wip

2024-05-26 22:17:13 +02:00 · 2024-05-26 22:17:13 +02:00 · a0ea7b0a3f
commit a0ea7b0a3f
parent e61fe7e3f7
18 changed files with 366 additions and 30 deletions
--- a/ansible/workstation.yaml
+++ b/ansible/workstation.yaml
@ -1,13 +1,28 @@
 - hosts: workstation
-  gather_facts: False
+  gather_facts: True
  vars:
+    home: /home/{{ user }}
    config_files:
+      - dir: fish
+        name: config.fish
      - dir: tmux
        name: tmux.conf
      - dir: alacritty
        name: alacritty.toml
      - dir: wofi
        name: style.css
+      - dir: sway
+        name: config
+      - dir: helix
+        name: config.toml
+      - dir: i3status-rust
+        name: config.toml
+      - dir: git
+        name: config
+      - dir: nvim
+        name: init.lua
+      - dir: nvim
+        name: lua # lua dir
  tasks:
    - name: Init arch
      block:
@ -15,51 +30,131 @@
            path: /home/mbess/.workstation_setup_state
            state: touch
        - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state
-    - name: Install some packages
+
+    - name: Update pacman repo
+      become: true
+      community.general.pacman:
+        update_cache: true
+        upgrade: true
+    
+    - name: Install some basic packages
      become: true
      community.general.pacman:
        name:
-          - jq
-          - fx
-          - jo
-          - yq
+          - archlinux-keyring
+
+    - name: Init pacman keyring
+      become: true
+      # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
+      block:
+        - stat:
+            path: "{{ home }}/.cache/monakhos/pacman_key_state"
+          register: pacman_key_state_stat
+        - when: pacman_key_state_stat.stat.exists
+          slurp:
+            src: "{{ home }}/.cache/monakhos/pacman_key_state"
+          register: pacman_key_state
+        - when: pacman_key_state.content is defined
+          name: "pacman key state debug 1"
+          debug:
+            msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
+        - when: not pacman_key_state_stat.stat.exists
+          block:
+            - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
+            - shell: "mkdir -p ~/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
+
+    - name: Install some basic packages
+      become: true
+      community.general.pacman:
+        name:
+          - cliphist

    - name: Install packages from YAML files (excluding AUR)
      become: true
      community.general.pacman:
        name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages

-    # - name: Install yay, an AUR helper
-      
+    # TODO: put pre-generated sshkeys
+
+    # - name: Install yay, an AUR helper
+    #
+    - name: Copy pre-generated ssh keys
+      block:
+        - copy:
+            src: ./vm_files/remote_key
+            dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519"
+            mode: u=rw,g=,o=
+        - copy:
+            src: ./vm_files/remote_key.pub
+            dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519.pub"
+            mode: u=rw,g=,o=
+
+    - name: Config git
+      template:
+        src: ssh_config
+        dest: "{{ home }}/.ssh/config"
+        owner: "{{ user }}"
+        mode: u=rw,g=,o=
+
+    - name: Clone dots file
+      git:
+        repo: "git@forge.lefuturiste.fr:mbess/dots.git"
+        dest: "{{ home }}/.dots"

-    - name: Clone books sources
-      ansible.builtin.git:
-        repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
-        dest: /home/mbess/workspace/books_sources
    - name: Setup config directories
      file:
-        path: "/home/mbess/.config/{{ item.dir }}"
+        path: "{{ home }}/.config/{{ item.dir }}"
        state: directory
        recurse: true
      loop: "{{ config_files }}"
+
    - name: Setup symbolic links to config files
      file:
-        src: "/home/mbess/.dots/config/{{ item.dir }}/{{ item.name }}"
-        dest: "/home/mbess/.config/{{ item.dir }}/{{ item.name }}"
+        src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
+        dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
        state: link
      loop: "{{ config_files }}"
+
    - name: Setup main popequer notebook
      include_role:
        name: popequer_notebook

    - name: Setup quick notes folder
      file:
-        path: "/home/mbess/.hidden/quick_notes/"
+        path: "{{ home }}/.hidden/quick_notes/"
        state: directory
        recurse: true
    - name: Setup temporary secrets folder (cookies jar)
      file:
-        path: "/home/mbess/.cache/secrets/"
+        path: "{{ home }}/.cache/secrets/"
        state: directory
        recurse: true
      
+    - name: Create the aur_builder user
+      become: yes
+      ansible.builtin.user:
+        name: aur_builder
+        create_home: yes
+        group: wheel
+
+    - name: Allow the `aur_builder` user to run `sudo pacman` without a password
+      become: yes
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers.d/11-install-aur_builder
+        line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+        create: yes
+        mode: 0644
+        validate: 'visudo -cf %s'
+
+    - name: Install yay using makepkg
+      kewlfft.aur.aur:
+        name: yay
+        use: makepkg
+        state: present
+      become: yes
+      become_user: aur_builder
+
+    # - name: Clone books sources
+    #   ansible.builtin.git:
+    #     repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
+    #     dest: /home/mbess/workspace/books_sources