mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

WIP

Browse source
This commit is contained in:
Matthieu Bessat 2025-09-22 14:20:35 +02:00
parent 98448e56ff
commit 79b7ff8241
12 changed files with 318 additions and 205 deletions
Download patch file Download diff file Expand all files Collapse all files

4
INSTALL.md
View file

@ -8,3 +8,7 @@
- Add public key `lambdacov_perso_generic_ed25519` key to forge.lefuturiste.fr - Add public key `lambdacov_perso_generic_ed25519` key to forge.lefuturiste.fr
- Populate vars.yaml, choose the profile - Populate vars.yaml, choose the profile
- run ansible playbook - run ansible playbook
## Manual cmds to do on target hosts
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 8A74EAAF89C17944

3
README.md
View file

@ -113,3 +113,6 @@ You need to keep updated the known hosts in your profiles to not have this info
- https://github.com/id101010/ansible-archlinux - https://github.com/id101010/ansible-archlinux
- https://github.com/kewlfft/ansible-aur - https://github.com/kewlfft/ansible-aur
## triage
The master ssh key is used by the controller to authenticate to the ssh server of the target device.

1
TODO.md
View file

@ -21,3 +21,4 @@
- `sudo usermod -a -G wireshark mbess` - `sudo usermod -a -G wireshark mbess`
- [x] packages: add `texlive-langfrench`, `texlive-binextra` - [x] packages: add `texlive-langfrench`, `texlive-binextra`

146
ansible/arch_packages.yaml → ansible/packages/essentials/arch_packages.yaml
View file

