wip

2024-05-26 22:17:13 +02:00 · 2024-05-26 22:17:13 +02:00 · a0ea7b0a3f
commit a0ea7b0a3f
parent e61fe7e3f7
18 changed files with 366 additions and 30 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -1,3 +1,8 @@
 https://runebook.dev/fr/docs/ansible/collections/community/general/pacman_module
 https://docs.ansible.com/ansible/2.8/modules/pacman_module.html
 https://docs.ansible.com/ansible/latest/collections/community/general/pacman_module.html
+
+## External modules
+
+https://github.com/kewlfft/ansible-aur/tree/master
+
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -14,3 +14,4 @@ fact_caching_uri = ./.fact_cache.json
 [ssh_connection]
 # when developing on local machine
 pipelining = True
+
--- a/ansible/arch_packages.json
+++ b/ansible/arch_packages.json
@ -1 +1 @@
-["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "jwt-cli", "fish", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"]
+["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "dmidecode", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "jwt-cli", "fish", "zoxide", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"]
--- a/ansible/arch_packages.yaml
+++ b/ansible/arch_packages.yaml
@ -54,6 +54,8 @@ categories:
    - acpi
    - smartmontools # monitor drive (SSD) health
    - lshw
+    - dmidecode # to list memory slots
+    - usbutils

  multimedia:
    - ffmpeg
@ -74,6 +76,9 @@ categories:
    c:
      - gcc
      - make
+      - cmake
+      - libxkbcommon
+

    http_utils:
      - jwt-cli
@ -81,6 +86,7 @@ categories:
  shell:
    - fish
    - aur/fish-fzf
+    - zoxide
    - name: dash
      desc: Simple POSIX compliant shell

@ -109,6 +115,7 @@ categories:
      browser:
        - firefox-developer-edition
        - torbrowser-launcher
+        - aur/brave-bin
      terminal_emulator:
        - alacritty
      mail:
--- a/ansible/archinstall_configs/user_configuration.json
+++ b/ansible/archinstall_configs/user_configuration.json
@ -0,0 +1,271 @@
+{
+    "additional-repositories": [
+        "multilib"
+    ],
+    "archinstall-language": "English",
+    "audio_config": {
+        "audio": "pipewire"
+    },
+    "bootloader": "Grub",
+    "config_version": "2.8.0",
+    "debug": false,
+    "disk_config": {
+        "config_type": "default_layout",
+        "device_modifications": [
+            {
+                "device": "/dev/sda",
+                "partitions": [
+                    {
+                        "btrfs": [],
+                        "dev_path": null,
+                        "flags": [
+                            "Boot"
+                        ],
+                        "fs_type": "fat32",
+                        "mount_options": [],
+                        "mountpoint": "/boot",
+                        "obj_id": "b2d597c1-f6ad-4314-8b08-2c27bbf43fc1",
+                        "size": {
+                            "sector_size": {
+                                "unit": "B",
+                                "value": 512
+                            },
+                            "unit": "MiB",
+                            "value": 203
+                        },
+                        "start": {
+                            "sector_size": {
+                                "unit": "B",
+                                "value": 512
+                            },
+                            "unit": "MiB",
+                            "value": 3
+                        },
+                        "status": "create",
+                        "type": "primary"
+                    },
+                    {
+                        "btrfs": [],
+                        "dev_path": null,
+                        "flags": [],
+                        "fs_type": "ext4",
+                        "mount_options": [],
+                        "mountpoint": "/",
+                        "obj_id": "04f15d18-170d-403b-92cf-62a6c67f2199",
+                        "size": {
+                            "sector_size": {
+                                "unit": "B",
+                                "value": 512
+                            },
+                            "unit": "B",
+                            "value": 10521411584
+                        },
+                        "start": {
+                            "sector_size": {
+                                "unit": "B",
+                                "value": 512
+                            },
+                            "unit": "B",
+                            "value": 216006656
+                        },
+                        "status": "create",
+                        "type": "primary"
+                    }
+                ],
+                "wipe": true
+            }
+        ]
+    },
+    "disk_encryption": null,
+    "hostname": "archlinux",
+    "kernels": [
+        "linux"
+    ],
+    "locale_config": {
+        "kb_layout": "us",
+        "sys_enc": "UTF-8",
+        "sys_lang": "en_US"
+    },
+    "mirror_config": {
+        "custom_mirrors": [],
+        "mirror_regions": {
+            "Belgium": [
+                "http://mirror.tiguinet.net/arch/$repo/os/$arch",
+                "http://archlinux.mirror.kangaroot.net/$repo/os/$arch",
+                "http://archlinux.cu.be/$repo/os/$arch"
+            ],
+            "France": [
+                "https://mirrors.jtremesay.org/archlinux/$repo/os/$arch",
+                "https://mirrors.gandi.net/archlinux/$repo/os/$arch",
+                "https://mirrors.eric.ovh/arch/$repo/os/$arch",
+                "https://mirrors.celianvdb.fr/archlinux/$repo/os/$arch",
+                "https://mirror.wormhole.eu/archlinux/$repo/os/$arch",
+                "https://mirror.theo546.fr/archlinux/$repo/os/$arch",
+                "https://mirror.thekinrar.fr/archlinux/$repo/os/$arch",
+                "https://mirror.oldsql.cc/archlinux/$repo/os/$arch",
+                "https://mirror.its-tps.fr/archlinux/$repo/os/$arch",
+                "https://mirror.ibakerserver.pt/Arch/$repo/os/$arch",
+                "https://mirror.cyberbits.eu/archlinux/$repo/os/$arch",
+                "https://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch",
+                "https://archlinux.mailtunnel.eu/$repo/os/$arch",
+                "https://arch.yourlabs.org/$repo/os/$arch",
+                "http://mirrors.standaloneinstaller.com/archlinux/$repo/os/$arch",
+                "http://mirrors.gandi.net/archlinux/$repo/os/$arch",
+                "http://mirrors.celianvdb.fr/archlinux/$repo/os/$arch",
+                "http://mirror.theo546.fr/archlinux/$repo/os/$arch",
+                "http://mirror.oldsql.cc/archlinux/$repo/os/$arch",
+                "http://mirror.lastmikoi.net/archlinux/$repo/os/$arch",
+                "http://mirror.its-tps.fr/archlinux/$repo/os/$arch",
+                "http://mirror.cyberbits.eu/archlinux/$repo/os/$arch",
+                "http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch",
+                "http://mir.archlinux.fr/$repo/os/$arch",
+                "http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch",
+                "http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch",
+                "http://archlinux.mailtunnel.eu/$repo/os/$arch",
+                "http://archlinux.datagr.am/$repo/os/$arch",
+                "http://arch.yourlabs.org/$repo/os/$arch"
+            ],
+            "Germany": [
+                "https://pkg.fef.moe/archlinux/$repo/os/$arch",
+                "https://packages.oth-regensburg.de/archlinux/$repo/os/$arch",
+                "https://os.codefionn.eu/archlinux/$repo/os/$arch",
+                "https://mirrors.xtom.de/archlinux/$repo/os/$arch",
+                "https://mirrors.niyawe.de/archlinux/$repo/os/$arch",
+                "https://mirrors.n-ix.net/archlinux/$repo/os/$arch",
+                "https://mirrors.janbruckner.de/archlinux/$repo/os/$arch",
+                "https://mirror.wtnet.de/archlinux/$repo/os/$arch",
+                "https://mirror.ubrco.de/archlinux/$repo/os/$arch",
+                "https://mirror.sunred.org/archlinux/$repo/os/$arch",
+                "https://mirror.selfnet.de/archlinux/$repo/os/$arch",
+                "https://mirror.pseudoform.org/$repo/os/$arch",
+                "https://mirror.pagenotfound.de/archlinux/$repo/os/$arch",
+                "https://mirror.netcologne.de/archlinux/$repo/os/$arch",
+                "https://mirror.moson.org/arch/$repo/os/$arch",
+                "https://mirror.metalgamer.eu/archlinux/$repo/os/$arch",
+                "https://mirror.kumi.systems/archlinux/$repo/os/$arch",
+                "https://mirror.iusearchbtw.nl/$repo/os/$arch",
+                "https://mirror.informatik.tu-freiberg.de/arch/$repo/os/$arch",
+                "https://mirror.hugo-betrugo.de/archlinux/$repo/os/$arch",
+                "https://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch",
