monakhos/ansible/workstation.yaml

408 lines
12 KiB
YAML
Raw Normal View History

2024-05-22 15:35:11 +00:00
- hosts: workstation
2024-05-26 20:17:13 +00:00
gather_facts: True
2024-05-22 15:35:11 +00:00
vars:
2024-05-26 20:17:13 +00:00
home: /home/{{ user }}
systemd_services:
system: []
user:
2024-06-11 15:22:00 +00:00
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_mbess"
enabled: true
2024-06-11 15:22:00 +00:00
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess"
mount_path: "{{ home }}/.mnt/srv06/warmd/mbess"
profile: perso
2024-06-11 15:22:00 +00:00
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_etb"
enabled: true
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem"
mount_path: "{{ home }}/.mnt/srv06/warmd/etb"
profile: perso
- name: "popequer_gitwatch@"
profile: all
- name: "hourly_remainder"
enabled: true
timer: true
profile: all
2024-06-03 20:59:29 +00:00
- name: "cliphist"
enabled: true
profile: all
2024-07-30 07:44:23 +00:00
- name: "kanshi"
enabled: true
profile: all
- name: "gammastep"
enabled: true
profile: all
2024-06-11 15:22:00 +00:00
- name: "swaybg"
enabled: true
profile: all
2024-05-22 15:35:11 +00:00
config_files:
2024-05-26 20:17:13 +00:00
- dir: fish
name: config.fish
2024-05-22 15:35:11 +00:00
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
2024-05-26 20:17:13 +00:00
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
2024-05-22 15:35:11 +00:00
tasks:
- name: Init arch
block:
- file:
2024-07-30 07:44:23 +00:00
path: /home/mbess/.monakhos
2024-05-22 15:35:11 +00:00
state: touch
- copy:
2024-07-30 07:44:23 +00:00
content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n"
dest: "{{ home }}/.monakhos"
- name: Change hostname
hostname:
name: "{{ device_name }}"
2024-05-26 20:17:13 +00:00
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true
community.general.pacman:
name:
- archlinux-keyring
2024-05-27 21:19:04 +00:00
- git
- openssh
2024-05-26 20:17:13 +00:00
2024-07-30 07:44:23 +00:00
- name: "Configure to auto load some kernel modules at boot"
become: true
copy:
content: "# managed by monakhos\ni2c-dev\n"
dest: "/etc/modules-load.d/auto.conf"
2024-07-10 09:06:57 +00:00
- name: Setup SSH client
include_role:
name: ssh
2024-05-26 20:17:13 +00:00
- name: Init pacman keyring
become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
2024-05-27 21:19:04 +00:00
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
2024-05-26 20:17:13 +00:00
# AUR SETUP
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay
include_role:
name: aur
vars:
packages:
- yay-bin
- name: Stub
file:
path: "{{ home }}/.stub"
state: touch
# INSTALL normal packages from YAML
- name: Install non-AUR packages
2024-05-27 21:19:04 +00:00
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
2024-05-27 21:19:04 +00:00
2024-07-09 10:51:06 +00:00
- name: Install sway
include_role:
name: sway
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Install requirements in dots
pip:
virtualenv: "{{ home }}/.dots/venv"
requirements: "{{ home }}/.dots/requirements.txt"
- name: Setup DNS and unbound
include_role:
name: dns
2024-07-30 07:44:23 +00:00
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
2024-05-22 15:35:11 +00:00
- name: Setup config directories
file:
2024-05-26 20:17:13 +00:00
path: "{{ home }}/.config/{{ item.dir }}"
2024-05-22 15:35:11 +00:00
state: directory
recurse: true
loop: "{{ config_files }}"
2024-05-26 20:17:13 +00:00
2024-05-22 15:35:11 +00:00
- name: Setup symbolic links to config files
file:
2024-05-26 20:17:13 +00:00
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
2024-05-22 15:35:11 +00:00
state: link
force: true
2024-05-22 15:35:11 +00:00
loop: "{{ config_files }}"
2024-05-26 20:17:13 +00:00
2024-05-27 21:19:04 +00:00
- name: Set default shell
become: true
user:
name: "{{ user }}"
shell: /usr/bin/fish
- name: Add user to useful group (docker)
become: true
user:
name: "{{ user }}"
groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
2024-05-22 15:35:11 +00:00
- name: Setup xremap
include_role:
name: xremap
2024-06-11 15:22:00 +00:00
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
2024-06-11 15:22:00 +00:00
loop: "{{ systemd_services.user }}"
when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
2024-06-11 15:22:00 +00:00
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)"
2024-06-11 15:22:00 +00:00
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
2024-06-11 15:22:00 +00:00
- name: Setup mount point folders
2024-06-03 21:01:48 +00:00
file:
2024-06-11 15:22:00 +00:00
path: "{{ home }}/.mnt/{{ item }}"
2024-06-03 21:01:48 +00:00
state: directory
recurse: true
when: "'perso' in enabled_profiles"
2024-06-11 15:22:00 +00:00
loop:
- srv06/warmd/mbess
- srv06/coldd/mbess
- srv06/warmd/etb
2024-06-03 21:01:48 +00:00
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
2024-09-08 22:39:47 +00:00
- name: Setup long-term local secrets
file:
2024-12-11 17:44:19 +00:00
path: "{{ home }}/.local/secrets"
state: directory
recurse: true
- name: Setup directory to contains local root CA
file:
path: "{{ home }}/.local/secrets/root_ca"
2024-09-08 22:39:47 +00:00
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
2024-12-11 17:44:19 +00:00
path: "{{ home }}/.cache/secrets"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
2024-11-23 16:35:53 +00:00
- name: Setup workspace folder
file:
path: "{{ home }}/workspace"
state: directory
recurse: true
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
2024-05-27 21:19:04 +00:00
- name: Install pip packages
community.general.pipx:
name: "{{ item }}"
with_items: "{{ lookup('pipe', 'cat pip_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
2024-05-31 06:53:35 +00:00
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
2024-06-11 15:22:00 +00:00
- name: Setup OpenFortiVPN
when: '"pro" in enabled_profiles'
include_role:
name: openfortivpn
- name: Setup apps dir
file:
path: "{{ home }}/.apps"
state: directory
recurse: true
- name: Setup default browser link
file:
src: /usr/bin/librewolf
dest: "{{ home }}/.apps/browser"
state: link
force: true
- name: Set default browser
include_role:
name: xdg_browser
vars:
default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
2024-11-23 16:35:53 +00:00
# Initialize Workspaces
- name: Clone books sources
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources
when: "'perso' in enabled_profiles"
- name: Clone general programming snippets
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos