin/bash

 MAIN="main"
-DEVELOPMENT="development"

 tmux start-server
 tmux new-session -ds $MAIN
 tmux new-window
-tmux new-window
-tmux select-window -t 0
-
-tmux new-session -ds $DEVELOPMENT
-tmux new-window
-tmux new-window
-tmux new-window
 tmux select-window -t 0
--- a/files/wireguard-media/desktop/fudiggity.key
+++ b/files/wireguard-media/desktop/fudiggity.key
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+62383364643761623739623632633261343735343465336235386336333234656631363432623535
+6562623634363937356137616131396264633161363461340a343432363362346664646161656563
+35623334326238326135646261666330666531633831656564396139666261623937626338386632
+3233333039623039640a383931633539363238326164643365316236326435643537303866373835
+66393465663364303134376566623736636664353031336537663036636462613766343739336331
+6438643538326533313433616438386165626537373162393430
--- a/files/wireguard-media/desktop/fudiggity.pub
+++ b/files/wireguard-media/desktop/fudiggity.pub
@ -0,0 +1 @@
+YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=
--- a/files/wireguard-media/desktop/preshared.psk
+++ b/files/wireguard-media/desktop/preshared.psk
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+34303432393930626266313563613636343439623631633163656532363631313039386231623936
+3336636666626237316532346230303961323263613161320a383436636634376162353863386161
+36663064366461333335613633316630633335666335613464333863656536623230383262623733
+3065363835666231630a616362333233643637613762313437626366363365313831363661313336
+66373966656534646462653833343935623466613662333932666666366430663061366261396330
+3064636536643933613738356461313135363033633366396130
--- a/files/wireguard-media/htpc/fudiggity.key
+++ b/files/wireguard-media/htpc/fudiggity.key
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+30313239376562613332383265336333613266663264383636666437643436623462663861333639
+3830623835333263353863363535376532623262323535610a663330316133376131303465326665
+35663564623737636136306338623531653162633237636361643764343030353262616139623735
+3532626238316664310a336335633564396638303236333838363264613861616637343833363665
+39366264306438643662313130396135363461656466626436663339313337613830623364646637
+3735323933323563646563393532306237336165633534353735
--- a/files/wireguard-media/htpc/fudiggity.pub
+++ b/files/wireguard-media/htpc/fudiggity.pub
@ -0,0 +1 @@
+XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg=
--- a/files/wireguard-media/htpc/preshared.psk
+++ b/files/wireguard-media/htpc/preshared.psk
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+65363636336134323530333461393634666334383464356239613765396465373635353465323262
+3163343634336361323765623365633637663436616539340a376566313735316262366237366435
+33666634663966386434656363633136393565336134323465306264633630333131356539623862
+3666343633396634650a626263653632643333346564303065316634643763303036376332336333
+39323430306564346635393535313233363235316535656362363931323862303530363136663961
+6139326230353537643537346664623332383863323332633565
--- a/files/wireguard-media/xps/fudiggity.key
+++ b/files/wireguard-media/xps/fudiggity.key
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64663539393065396333623165623833636539633932306437363365656532343565643866616532
+6562373233633237623761376234336331373637393431380a386261306438393837633037383464
+64623965376138313665393239346138383230383565626264393635303835396537663865313237
+6431313635333030390a646466303961663932353830366235643762393039396531316465333837
+61613264356263616332633334386532303761353536663033373639626634396164623335626566
+3632373266313435646338343738656663356635623138623939
--- a/files/wireguard-media/xps/fudiggity.pub
+++ b/files/wireguard-media/xps/fudiggity.pub
@ -0,0 +1 @@
+hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=
--- a/files/wireguard-media/xps/preshared.psk
+++ b/files/wireguard-media/xps/preshared.psk
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+63643763346434313734663761386539393032613366626230373862643431613963633664353264
+6466616235653963643861643439633537656439363735330a366439356537386662353431643163
+33363830646433336366353363623835373639383663633837313030393162643931353331633133
+6534363438303261320a333364313534336465616336386337383935353631646361623866326232
+64373139636633393236303335396138326638333635663839663734346463303739646431353437
+3838653361383663633632363862306565643531353066623336
--- a/files/wireguard/desktop/fudiggity.key
+++ b/files/wireguard/desktop/fudiggity.key
--- a/files/wireguard/desktop/fudiggity.pub
+++ b/files/wireguard/desktop/fudiggity.pub
--- a/files/wireguard/desktop/preshared.psk
+++ b/files/wireguard/desktop/preshared.psk
--- a/files/wireguard/xps/fudiggity.key
+++ b/files/wireguard/xps/fudiggity.key
--- a/files/wireguard/xps/fudiggity.pub
+++ b/files/wireguard/xps/fudiggity.pub
--- a/files/laptop/wireguard/preshared.psk
+++ b/files/laptop/wireguard/preshared.psk
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -0,0 +1,28 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+xdg_config_dir: '{{ ansible_env.HOME }}/.config'
+xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
+
+modprobe_templates: []
+mkinitcpio_templates: []
+
+boot_configuration:
+
+server_domain: fudiggity.nl
+
+register_uefi_entries: false
+
+wezterm_font_size: 11
--- a/handlers.yml
+++ b/handlers.yml
@ -22,10 +22,10 @@
    daemon-reload: true
    scope: user

- name: restart syncthing
+- name: start syncthing
  systemd:
    name: syncthing
-    state: restarted
+    state: started
    enabled: true
    scope: user