@ -16,15 +16,9 @@ common:
- name: pacman-contrib - name: pacman-contrib
desc: Include pactree desc: Include pactree
tty: tty: {}
- name: aur/physlock
desc: Session password-lock at the TTY level
libs: libs:
- protobuf - wlroots0.19
- libosmium
- name: expat
desc: XML parser lib
hardware: hardware:
printing: printing:
@ -66,20 +60,11 @@ common:
utils: utils:
_: _:
- bat
- git-delta
- plantuml - plantuml
- desc: Env loader, export env variables from dotenv file in shell scripts - name: aur/zenv
name: aur/zenv desc: Env loader, export env variables from dotenv file in shell scripts
- desc: Load system to make it heat and sweat keyboard: {}
name: stress backup: {}
- name: aur/scc
desc: Count source lines of a project
keyboard:
- name: ttyper
desc: Typing speed test.
backup:
- borg
docs: docs:
- man-pages - man-pages
- man-db - man-db
@ -131,11 +116,6 @@ common:
- s-nail - s-nail
- name: isync - name: isync
desc: IMAP synchronization program. Also called mbsync, can be configured using `.mbsyncrc` file. desc: IMAP synchronization program. Also called mbsync, can be configured using `.mbsyncrc` file.
fun:
- figlet
- cowsay
- aur/boxes
- fortune-mod
archives: archives:
- unzip - unzip
- zip - zip
@ -146,15 +126,15 @@ common:
desc: general purpose document converter desc: general purpose document converter
- name: typst - name: typst
desc: an alternative to latex desc: an alternative to latex
- name: aur/marp-cli-bin - mkdocs
desc: create presentation from markdown - mkdocs-material
- mkdocs-autorefs
- mkdocs-get-deps
- graphviz - graphviz
- glow - glow
- name: visidata - name: visidata
desc: Data explorer (Spreadsheet, CSV, Sqlite) desc: Data explorer (Spreadsheet, CSV, Sqlite)
pdf: pdf:
- aur/ocrmypdf
- aur/wkhtmltopdf-static
- name: pdftk - name: pdftk
desc: Utils to manipulate PDF pages (extract, merge, rotate, unpack) desc: Utils to manipulate PDF pages (extract, merge, rotate, unpack)
latex: latex:
@ -168,28 +148,19 @@ common:
math: math:
- name: libqalculate - name: libqalculate
desc: Provide Qalc desc: Provide Qalc
gis: # SIG gis: {}
_:
- gdal
- aur/tippecanoe
osm:
- aur/osmium-tool
- osm2pgsql
vcs: vcs:
git: git:
- git - git
- tig - tig
- pre-commit - pre-commit
- aur/gitwatch-git - aur/gitwatch-git
fossil:
- fossil
network: network:
address: address:
- name: ipcalc - name: ipcalc
- name: aur/sipcalc
description: | description: |
Validate, compute and visualize IP ranges. Compute and visualize IP ranges (start and end)
Support CIDR notation (Classless Inter-Domain Routing).
Eg. compute the start and the end of a range.
bandwidth: bandwidth:
- name: iperf3 - name: iperf3
description: TCP, UDP benchmark (speed test) description: TCP, UDP benchmark (speed test)
@ -212,14 +183,7 @@ common:
desc: Download whole website for offline use desc: Download whole website for offline use
dns: dns:
- bind - bind
- aur/python-dnsrecon encoding: {}
kafka:
- name: aur/kcat-cli
desc: Kafka cat
- aur/avro-c
encoding:
avro:
- aur/avro-tools
_: _:
- name: net-tools - name: net-tools
desc: Core tools for configuration tools for Linux networking desc: Core tools for configuration tools for Linux networking
@ -239,8 +203,6 @@ common:
- name: binwalk - name: binwalk
desc: Inspect a binary to search for embeded files and binaries desc: Inspect a binary to search for embeded files and binaries
url: https://www.kali.org/tools/binwalk/ url: https://www.kali.org/tools/binwalk/
- name: aur/libtree
desc: Inspect a binary and output of tree of system libraries
fs: fs:
- lsof - lsof
- name: ncdu - name: ncdu
@ -258,8 +220,6 @@ common:
browser: browser:
- w3m - w3m
- lynx - lynx
- name: aur/browsh
desc: Terminal browser, headless chromium running on a remote server that translate to text over Mosh.
files: files:
- lf - lf
security: security:
@ -280,15 +240,11 @@ common:
- name: aur/apache-tools - name: aur/apache-tools
desc: provide htpasswd desc: provide htpasswd
- argon2 - argon2
colors: colors: {}
- name: pastel
desc: Manipulate colors
multimedia: multimedia:
audio: audio:
- opus-tools - opus-tools
communication: communication: {}
- name: aur/sigtop-git
desc: Messages and attahcments backup program for Signal Desktop
cli_frontends: cli_frontends:
forges: forges:
@ -323,23 +279,12 @@ common:
- gopass - gopass
- pass - pass
virtualization: virtualization: {}
- qemu-base
- name: guestfs-tools
desc: include the very useful virt-customize
- name: libguestfs
desc: include virt-install
- name: cloud-init
desc: Cloud-init utils, used to validate config
docker: docker:
- docker - docker
- docker-buildx - docker-buildx
- kubectl - kubectl
- name: aur/hadolint-bin
desc: Linter for Dockerfile, with all haskell dependencies
- name: trivy
desc: Container image security scanner
programming: programming:
_: _:
@ -377,12 +322,7 @@ common:
lsp: lsp:
- gopls - gopls
- rust-analyzer - rust-analyzer
- aur/typst-lsp
- vscode-css-languageserver
- pyright - pyright
- typescript-language-server
- svelte-language-server
- lua-language-server
rust: rust:
- cargo-watch - cargo-watch
# - rustup # - rustup
@ -470,7 +410,7 @@ common:
- name: gammastep - name: gammastep
desc: Automatic red shift at night desc: Automatic red shift at night
color_picker: color_picker:
- aur/hyprpicker - hyprpicker
emojis_picker: emojis_picker:
- name: aur/jome - name: aur/jome
desc: Emoji picker desc: Emoji picker
@ -488,14 +428,9 @@ common:
GUI: GUI:
files: files:
- nautilus - nautilus
- cheese
browser: browser:
# - aur/librewolf-bin - aur/librewolf-bin
# - aur/librewof
- aur/ungoogled-chromium-bin - aur/ungoogled-chromium-bin
# - thorium-browser-bin
- qutebrowser
- torbrowser-launcher
terminal_emulator: terminal_emulator:
- alacritty - alacritty
mail: mail:
@ -503,9 +438,10 @@ common:
communication: communication:
_: _:
- signal-desktop - signal-desktop
irc: irc: {}
- name: polari xmpp:
desc: GNOME 3 GUI IRC client - name: dino
desc: Simple GTK XMPP client
matrix: matrix:
- name: fractal - name: fractal
desc: Matrix client that seem to work in Rust desc: Matrix client that seem to work in Rust
@ -528,32 +464,18 @@ common:
- vimiv - vimiv
creation: creation:
image: image:
- gimp
- krita
- inkscape - inkscape
audio: audio: {}
- tenacity
- songrec
- aur/clementine
video: video:
- cheese - cheese
- celluloid 3d: {}
- vlc
- obs-studio
3d:
- openscad
- blender
bureautique: bureautique:
- libreoffice-still - libreoffice-still
geo: geo:
- aur/mepo - aur/mepo
- qgis
vcs: vcs:
git: git: {}
- giggle
db: db:
- name: dbeaver
tags: ['heavy-gui']
- name: sqlitebrowser - name: sqlitebrowser
desc: Light QT GUI to navigate sqlite desc: Light QT GUI to navigate sqlite
remote_access: remote_access:
@ -578,19 +500,3 @@ common:
- name: noto-fonts-emoji - name: noto-fonts-emoji
desc: Google emoji fonts, required for fractal desc: Google emoji fonts, required for fractal
proprietary_vpns:
- openfortivpn
# Extra non-free networks for work packages
# non-free:
microsoft_azure:
- azure-cli
- aur/azure-kubelogin
hashicorp:
- name: vault
alias: hvault
extra_video:
- name: kdenlive
desc: video editor