+                "https://mirror.f4st.host/archlinux/$repo/os/$arch",
+                "https://mirror.dogado.de/archlinux/$repo/os/$arch",
+                "https://mirror.cmt.de/archlinux/$repo/os/$arch",
+                "https://mirror.clientvps.com/archlinux/$repo/os/$arch",
+                "https://mirror.bethselamin.de/$repo/os/$arch",
+                "https://mirror.23m.com/archlinux/$repo/os/$arch",
+                "https://ftp.wrz.de/pub/archlinux/$repo/os/$arch",
+                "https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch",
+                "https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch",
+                "https://ftp.fau.de/archlinux/$repo/os/$arch",
+                "https://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch",
+                "https://dist-mirror.fem.tu-ilmenau.de/archlinux/$repo/os/$arch",
+                "https://de.mirrors.cicku.me/archlinux/$repo/os/$arch",
+                "https://de.arch.mirror.kescher.at/$repo/os/$arch",
+                "https://archlinux.thaller.ws/$repo/os/$arch",
+                "https://archlinux.richard-neumann.de/$repo/os/$arch",
+                "https://archlinux.homeinfo.de/$repo/os/$arch",
+                "https://arch.unixpeople.org/$repo/os/$arch",
+                "https://arch.phinau.de/$repo/os/$arch",
+                "https://arch.kurdy.org/$repo/os/$arch",
+                "https://arch.jensgutermuth.de/$repo/os/$arch",
+                "http://packages.oth-regensburg.de/archlinux/$repo/os/$arch",
+                "http://os.codefionn.eu/archlinux/$repo/os/$arch",
+                "http://mirrors.xtom.de/archlinux/$repo/os/$arch",
+                "http://mirrors.niyawe.de/archlinux/$repo/os/$arch",
+                "http://mirrors.n-ix.net/archlinux/$repo/os/$arch",
+                "http://mirrors.janbruckner.de/archlinux/$repo/os/$arch",
+                "http://mirror.wtnet.de/archlinux/$repo/os/$arch",
+                "http://mirror.ubrco.de/archlinux/$repo/os/$arch",
+                "http://mirror.sunred.org/archlinux/$repo/os/$arch",
+                "http://mirror.selfnet.de/archlinux/$repo/os/$arch",
+                "http://mirror.pagenotfound.de/archlinux/$repo/os/$arch",
+                "http://mirror.netcologne.de/archlinux/$repo/os/$arch",
+                "http://mirror.moson.org/arch/$repo/os/$arch",
+                "http://mirror.metalgamer.eu/archlinux/$repo/os/$arch",
+                "http://mirror.kumi.systems/archlinux/$repo/os/$arch",
+                "http://mirror.informatik.tu-freiberg.de/arch/$repo/os/$arch",
+                "http://mirror.hugo-betrugo.de/archlinux/$repo/os/$arch",
+                "http://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch",
+                "http://mirror.f4st.host/archlinux/$repo/os/$arch",
+                "http://mirror.cmt.de/archlinux/$repo/os/$arch",
+                "http://mirror.clientvps.com/archlinux/$repo/os/$arch",
+                "http://mirror.23m.com/archlinux/$repo/os/$arch",
+                "http://linux.rz.rub.de/archlinux/$repo/os/$arch",
+                "http://ftp.wrz.de/pub/archlinux/$repo/os/$arch",
+                "http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch",
+                "http://ftp.uni-hannover.de/archlinux/$repo/os/$arch",
+                "http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch",
+                "http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch",
+                "http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch",
+                "http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch",
+                "http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch",
+                "http://ftp.gwdg.de/pub/linux/archlinux/$repo/os/$arch",
+                "http://ftp.fau.de/archlinux/$repo/os/$arch",
+                "http://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch",
+                "http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch",
+                "http://de.mirrors.cicku.me/archlinux/$repo/os/$arch",
+                "http://artfiles.org/archlinux.org/$repo/os/$arch",
+                "http://archlinux.thaller.ws/$repo/os/$arch",
+                "http://archlinux.mirror.iphh.net/$repo/os/$arch",
+                "http://arch.phinau.de/$repo/os/$arch",
+                "http://arch.jensgutermuth.de/$repo/os/$arch"
+            ],
+            "United Kingdom": [
+                "https://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch",
+                "https://repo.slithery.uk/$repo/os/$arch",
+                "https://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch",
+                "https://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch",
+                "https://mirror.vinehost.net/archlinux/$repo/os/$arch",
+                "https://mirror.st2projects.com/archlinux/$repo/os/$arch",
+                "https://mirror.netweaver.uk/archlinux/$repo/os/$arch",
+                "https://mirror.bytemark.co.uk/archlinux/$repo/os/$arch",
+                "https://london.mirror.pkgbuild.com/$repo/os/$arch",
+                "https://lon.mirror.rackspace.com/archlinux/$repo/os/$arch",
+                "https://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch",
+                "http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch",
+                "http://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch",
+                "http://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch",
+                "http://mirror.vinehost.net/archlinux/$repo/os/$arch",
+                "http://mirror.netweaver.uk/archlinux/$repo/os/$arch",
+                "http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch",
+                "http://lon.mirror.rackspace.com/archlinux/$repo/os/$arch",
+                "http://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch"
+            ]
+        }
+    },
+    "network_config": {
+        "type": "nm"
+    },
+    "no_pkg_lookups": false,
+    "ntp": true,
+    "offline": false,
+    "packages": [
+        "less",
+        "python",
+        "openssh"
+    ],
+    "parallel downloads": 0,
+    "profile_config": {
+        "gfx_driver": "All open-source",
+        "greeter": "ly",
+        "profile": {
+            "custom_settings": {
+                "Sway": {
+                    "seat_access": "polkit"
+                }
+            },
+            "details": [
+                "Sway"
+            ],
+            "main": "Desktop"
+        }
+    },
+    "script": "guided",
+    "silent": false,
+    "skip_ntp": false,
+    "skip_version_check": false,
+    "swap": true,
+    "timezone": "UTC",
+    "uki": false,
+    "version": "2.8.0"
+}
--- a/ansible/archinstall_configs/user_credentials.json
+++ b/ansible/archinstall_configs/user_credentials.json
@ -0,0 +1,10 @@
+{
+    "!root-password": "XX",
+    "!users": [
+        {
+            "!password": "XX",
+            "sudo": true,
+            "username": "mbess"
+        }
+    ]
+}
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,2 @@
+collections:
+  - name: kewlfft.aur
--- a/ansible/roles/aur/tasks/main.yaml
+++ b/ansible/roles/aur/tasks/main.yaml
--- a/ansible/run_ansible_playbook.sh
+++ b/ansible/run_ansible_playbook.sh
@ -5,14 +5,22 @@ base="$(realpath $(dirname "$0"))"