@ -36,3 +36,56 @@
    state: restarted
    enabled: true
    daemon-reload: true
+
+- name: restart systemd-networkd
+  become: true
+  systemd:
+    name: systemd-networkd
+    state: restarted
+    enabled: true
+
+- name: restart systemd-resolved
+  become: true
+  systemd:
+    name: systemd-resolved
+    state: started
+    enabled: true
+
+- name: restart iwd
+  become: true
+  systemd:
+    name: iwd
+    state: restarted
+    enabled: true
+
+- name: stop mpd service
+  systemd:
+    name: mpd.service
+    state: stopped
+    enabled: false
+    scope: user
+    daemon-reload: true
+
+- name: restart mpd socket
+  systemd:
+    name: mpd
+    state: restarted
+    enabled: true
+    scope: user
+    daemon-reload: true
+
+- name: reload sysctl configuration
+  become: true
+  command: 'sysctl --system'
+
+- name: restart tmux service
+  systemd:
+    name: tmux
+    state: restarted
+    enabled: true
+    scope: user
+
+- name: user daemon-reload
+  ansible.builtin.systemd:
+    daemon-reload: true
+    scope: user
--- a/host_vars/desktop/network.yml
+++ b/host_vars/desktop/network.yml
@ -0,0 +1,13 @@
+lan_interface: enp1s0
+lan_interface_mac: 00:d8:61:9f:52:65
+
+local_network_address: 192.168.2.15/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+hostname: desktop
+
+wireguard:
+  ip: 10.0.0.3
+wireguard_media:
+  ip: 10.0.1.3
--- a/host_vars/desktop/syncthing.yml
+++ b/host_vars/desktop/syncthing.yml
@ -0,0 +1,45 @@
+syncthing_listen_address: '0.0.0.0'
+syncthing_protocol_port: 22000
+syncthing_gui_port: 8384
+
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39643534383666343331666336356662333165633032356532323730316535616363393330376263
+          6164323430343961646635323739373363623764646361360a666566363736323739313533323562
+          34653032646230313063613265313836383033353336333461376432363530633632313234323733
+          6162646332623837370a646537336139336361666336363861353030633136373063333433643435
+          64666465356566313263376330643664313266646139663433663366316232613562663863366334
+          3061663839656563353663373135393233653130383735366538
+
+syncthing_devices:
+  - name: Desktop
+    id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN
+    address: dynamic
+
+  - name: Fudiggity
+    id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV
+    address: tcp://syncthing.{{ server_domain }}:22000
+
+  - name: XPS15
+    id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH
+    address: tcp://10.0.0.2:22000
+
+syncthing_folders:
+  - id: default
+    label: Default
+    path: '{{ ansible_env.HOME }}/syncthing/default'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
+
+  - id: pictures
+    label: Pictures
+    path: '{{ ansible_env.HOME }}/syncthing/pictures'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
--- a/host_vars/desktop/system.yml
+++ b/host_vars/desktop/system.yml
@ -0,0 +1,55 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  # custom packages
+  - keepassxc
+  - gimp
+  - firefox
+  - mpv
+  - yt-dlp
+  - nfs-utils
+  - syncthing
+  - mpd
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - kmail
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+  - merkuro
+  - kmail
+  - aspell-nl
+  - aspell-en
+
+modprobe_templates:
+  - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2'
+    dest: '/etc/modprobe.d/99-amdgpu.conf'
+
+mkinitcpio_templates:
+  - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
+
+  - src: 'templates/desktop/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+boot_configuration:
+  disk: /dev/sdc
+  partition: 1
--- a/host_vars/htpc/network.yml
+++ b/host_vars/htpc/network.yml
@ -0,0 +1,11 @@
+lan_interface: enp1s0
+lan_interface_mac: bc:fc:e7:6e:73:53
+
+local_network_address: 192.168.2.30/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+hostname: htpc
+
+wireguard_media:
+  ip: 10.0.1.8
--- a/host_vars/htpc/system.yml
+++ b/host_vars/htpc/system.yml
@ -0,0 +1,47 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  # custom packages
+  - keepassxc
+  - firefox
+  - mpv
+  - yt-dlp
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+
+wezterm_columns: 90
+wezterm_rows: 18
+
+modprobe_templates: []
+
+mkinitcpio_templates:
+  - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
+
+  - src: 'templates/htpc/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+boot_configuration:
+  disk: /dev/sda
+  partition: 1
--- a/host_vars/xps/network.yml
+++ b/host_vars/xps/network.yml
@ -0,0 +1,20 @@
+wireless_interface: wlan0
+
+local_network_ssid: KPNAE51C6
+local_network_address: 192.168.2.9/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+frans_network_ssid: KPNDD1056
+frans_network_address: 192.168.2.9/24
+frans_network_dns: 9.9.9.9 149.112.112.112
+frans_network_gateway: 192.168.2.254
+
+default_network_dns: 9.9.9.9 149.112.112.112
+
+hostname: xps
+
+wireguard:
+  ip: 10.0.0.2
+wireguard_media: # TODO: add missing credentials
+  ip: 10.0.1.2
--- a/host_vars/xps/pa-dlna.yml
+++ b/host_vars/xps/pa-dlna.yml
@ -0,0 +1,2 @@
+pa_dlna_version: 0.16
+pa_dlna_systemd_version: 0.0.9
--- a/host_vars/xps/syncthing.yml
+++ b/host_vars/xps/syncthing.yml
@ -0,0 +1,45 @@
+syncthing_listen_address: '0.0.0.0'
+syncthing_protocol_port: 22000
+syncthing_gui_port: 8384
+
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35346637623066636261633331343438313736356137633466306633613563343630363565643763
+          6631623461663330633537386539376435356338393537620a666234373932636162653830316339
+          65336339383630313837323137613137303862613061326131313437316637383637666638313235
+          6463333235646536620a316163666431323530353330356633393035663933613761313031656561
+          66333431636134366466373533616438326230323965333763316336393764303737663461363636
+          3061373832313462623765353130616237343966333332623262
+
+syncthing_devices:
+  - name: Desktop
+    id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN
+    address: tcp://10.0.0.3:22000
+
+  - name: Fudiggity
+    id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV
+    address: tcp://syncthing.{{ server_domain }}:22000
+
+  - name: XPS15
+    id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH
+    address: dynamic
+
+syncthing_folders:
+  - id: default
+    label: Default
+    path: '{{ ansible_env.HOME }}/syncthing/default'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
+
+  - id: pictures
+    label: Pictures
+    path: '{{ ansible_env.HOME }}/syncthing/pictures'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
--- a/host_vars/xps/system.yml
+++ b/host_vars/xps/system.yml
@ -0,0 +1,62 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  - keepassxc
+  - gimp
+  - firefox
+  - mpv
+  - yt-dlp
+  - nfs-utils
+  - syncthing
+  - mpd
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - kmail
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+  - merkuro
+  - kmail
+  - aspell-nl
+  - aspell-en
+
+  # custom host packages
+  - iwd
+  - nvidia
+  - nvidia-prime
+  - nvidia-utils
+  - lib32-nvidia-utils
+
+boot_configuration:
+  disk: /dev/nvme0n1
+  partition: 1
+
+mkinitcpio_templates:
+  - src: 'templates/xps/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-modules.conf'
+
+  - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/2-hooks.conf'
+
+  - src: 'templates/xps/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+wezterm_font_size: 10
--- a/htpc.yml
+++ b/htpc.yml
@ -0,0 +1,19 @@
+- hosts: htpc
+  gather_facts: true
+
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
+- name: Arch Linux provisioning
+  hosts: htpc
+  tasks:
+    - name: Wireguard media provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
+      tags: wireguard-media
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: handlers.yml
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
--- a/inventory.yml
+++ b/inventory.yml
@ -0,0 +1,11 @@
+all:
+  hosts:
+    xps:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
+    desktop:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
+    htpc:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
--- a/playbook.yml
+++ b/playbook.yml
@ -1,32 +0,0 @@
- hosts: localhost
-  pre_tasks:
-    - name: install shared packages
-      become: true
-      pacman:
-        name: '{{ packages }}'
-    - name: detecting platform
-      import_tasks: 'tasks/platform.yml'
-    - name: install platform specific packages
-      become: true
-      pacman:
-        name: '{{ platform_packages }}'
-  roles:
-    - common
-  tasks:
-    - import_tasks: 'tasks/setup.yml'
-    - import_tasks: 'tasks/network.yml'
-    - import_tasks: 'tasks/systemd.yml'
-    - import_tasks: 'tasks/git.yml'
-    - import_tasks: 'tasks/mpv.yml'
-    - import_tasks: 'tasks/mpd.yml'
-    - import_tasks: 'tasks/syncthing.yml'
-    - import_tasks: 'tasks/pipewire.yml'
-    - import_tasks: 'tasks/timer.yml'
-  handlers:
-    - import_tasks: 'handlers.yml'
-    - import_tasks: 'roles/common/handlers/user.yml'
-  vars_files:
-    - 'vars/main.yml'
-    - 'vars/gpg.yml'
-    - 'vars/vpn.yml'
-    - 'vars/mpd.yml'
--- a/requirements.yml
+++ b/requirements.yml
@ -1,4 +1,4 @@
- src: git+https://git.fudiggity.nl/ansible/common.git
+- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git
  name: common
  version: master
  scm: git
--- a/tasks/desktop.yml
+++ b/tasks/desktop.yml
@ -0,0 +1,12 @@
+- name: Create xdg-desktop-portal.service.d directory
+  ansible.builtin.file:
+    path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d'
+    state: directory
+    mode: '0755'
+
+- name: Copy xdg-desktop-portal.service drop-in
+  ansible.builtin.template:
+    src: templates/desktop/xdg-desktop-portal.service.j2
+    dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf'
+    mode: '0755'
+  notify: user daemon-reload
--- a/tasks/git.yml
+++ b/tasks/git.yml
@ -1,26 +0,0 @@
- name: copy git configuration
-  template:
-    src: 'templates/gitconfig.j2'
-    dest: '{{ ansible_env.HOME }}/.gitconfig'
-
- name: copy keys
-  copy:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
-  loop:
-    - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' }
-    - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' }
-
- name: import secret key
-  command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key'
-
- name: import public key
-  command: 'gpg --import ~/gpg.pub'
-
- name: remove temp keys
-  file:
-    path: '{{ item }}'
-    state: absent
-  loop:
-    - '{{ ansible_env.HOME }}/gpg.key'
-    - '{{ ansible_env.HOME }}/gpg.pub'
--- a/tasks/mpd.yaml
+++ b/tasks/mpd.yaml
@ -0,0 +1,71 @@
+- name: Include mpd defaults
+  ansible.builtin.include_vars:
+    file: vars/mpd.yml
+
+- name: Copy systemd configuration files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0644'
+  loop:
+    - src: 'templates/mpd/service.j2'
+      dest: '{{ xdg_config_dir }}/systemd/user/mpd.service'
+
+    - src: 'templates/mpd/socket.j2'
+      dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
+  notify:
+    - stop mpd service
+    - restart mpd socket
+
+- name: Create mpd files
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '0755'
+  loop:
+    - path: '{{ mpd_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ ncmpc_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ ncmpcpp_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ mpd_configuration_dir }}/playlists'
+      state: 'directory'
+    - path: '{{ mpd_configuration_dir }}/state'
+      state: 'touch'
+
+- name: Remove previous mpd files
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '0755'
+  loop:
+    - path: '{{ mpd_configuration_dir }}/log'
+      state: 'absent'
+    - path: '{{ mpd_configuration_dir }}/database'
+      state: 'absent'
+    - path: '{{ mpd_configuration_dir }}/sticker.sql'
+      state: 'absent'
+    - path: '{{ ncmpc_configuration_dir }}'
+      state: 'absent'
+
+- name: Copy configuration files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop:
+    - src: 'templates/mpd/mpd.conf.j2'
+      dest: '{{ mpd_configuration_dir }}/mpd.conf'
+    - src: 'templates/mpd/ncmpcpp/config.j2'
+      dest: '{{ ncmpcpp_configuration_dir }}/config'
+    - src: 'templates/mpd/ncmpcpp/bindings.j2'
+      dest: '{{ ncmpcpp_configuration_dir }}/bindings'
+  notify:
+    - stop mpd service
+
+# TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR
+# Use mpc to control local mpd server.
+# Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }}
+# to add the HTTP stream to the playlist.
+# Use nmcpc to control remote mpd server.
--- a/tasks/mpd.yml
+++ b/tasks/mpd.yml
@ -1,14 +0,0 @@
-#  remote mpd server is used now
-
- name: check for mpd socket
-  stat:
-    path: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
-  register: mpd_socket
-
- name: disable mpd socket
-  systemd:
-    name: mpd.socket
-    state: stopped
-    enabled: no
-    scope: user
-  when: mpd_socket.stat.exists
--- a/tasks/mpv.yml
+++ b/tasks/mpv.yml
@ -1,20 +1,16 @@
- name: create configuration directory
-  file:
+- name: Create configuration directory
+  ansible.builtin.file:
    path: '{{ ansible_env.HOME }}/.config/mpv'
    state: directory
    mode: '0700'

- name: copy configuration files
-  template:
+- name: Copy configuration files
+  ansible.builtin.template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    mode: '0644'
  loop:
-    - {
-        src: 'templates/mpv/input.j2',
-        dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf',
-      }
-    - {
-        src: 'templates/mpv/config.j2',
-        dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf',
-      }
+    - src: 'templates/mpv/input.j2'
+      dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf'
+    - src: 'templates/mpv/config.j2'
+      dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf'
--- a/tasks/network.yml
+++ b/tasks/network.yml
@ -1,133 +0,0 @@
- name: create wireguard directories
-  become: true
-  file:
-    path: '{{ item | dirname }}'
-    owner: root
-    group: systemd-network
-    mode: '0644'
-    state: directory
-  loop:
-    - '{{ vpn_private_key_path }}'
-    - '{{ vpn_public_key_path }}'
-
- name: copy wireguard credentials
-  become: true
-  copy:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
-    owner: root
-    group: systemd-network
-    mode: '0640'
-  loop:
-    - {
-        dest: '{{ vpn_public_key_path }}',
-        src: 'files/{{ platform }}/wireguard/{{ platform }}.pub',
-      }
-    - {
-        dest: '{{ vpn_private_key_path }}',
-        src: 'files/{{ platform }}/wireguard/{{ platform }}.key',
-      }
-
- name: copy wireguard preshared keys
-  become: true
-  copy:
-    src: '{{ item.preshared_key_source_path }}'
-    dest: '{{ item.preshared_key_path }}'
-    owner: root
-    group: systemd-network
-    mode: '0640'
-  loop: '{{ vpn_peers }}'
-
- name: setup desktop network configuration
-  become: true
-  template:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
-    owner: root
-    group: systemd-network
-    mode: '0640'
-  loop:
-    - {
-        src: 'templates/desktop/network/enp.network.j2',
-        dest: '/etc/systemd/network/20-wired.network',
-      }
-    - {
-        src: 'templates/desktop/network/vmbr0.network.j2',
-        dest: '/etc/systemd/network/30-vmbr0.network',
-      }
-    - {
-        src: 'templates/desktop/network/vmbr0.netdev.j2',
-        dest: '/etc/systemd/network/30-vmbr0.netdev',
-      }
-    - {
-        src: 'templates/desktop/network/wg0.network.j2',
-        dest: '/etc/systemd/network/40-wg0.network',
-      }
-    - {
-        src: 'templates/desktop/network/wg0.netdev.j2',
-        dest: '/etc/systemd/network/40-wg0.netdev',
-      }
-  when: platform == "desktop"
-
- name: setup laptop network configuration
-  become: true
-  template:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
-    owner: root
-    group: systemd-network
-    mode: '0640'
-  loop:
-    - {
-        src: 'templates/laptop/network/wireless.network.j2',
-        dest: '/etc/systemd/network/20-wireless.network',
-      }
-    - {
-        src: 'templates/laptop/network/vmbr0.network.j2',
-        dest: '/etc/systemd/network/30-vmbr0.network',
-      }
-    - {
-        src: 'templates/laptop/network/vmbr0.netdev.j2',
-        dest: '/etc/systemd/network/30-vmbr0.netdev',
-      }
-    - {
-        src: 'templates/laptop/network/wg0.network.j2',
-        dest: '/etc/systemd/network/40-wg0.network',
-      }
-    - {
-        src: 'templates/laptop/network/wg0.netdev.j2',
-        dest: '/etc/systemd/network/40-wg0.netdev',
-      }
-  when: platform == "laptop"
-
- name: restart systemd-networkd
-  become: true
-  systemd:
-    name: systemd-networkd
-    state: restarted
-    enabled: true
-
- name: start systemd-resolved service
-  become: true
-  systemd:
-    name: systemd-resolved
-    state: started
-    enabled: true
-
- name: start iwd service
-  become: true
-  systemd:
-    name: iwd
-    state: started
-    enabled: true
-  when: platform == "laptop"
-
- name: copy firewall template
-  become: true
-  template:
-    src: 'templates/{{ platform }}/nftables.j2'
-    dest: '/etc/nftables.conf'
-    owner: root
-    group: root
-    mode: '0600'
-  notify: restart nftables
--- a/tasks/network/desktop.yml
+++ b/tasks/network/desktop.yml
@ -0,0 +1,27 @@
+- name: Desktop configuration
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  block:
+    - name: Setup network configuration
+      become: true
+      ansible.builtin.template:
+        src: '{{ item.src }}'
+        dest: '{{ item.dest }}'
+        owner: root
+        group: systemd-network
+        mode: '0640'
+      loop:
+        - src: 'templates/desktop/network/enp1s0.link.j2'
+          dest: '/etc/systemd/network/20-enp1s0.link'
+        - src: 'templates/desktop//network/enp1s0.network.j2'
+          dest: '/etc/systemd/network/20-enp1s0.network'
+
+    - name: Remove leftover configuration files
+      become: true
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - '/etc/systemd/network/30-vmbr0.network'
+        - '/etc/systemd/network/30-vmbr0.netdev'
--- a/tasks/network/htpc.yml
+++ b/tasks/network/htpc.yml
--- a/tasks/network/main.yml
+++ b/tasks/network/main.yml
@ -0,0 +1,28 @@
+# Note that Wireguard does DNS resolution only once during connection.
+# When a client's IP changes, the server should be notified in some way,
+# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
+# for example.
+
+- name: Set hostname
+  become: true
+  ansible.builtin.hostname:
+    name: '{{ hostname }}'
+    use: systemd
+
+- name: Copy hosts file
+  become: true
+  ansible.builtin.template:
+    src: templates/hosts.j2
+    dest: /etc/hosts
+    mode: '0644'
+    owner: root
+
+- name: Copy firewall template
+  become: true
+  ansible.builtin.template:
+    src: 'templates/{{ ansible_hostname }}/nftables.j2'
+    dest: /etc/nftables.conf
+    owner: root
+    group: root
+    mode: '0600'
+  notify: restart nftables
--- a/tasks/network/xps.yml
+++ b/tasks/network/xps.yml
@ -0,0 +1,47 @@
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/xps/network/wlan0-local.network.j2'
+      dest: '/etc/systemd/network/10-wireless.network'
+
+    - src: 'templates/xps/network/wlan0-frans.network.j2'
+      dest: '/etc/systemd/network/11-wireless.network'
+
+    - src: 'templates/xps/network/wlan0.network.j2'
+      dest: '/etc/systemd/network/20-wireless.network'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Create iwd directory
+  become: true
+  ansible.builtin.template:
+    src: templates/xps/iwd.j2
+    dest: /etc/iwd
+    mode: '0644'
+    owner: root
+
+- name: Provision iwd configuration
+  become: true
+  ansible.builtin.template:
+    src: templates/xps/iwd.j2
+    dest: /etc/iwd/main.config
+    mode: '0755'
+    owner: root
+  notify: restart iwd
+
+- name: Remove leftover configuration files
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: absent
+  loop:
+    - /etc/systemd/network/30-vmbr0.network
+    - /etc/systemd/network/30-vmbr0.netdev
+    - /etc/systemd/network/10-wlan0.link
--- a/tasks/pipewire.yml
+++ b/tasks/pipewire.yml
@ -1,38 +0,0 @@
-#  Note that pulsaudio should be removed by installing pipewire-pulse manually
-
- name: create pipewire-pulse override directory
-  file:
-    path: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/'
-    state: directory
-
-# sets up an post activation script to load the module-native-protocol-tcp
-# with given parameters. This is not yet supported through pipewire-pulse's configuration,
-# see https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp
- name: copy pipewire-pulse service override
-  template:
-    src: 'templates/pipewire-pulse.j2'
-    dest: '{{ xdg_config_dir }}/systemd/user/pipewire-pulse.service.d/override.conf'
-
- name: copy pipewire-pulse script
-  template:
-    src: 'templates/{{ platform }}/pulse-script.j2'
-    dest: '{{ xdg_script_dir }}/pulse-script'
-    mode: 0755
-
- name: start pipewire socket
-  systemd:
-    name: pipewire.socket
-    state: started
-    enabled: true
-    scope: user
-
- name: restart pipewire-pulse
-  systemd:
-    name: '{{ item.name }}'
-    state: restarted
-    enabled: '{{ item.enabled }}'
-    scope: user
-    daemon-reload: true
-  loop:
-    - { name: 'pipewire-pulse.socket', enabled: true }
-    - { name: 'pipewire-pulse.service', enabled: false }
--- a/tasks/platform.yml
+++ b/tasks/platform.yml
@ -1,22 +0,0 @@
- name: detect platform
-  command: laptop-detect
-  register: is_laptop
-  failed_when: is_laptop.rc == 2
-
- name: set platform (desktop)
-  set_fact:
-    platform: 'desktop'
-  when: is_laptop.rc == 1
-
- name: set platform (laptop)
-  set_fact:
-    platform: 'laptop'
-  when: is_laptop.rc == 0
-
- name: load desktop specific vars
-  include_vars: 'vars/desktop.yml'
-  when: platform == "desktop"
-
- name: load laptop specific vars
-  include_vars: 'vars/laptop.yml'
-  when: platform == "laptop"
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -1,51 +1,205 @@
- name: copy reflector configuration
+- name: Provision pollkit administrator configuration
  become: true
-  template:
+  ansible.builtin.template:
+    src: 'templates/polkit.j2'
+    dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules'
+    mode: '0755'
+
+- name: Install shared packages
+  become: true
+  community.general.pacman:
+    name: '{{ packages }}'
+
+- name: Copy reflector configuration
+  become: true
+  ansible.builtin.template:
    src: 'templates/reflector.j2'
    dest: '/etc/xdg/reflector/reflector.conf'
-    owner: root
-    group: root
    mode: '0600'

 # started by weekly timer
- name: disable reflector
+- name: Disable reflector
  become: true
-  systemd:
+  ansible.builtin.systemd:
    name: reflector
    state: stopped
    enabled: false

- name: copy pacman configuration
+- name: Copy pacman configuration
  become: true
-  template:
+  ansible.builtin.template:
    src: 'templates/pacman.j2'
    dest: '/etc/pacman.conf'
    owner: root
    group: root
    mode: '0644'

- name: create extra conf
+- name: Create extra conf
  become: true
-  file:
+  ansible.builtin.file:
    path: '/etc/pacman.d/extra.conf'
    owner: root
    group: root
    state: touch
    mode: '0644'

- name: copy powertop service
-  become: true
-  template:
-    src: 'templates/{{ platform }}/powertop.j2'
-    dest: '/etc/systemd/system/powertop.service'
-    owner: root
-    group: root
-    mode: '0644'
-  notify: restart powertop
-  when: platform == "laptop"
+- name: Setup Wezterm
+  when: "'wezterm' in packages"
+  block:
+    - name: Create wezterm configuration dir
+      ansible.builtin.file:
+        path: '{{ xdg_config_dir }}/wezterm/includes'
+        state: directory
+        mode: '0755'