5
ansible/packages/essentials/python_packages.yaml Normal file
View file

@ -0,0 +1,5 @@
common:
- pipdeptree
- copyparty
- lesspass
- pylint

224
ansible/packages/extra/arch_packages.yaml Normal file
View file

@ -0,0 +1,224 @@
---
common:
tty:
- name: aur/physlock
desc: Session password-lock at the TTY level
libs:
- protobuf
- libosmium
- name: expat
desc: XML parser lib
hardware: {}
network: {}
keymap: {}
bluetooth: {}
utils:
_:
- plantuml
- name: stress
desc: Load system to make it heat and sweat
- desc: Count source lines of a project
name: aur/scc
keyboard:
- name: ttyper
desc: Typing speed test.
backup:
- borg
docs:
- arch-wiki-docs
language: {}
mail: {}
fun:
- figlet
- cowsay
- aur/boxes
- fortune-mod
bureautique:
- name: aur/marp-cli-bin
desc: create presentation from markdown
pdf:
- aur/ocrmypdf
- aur/wkhtmltopdf-static
gis: # SIG
_:
- gdal
- aur/tippecanoe
osm:
- aur/osmium-tool
- osm2pgsql
vcs:
git: {}
fossil:
- fossil
network:
http: {}
dns:
- aur/python-dnsrecon
kafka:
- name: aur/kcat-cli
desc: Kafka cat
- aur/avro-c
encoding:
avro:
- aur/avro-tools
_: {}
inspection:
- name: aur/libtree
desc: Inspect a binary and output of tree of system libraries
fs: {}
disk: {}
tui:
browser:
- name: aur/browsh
desc: Terminal browser, headless chromium running on a remote server that translate to text over Mosh.
files: {}
security:
- siege
monitoring: {}
android: {}
random_gen: {}
hashing: {}
colors:
- name: pastel
desc: Manipulate colors
multimedia:
audio: {}
communication:
- name: aur/sigtop-git
desc: Messages and attahcments backup program for Signal Desktop
cli_frontends:
forges: {}
multimedia:
youtube: {}
player: {}
book: {}
exif: {}
_: {}
password: {}
virtualization:
- qemu-base
- name: guestfs-tools
desc: include the very useful virt-customize
- name: libguestfs
desc: include virt-install
- name: cloud-init
desc: Cloud-init utils, used to validate config
docker:
- name: aur/hadolint-bin
desc: Linter for Dockerfile, with all haskell dependencies
- name: trivy
desc: Container image security scanner
programming:
_: {}
html: {}
sqlite: {}
editor: {}
c: {}
node: {}
lsp:
- typescript-language-server
- svelte-language-server
- aur/typst-lsp
- lua-language-server
- vscode-css-languageserver
rust: {}
dbs: {}
python:
_: {}
lint: {}
lib: {}
lua: {}
web: {}
static: {}
ci: {}
shell: {}
audio:
control: {}
desktop:
wayland:
# https://github.com/natpen/awesome-wayland
_: {}
display: {}
color_picker: {}
emojis_picker: {}
notification: {}
screenshot: {}
desktop_utils: {}
GUI:
files: {}
browser:
- aur/thorium-browser-bin
- qutebrowser
- torbrowser-launcher
terminal_emulator: {}
mail: {}
communication:
_: {}
irc: {}
matrix: {}
document:
viewer: {}
editor: {}
images:
viewer: {}
creation:
image:
- gimp
- krita
audio:
- tenacity
- songrec
- aur/clementine
video:
- celluloid
- vlc
- obs-studio
- name: kdenlive
desc: video editor
3d:
- openscad
- blender
bureautique: {}
geo:
- qgis
vcs:
git:
- giggle
db:
- name: dbeaver
remote_access: {}
_: {}
inspection: {}
editor: {}
fonts: {}
proprietary_vpns:
- openfortivpn
# Extra non-free networks for work packages
# non-free:
microsoft_azure:
- azure-cli
- aur/azure-kubelogin
hashicorp:
- name: vault
alias: hvault