 export ANSIBLE_CACHE_PLUGIN=jsonfile
 export ANSIBLE_CONFIG=$base/ansible.cfg
+#export ANSIBLE_DEBUG=1
+export ANSIBLE_LOG_PATH=ansible_run.log

 cd $base
 python3 parse_arch_packages.py > arch_packages.json
 cd $workdir

+rm $base/vm_files
+ln -s $workdir $base/vm_files
+
 ansible-playbook $base/workstation.yaml \
-    --ask-become-pass \
+    -v \
    -u "mbess" \
    -i "$base/inventory.yaml" \
-    --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./sshkey" \
-    --extra-vars "@$base/vars.yaml"
+    --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
+    --extra-vars "@$workdir/vars.yaml" \
+    --extra-vars "ansible_sudo_pass=root" \
+    --start-at-task "Create the aur_builder user"
+
--- a/ansible/run_ansible_playbook_initial_install.sh
+++ b/ansible/run_ansible_playbook_initial_install.sh
@ -0,0 +1,18 @@
+#!/usr/bin/sh
+
+workdir="$(pwd)"
+base="$(realpath $(dirname "$0"))"
+
+export ANSIBLE_CACHE_PLUGIN=jsonfile
+export ANSIBLE_CONFIG=$base/ansible.cfg
+
+cd $base
+python3 parse_arch_packages.py > arch_packages.json
+cd $workdir
+
+ansible-playbook $base/workstation_initial_install.yaml \
+    --ask-become-pass \
+    -u "mbess" \
+    -i "$base/inventory.yaml" \
+    --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
+    --extra-vars "@$base/vars.yaml"
--- a/ansible/templates/ssh_config
+++ b/ansible/templates/ssh_config
@ -0,0 +1,4 @@
+Host forge.lefuturiste.fr
+    user git
+    IdentitiesOnly yes
+    IdentityFile ~/.ssh/{{ device_name }}_generic_key_ed25519
--- a/ansible/vars.yaml
+++ b/ansible/vars.yaml
@ -1,4 +1,2 @@
 user: mbess
-foo: barladladsl
 device_name: grayblower
-
--- a/ansible/vm_files
+++ b/ansible/vm_files
@ -0,0 +1 @@
+/home/mbess/workspace/monakhos/sandbox_vms/vm1
--- a/ansible/workstation.yaml
+++ b/ansible/workstation.yaml
@ -1,13 +1,28 @@
 - hosts: workstation
-  gather_facts: False
+  gather_facts: True
  vars:
+    home: /home/{{ user }}
    config_files:
+      - dir: fish
+        name: config.fish
      - dir: tmux
        name: tmux.conf
      - dir: alacritty
        name: alacritty.toml
      - dir: wofi
        name: style.css
+      - dir: sway
+        name: config
+      - dir: helix
+        name: config.toml
+      - dir: i3status-rust
+        name: config.toml
+      - dir: git
+        name: config
+      - dir: nvim
+        name: init.lua
+      - dir: nvim
+        name: lua # lua dir
  tasks:
    - name: Init arch
      block:
@ -15,51 +30,131 @@
            path: /home/mbess/.workstation_setup_state
            state: touch
        - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state
-    - name: Install some packages
+
+    - name: Update pacman repo
+      become: true
+      community.general.pacman:
+        update_cache: true
+        upgrade: true
+    
+    - name: Install some basic packages
      become: true
      community.general.pacman:
        name:
-          - jq
-          - fx
-          - jo
-          - yq
+          - archlinux-keyring
+
+    - name: Init pacman keyring
+      become: true
+      # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
+      block:
+        - stat:
+            path: "{{ home }}/.cache/monakhos/pacman_key_state"
+          register: pacman_key_state_stat
+        - when: pacman_key_state_stat.stat.exists
+          slurp:
+            src: "{{ home }}/.cache/monakhos/pacman_key_state"
+          register: pacman_key_state
+        - when: pacman_key_state.content is defined
+          name: "pacman key state debug 1"
+          debug:
+            msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
+        - when: not pacman_key_state_stat.stat.exists
+          block:
+            - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
+            - shell: "mkdir -p ~/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
+
+    - name: Install some basic packages
+      become: true
+      community.general.pacman:
+        name:
+          - cliphist