- name: enable fstrim timer
+    - name: Copy wezterm configuration files
+      ansible.builtin.template:
+        src: '{{ item.src }}'
+        dest: '{{ item.dest }}'
+        mode: '0755'
+      loop:
+        - src: 'templates/wezterm/wezterm.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
+
+        - src: 'templates/wezterm/includes/colors.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
+
+        - src: 'templates/wezterm/includes/fonts.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
+
+        - src: 'templates/wezterm/includes/window.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
+
+- name: Enable fstrim timer
  become: true
-  systemd:
+  ansible.builtin.systemd:
    name: fstrim.timer
    enabled: true
+
+- name: Remove the sysctl.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/sysctl.d
+    state: absent
+
+- name: Recreate the sysctl.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/sysctl.d
+    state: directory
+    mode: '0755'
+
+- name: Copy sysctl files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop:
+    - src: 'templates/sysctl/99-sysrq.conf.j2'
+      dest: '/etc/sysctl.d/99-sysrq.conf'
+    - src: 'templates/sysctl/98-forward.conf.j2'
+      dest: '/etc/sysctl.d/98-foward.conf'
+  notify: reload sysctl configuration
+
+- name: Remove the modprobe.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/modprobe.d
+    state: absent
+
+- name: Recreate the modprobe.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/modprobe.d
+    state: directory
+    mode: '0755'
+
+- name: Copy modprobe configuration files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop: '{{ modprobe_templates }}'
+  when: modprobe_templates
+
+- name: Copy kernel parameters template
+  become: true
+  ansible.builtin.template:
+    src: 'templates/{{ ansible_hostname }}/cmdline.j2'
+    dest: '/etc/kernel/cmdline'
+    mode: '0755'
+
+- name: Remove the mkinitcpio directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: absent
+  loop:
+    - /etc/mkinitcpio.conf.d
+    - /etc/mkinitcpio.d
+
+- name: Recreate the mkinitcpio directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: directory
+    mode: '0755'
+  loop:
+    - /etc/mkinitcpio.conf.d
+    - /etc/mkinitcpio.d
+
+- name: Copy mkinitcpio configuration files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop: '{{ mkinitcpio_templates }}'
+  when: '{{ mkinitcpio_templates | length > 0 }}'
+
+- name: Regenerate initramfs images
+  become: true
+  ansible.builtin.command: 'mkinitcpio --allpresets'
+  register: mkinitcpio_stats
+
+- name: Log mkinitcpio stdout
+  ansible.builtin.debug:
+    var: mkinitcpio_stats.stdout_lines
+
+- name: Create a Linux UEFI boot entry
+  become: true
+  ansible.builtin.command: efibootmgr \
+    --create \
+    --disk '{{ boot_configuration.disk }}' \
+    --part '{{ boot_configuration.partition }}' \
+    --label 'Arch Linux'  \
+    --loader '\EFI\Linux\linux.efi'\
+    --unicode
+    --index 0
+  register: efi_linux_stats
+  when: register_uefi_entries
+
+- name: Log efibootmgr stdout
+  ansible.builtin.debug:
+    var: efi_linux_stats.stdout_lines
+  when: register_uefi_entries
+
+- name: Create a Linux LTS UEFI boot entry
+  become: true
+  ansible.builtin.command: efibootmgr \
+    --create \
+    --disk '{{ boot_configuration.disk }}' \
+    --part '{{ boot_configuration.partition }}' \
+    --label 'Arch Linux LTS'  \
+    --loader '\EFI\Linux\linux-lts.efi'\
+    --unicode
+    --index 1
+  register: efi_linux_lts_stats
+  when: register_uefi_entries
+
+- name: Log efibootmgr LTS stdout
+  ansible.builtin.debug:
+    var: efi_linux_lts_stats.stdout_lines
+  when: register_uefi_entries
--- a/tasks/syncthing.yml
+++ b/tasks/syncthing.yml
@ -1,11 +1,18 @@
- name: create configuration dir
-  file:
+- name: Create configuration dir
+  ansible.builtin.file:
    path: '{{ xdg_config_dir }}/syncthing'
    state: directory
+    mode: '0755'

- name: copy configuration file
-  template:
-    src: 'templates/{{ platform }}/syncthing.j2'
+- name: Stop syncthing service
+  ansible.builtin.systemd:
+    name: syncthing
+    scope: user
+    state: stopped
+
+- name: Copy configuration file
+  ansible.builtin.template:
+    src: 'templates/syncthing/config.j2'
    dest: '{{ xdg_config_dir }}/syncthing/config.xml'
-    mode: '0600'
-  notify: restart syncthing
+    mode: '0640'
+  notify: start syncthing
--- a/tasks/systemd.yml
+++ b/tasks/systemd.yml
@ -1,24 +1,27 @@
- name: setup systemd user service folder
-  file:
+- name: Setup systemd user service folder
+  ansible.builtin.file:
    path: '{{ xdg_config_dir }}/systemd/user'
    state: directory
    mode: '0755'

- name: add ssh-agent service
-  template:
+- name: Add ssh-agent service
+  ansible.builtin.template:
    src: 'templates/ssh-agent.j2'
    dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service'
    mode: '0644'
  notify: restart user ssh-agent

- name: copy tmux service
-  template:
+- name: Copy tmux service
+  ansible.builtin.template:
    src: 'templates/tmux.j2'
    dest: '{{ xdg_config_dir }}/systemd/user/tmux.service'
    mode: '0644'
+  notify:
+    - user daemon-reload
+    - restart tmux service

- name: copy tmux startup script
-  copy:
+- name: Copy tmux startup script
+  ansible.builtin.copy:
    src: 'files/tmux_start'
    dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start'
    mode: '0740'
--- a/tasks/timer.yml
+++ b/tasks/timer.yml
@ -1,5 +1,5 @@
 - name: copy timer files
-  become: yes
+  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
@ -13,7 +13,7 @@
    - enable weekly timer

 - name: copy target files
-  become: yes
+  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
@ -22,12 +22,12 @@
  loop:
    - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' }
    - {
-        src: 'templates/timer/weekly_target.j2',
-        dest: '/etc/systemd/system/weekly.target',
-      }
+      src: 'templates/timer/weekly_target.j2',
+      dest: '/etc/systemd/system/weekly.target',
+    }

 - name: create target directories
-  become: yes
+  become: true
  file:
    path: '{{ item }}'
    state: directory
@ -38,7 +38,7 @@
    - '/etc/systemd/system/weekly.target.wants'

 - name: add reflector to weekly timer
-  become: yes
+  become: true
  file:
    src: '/usr/lib/systemd/system/reflector.service'
    dest: '/etc/systemd/system/weekly.target.wants/reflector.service'
--- a/tasks/wireguard-media.yml
+++ b/tasks/wireguard-media.yml
@ -0,0 +1,71 @@
+- name: Include wireguard media defaults
+  ansible.builtin.include_vars:
+    file: vars/wireguard-media.yml
+
+- name: Create Wireguard directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    owner: root
+    group: systemd-network
+    mode: '0750'
+    state: directory
+    recurse: true
+  loop:
+    - '{{ vpn_config_dir }}'
+    - '{{ wireguard_media_defaults.private_key_path | dirname }}'
+    - '{{ wireguard_media_defaults.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard credentials
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - dest: '{{ wireguard_media_defaults.public_key_path }}'
+      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub'
+
+    - dest: '{{ wireguard_media_defaults.private_key_path }}'
+      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard preshared keys
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.preshared_key_source_path }}'
+    dest: '{{ item.preshared_key_path }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop: '{{ wireguard_media_defaults.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2'
+      dest: '/etc/systemd/network/40-wg1.network'
+
+    - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2'
+      dest: '/etc/systemd/network/40-wg1.netdev'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  vars:
+    wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"
--- a/tasks/wireguard.yml
+++ b/tasks/wireguard.yml
@ -0,0 +1,71 @@
+- name: Include wireguard defaults
+  ansible.builtin.include_vars:
+    file: vars/wireguard.yml
+
+- name: Create Wireguard directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    owner: root
+    group: systemd-network
+    mode: '0750'
+    state: directory
+    recurse: true
+  loop:
+    - '{{ vpn_config_dir }}'
+    - '{{ wireguard_defaults.private_key_path | dirname }}'
+    - '{{ wireguard_defaults.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard credentials
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - dest: '{{ wireguard_defaults.public_key_path }}'
+      src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub'
+
+    - dest: '{{ wireguard_defaults.private_key_path }}'
+      src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard preshared keys
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.preshared_key_source_path }}'
+    dest: '{{ item.preshared_key_path }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop: '{{ wireguard_defaults.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2'
+      dest: '/etc/systemd/network/40-wg0.network'
+
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2'
+      dest: '/etc/systemd/network/40-wg0.netdev'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  vars:
+    wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"
--- a/tasks/xps.yml
+++ b/tasks/xps.yml
@ -0,0 +1,46 @@
+- name: Provision powertop systemd service
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/system/powertop.service
+    state: absent
+
+- name: Provision python pa-dlna
+  block:
+    - name: Create configuration directory
+      ansible.builtin.file:
+        path: '{{ xdg_config_dir }}/pa-dlna'
+        state: directory
+        mode: '0755'
+
+    - name: Copy configuration file
+      ansible.builtin.template:
+        src: templates/xps/pa-dlna/config.j2
+        dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf'
+        mode: '0755'
+
+    - name: Copy systemd service
+      ansible.builtin.template:
+        src: templates/xps/pa-dlna/service.j2
+        dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service'
+        mode: '0755'
+
+    - name: Create virtualenv directory
+      become: true
+      ansible.builtin.file:
+        path: /opt/virtualenv/pa-dlna
+        state: directory
+        owner: sonny
+        group: sonny
+        mode: '0755'
+
+    - name: Install pa-dlna
+      ansible.builtin.pip:
+        name: 'pa-dlna=={{ pa_dlna_version }}'
+        virtualenv: /opt/virtualenv/pa-dlna
+        virtualenv_command: python3.13 -m venv
+
+    - name: Install python-systemd
+      ansible.builtin.pip:
+        name: 'python-systemd=={{ pa_dlna_systemd_version }}'
+        virtualenv: /opt/virtualenv/pa-dlna
+        virtualenv_command: python3.13 -m venv
--- a/templates/desktop/cmdline.j2
+++ b/templates/desktop/cmdline.j2
@ -0,0 +1 @@
+root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable
--- a/templates/desktop/mkinitcpio/1-modules.conf.j2
+++ b/templates/desktop/mkinitcpio/1-modules.conf.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+MODULES=(amdgpu)
--- a/templates/desktop/mkinitcpio/linux-lts.preset.j2
+++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux-lts.efi"
+default_kver="/boot/vmlinuz-linux-lts"
--- a/templates/desktop/mkinitcpio/linux.preset.j2
+++ b/templates/desktop/mkinitcpio/linux.preset.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux.efi"
+default_kver="/boot/vmlinuz-linux"
--- a/templates/desktop/modprobe/99-amdgpu.conf.j2
+++ b/templates/desktop/modprobe/99-amdgpu.conf.j2
@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+# disable Panel Self Refresh for 6.10
+# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514
+options amdgpu dcdebugmask=0x12
--- a/templates/desktop/network/enp.network.j2
+++ b/templates/desktop/network/enp.network.j2
@ -1,7 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=enp*
-
-[Network]
-DHCP=yes
--- a/templates/desktop/network/enp1s0.link.j2
+++ b/templates/desktop/network/enp1s0.link.j2
@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+[Match]
+MACAddress={{ lan_interface_mac }}
+
+[Link]
+Name={{ lan_interface }}
--- a/templates/desktop/network/enp1s0.network.j2
+++ b/templates/desktop/network/enp1s0.network.j2
@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ lan_interface }}
+
+[Network]
+Address={{ local_network_address }}
+Gateway={{ local_network_gateway }}
+DNS={{ local_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+RequiredForOnline=routable
--- a/templates/desktop/network/vmbr0.netdev.j2
+++ b/templates/desktop/network/vmbr0.netdev.j2
@ -1,5 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[NetDev]
-Name=vmbr0
-Kind=bridge
--- a/templates/desktop/network/vmbr0.network.j2
+++ b/templates/desktop/network/vmbr0.network.j2
@ -1,10 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=vmbr0
-
-[Network]
-Address=10.4.0.1/24
-DHCP=yes
-IPForward=yes
-ConfigureWithoutCarrier=yes
--- a/templates/desktop/network/wg0.netdev.j2
+++ b/templates/desktop/network/wg0.netdev.j2
@ -1,20 +1,21 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}