7
ansible/packages/extra/python_packages.yaml Normal file
View file

@ -0,0 +1,7 @@
common:
multimedia:
- linkchecker
- imagehash
- yewtube
- azlyrics2
- epy-reader

14
ansible/python_packages.yaml
View file

@ -1,14 +0,0 @@
base:
- mkdocs
- pipdeptree
- copyparty
- lesspass
- yewtube
- lesspass
- mkdocs
- linkchecker
- imagehash
- pylint
multimedia:
- azlyrics2
- epy-reader

14
ansible/roles/ssh/tasks/main.yaml
View file

@ -24,25 +24,29 @@
owner: "{{ user }}" owner: "{{ user }}"
mode: u=rw,g=,o= mode: u=rw,g=,o=
- name: Create temporary build directory - delegate_to: localhost
ansible.builtin.tempfile: ansible.builtin.tempfile:
state: directory state: directory
suffix: ssh_known_hosts suffix: ssh_known_hosts
register: tempdir_known_hosts register: tempdir_known_hosts
- name: Load known hosts from profiles - name: Load known hosts from profiles
delegate_to: localhost
template: template:
# load from controller host # load from controller host, from the work profile repository
src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/known_hosts" src: "{{ profiles_paths[item.name] }}/configs/ssh/known_hosts"
dest: "{{ tempdir_known_hosts.path }}/{{ item.name }}" dest: "{{ tempdir_known_hosts.path }}/{{ item.name }}"
with_items: "{{ enabled_profiles }}" with_items: "{{ enabled_profiles }}"
# - name: Execute a command
# ansible.builtin.command: "sleep infinity"
- name: Concat known hosts - name: Concat known hosts
template: template:
src: ssh/known_hosts src: ssh/known_hosts
dest: "{{ home }}/.ssh/known_hosts" dest: "{{ home }}/.ssh/known_hosts"
vars: vars:
tempdir_known_hosts: "{{ tempdir_known_hosts }}" origin_dir: "{{ tempdir_known_hosts.path }}"
- name: Ensure ssh config profiles dir exists - name: Ensure ssh config profiles dir exists
file: file:
@ -51,7 +55,7 @@
- name: Load ssh config of profiles - name: Load ssh config of profiles
template: template:
src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/config" src: "{{ profiles_paths[item.name] }}/configs/ssh/config"
dest: "{{ home }}/.ssh/profiles/{{ item.name }}" dest: "{{ home }}/.ssh/profiles/{{ item.name }}"
mode: u=rw,g=,o= mode: u=rw,g=,o=
with_items: "{{ enabled_profiles }}" with_items: "{{ enabled_profiles }}"

2
ansible/run_ansible_playbook.sh
View file

@ -14,7 +14,7 @@ rm $base/vm_files
ln -s $workdir $base/vm_files ln -s $workdir $base/vm_files
ansible-playbook $base/workstation.yaml \ ansible-playbook $base/workstation.yaml \
-v \ -vvvvv \
--ask-become-pass \ --ask-become-pass \
-i "inventory.yaml" \ -i "inventory.yaml" \
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 -i ./master_sshkey" \ --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 -i ./master_sshkey" \

2
ansible/templates/ssh/known_hosts
View file

@ -27,7 +27,7 @@ codeberg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTY
# ============================== # ==============================
# Profile: {{ enabled_profile.name }} # Profile: {{ enabled_profile.name }}
# ============================== # ==============================
{{ lookup('file', tempdir_known_hosts.path + '/' + enabled_profile.name) }} {{ lookup('file', origin_dir + '/' + enabled_profile.name) }}
{% endfor %} {% endfor %}

