feat: systemd, unbound, more packages, dots venv

This commit is contained in:
Matthieu Bessat 2024-05-30 18:28:31 +02:00
parent 45076c5231
commit 9c4a6a4341
15 changed files with 291 additions and 48 deletions

View file

@ -1 +1 @@
{"native": ["util-linux", "man-pages", "less", "git", "tmux", "screen", "openssh", "base-devel", "mosh", "sshfs", "unbound", "bat", "plantuml", "fzf", "ripgrep", "fd", "moreutils", "rlwrap", "pv", "at", "ansible", "strace", "jo", "jq", "fx", "yq", "xsv", "s-nail", "figlet", "cowsay", "fortune-mod", "unzip", "unoconv", "pandoc", "libqalculate", "tig", "jwt-cli", "curl", "wget", "miniserve", "mitmproxy", "trurl", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "whois", "traceroute", "nload", "lsof", "w3m", "lf", "siege", "htop", "scrcpy", "acpi", "smartmontools", "lshw", "dmidecode", "usbutils", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "zbar", "zint", "qrencode", "gopass", "qemu-base", "docker", "sqlite", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "raylib", "gopls", "rust-analyzer", "redis", "ruff", "lua", "fish", "zoxide", "dash", "pavucontrol", "pulsemixer", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "swayimg", "dunst", "grim", "slurp", "cliphist", "nautilus", "cheese", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "signal-desktop", "zathura", "zathura-pdf-poppler", "zathura-djvu", "xournalpp", "nsxiv", "gthumb", "krita", "inkscape", "tenacity", "songrec", "cheese", "vlc", "obs-studio", "openscad", "blender", "libreoffice-still", "qgis", "dbeaver", "remmina", "ttf-roboto", "ttf-opensans", "ttf-liberation", "ttf-font-awesome", "ttf-fira-code"], "aur": ["aur/boxes", "aur/gitwatch-git", "aur/litecli", "aur/fish-fzf", "aur/shellcheck-bin", "aur/hyprpicker", "aur/brave-bin", "aur/mepo", "aur/screen-message", "aur/ttf-sourcesanspro", "aur/ttf-bona-nova"]} {"native": ["util-linux", "man-pages", "less", "git", "tmux", "screen", "openssh", "base-devel", "mosh", "python-pipx", "protobuf", "libosmium", "expat", "cups", "acpi", "smartmontools", "lshw", "dmidecode", "usbutils", "brightnessctl", "lm_sensors", "sshfs", "unbound", "bluez", "bluez-utils", "bat", "plantuml", "fzf", "ripgrep", "fd", "moreutils", "rlwrap", "pv", "at", "ansible", "ansible-lint", "strace", "jo", "jq", "fx", "yq", "xsv", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "hunspell", "hunspell-en_us", "hunspell-fr", "s-nail", "figlet", "cowsay", "fortune-mod", "unzip", "unoconv", "pandoc", "libqalculate", "tig", "jwt-cli", "curl", "wget", "miniserve", "mitmproxy", "trurl", "bind", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "whois", "traceroute", "nload", "lsof", "w3m", "lf", "siege", "htop", "scrcpy", "kdeconnect", "python-faker", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "zbar", "zint", "qrencode", "gopass", "qemu-base", "docker", "sqlite", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "raylib", "gopls", "rust-analyzer", "redis", "python-pip", "python-poetry", "ruff", "lua", "hugo", "fish", "zoxide", "dash", "pavucontrol", "pulsemixer", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "swayimg", "i3status-rust", "dunst", "grim", "slurp", "cliphist", "nautilus", "cheese", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "signal-desktop", "zathura", "zathura-pdf-poppler", "zathura-djvu", "xournalpp", "nsxiv", "gthumb", "krita", "inkscape", "tenacity", "songrec", "cheese", "celluloid", "vlc", "obs-studio", "openscad", "blender", "libreoffice-still", "qgis", "dbeaver", "remmina", "ttf-roboto", "ttf-opensans", "ttf-liberation", "ttf-font-awesome", "ttf-fira-code", "ttf-firacode-nerd"], "aur": ["xkb-qwerty-fr", "bluetuith", "boxes", "gitwatch-git", "litecli", "fish-fzf", "shellcheck-bin", "hyprpicker", "brave-bin", "mepo", "screen-message", "ttf-sourcesanspro", "ttf-bona-nova"]}

View file

@ -10,11 +10,39 @@ categories:
- base-devel - base-devel
- name: mosh - name: mosh
desc: The best to connect to remote server! desc: The best to connect to remote server!
- name: python-pipx
desc: To install python stuff
libs:
- protobuf
- libosmium
- name: expat
desc: XML parser lib
hardware:
printing:
- cups
_:
- acpi
- smartmontools # monitor drive (SSD) health
- lshw
- dmidecode # to list memory slots
- usbutils
- brightnessctl
- lm_sensors
network: network:
- sshfs - sshfs
- unbound - unbound
keymap:
- aur/xkb-qwerty-fr
bluetooth:
- bluez
- bluez-utils
- aur/bluetuith
utils: utils:
_: _:
- bat - bat
@ -32,6 +60,7 @@ categories:
desc: scheduler desc: scheduler
automation: automation:
- ansible - ansible
- ansible-lint
system: system:
- strace - strace
text_processing: text_processing:
@ -43,6 +72,15 @@ categories:
- yq - yq
csv: csv:
- xsv # rust CSV toolkit - xsv # rust CSV toolkit
language:
ocr:
- tesseract
- tesseract-data-fra
- tesseract-data-eng
spell:
- hunspell
- hunspell-en_us
- hunspell-fr
mail: mail:
- s-nail - s-nail
fun: fun:
@ -69,6 +107,8 @@ categories:
- mitmproxy - mitmproxy
- name: trurl - name: trurl
desc: URL processing desc: URL processing
dns:
- bind
_: _:
- nmap - nmap
- wireguard-tools - wireguard-tools
@ -92,22 +132,17 @@ categories:
- htop - htop
android: android:
- scrcpy - scrcpy
- kdeconnect
hardware: geo: []
- acpi # - aur/osmium-tool
- smartmontools # monitor drive (SSD) health fake:
- lshw - python-faker
- dmidecode # to list memory slots
- usbutils
multimedia: multimedia:
- ffmpeg - ffmpeg
- imagemagick - imagemagick
- mpv - mpv
- yt-dlp - yt-dlp
- tesseract
- tesseract-data-fra
- tesseract-data-eng
- zbar - zbar
- zint - zint
- qrencode - qrencode
@ -115,7 +150,6 @@ categories:
security: security:
- gopass - gopass
runtimes: runtimes:
virtualization: virtualization:
- qemu-base - qemu-base
@ -142,10 +176,15 @@ categories:
dbs: dbs:
- redis - redis
python: python:
_:
- python-pip
- python-poetry
lint: lint:
- ruff - ruff
lua: lua:
- lua - lua
static:
- hugo
shell: shell:
- fish - fish
@ -176,6 +215,7 @@ categories:
- swaylock - swaylock
- swayidle - swayidle
- swayimg - swayimg
- i3status-rust
color_picker: color_picker:
- aur/hyprpicker - aur/hyprpicker
notification: notification:
@ -223,8 +263,10 @@ categories:
- songrec - songrec
video: video:
- cheese - cheese
- celluloid
- vlc - vlc
- obs-studio - obs-studio
#- kdenlive
3d: 3d:
- openscad - openscad
- blender - blender
@ -248,5 +290,7 @@ categories:
- ttf-liberation - ttf-liberation
- ttf-font-awesome - ttf-font-awesome
- ttf-fira-code - ttf-fira-code
- ttf-firacode-nerd
- aur/ttf-sourcesanspro - aur/ttf-sourcesanspro
- aur/ttf-bona-nova - aur/ttf-bona-nova