 [NetDev]
-Name={{ vpn_interface }}
+Name={{ wireguard.interface }}
 Kind=wireguard
-Description=WireGuard tunnel {{ vpn_interface }}
+Description=WireGuard tunnel {{ wireguard.interface }}

 [WireGuard]
-# PrivateKeyFile option does not seem to work, perhaps a bug?
-PrivateKey={{ vpn_private_key }}
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main

-{% for peer in vpn_peers %}
+{% for peer in wireguard.peers %}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
-# PresharedKeyFile option does not seem to work, perhaps a bug?
-PresharedKey={{ peer.preshared_key }}
-AllowedIPs={{ peer.allowd_ips }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
 {% endif %}
--- a/templates/desktop/network/wg0.network.j2
+++ b/templates/desktop/network/wg0.network.j2
@ -1,7 +1,10 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}

 [Match]
-Name={{ vpn_interface }}
+Name={{ wireguard.interface }}

 [Network]
-Address={{ vpn_ip }}/{{ vpn_subnet }}
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
--- a/templates/desktop/network/wg1.netdev.j2
+++ b/templates/desktop/network/wg1.netdev.j2
@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
--- a/templates/desktop/network/wg1.network.j2
+++ b/templates/desktop/network/wg1.network.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
--- a/templates/desktop/nftables.j2
+++ b/templates/desktop/nftables.j2
@ -1,12 +1,11 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
+#!/usr/bin/nft -f
 # vim:set ts=2 sw=2 et:

 flush ruleset

 table inet filter {
  chain input {
-    type filter hook input priority 0;
+    type filter hook input priority 0; policy drop;

    # allow established/related connections
    ct state { established, related } accept
@ -21,20 +20,14 @@ table inet filter {
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

+    # allow mDNS
+    udp dport 5353 accept
+
    # allow ssh
    tcp dport ssh accept

    # syncthing
    ip saddr 10.0.0.1 tcp dport 22000 accept
-
-    # allow remote pulse audio
-    ip saddr 10.0.0.1 tcp dport 4713 accept
-
-    # allow dhcp requests for bridget connections
-    iifname "vmbr0" udp dport { 53, 67 } accept
-
-    # everything else
-    reject with icmpx type port-unreachable
  }

  chain forward {
@ -43,9 +36,6 @@ table inet filter {
    ct state { established, related } accept;

    mark 1 accept
-
-    iifname "vmbr0" oifname "enp34s0" accept
-    iifname "enp34s0" oifname "vmbr0" accept
  }
 }