101
ansible/workstation.yaml
View file

@ -5,38 +5,17 @@
systemd_services: systemd_services:
system: [] system: []
user: user:
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_mbess"
enabled: true
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess"
mount_path: "{{ home }}/.mnt/srv06/warmd/mbess"
profile: perso
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_etb"
enabled: true
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem"
mount_path: "{{ home }}/.mnt/srv06/warmd/etb"
profile: perso
- name: "popequer_gitwatch@"
profile: all
- name: "hourly_remainder" - name: "hourly_remainder"
enabled: true enabled: true
timer: true timer: true
profile: all
- name: "cliphist" - name: "cliphist"
enabled: true enabled: true
profile: all
- name: "kanshi" - name: "kanshi"
enabled: true enabled: true
profile: all
- name: "gammastep" - name: "gammastep"
enabled: true enabled: true
profile: all
- name: "swaybg" - name: "swaybg"
enabled: true enabled: true
profile: all
config_files: config_files:
- dir: fish - dir: fish
name: config.fish name: config.fish
@ -74,6 +53,7 @@
dest: "{{ home }}/.monakhos" dest: "{{ home }}/.monakhos"
- name: Change hostname - name: Change hostname
become: true
hostname: hostname:
name: "{{ device_name }}" name: "{{ device_name }}"
@ -121,11 +101,6 @@
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
- name: Install global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# AUR SETUP # AUR SETUP
- name: Create the aur_builder user - name: Create the aur_builder user
become: yes become: yes
@ -155,24 +130,30 @@
path: "{{ home }}/.stub" path: "{{ home }}/.stub"
state: touch state: touch
# INSTALL normal packages from YAML # INSTALL essentials packages from YAML
- name: Install non-AUR packages - name: Install essentials non-AUR packages
become: true become: true
community.general.pacman: community.general.pacman:
name: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" name: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}" with_items: "{{ packages_categories }}"
- name: Install AUR packages - name: Install essentials AUR packages
include_role: include_role:
name: aur name: aur
vars: vars:
packages: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" packages: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}" with_items: "{{ packages_categories }}"
- name: Install sway - name: Install sway
include_role: include_role:
name: sway name: sway
# Install essentials tools with UV
- name: Install essentials global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# DOTS # DOTS
- name: Clone dots file - name: Clone dots file
git: git:
@ -180,11 +161,6 @@
repo: "git@forge.lefuturiste.fr:mbess/dots.git" repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots" dest: "{{ home }}/.dots"
- name: Install requirements in dots
pip:
virtualenv: "{{ home }}/.dots/venv"
requirements: "{{ home }}/.dots/requirements.txt"
- name: Setup DNS and unbound - name: Setup DNS and unbound
include_role: include_role:
name: dns name: dns
@ -241,7 +217,7 @@
- name: Setup user units - name: Setup user units
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)" when: "item.from is not defined"
template: template:
src: "systemd/user/{{ item.name }}.service" src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
@ -250,7 +226,7 @@
- name: Setup user unit with from - name: Setup user unit with from
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)" when: "item.from is defined"
template: template:
src: "systemd/user/{{ item.from }}.service" src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
@ -259,7 +235,7 @@
- name: Setup user timers - name: Setup user timers
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" when: "item.timer is defined and item.timer"
template: template:
src: "systemd/user/{{ item.name }}.timer" src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
@ -275,7 +251,7 @@
enabled: true enabled: true
- name: Enable some systemd user timers - name: Enable some systemd user timers
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
systemd_service: systemd_service:
scope: user scope: user
@ -284,16 +260,6 @@
enabled: true enabled: true
# OTHERS # OTHERS
- name: Setup mount point folders
file:
path: "{{ home }}/.mnt/{{ item }}"
state: directory
recurse: true
when: "'perso' in enabled_profiles"
loop:
- srv06/warmd/mbess
- srv06/coldd/mbess
- srv06/warmd/etb
- name: Setup triage folder - name: Setup triage folder
file: file:
path: "{{ home }}/triage" path: "{{ home }}/triage"
@ -345,10 +311,6 @@
state: directory state: directory
recurse: true recurse: true
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
- name: Enable bluetooth service - name: Enable bluetooth service
become: true become: true
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
@ -363,11 +325,6 @@
dest: "/usr/bin/rofi" dest: "/usr/bin/rofi"
state: link state: link
- name: Setup OpenFortiVPN
when: '"pro" in enabled_profiles'
include_role:
name: openfortivpn
- name: Setup apps dir - name: Setup apps dir
file: file:
path: "{{ home }}/.apps" path: "{{ home }}/.apps"
@ -392,11 +349,6 @@
name: wayland_fixer name: wayland_fixer
# Initialize Workspaces # Initialize Workspaces
- name: Clone books sources
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources
when: "'perso' in enabled_profiles"
- name: Clone general programming snippets - name: Clone general programming snippets
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git" repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
@ -405,3 +357,24 @@
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos dest: /home/mbess/workspace/monakhos
# INSTALL extra packages from YAML
- name: Install extra non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"