View file

@ -29,7 +29,7 @@ aur_names = []
for p in flat_packages: for p in flat_packages:
assert isinstance(p, dict) assert isinstance(p, dict)
if p['name'].startswith('aur/'): if p['name'].startswith('aur/'):
aur_names.append(p['name']) aur_names.append(p['name'].split('/')[1])
continue continue
native_names.append(p['name']) native_names.append(p['name'])

View file

@ -0,0 +1 @@
-

View file

@ -0,0 +1,32 @@
- name: Setup unbound config
become: true
copy:
src: "{{ home }}/.dots/config/unbound/unbound.conf"
dest: "/etc/unbound/unbound.conf"
owner: unbound
mode: "u=rwX,g=rX,o="
- name: Setup unbound control certificates
become: true
shell: /usr/bin/unbound-control-setup
- name: Specify resolv configuration to use the local unbound server
become: true
copy:
dest: /etc/resolv.conf
content: |
nameserver ::1
nameserver 127.0.0.1
- name: Protect resolv
become: true
file:
path: /etc/resolv.conf
attributes: '+i'
- name: Enable unbound service
become: true
ansible.builtin.systemd_service:
name: unbound
state: started
enabled: true

View file

@ -6,3 +6,9 @@
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/main-popequer-notebook.git" repo: "git@forge.lefuturiste.fr:mbess/main-popequer-notebook.git"
dest: /home/mbess/notebooks/personal dest: /home/mbess/notebooks/personal
- name: Setup gitwatch
systemd_service:
scope: user
name: popequer_gitwatch@personal
state: started
enabled: true

View file

@ -1,5 +0,0 @@
- name: Setup unbound config
file:
src: "{{ home }}/.dots/config/unbound/unbound.conf"
dest: "/etc/unbound/unbound.conf"
state: link

View file

@ -1,7 +1,27 @@
- name: Install xremap via AUR
import_role:
name: aur
vars:
packages:
- xremap-wlroots-bin
- name: Setup xremap dir
file:
path: "{{ home }}/.config/xremap"
state: directory
recurse: true
- name: Generate xremap config - name: Generate xremap config
shell: "python3 {{ home }}/.dots/scripts/generate_xremap_config.py" shell: "python3 {{ home }}/.dots/scripts/generate_xremap_config.py"
- name: Setup xremap systemd - name: Generate xremap systemd service unit
become: true
template:
src: systemd/system/xremap.service
dest: /usr/lib/systemd/system/xremap.service
- name: Enable xremap systemd service
become: true
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: xremap name: xremap
state: started state: started

View file

@ -0,0 +1,2 @@
alias machine-name="{{ device_name }}"

View file

@ -0,0 +1,10 @@
[Install]
WantedBy=multi-user.target
[Unit]
Description=xremap
[Service]
Restart=always
ExecStart=xremap {{ home }}/.config/xremap/config.yaml --watch

View file

@ -0,0 +1,12 @@
[Unit]
Description=Send notif about time
After=network.target
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart={{ home }}/.dots/scripts/notify_time.sh
[Install]
WantedBy=default.target

View file

@ -0,0 +1,11 @@
[Unit]
Description=Run every hour to remind the user about the time passing by
[Timer]
OnBootSec=1min
OnCalendar=*:00
Persistent=true
[Install]
WantedBy=timers.target

View file

@ -0,0 +1,14 @@
[Unit]
Description=Sync popequer notebook with git
[Service]
# the buffer period in seconds 5min = 300s
Type=simple
ExecStart=/usr/bin/gitwatch -r origin -s 300 {{ home }}/notebooks/%i
ExecStop=/bin/true
Restart=always
RestartSec=30
[Install]
WantedBy=default.target

View file

@ -0,0 +1,15 @@
[Unit]
Description=SSHFS Daemon to mount srv06 warmd as a volume
StartLimitInterval=200
StartLimitBurst=8
[Service]
Type=simple
ExecStart=/usr/bin/sshfs -f {{ user }}@srv06.rem:/warmd/mbess {{ home }}/.mnt/warmd -o reconnect,ServerAliveInterval=30,ServerAliveCountMax=5
Restart=always
StandardOutput=journal
RestartSec=20
[Install]
WantedBy=default.target

View file

@ -2,6 +2,15 @@
gather_facts: True gather_facts: True
vars: vars:
home: /home/{{ user }} home: /home/{{ user }}
systemd_services:
system: []
user:
- name: "sshfs_srv06_warmd"
enabled: true
- name: "popequer_gitwatch@"
- name: "hourly_remainder"
enabled: true
timer: true
config_files: config_files:
- dir: fish - dir: fish
name: config.fish name: config.fish
@ -23,6 +32,9 @@
name: init.lua name: init.lua
- dir: nvim - dir: nvim
name: lua # lua dir name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks: tasks:
- name: Init arch - name: Init arch
block: block:
@ -91,17 +103,27 @@
owner: "{{ user }}" owner: "{{ user }}"
mode: u=rw,g=,o= mode: u=rw,g=,o=
- name: Clone dots file
git:
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
# INSTALL from YAML # INSTALL from YAML
- name: Install packages from YAML files (excluding AUR) - name: Install packages from YAML files (excluding AUR)
become: true become: true
community.general.pacman: community.general.pacman:
name: "{{ (lookup('file', 'arch_packages.json') | from_json)['native'] }}" # the python script will return a list of packages name: "{{ (lookup('file', 'arch_packages.json') | from_json)['native'] }}" # the python script will return a list of packages
# DOTS
- name: Clone dots file
git:
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Install requirements in dots
pip:
virtualenv: "{{ home }}/.dots/venv"
requirements: "{{ home }}/.dots/requirements.txt"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Setup config directories - name: Setup config directories
file: file:
path: "{{ home }}/.config/{{ item.dir }}" path: "{{ home }}/.config/{{ item.dir }}"
@ -122,28 +144,10 @@
name: "{{ user }}" name: "{{ user }}"
shell: /usr/bin/fish shell: /usr/bin/fish
- name: Setup xremap - name: Create machine.fish
include_role: template:
name: xremap src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup unbound
include_role:
name: unbound
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
- name: Setup quick notes folder
file:
path: "{{ home }}/.hidden/quick_notes/"
state: directory
recurse: true
- name: Setup temporary secrets folder (cookies jar)
file:
path: "{{ home }}/.cache/secrets/"
state: directory
recurse: true
- name: Create the aur_builder user - name: Create the aur_builder user
become: yes become: yes
@ -161,6 +165,11 @@
mode: 0644 mode: 0644
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
- name: Setup xremap
include_role:
name: xremap
# AUR packages
- name: Install yay - name: Install yay
import_role: import_role:
name: aur name: aur
@ -173,8 +182,81 @@
import_role: import_role:
name: aur name: aur
vars: vars:
packages: "{{ (lookup('file', 'aur_packages.json') | from_json)['aur'] }}" packages: "{{ (lookup('file', 'arch_packages.json') | from_json)['aur'] }}"
# SYSTEMD
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
loop: "{{ systemd_services.user }}"
- name: Setup user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup quick notes folder
file:
path: "{{ home }}/.hidden/quick_notes/"
state: directory
recurse: true
- name: Setup temporary secrets folder (cookies jar)
file:
path: "{{ home }}/.cache/secrets/"
state: directory
recurse: true
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
- name: Install others packages
community.general.pipx:
name: "{{ item }}"
loop:
- azlyrics2
- lesspass
- jc
- xkcd-pass
- yewtube
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
# WORKSPACE
- name: Clone books sources - name: Clone books sources
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
@ -184,4 +266,3 @@
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos dest: /home/mbess/workspace/monakhos