@ -54,16 +44,3 @@ table ip filter {
    mark set 1
  }
 }
-
-table ip nat {
-  chain prerouting {
-    type nat hook prerouting priority 0; policy accept;
-
-    # iifname "enp34s0" tcp dport { http } dnat to 10.4.0.243
-  }
-
-  chain postrouting {
-    type nat hook postrouting priority 0; policy accept;
-    oifname "enp34s0" masquerade
-  }
-}
--- a/templates/desktop/pulse-script.j2
+++ b/templates/desktop/pulse-script.j2
@ -1,5 +0,0 @@
-#!/usr/bin/sh
-#
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen={{ vpn_ip }}
--- a/templates/desktop/syncthing.j2
+++ b/templates/desktop/syncthing.j2
@ -1,134 +0,0 @@
-<!-- {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -->
-
-<configuration version="32">
-    <folder id="Pictures" label="Pictures" path="/home/sonny/Pictures/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="false" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" introducedBy=""></device>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <folder id="default" label="Default Folder" path="/home/sonny/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" introducedBy=""></device>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning type="simple">
-            <param key="keep" val="5"></param>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>-1</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" name="Desktop" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>dynamic</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" name="Zeus" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>tcp://10.0.0.1:22000</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <gui enabled="true" tls="true" debugging="false">
-        <address>127.0.0.1:8384</address>
-        <apikey>Qo5fAhxR7LnwvJ7eGYr4gigkHm2LrT6y</apikey>
-        <theme>dark</theme>
-    </gui>
-    <ldap></ldap>
-    <options>
-        <listenAddress>default</listenAddress>
-        <globalAnnounceServer>default</globalAnnounceServer>
-        <globalAnnounceEnabled>true</globalAnnounceEnabled>
-        <localAnnounceEnabled>true</localAnnounceEnabled>
-        <localAnnouncePort>21027</localAnnouncePort>
-        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <reconnectionIntervalS>60</reconnectionIntervalS>
-        <relaysEnabled>true</relaysEnabled>
-        <relayReconnectIntervalM>10</relayReconnectIntervalM>
-        <startBrowser>true</startBrowser>
-        <natEnabled>true</natEnabled>
-        <natLeaseMinutes>60</natLeaseMinutes>
-        <natRenewalMinutes>30</natRenewalMinutes>
-        <natTimeoutSeconds>10</natTimeoutSeconds>
-        <urAccepted>3</urAccepted>
-        <urSeen>0</urSeen>
-        <urUniqueID>rxdDP3h2</urUniqueID>
-        <urURL>https://data.syncthing.net/newdata</urURL>
-        <urPostInsecurely>false</urPostInsecurely>
-        <urInitialDelayS>1800</urInitialDelayS>
-        <restartOnWakeup>true</restartOnWakeup>
-        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
-        <upgradeToPreReleases>false</upgradeToPreReleases>
-        <keepTemporariesH>24</keepTemporariesH>
-        <cacheIgnoredFiles>false</cacheIgnoredFiles>
-        <progressUpdateIntervalS>5</progressUpdateIntervalS>
-        <limitBandwidthInLan>false</limitBandwidthInLan>
-        <minHomeDiskFree unit="%">1</minHomeDiskFree>
-        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
-        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
-        <tempIndexMinBlocks>10</tempIndexMinBlocks>
-        <unackedNotificationID>authenticationUserAndPassword</unackedNotificationID>
-        <trafficClass>0</trafficClass>
-        <defaultFolderPath>~</defaultFolderPath>
-        <setLowPriority>true</setLowPriority>
-        <maxFolderConcurrency>0</maxFolderConcurrency>
-        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
-        <crashReportingEnabled>true</crashReportingEnabled>
-        <stunKeepaliveStartS>180</stunKeepaliveStartS>
-        <stunKeepaliveMinS>20</stunKeepaliveMinS>
-        <stunServer>default</stunServer>
-        <databaseTuning>auto</databaseTuning>
-        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
-    </options>
-</configuration>
--- a/templates/desktop/xdg-desktop-portal.service.j2
+++ b/templates/desktop/xdg-desktop-portal.service.j2
@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Unit]
+Requires=plasma-core.target
+After=plasma-core.target
--- a/templates/gitconfig.j2
+++ b/templates/gitconfig.j2
@ -1,10 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-
-[user]
-email = sonny871@hotmail.com
-name = Sonny Bakker
-signingkey = {{ gpg_pub_key }}
-
-[pull]
-rebase = false
--- a/templates/hosts.j2
+++ b/templates/hosts.j2
@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+127.0.0.1   localhost.localdomain localhost
+127.0.1.1   localhost.localdomain {{ hostname }}
+::1         localhost.localdomain localhost
--- a/templates/htpc/cmdline.j2
+++ b/templates/htpc/cmdline.j2
@ -0,0 +1 @@
+rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap
--- a/templates/htpc/mkinitcpio/1-modules.conf.j2
+++ b/templates/htpc/mkinitcpio/1-modules.conf.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+MODULES=(amdgpu)
--- a/templates/htpc/mkinitcpio/linux-lts.preset.j2
+++ b/templates/htpc/mkinitcpio/linux-lts.preset.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux-lts.efi"
+default_kver="/boot/vmlinuz-linux-lts"
--- a/templates/htpc/mkinitcpio/linux.preset.j2
+++ b/templates/htpc/mkinitcpio/linux.preset.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux.efi"
+default_kver="/boot/vmlinuz-linux"
--- a/templates/htpc/network/enp1s0.link.j2
+++ b/templates/htpc/network/enp1s0.link.j2
@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+[Match]
+MACAddress={{ lan_interface_mac }}
+
+[Link]
+Name={{ lan_interface }}
--- a/templates/htpc/network/enp1s0.network.j2
+++ b/templates/htpc/network/enp1s0.network.j2
@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ lan_interface }}
+
+[Network]
+Address={{ local_network_address }}
+Gateway={{ local_network_gateway }}
+DNS={{ local_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+RequiredForOnline=routable
--- a/templates/htpc/network/wg1.netdev.j2
+++ b/templates/htpc/network/wg1.netdev.j2
@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
--- a/templates/htpc/network/wg1.network.j2
+++ b/templates/htpc/network/wg1.network.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
--- a/templates/htpc/nftables.j2
+++ b/templates/htpc/nftables.j2
@ -0,0 +1,29 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+flush ruleset
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0; policy drop;
+
+    # allow established/related connections
+    ct state { established, related } accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow mDNS
+    udp dport 5353 accept
+
+    # allow ssh
+    tcp dport ssh accept
+  }
+}
--- a/templates/laptop/network/vmbr0.netdev.j2
+++ b/templates/laptop/network/vmbr0.netdev.j2
@ -1,5 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[NetDev]
-Name=vmbr0
-Kind=bridge
--- a/templates/laptop/network/vmbr0.network.j2
+++ b/templates/laptop/network/vmbr0.network.j2
@ -1,10 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=vmbr0
-
-[Network]
-Address=10.5.0.1/24
-DHCP=ipv4
-IPForward=ipv4
-ConfigureWithoutCarrier=yes
--- a/templates/laptop/network/wg0.netdev.j2
+++ b/templates/laptop/network/wg0.netdev.j2
@ -1,24 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[NetDev]
-Name={{ vpn_interface }}
-Kind=wireguard
-Description=WireGuard tunnel {{ vpn_interface }}
-
-[WireGuard]
-# PrivateKeyFile option does not seem to work, perhaps a bug?
-PrivateKey={{ vpn_private_key }}
-
-{% for peer in vpn_peers %}
-[WireGuardPeer]
-PublicKey={{ peer.public_key }}
-# PresharedKeyFile option does not seem to work, perhaps a bug?
-PresharedKey={{ peer.preshared_key }}
-AllowedIPs={{ peer.allowd_ips }}
-{% if peer.endpoint %}
-Endpoint={{ peer.endpoint }}
-{% endif %}
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
--- a/templates/laptop/network/wg0.network.j2
+++ b/templates/laptop/network/wg0.network.j2
@ -1,7 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name={{ vpn_interface }}
-
-[Network]
-Address={{ vpn_ip }}/{{ vpn_subnet }}
--- a/templates/laptop/network/wireless.network.j2
+++ b/templates/laptop/network/wireless.network.j2
@ -1,7 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=wlan0
-
-[Network]
-DHCP=ipv4
--- a/templates/laptop/powertop.j2
+++ b/templates/laptop/powertop.j2
@ -1,11 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Unit]
-Description=Powertop tunings
-
-[Service]
-ExecStart=/usr/bin/powertop --auto-tune
-RemainAfterExit=true
-
-[Install]
-WantedBy=multi-user.target
--- a/templates/laptop/pulse-script.j2
+++ b/templates/laptop/pulse-script.j2
@ -1,5 +0,0 @@
-#!/usr/bin/sh
-#
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-/usr/bin/pactl load-module module-native-protocol-tcp auth-anonymous=1 listen=10.0.0.2
--- a/templates/laptop/syncthing.j2
+++ b/templates/laptop/syncthing.j2
@ -1,134 +0,0 @@
-<!-- {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -->
-
-<configuration version="32">
-    <folder id="Pictures" label="Pictures" path="/home/sonny/Pictures/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <folder id="default" label="Sync" path="/home/sonny/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning type="simple">
-            <param key="keep" val="5"></param>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" name="Zeus" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>tcp://10.0.0.1:22000</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" name="XPS" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>dynamic</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <gui enabled="true" tls="true" debugging="false">
-        <address>127.0.0.1:8384</address>
-        <apikey>2y25PxNtQjtDoe6qnDSiWpmSMpJnvoyi</apikey>