    - name: Install packages from YAML files (excluding AUR)
      become: true
      community.general.pacman:
        name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages

-    # - name: Install yay, an AUR helper
-      
+    # TODO: put pre-generated sshkeys
+
+    # - name: Install yay, an AUR helper
+    #
+    - name: Copy pre-generated ssh keys
+      block:
+        - copy:
+            src: ./vm_files/remote_key
+            dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519"
+            mode: u=rw,g=,o=
+        - copy:
+            src: ./vm_files/remote_key.pub
+            dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519.pub"
+            mode: u=rw,g=,o=
+
+    - name: Config git
+      template:
+        src: ssh_config
+        dest: "{{ home }}/.ssh/config"
+        owner: "{{ user }}"
+        mode: u=rw,g=,o=
+
+    - name: Clone dots file
+      git:
+        repo: "git@forge.lefuturiste.fr:mbess/dots.git"
+        dest: "{{ home }}/.dots"

-    - name: Clone books sources
-      ansible.builtin.git:
-        repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
-        dest: /home/mbess/workspace/books_sources
    - name: Setup config directories
      file:
-        path: "/home/mbess/.config/{{ item.dir }}"
+        path: "{{ home }}/.config/{{ item.dir }}"
        state: directory
        recurse: true
      loop: "{{ config_files }}"
+
    - name: Setup symbolic links to config files
      file:
-        src: "/home/mbess/.dots/config/{{ item.dir }}/{{ item.name }}"
-        dest: "/home/mbess/.config/{{ item.dir }}/{{ item.name }}"
+        src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
+        dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
        state: link
      loop: "{{ config_files }}"
+
    - name: Setup main popequer notebook
      include_role:
        name: popequer_notebook

    - name: Setup quick notes folder
      file:
-        path: "/home/mbess/.hidden/quick_notes/"
+        path: "{{ home }}/.hidden/quick_notes/"
        state: directory
        recurse: true
    - name: Setup temporary secrets folder (cookies jar)
      file:
-        path: "/home/mbess/.cache/secrets/"
+        path: "{{ home }}/.cache/secrets/"
        state: directory
        recurse: true
      
+    - name: Create the aur_builder user
+      become: yes
+      ansible.builtin.user:
+        name: aur_builder
+        create_home: yes
+        group: wheel
+
+    - name: Allow the `aur_builder` user to run `sudo pacman` without a password
+      become: yes
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers.d/11-install-aur_builder
+        line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+        create: yes
+        mode: 0644
+        validate: 'visudo -cf %s'
+
+    - name: Install yay using makepkg
+      kewlfft.aur.aur:
+        name: yay
+        use: makepkg
+        state: present
+      become: yes
+      become_user: aur_builder
+
+    # - name: Clone books sources
+    #   ansible.builtin.git:
+    #     repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
+    #     dest: /home/mbess/workspace/books_sources
--- a/ansible/workstation_initial_install.yaml
+++ b/ansible/workstation_initial_install.yaml
@ -0,0 +1,10 @@
+- hosts: workstation
+  gather_facts: False
+  vars: {}
+  tasks:
+    - name: Copy arch install config files
+      copy:
+        src: /users/rolando/myfile
+        dest: /users/rolando/myfile
+
+
				`@ -0,0 +1 @@`
				`/home/mbess/workspace/monakhos/sandbox_vms/vm1`