-        <theme>dark</theme>
-    </gui>
-    <ldap></ldap>
-    <options>
-        <listenAddress>default</listenAddress>
-        <globalAnnounceServer>default</globalAnnounceServer>
-        <globalAnnounceEnabled>true</globalAnnounceEnabled>
-        <localAnnounceEnabled>true</localAnnounceEnabled>
-        <localAnnouncePort>21027</localAnnouncePort>
-        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <reconnectionIntervalS>60</reconnectionIntervalS>
-        <relaysEnabled>true</relaysEnabled>
-        <relayReconnectIntervalM>10</relayReconnectIntervalM>
-        <startBrowser>true</startBrowser>
-        <natEnabled>true</natEnabled>
-        <natLeaseMinutes>60</natLeaseMinutes>
-        <natRenewalMinutes>30</natRenewalMinutes>
-        <natTimeoutSeconds>10</natTimeoutSeconds>
-        <urAccepted>-1</urAccepted>
-        <urSeen>0</urSeen>
-        <urUniqueID>A3FvpLVX</urUniqueID>
-        <urURL>https://data.syncthing.net/newdata</urURL>
-        <urPostInsecurely>false</urPostInsecurely>
-        <urInitialDelayS>1800</urInitialDelayS>
-        <restartOnWakeup>true</restartOnWakeup>
-        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
-        <upgradeToPreReleases>false</upgradeToPreReleases>
-        <keepTemporariesH>24</keepTemporariesH>
-        <cacheIgnoredFiles>false</cacheIgnoredFiles>
-        <progressUpdateIntervalS>5</progressUpdateIntervalS>
-        <limitBandwidthInLan>false</limitBandwidthInLan>
-        <minHomeDiskFree unit="%">1</minHomeDiskFree>
-        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
-        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
-        <tempIndexMinBlocks>10</tempIndexMinBlocks>
-        <unackedNotificationID>authenticationUserAndPassword</unackedNotificationID>
-        <trafficClass>0</trafficClass>
-        <defaultFolderPath>~</defaultFolderPath>
-        <setLowPriority>true</setLowPriority>
-        <maxFolderConcurrency>0</maxFolderConcurrency>
-        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
-        <crashReportingEnabled>true</crashReportingEnabled>
-        <stunKeepaliveStartS>180</stunKeepaliveStartS>
-        <stunKeepaliveMinS>20</stunKeepaliveMinS>
-        <stunServer>default</stunServer>
-        <databaseTuning>auto</databaseTuning>
-        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
-    </options>
-</configuration>
--- a/templates/mpd/mpd.conf.j2
+++ b/templates/mpd/mpd.conf.j2
@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+#
+bind_to_address       "{{ mpd_listen_address }}"
+port                  "{{ mpd_listen_port }}"
+
+playlist_directory     "{{ mpd_configuration_dir }}/playlists"
+state_file             "{{ mpd_configuration_dir }}/state"
+
+database {
+  plugin  "proxy"
+  host    "{{ mpd_remote_address }}"
+  port    "{{ mpd_remote_port }}"
+}
+
+audio_output {
+  name    "mpd"
+  type    "pipewire"
+  dsd     "yes"
+}
+
+audio_output {
+  type    "fifo"
+  name    "my_fifo"
+  path    "/tmp/mpd.fifo"
+}
+
+input {
+  enabled   "no"
+  plugin    "tidal"
+}
+
+input {
+  enabled   "no"
+  plugin    "qobuz"
+}
+
+decoder {
+  enabled   "no"
+  plugin    "wildmidi"
+}
--- a/templates/mpd/ncmpc.j2
+++ b/templates/mpd/ncmpc.j2
@ -0,0 +1,32 @@
+## {{ ansible_managed }}
+#
+##
+## Configuration file for ncmpc (~/.config/ncmpc/config)
+##
+
+############## Connection ###################
+## Connect to mpd running on a specified host
+host = {{ mpd_remote_address }}
+
+## Connect to mpd on the specified port.
+port = {{ mpd_remote_port }}
+
+############## Theme ###################
+# Topbar
+color title = 0/254
+color line = 0/254
+
+# Main window
+color background = 15
+color list = 239/15
+color browser-directory = 239/15
+color browser-playlist = 239/15
+
+# Selected
+color list-bold = 147/255
+
+# Bottombar
+color progressbar = 0
+color status-state = 0/255
+color status-song = 0/255
+color status-time = 0/255
--- a/templates/mpd/ncmpcpp/bindings.j2
+++ b/templates/mpd/ncmpcpp/bindings.j2
@ -0,0 +1,323 @@
+# {{ ansible_managed }}
+
+# enabled bindings
+def_key "a"
+  add_item_to_playlist
+
+def_key "l"
+  jump_to_playing_song
+
+def_key "l"
+  next_column
+
+def_key "h"
+  previous_column
+
+def_key "k"
+  scroll_up
+
+def_key "j"
+  scroll_down
+
+def_key "tab"
+  next_screen
+
+def_key "shift-tab"
+  previous_screen
+
+def_key "f1"
+  show_help
+
+def_key "1"
+  show_playlist
+
+def_key "2"
+  show_browser
+
+def_key "2"
+  change_browse_mode
+
+def_key "3"
+  show_search_engine
+
+def_key "3"
+  reset_search_engine
+
+def_key "4"
+  show_media_library
+
+def_key "4"
+  toggle_media_library_columns_mode
+
+def_key "5"
+  show_playlist_editor
+
+def_key "6"
+  show_tag_editor
+
+def_key "7"
+  show_outputs
+
+def_key "8"
+  show_visualizer
+
+def_key "["
+  scroll_up_album
+
+def_key "]"
+  scroll_down_album
+
+def_key "{"
+  scroll_up_artist
+
+def_key "}"
+  scroll_down_artist
+
+def_key "page_up"
+  page_up
+
+def_key "page_down"
+  page_down
+
+def_key "home"
+  move_home
+
+def_key "end"
+  move_end
+
+def_key "enter"
+  enter_directory
+
+def_key "enter"
+  toggle_output
+
+def_key "enter"
+  run_action
+
+def_key "enter"
+  play_item
+
+def_key "delete"
+  delete_playlist_items
+
+def_key "delete"
+  delete_browser_items
+
+def_key "delete"
+  delete_stored_playlist
+
+def_key "s"
+  stop
+
+def_key "p"
+  pause
+
+def_key ">"
+  next
+
+def_key "<"
+  previous
+
+def_key "ctrl-h"
+  replay_song
+
+def_key "f"
+  seek_forward
+
+def_key "b"
+  seek_backward
+
+def_key "ctrl-r"
+  toggle_repeat
+
+def_key "ctrl-z"
+  toggle_random
+
+def_key "ctrl-s"
+  toggle_single
+
+def_key "u"
+  update_database
+
+def_key "/"
+  find_item_forward
+  find
+
+def_key "q"
+  quit
+
+def_key "v"
+  select_range
+
+def_key "c"
+  remove_selection
+
+def_key "C"
+  clear_playlist
+
+
+# default dummy bindings
+def_key "mouse"
+  dummy
+
+def_key "up"
+  dummy
+
+def_key "shift-up"
+  dummy
+
+def_key "down"
+  dummy
+
+def_key "shift-down"
+  dummy
+
+def_key "insert"
+  dummy
+
+def_key "space"
+  dummy
+
+def_key "right"
+  dummy
+
+def_key "+"
+  dummy
+
+def_key "left"
+  dummy
+
+def_key "-"
+  dummy
+
+def_key ":"
+  dummy
+
+def_key "="
+  dummy
+
+def_key "@"
+  dummy
+
+def_key "backspace"
+  dummy
+
+def_key "y"
+  dummy
+
+def_key "R"
+  dummy
+
+def_key "Y"
+  dummy
+
+def_key "T"
+  dummy
+
+def_key "|"
+  dummy
+
+def_key "#"
+  dummy
+
+def_key "Z"
+  dummy
+
+def_key "x"
+  dummy
+
+def_key "X"
+  dummy
+
+def_key "ctrl-f"
+  dummy
+
+def_key "ctrl-_"
+  dummy
+
+def_key "?"
+  dummy
+
+def_key "."
+  dummy
+
+def_key ","
+  dummy
+
+def_key "w"
+  dummy
+
+def_key "e"
+  dummy
+
+def_key "i"
+  dummy
+
+def_key "I"
+  dummy
+
+def_key "g"
+  dummy
+
+def_key "ctrl-v"
+  dummy
+
+def_key "B"
+  dummy
+
+def_key "m"
+  dummy
+
+def_key "n"
+  dummy
+
+def_key "M"
+  dummy
+
+def_key "A"
+  dummy
+
+def_key "S"
+  dummy
+
+def_key "o"
+  dummy
+
+def_key "G"
+  dummy
+
+def_key "~"
+  dummy
+
+def_key "E"
+  dummy
+
+def_key "U"
+  dummy
+
+def_key "P"
+  dummy
+
+def_key "\\"
+  dummy
+
+def_key "!"
+  dummy
+
+def_key "L"
+  dummy
+
+def_key "F"
+  dummy
+
+def_key "alt-l"
+  dummy
+
+def_key "ctrl-l"
+  dummy
+
+def_key "`"
+  dummy
+
+def_key "ctrl-p"
+  dummy
--- a/templates/mpd/ncmpcpp/config.j2
+++ b/templates/mpd/ncmpcpp/config.j2
@ -0,0 +1,42 @@
+# {{ ansible_managed }}
+#
+
+############## Connection ###################
+## Connect to mpd running on a specified host
+mpd_host = {{ mpd_remote_address }}
+
+## Connect to mpd on the specified port.
+mpd_port = {{ mpd_remote_port }}
+
+# header_visibility = yes
+# playlist_show_mpd_host = yes
+# titles_visibility = yes
+# enable_window_title = yes
+
+
+connected_message_on_startup = no
+
+display_bitrate = yes
+
+visualizer_data_source = "/tmp/mpd.fifo"
+visualizer_output_name = "my_fifo"
+visualizer_in_stereo = "yes"
+visualizer_type = "spectrum"
+visualizer_look = "+|"
+
+############## Theme ###################
+
+user_interface = classic
+
+song_columns_list_format = "(40)[9]{t|f} (25)[245]{a} (25)[245]{b} (25)[245]{l}"
+song_list_format = "{$5 %a$9 $1│$9 $8%t$9 }|{ $8%f$9}$R{$5%b $7}"
+
+# Column Names
+header_window_color = 1
+
+# Main window
+main_window_color = 1
+
+# Bottombar
+progressbar_color = 1
+player_state_color = 1
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Sonny Bakker	da726a8ecf	Add public keys	2025-10-18 08:24:32 +02:00
Sonny Bakker	5b29e66d63	Add missing wireguard media credentials for XPS	2025-10-18 08:21:39 +02:00
Sonny Bakker	21bbedd13b	Allow customizing wezterm size from vars	2025-10-12 17:59:38 +02:00
Sonny Bakker	970f7489fb	Layout refactor Also included provisioning for htpc host	2025-10-12 15:33:37 +02:00
Sonny Bakker	f90702c7b8	Update mpv keybindings	2025-10-01 19:58:37 +02:00
Sonny Bakker	23e4a1bbfb	Merge branch 'main' of forgejo.fudiggity.nl:sonny/arch-setup	2025-09-26 08:56:48 +02:00
Sonny Bakker	44eb29b226	Update mpv configuration	2025-09-26 08:47:41 +02:00
Sonny Bakker	026c8106ca	Use correct section for RequiredForOnline setting	2025-06-29 20:36:31 +02:00
Sonny Bakker	e45b0c59ac	Update note about disabling DoH	2025-06-08 13:35:07 +02:00
Sonny Bakker	9129cb3777	Use random MAC for wifi connections	2025-05-30 20:41:35 +02:00
Sonny Bakker	d86a6f9998	Remove unneeded kernel params	2025-05-14 19:47:06 +02:00
Sonny Bakker	10b00a1324	Remove powertop setup	2025-05-14 19:46:57 +02:00
Sonny Bakker	fed90f0d39	Decrease wezterm fontsize for xps	2025-05-10 21:42:06 +02:00
Sonny Bakker	82a02be85a	Use DNS over TLS & enable DNSSEC	2025-04-26 17:11:03 +02:00
Sonny Bakker	6f393b4c39	Add BindCarrier directive To disable wireguard interfaces whenever applicable	2025-04-26 17:10:24 +02:00
Sonny Bakker	0bf6345ff3	Keep mpv open after finishing	2025-04-26 16:23:44 +02:00
Sonny Bakker	f5ada68b2b	Use group name in playbook file	2025-04-26 09:54:08 +02:00
Sonny Bakker	c5c7c8ce88	Revert to route only domains Resolution sometimes fails as HTTPS requests are not possible yet to some domains. This causes HTTP requests to fail later on. Can be reproduced by doing a HTTPS request first (for a domain configured without HTTPS) and retrying with a HTTP request afterwards.	2025-04-26 09:48:58 +02:00
Sonny Bakker	4fc4f2712b	Update mpd configuration	2025-04-21 19:17:14 +02:00
Sonny Bakker	71af560ed7	Reorder & remove unused hooks	2025-04-20 08:27:48 +02:00
Sonny Bakker	da68e6adc9	Use sd-encrypt hook to unlock encrypted partition	2025-04-19 19:39:51 +02:00
Sonny Bakker	3199911ab7	Add new network configuration	2025-04-19 17:13:04 +02:00
Sonny Bakker	b038a3ec72	Add Jellyfin domain	2025-04-18 21:10:20 +02:00
Sonny Bakker	bb73032f30	Use route-only domains to prevent unrelated dns queries	2025-04-17 22:47:38 +02:00
Sonny Bakker	a48528fdf5	Allow mDNS requests	2025-04-16 09:04:23 +02:00
Sonny Bakker	1ca269d54b	Use search domains	2025-04-15 22:22:18 +02:00
Sonny Bakker	8c1f19650a	Disable LinkLocalAddressing	2025-04-14 21:45:34 +02:00
Sonny Bakker	3f8c92b780	Prevent interface reconfiguration on carrier loss	2025-04-13 08:40:53 +02:00
Sonny Bakker	a1618a3092	Add hostname provisioning	2025-04-12 21:34:32 +02:00
Sonny Bakker	3fc19b62c8	Move mDNS setting to correct directive	2025-04-12 20:58:31 +02:00
Sonny Bakker	13114e3a84	Disable ipv6 router advertisement reception & use RequiredForonline=routable	2025-04-11 22:38:38 +02:00
Sonny Bakker	99d2236751	Add network variables & use mDNS for desktop	2025-04-11 09:52:02 +02:00
Sonny Bakker	c45bccdaa1	Include local network configuration for xps	2025-04-10 21:50:42 +02:00
Sonny Bakker	b0c504072a	Update desktop network configuration	2025-04-07 20:46:17 +02:00
Sonny Bakker	20bf21baa2	Add pa-dlna setup for xps	2025-04-06 21:16:57 +02:00
Sonny Bakker	6b2c70f5da	Add radicale to vpn config & use RouteTable directive	2025-04-06 19:30:16 +02:00
Sonny Bakker	43f662f3ff	Use required for online directive	2025-04-05 11:58:26 +02:00
Sonny Bakker	a9c5eac733	Update wezterm font size	2025-04-05 09:23:34 +02:00
Sonny Bakker	c0cc15961b	Merge branch 'main' of forgejo.fudiggity.nl:sonny/arch-setup	2025-03-17 21:41:56 +01:00
Sonny Bakker	75019c6049	Remove git configuration	2025-03-17 21:41:50 +01:00
Sonny Bakker	51007dfed4	Fix media vpn settings for desktop	2025-03-17 10:58:30 +01:00
Sonny Bakker	5662dde74e	Add missing desktop wireguard files	2025-03-15 00:36:05 +01:00
Sonny Bakker	523b5cd49f	Use "all" directory for groups	2025-03-15 00:13:27 +01:00
Sonny Bakker	4b8aaf3e95	Group/host variable refactor	2025-03-15 00:05:30 +01:00
Sonny Bakker	eb308670cc	Remove old task file	2025-03-14 20:37:55 +01:00
Sonny Bakker	4d66a42129	Increase font size for wezterm	2025-03-14 20:05:33 +01:00
Sonny Bakker	11eb116f2d	Add missing desktop configuration for syncthing	2025-03-14 08:43:46 +01:00
Sonny Bakker	171426a358	Update syncthing configuration	2025-03-13 22:40:27 +01:00
Sonny Bakker	d148eca9b7	Split platform vars into directories	2025-03-13 21:24:55 +01:00
Sonny Bakker	aafd7eaf75	Add binding for single mode	2025-03-12 17:24:46 +01:00
Sonny Bakker	1231d2bbae	Apply changes from `8920ba56f3` to laptop configuration	2025-03-09 21:15:27 +01:00
Sonny Bakker	e72f7533eb	Remove unused files	2025-03-09 21:00:54 +01:00
Sonny Bakker	8920ba56f3	Add transmission route configuration	2025-03-09 20:55:43 +01:00
Sonny Bakker	58b8d145e6	Fix mpd file permissions	2025-03-09 08:15:18 +01:00
Sonny Bakker	2d2fb508f0	Remove ncmpc configuration	2025-03-07 09:22:48 +01:00
Sonny Bakker	079b45be28	Use DNS from wireguard interface	2025-03-06 02:22:49 +01:00
Sonny Bakker	460d9365f1	Remove thermal control monitoring provisioning	2025-03-02 20:11:23 +01:00
Sonny Bakker	3f4bfe2061	Merge branch 'main' of forgejo.fudiggity.nl:sonny/arch-setup	2025-03-02 17:05:48 +01:00
Sonny Bakker	b2c395b3b7	Use systemd file option wherever applicable	2025-03-02 16:05:07 +01:00
Sonny Bakker	a44c76344b	Add more tags	2025-03-01 21:46:16 +01:00
Sonny Bakker	eab191b54e	Ask vault password by default	2025-03-01 21:45:59 +01:00
Sonny Bakker	ee384fe644	Fix network task linter errors	2025-03-01 21:08:26 +01:00
Sonny Bakker	10b34cffaf	Fix ansible lint errors	2025-03-01 21:01:48 +01:00
Sonny Bakker	03a3b09bf1	Install spell checking packages	2025-02-20 21:47:36 +01:00
Sonny Bakker	8fdeec1a43	Remove duplicate keybinds & add search keybind	2025-02-09 20:49:27 +01:00
Sonny Bakker	2d3971a744	Add tags to certain tasks	2025-02-09 20:34:53 +01:00
Sonny Bakker	f03fe525c7	add missing ncmpcpp keybinds	2025-02-09 20:34:37 +01:00
Sonny Bakker	2830827291	Reload tmux service whenever applicable	2025-02-07 08:53:45 +01:00
Sonny Bakker	90e5f95154	Set wayland display	2025-02-04 21:56:47 +01:00
Sonny Bakker	a8a3ad8410	Show linenumbers in diffs	2025-02-04 20:35:55 +01:00
Sonny Bakker	88c46f7779	Unset default keybindings	2025-02-04 20:35:40 +01:00
Sonny Bakker	4c968c55da	Use correct systemd reload scope	2025-01-20 09:11:59 +01:00
Sonny Bakker	c9b00691ff	Use correct directory path	2025-01-20 08:53:10 +01:00
Sonny Bakker	1ce33295f2	Add xdg-desktop-portal desktop configuration	2025-01-19 17:52:14 +01:00
Sonny Bakker	bd7b0bd955	Include support for visualizer	2024-12-09 08:17:51 +01:00
Sonny Bakker	b8d8f6b643	Update requirements	2024-12-08 14:43:39 +01:00
Sonny Bakker	ff1cfaca45	Add git delta configuration	2024-10-07 20:49:47 +02:00
Sonny Bakker	928770a745	Update laptop setup	2024-09-27 07:33:30 +02:00
Sonny Bakker	3d1c18603e	Add kde applications	2024-09-24 14:07:48 +02:00
Sonny Bakker	bfe99ee70a	Update pacman configuration	2024-09-23 09:14:50 +02:00
Sonny Bakker	b1965fc631	Update mpd configuration	2024-09-16 08:34:45 +02:00
Sonny Bakker	ebb8f8c2c2	Move mkinitcpio/modprobe/sysctl configuration to base setup task	2024-09-09 09:09:30 +02:00
Sonny Bakker	fec111584c	Setup uefi stubs with systemd-boot for laptop Directly booting the stubs currently does not seem to work either due to a buggy UEFI implementation or the embedded cmdline being overwritten, see https://www.reddit.com/r/archlinux/comments/up8h6l/comment/i8jkuf7/	2024-09-08 20:35:48 +02:00
Sonny Bakker	5d91c4196d	Setup desktop initramfs configuration	2024-09-04 10:54:50 +02:00
Sonny Bakker	a5ed57f910	Add desktop sysctl/modprobe config files	2024-09-04 09:18:01 +02:00
Sonny Bakker	6e88c23a9d	Follow system theme colorscheme	2024-09-01 20:33:03 +02:00
Sonny Bakker	36a549de57	Add coding lignatures settings	2024-08-30 16:51:51 +02:00
Sonny Bakker	76f102b21d	Add wezterm setup	2024-08-30 12:58:29 +02:00
Sonny Bakker	ceaec45f54	Update templates	2024-08-23 07:10:35 +02:00
Sonny Bakker	de93805323	Update mpd settings	2024-08-23 07:10:19 +02:00
Sonny Bakker	92b32cdd96	Update mpv settings	2024-08-23 07:06:44 +02:00
Sonny Bakker	383b835101	Don't overwrite syncthing config see https://docs.syncthing.net/users/config.html#config-file-format	2024-08-06 10:19:51 +02:00
Sonny Bakker	87cb122f82	Fix ansible vault tag	2024-08-05 09:43:08 +02:00
Sonny Bakker	7c4dd0d3c2	Add media vpn setup	2024-08-03 21:03:07 +02:00
Sonny Bakker	cf061d3779	Set default git mergetool	2024-07-16 11:08:07 +02:00
Sonny Bakker	556acd2480	Update laptop configuration	2024-06-05 18:45:59 +02:00
Sonny Bakker	25ca753bb9	Fix unknown `general` section	2024-06-05 10:59:15 +02:00
Sonny Bakker	742a30faee	Use `import` setting for alacritty	2024-06-05 10:56:40 +02:00
Sonny Bakker	e290f5ae0a	Add missing mpd state file	2024-05-31 08:15:08 +02:00
Sonny Bakker	850b6a38e0	Add alacritty configuration	2024-05-31 08:10:55 +02:00
Sonny Bakker	60308c5533	Update `become` syntax	2024-05-31 08:03:34 +02:00
Sonny Bakker	abcd234b3d	Refactor MPD setup	2024-05-31 08:00:56 +02:00
Sonny Bakker	d320ba7ee1	Install platform packages whenever it has items to do so	2024-05-24 07:53:22 +02:00
Sonny Bakker	a93901cc47	Add TODO & add alacritty	2024-05-23 20:56:20 +02:00
Sonny Bakker	a43f931f2a	Remove fixed IP for wireguard configs	2024-05-23 20:56:04 +02:00
Sonny Bakker	8672afe60a	Fix typo in mpv config	2024-05-03 19:08:10 +02:00
Sonny Bakker	7ef566a8c7	Add TODO	2024-03-16 14:57:39 +01:00
Sonny Bakker	29104cad7e	Update zeus IP	2024-03-16 14:55:56 +01:00
Sonny Bakker	61eb8c3de4	Remove deprecated package	2024-03-16 14:51:55 +01:00
Sonny Bakker	066464fcca	Remove pulse/pipewire related files	2024-03-16 14:39:34 +01:00
Sonny Bakker	aa9dd18eef	Use node's lts version for CI	2024-03-16 14:39:13 +01:00
Sonny Bakker	8e7d6db56b	Remove template timestamps & move tasks to handlers These changes will prevent services from being restarted without any changes whenever no changes have been made	2024-03-16 10:36:59 +01:00
Sonny Bakker	7a57636bdb	Remove bridged network setup	2024-03-08 08:18:32 +01:00
Sonny Bakker	1d4bb97fcf	Disable vulkan `gpu-api` for now	2024-03-08 07:57:56 +01:00
Sonny Bakker	8b9fbe9b4e	Switch to wireplumber	2022-06-30 20:53:27 +02:00
Sonny Bakker	c025749069	Add laptop configuration to disable discrete GPU	2022-06-29 21:43:27 +02:00
Sonny Bakker	630f380b25	Use neovim when editing with git	2022-05-26 20:55:45 +02:00
Sonny Bakker	a8368f5a8c	Merge branch 'master' of git.fudiggity.nl:ansible/arch-setup	2022-05-15 20:58:11 +02:00
Sonny Bakker	2e4f525e95	Pin prettier version & set role path in CI	2022-05-15 20:58:06 +02:00
Sonny Bakker	2865e059d7	Loop over defined items	2022-04-23 17:39:54 +02:00
Sonny Bakker	75f0383ba5	Update pipewire pulse configuration	2022-04-23 10:12:37 +02:00
Sonny Bakker	24a13b689c	Update server ip	2022-04-22 22:13:09 +02:00
Sonny Bakker	bb518f51e1	Add notes about Wireguard	2022-03-21 20:10:10 +01:00
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop`
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop`
				`@ -0,0 +1 @@`
				`YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=`
				`@ -0,0 +1 @@`
				`XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg=`
				`@ -0,0 +1 @@`
				`hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=`
				`@ -0,0 +1 @@`
				`root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable`
				`@ -0,0 +1 @@`
				`rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap`