diff --git a/INSTALL.md b/INSTALL.md index 2623667..5c42a0a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -8,3 +8,7 @@ - Add public key `lambdacov_perso_generic_ed25519` key to forge.lefuturiste.fr - Populate vars.yaml, choose the profile - run ansible playbook + +## Manual cmds to do on target hosts + + gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 8A74EAAF89C17944 diff --git a/README.md b/README.md index aa595a3..a3c1c7e 100644 --- a/README.md +++ b/README.md @@ -113,3 +113,13 @@ You need to keep updated the known hosts in your profiles to not have this info - https://github.com/id101010/ansible-archlinux - https://github.com/kewlfft/ansible-aur +## triage + +The master ssh key is used by the controller to authenticate to the ssh server of the target device. + +## architecture + +- Monakhos base +- Monakhos profile perso/pro +- Dots base +- Dots desktop diff --git a/TODO.md b/TODO.md index 3ff3375..c6ac0e2 100644 --- a/TODO.md +++ b/TODO.md @@ -1,23 +1,29 @@ # TODO -- add packages -- add configure of i2c dccutil to control external monitor screen brightness +## base work +- Run monakhos base on a podman arch container + - goal: having a container with a workable environment + +## others + +- add configure of i2c dccutil to control external monitor screen brightness - add email client setup - add gopass config - - add python pool - - add cargo global packages, like `pads` - - [ ] configure kanshi - - [ ] battery notify https://github.com/cdown/battery-notify - - configure password management - - [ ] Put some customized patched docker daemon config in /etc/docker/daemon.json with bigger address pool - - `sudo usermod -a -G wireshark mbess` - - [x] packages: add `texlive-langfrench`, `texlive-binextra` +- Find a replacement software for mepo + - Mepo is hard to install because it depend on zig, zig build breaks often + - Either fix the AUR package (byinstallBT +- Possible issues: + - dependency on aur.archlinux.org, can give 503 sometimes +- add package: spice server for Qemu and client + - `qemu-chardev-spice` + - `spice-vdagent` + - `spice-gtk` => provide the `spicy` GUI app diff --git a/ansible/_saved_workstation.yaml b/ansible/_saved_workstation.yaml new file mode 100644 index 0000000..c24771f --- /dev/null +++ b/ansible/_saved_workstation.yaml @@ -0,0 +1,380 @@ +- hosts: workstation + gather_facts: True + vars: + home: /home/{{ user }} + systemd_services: + system: [] + user: + - name: "hourly_remainder" + enabled: true + timer: true + - name: "cliphist" + enabled: true + - name: "kanshi" + enabled: true + - name: "gammastep" + enabled: true + - name: "swaybg" + enabled: true + config_files: + - dir: fish + name: config.fish + - dir: tmux + name: tmux.conf + - dir: alacritty + name: alacritty.toml + - dir: wofi + name: style.css + - dir: kanshi + name: config + - dir: sway + name: config + - dir: helix + name: config.toml + - dir: i3status-rust + name: config.toml + - dir: git + name: config + - dir: nvim + name: init.lua + - dir: nvim + name: lua # lua dir + # for desktop notifications + - dir: dunst + name: dunstrc + tasks: + - name: Init arch + block: + - file: + path: /home/mbess/.monakhos + state: touch + - copy: + content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n" + dest: "{{ home }}/.monakhos" + + - name: Change hostname + become: true + hostname: + name: "{{ device_name }}" + + - name: Update pacman repo + become: true + community.general.pacman: + update_cache: true + upgrade: true + + - name: Install some basic packages + become: true + community.general.pacman: + name: + - archlinux-keyring + - git + - openssh + + - name: "Configure to auto load some kernel modules at boot" + become: true + copy: + content: "# managed by monakhos\ni2c-dev\n" + dest: "/etc/modules-load.d/auto.conf" + + - name: Setup SSH client + include_role: + name: ssh + + - name: Init pacman keyring + become: true + # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) + block: + - stat: + path: "{{ home }}/.cache/monakhos/pacman_key_state" + register: pacman_key_state_stat + - when: pacman_key_state_stat.stat.exists + slurp: + src: "{{ home }}/.cache/monakhos/pacman_key_state" + register: pacman_key_state + - when: pacman_key_state.content is defined + name: "pacman key state debug 1" + debug: + msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}" + - when: not pacman_key_state_stat.stat.exists + block: + - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" + - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" + + # AUR SETUP + - name: Create the aur_builder user + become: yes + ansible.builtin.user: + name: aur_builder + create_home: yes + group: wheel + + - name: Allow the `aur_builder` user to run `sudo pacman` without a password + become: yes + ansible.builtin.lineinfile: + path: /etc/sudoers.d/11-install-aur_builder + line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' + create: yes + mode: 0644 + validate: 'visudo -cf %s' + + - name: Install yay + include_role: + name: aur + vars: + packages: + - yay-bin + + - name: Stub + file: + path: "{{ home }}/.stub" + state: touch + + # INSTALL essentials packages from YAML + - name: Install essentials non-AUR packages + become: true + community.general.pacman: + name: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" + + - name: Install essentials AUR packages + include_role: + name: aur + vars: + packages: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" + + - name: Install sway + include_role: + name: sway + + # Install essentials tools with UV + - name: Install essentials global tools (Python packages) + include_role: + name: uv_tools + with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" + + # DOTS + - name: Clone dots file + git: + key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519" + repo: "git@forge.lefuturiste.fr:mbess/dots.git" + dest: "{{ home }}/.dots" + + - name: Setup DNS and unbound + include_role: + name: dns + + - name: Symbolic link to user .profile + file: + src: "{{ home }}/.profile" + dest: "{{ home }}/.dots/config/.profile" + state: link + force: true + + - name: Setup config directories + file: + path: "{{ home }}/.config/{{ item.dir }}" + state: directory + recurse: true + loop: "{{ config_files }}" + + - name: Setup symbolic links to config files + file: + src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" + dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" + state: link + force: true + loop: "{{ config_files }}" + + - name: Set default shell + become: true + user: + name: "{{ user }}" + shell: /usr/bin/fish + + - name: Add user to useful group (docker) + become: true + user: + name: "{{ user }}" + groups: ["docker"] + + - name: Create machine.fish + template: + src: fish/machine.fish + dest: "{{ home }}/.config/fish/machine.fish" + + - name: Setup xremap + include_role: + name: xremap + + # SYSTEMD user services + - name: Setup systemd user services folder + file: + path: "{{ home }}/.config/systemd/user" + state: directory + recurse: true + + - name: Setup user units + loop: "{{ systemd_services.user }}" + when: "item.from is not defined" + template: + src: "systemd/user/{{ item.name }}.service" + dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" + vars: + service_params: "{{ item.params }}" + + - name: Setup user unit with from + loop: "{{ systemd_services.user }}" + when: "item.from is defined" + template: + src: "systemd/user/{{ item.from }}.service" + dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" + vars: + service_params: "{{ item.params }}" + + - name: Setup user timers + loop: "{{ systemd_services.user }}" + when: "item.timer is defined and item.timer" + template: + src: "systemd/user/{{ item.name }}.timer" + dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" + + - name: Enable some systemd user services + when: "item.enabled is defined and item.enabled" + loop: "{{ systemd_services.user }}" + systemd_service: + daemon_reload: true + scope: user + name: "{{ item.name }}" + state: started + enabled: true + + - name: Enable some systemd user timers + when: "item.timer is defined and item.timer" + loop: "{{ systemd_services.user }}" + systemd_service: + scope: user + name: "{{ item.name }}.timer" + state: started + enabled: true + + # OTHERS + - name: Setup triage folder + file: + path: "{{ home }}/triage" + state: directory + recurse: true + - name: Setup quick notes folder + file: + path: "{{ home }}/quick/notes" + state: directory + recurse: true + - name: Setup quick docs folder + file: + path: "{{ home }}/quick/docs" + state: directory + recurse: true + - name: Setup quick screenshot folder + file: + path: "{{ home }}/quick/screenshots" + state: directory + recurse: true + - name: Setup long-term local secrets + file: + path: "{{ home }}/.local/secrets" + state: directory + recurse: true + - name: Setup directory to contains local root CA + file: + path: "{{ home }}/.local/secrets/root_ca" + state: directory + recurse: true + - name: Setup temporary secrets folder + file: + path: "{{ home }}/.cache/secrets" + state: directory + recurse: true + - name: Setup vaults dir gpg home + file: + path: "{{ home }}/.vaults/gpg-homes" + state: directory + recurse: true + - name: Setup vaults dir store unixpass + file: + path: "{{ home }}/.vaults/pass" + state: directory + recurse: true + - name: Setup workspace folder + file: + path: "{{ home }}/workspace" + state: directory + recurse: true + + - name: Enable bluetooth service + become: true + ansible.builtin.systemd_service: + name: bluetooth + state: started + enabled: true + + - name: Setup wofi link + become: true + file: + src: "/usr/bin/wofi" + dest: "/usr/bin/rofi" + state: link + + - name: Setup apps dir + file: + path: "{{ home }}/.apps" + state: directory + recurse: true + + - name: Setup default browser link + file: + src: /usr/bin/librewolf + dest: "{{ home }}/.apps/browser" + state: link + force: true + + - name: Set default browser + include_role: + name: xdg_browser + vars: + default_browser: librewolf + + - name: Patch desktop entries for wayland + include_role: + name: wayland_fixer + + # Initialize Workspaces + - name: Clone general programming snippets + ansible.builtin.git: + repo: "git@forge.lefuturiste.fr:mbess/snippets.git" + dest: /home/mbess/workspace/snippets + - name: Clone monakhos + ansible.builtin.git: + repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" + dest: /home/mbess/workspace/monakhos + + # INSTALL extra packages from YAML + - name: Install extra non-AUR packages + become: true + community.general.pacman: + name: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" + + - name: Install extra AUR packages + include_role: + name: aur + vars: + packages: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" + + - name: Install extra global tools (Python packages) + include_role: + name: uv_tools + with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" + + diff --git a/ansible/arch_packages.yaml b/ansible/packages/essentials/arch_packages.yaml similarity index 75% rename from ansible/arch_packages.yaml rename to ansible/packages/essentials/arch_packages.yaml index dbaad90..8e4b02c 100644 --- a/ansible/arch_packages.yaml +++ b/ansible/packages/essentials/arch_packages.yaml @@ -9,6 +9,7 @@ common: - screen - openssh - base-devel + - os-prober - name: mosh desc: The best to connect to remote server! deps: @@ -16,15 +17,9 @@ common: - name: pacman-contrib desc: Include pactree - tty: - - name: physlock - desc: Session password-lock at the TTY level - + tty: {} libs: - - protobuf - - libosmium - - name: expat - desc: XML parser lib + - wlroots0.19 hardware: printing: @@ -66,20 +61,11 @@ common: utils: _: - - bat - - git-delta - plantuml - - desc: Env loader, export env variables from dotenv file in shell scripts - name: aur/zenv - - desc: Load system to make it heat and sweat - name: stress - - name: aur/scc - desc: Count source lines of a project - keyboard: - - name: ttyper - desc: Typing speed test. - backup: - - borg + - name: aur/zenv + desc: Env loader, export env variables from dotenv file in shell scripts + keyboard: {} + backup: {} docs: - man-pages - man-db @@ -131,11 +117,6 @@ common: - s-nail - name: isync desc: IMAP synchronization program. Also called mbsync, can be configured using `.mbsyncrc` file. - fun: - - figlet - - cowsay - - aur/boxes - - fortune-mod archives: - unzip - zip @@ -146,15 +127,15 @@ common: desc: general purpose document converter - name: typst desc: an alternative to latex - - name: aur/marp-cli-bin - desc: create presentation from markdown + - mkdocs + - mkdocs-material + - mkdocs-autorefs + - mkdocs-get-deps - graphviz - glow - name: visidata desc: Data explorer (Spreadsheet, CSV, Sqlite) pdf: - - aur/ocrmypdf - - aur/wkhtmltopdf-static - name: pdftk desc: Utils to manipulate PDF pages (extract, merge, rotate, unpack) latex: @@ -168,28 +149,19 @@ common: math: - name: libqalculate desc: Provide Qalc - gis: # SIG - _: - - gdal - - aur/tippecanoe - osm: - - aur/osmium-tool - - osm2pgsql + gis: {} vcs: git: - git - tig - pre-commit - aur/gitwatch-git - fossil: - - fossil network: address: - name: ipcalc + - name: aur/sipcalc description: | - Validate, compute and visualize IP ranges. - Support CIDR notation (Classless Inter-Domain Routing). - Eg. compute the start and the end of a range. + Compute and visualize IP ranges (start and end) bandwidth: - name: iperf3 description: TCP, UDP benchmark (speed test) @@ -212,19 +184,12 @@ common: desc: Download whole website for offline use dns: - bind - - aur/python-dnsrecon - kafka: - - name: aur/kcat-cli - desc: Kafka cat - - aur/avro-c - encoding: - avro: - - aur/avro-tools + encoding: {} _: - name: net-tools desc: Core tools for configuration tools for Linux networking - nmap - - gnu-netcat + - openbsd-netcat - wireguard-tools - tcpdump - name: socat @@ -239,8 +204,6 @@ common: - name: binwalk desc: Inspect a binary to search for embeded files and binaries url: https://www.kali.org/tools/binwalk/ - - name: aur/libtree - desc: Inspect a binary and output of tree of system libraries fs: - lsof - name: ncdu @@ -258,8 +221,6 @@ common: browser: - w3m - lynx - - name: aur/browsh - desc: Terminal browser, headless chromium running on a remote server that translate to text over Mosh. files: - lf security: @@ -280,15 +241,11 @@ common: - name: aur/apache-tools desc: provide htpasswd - argon2 - colors: - - name: pastel - desc: Manipulate colors + colors: {} multimedia: audio: - opus-tools - communication: - - name: aur/sigtop-git - desc: Messages and attahcments backup program for Signal Desktop + communication: {} cli_frontends: forges: @@ -323,23 +280,12 @@ common: - gopass - pass - virtualization: - - qemu-base - - name: guestfs-tools - desc: include the very useful virt-customize - - name: libguestfs - desc: include virt-install - - name: cloud-init - desc: Cloud-init utils, used to validate config + virtualization: {} docker: - docker - docker-buildx - kubectl - - name: aur/hadolint-bin - desc: Linter for Dockerfile, with all haskell dependencies - - name: trivy - desc: Container image security scanner programming: _: @@ -377,12 +323,7 @@ common: lsp: - gopls - rust-analyzer - - typst-lsp - - vscode-css-languageserver - pyright - - typescript-language-server - - svelte-language-server - - lua-language-server rust: - cargo-watch # - rustup @@ -470,7 +411,7 @@ common: - name: gammastep desc: Automatic red shift at night color_picker: - - aur/hyprpicker + - hyprpicker emojis_picker: - name: aur/jome desc: Emoji picker @@ -488,24 +429,23 @@ common: GUI: files: - nautilus - - cheese browser: - # - aur/librewolf-bin - # - aur/librewof + - dillo + - aur/librewolf-bin - aur/ungoogled-chromium-bin - # - thorium-browser-bin - - qutebrowser - - torbrowser-launcher terminal_emulator: - alacritty + - name: lsix + description: Command to show image in the terminal mail: - thunderbird communication: _: - signal-desktop - irc: - - name: polari - desc: GNOME 3 GUI IRC client + irc: {} + xmpp: + - name: dino + desc: Simple GTK XMPP client matrix: - name: fractal desc: Matrix client that seem to work in Rust @@ -528,32 +468,17 @@ common: - vimiv creation: image: - - gimp - - krita - inkscape - audio: - - tenacity - - songrec - - aur/clementine + audio: {} video: - cheese - - celluloid - - vlc - - obs-studio - 3d: - - openscad - - blender + 3d: {} bureautique: - libreoffice-still - geo: - - aur/mepo - - qgis + geo: {} vcs: - git: - - giggle + git: {} db: - - name: dbeaver - tags: ['heavy-gui'] - name: sqlitebrowser desc: Light QT GUI to navigate sqlite remote_access: @@ -561,7 +486,7 @@ common: - aur/remmina-plugin-rdesktop _: - name: aur/screen-message - description: Utility to write in big on the screen + description: Utility to write big text on the screen inspection: - wireshark-qt editor: @@ -578,19 +503,3 @@ common: - name: noto-fonts-emoji desc: Google emoji fonts, required for fractal -proprietary_vpns: - - openfortivpn - -# Extra non-free networks for work packages -# non-free: -microsoft_azure: - - azure-cli - - aur/azure-kubelogin - -hashicorp: - - name: vault - alias: hvault - -extra_video: - - name: kdenlive - desc: video editor diff --git a/ansible/packages/essentials/python_packages.yaml b/ansible/packages/essentials/python_packages.yaml new file mode 100644 index 0000000..d0e6dff --- /dev/null +++ b/ansible/packages/essentials/python_packages.yaml @@ -0,0 +1,5 @@ +common: + - pipdeptree + - copyparty + - lesspass + - pylint diff --git a/ansible/packages/extra/arch_packages.yaml b/ansible/packages/extra/arch_packages.yaml new file mode 100644 index 0000000..d97da93 --- /dev/null +++ b/ansible/packages/extra/arch_packages.yaml @@ -0,0 +1,224 @@ +--- +common: + tty: + - name: aur/physlock + desc: Session password-lock at the TTY level + + libs: + - protobuf + - libosmium + - name: expat + desc: XML parser lib + + hardware: {} + + network: {} + + keymap: {} + + bluetooth: {} + + utils: + _: + - plantuml + - name: stress + desc: Load system to make it heat and sweat + - desc: Count source lines of a project + name: aur/scc + keyboard: + - name: ttyper + desc: Typing speed test. + backup: + - borg + docs: + - arch-wiki-docs + language: {} + mail: {} + fun: + - figlet + - cowsay + - aur/boxes + - fortune-mod + bureautique: + - name: aur/marp-cli-bin + desc: create presentation from markdown + pdf: + - aur/ocrmypdf + - aur/wkhtmltopdf-static + gis: # SIG + _: + - gdal + - aur/tippecanoe + osm: + - aur/osmium-tool + - osm2pgsql + vcs: + git: {} + fossil: + - fossil + network: + http: {} + dns: + - aur/python-dnsrecon + kafka: + - name: aur/kcat-cli + desc: Kafka cat + - aur/avro-c + encoding: + avro: + - aur/avro-tools + _: {} + inspection: + - name: aur/libtree + desc: Inspect a binary and output of tree of system libraries + fs: {} + disk: {} + tui: + browser: + - name: aur/browsh + desc: Terminal browser, headless chromium running on a remote server that translate to text over Mosh. + files: {} + security: + - siege + monitoring: {} + android: {} + random_gen: {} + hashing: {} + colors: + - name: pastel + desc: Manipulate colors + multimedia: + audio: {} + communication: + - name: aur/sigtop-git + desc: Messages and attahcments backup program for Signal Desktop + + cli_frontends: + forges: {} + + multimedia: + youtube: {} + player: {} + book: {} + exif: {} + _: {} + + password: {} + + virtualization: + - qemu-base + - name: guestfs-tools + desc: include the very useful virt-customize + - name: libguestfs + desc: include virt-install + - name: cloud-init + desc: Cloud-init utils, used to validate config + + docker: + - name: aur/hadolint-bin + desc: Linter for Dockerfile, with all haskell dependencies + - name: trivy + desc: Container image security scanner + + programming: + _: {} + html: {} + sqlite: {} + editor: {} + c: {} + node: {} + lsp: + - typescript-language-server + - svelte-language-server + - aur/typst-lsp + - lua-language-server + - vscode-css-languageserver + rust: {} + dbs: {} + python: + _: {} + lint: {} + lib: {} + lua: {} + web: {} + static: {} + ci: {} + + shell: {} + + audio: + control: {} + + desktop: + wayland: + # https://github.com/natpen/awesome-wayland + _: {} + display: {} + color_picker: {} + emojis_picker: {} + notification: {} + screenshot: {} + + desktop_utils: {} + + GUI: + files: {} + browser: + - aur/thorium-browser-bin + - qutebrowser + - torbrowser-launcher + terminal_emulator: {} + mail: {} + communication: + _: {} + irc: {} + matrix: {} + document: + viewer: {} + editor: {} + images: + viewer: {} + creation: + image: + - gimp + - krita + audio: + - tenacity + - songrec + - aur/clementine + video: + - celluloid + - vlc + - obs-studio + - name: kdenlive + desc: video editor + 3d: + - openscad + - blender + bureautique: {} + geo: + - qgis + vcs: + git: + - giggle + db: + - name: dbeaver + remote_access: {} + _: {} + inspection: {} + editor: {} + fonts: {} + +proprietary_vpns: + - openfortivpn + +# Extra non-free networks for work packages +# non-free: +microsoft_azure: + - azure-cli + - aur/azure-kubelogin + +hashicorp: + - name: vault + alias: hvault + diff --git a/ansible/packages/extra/python_packages.yaml b/ansible/packages/extra/python_packages.yaml new file mode 100644 index 0000000..d7936a8 --- /dev/null +++ b/ansible/packages/extra/python_packages.yaml @@ -0,0 +1,7 @@ +common: + multimedia: + - linkchecker + - imagehash + - yewtube + - azlyrics2 + - epy-reader diff --git a/ansible/python_packages.yaml b/ansible/python_packages.yaml deleted file mode 100644 index 9d98430..0000000 --- a/ansible/python_packages.yaml +++ /dev/null @@ -1,14 +0,0 @@ -base: - - mkdocs - - pipdeptree - - copyparty - - lesspass - - yewtube - - lesspass - - mkdocs - - linkchecker - - imagehash - - pylint -multimedia: - - azlyrics2 - - epy-reader diff --git a/ansible/roles/display/tasks/main.yam. b/ansible/roles/display/tasks/main.yam. new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/ansible/roles/display/tasks/main.yam. @@ -0,0 +1 @@ + diff --git a/ansible/roles/display/tasks/main.yaml b/ansible/roles/display/tasks/main.yaml new file mode 100644 index 0000000..12cccf0 --- /dev/null +++ b/ansible/roles/display/tasks/main.yaml @@ -0,0 +1,5 @@ +- name: Install ddcutil + community.general.pacman: + name: ddcutil + state: present +- name: Install ddcsetup program diff --git a/ansible/roles/dns/tasks/main.yaml b/ansible/roles/dns/tasks/main.yaml index 7d1babc..977716b 100644 --- a/ansible/roles/dns/tasks/main.yaml +++ b/ansible/roles/dns/tasks/main.yaml @@ -1,7 +1,7 @@ - name: Setup unbound config become: true - copy: - src: "{{ home }}/.dots/config/unbound/unbound.conf" + template: + src: "unbound.conf" dest: "/etc/unbound/unbound.conf" owner: unbound mode: "u=rwX,g=rX,o=" @@ -32,15 +32,16 @@ enabled: true - name: Create unbound configs dir + become: true file: state: directory path: "/etc/unbound/config.d" -# copy from dots file to the /etc/unbound/config.d the additonal config enabled -- name: Setup additonal profile config - when: organization is defined and "unbound" in organization_customize - become: true - copy: - src: "{{ home }}/.dots/profiles/{{ organization }}/configs/unbound.conf" - dest: "/etc/unbound/config.d/{{ organization }}.conf" +# # copy from dots file to the /etc/unbound/config.d the additonal config enabled +# - name: Setup additonal profile config +# when: organization is defined and "unbound" in organization_customize +# become: true +# copy: +# src: "{{ home }}/.dots/profiles/{{ organization }}/configs/unbound.conf" +# dest: "/etc/unbound/config.d/{{ organization }}.conf" diff --git a/ansible/roles/dns/templates/unbound.conf b/ansible/roles/dns/templates/unbound.conf new file mode 100644 index 0000000..3d29817 --- /dev/null +++ b/ansible/roles/dns/templates/unbound.conf @@ -0,0 +1,48 @@ +server: + interface: 0.0.0.0 + interface: ::0 + interface-automatic: yes + + # Also listen on docker to allow docker container to reach unbound + #interface: 172.17.0.1 + access-control: 172.0.0.0/8 allow + access-control: 172.31.0.0/16 allow + + trust-anchor-file: "/etc/unbound/trusted-key.key" + + cache-max-ttl: 86400 + cache-min-ttl: 7200 + + hide-identity: yes + hide-version: yes + + qname-minimisation: yes + + aggressive-nsec: yes + prefetch: yes + serve-expired: yes + serve-expired-ttl: 86400 + + #tls-upstream: yes + #tls-cert-bundle: /etc/ca-certificates/extracted/tls-ca-bundle.pem + + #verbosity: 1 + #log-queries: yes + # use journalctl to see the logs + # e.g : journalctl --since 2023-01-01 -f -u unbound + + local-data: "my-resolver.internal TXT local unbound" + local-zone: "custom.verify" redirect + local-data: "custom.verify A 42.42.42.42" + local-zone: "jpp.jpp" redirect + local-data: "jpp.jpp A 1.1.1.1" + local-zone: "e.e" redirect + local-data: "e.e A 42.42.42.42" + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + +# Include others namespace/domains configs +include: /etc/unbound/config.d/* + diff --git a/ansible/roles/dotsfiles/tasks/copy_config_file.yaml b/ansible/roles/dotsfiles/tasks/copy_config_file.yaml new file mode 100644 index 0000000..36b6550 --- /dev/null +++ b/ansible/roles/dotsfiles/tasks/copy_config_file.yaml @@ -0,0 +1,15 @@ +- name: Debug configuration file infos + ansible.builtin.debug: + var: "config" +- name: Create directory + ansible.builtin.file: + path: "{{ (home + '/' + config['dest']) | dirname }}" + state: directory + recurse: true +- name: Copy files + ansible.builtin.copy: + src: "{{ dotsfiles_repo_path.stdout }}/confs/src/{{ config['src'] }}" + remote_src: true + dest: "{{ home }}/{{ config['dest'] }}" + force: true + mode: u=rw,g=r,o= diff --git a/ansible/roles/dotsfiles/tasks/install_configs.yaml b/ansible/roles/dotsfiles/tasks/install_configs.yaml new file mode 100644 index 0000000..3ec1e4a --- /dev/null +++ b/ansible/roles/dotsfiles/tasks/install_configs.yaml @@ -0,0 +1,6 @@ +- name: Copy single file + ansible.builtin.include_tasks: + file: copy_config_file.yaml + with_items: "{{ config_map.static_files_copy }}" + loop_control: + loop_var: config diff --git a/ansible/roles/dotsfiles/tasks/install_glue_scripts.yaml b/ansible/roles/dotsfiles/tasks/install_glue_scripts.yaml new file mode 100644 index 0000000..ad3bd97 --- /dev/null +++ b/ansible/roles/dotsfiles/tasks/install_glue_scripts.yaml @@ -0,0 +1,14 @@ +- name: Init glue_scripts bin directory + ansible.builtin.file: + path: "{{ home }}/.local/share/glue_scripts/bin" + state: directory +- name: Copy glue script + ansible.builtin.copy: + src: "{{ dotsfiles_repo_path.stdout }}/glue_scripts/src/{{ glue_script['src'] }}" + remote_src: true + dest: "{{ home }}/.local/share/glue_scripts/bin/{{ glue_script['src'] }}" + force: true + mode: u=rwx,g=r,o= + with_items: "{{ config.static_executable_copy }}" + loop_control: + loop_var: glue_script diff --git a/ansible/roles/dotsfiles/tasks/main.yaml b/ansible/roles/dotsfiles/tasks/main.yaml new file mode 100644 index 0000000..5068178 --- /dev/null +++ b/ansible/roles/dotsfiles/tasks/main.yaml @@ -0,0 +1,30 @@ +- name: Setup repo directory + file: + path: "{{ home }}/.dotsfiles" + state: directory + recurse: false +- name: echo dotsfiles path + command: "echo {{ home }}/.dotsfiles/{{ dotsfiles_repo_name }}" + register: dotsfiles_repo_path +- name: Clone dotsfiles repo + ansible.builtin.git: + repo: "{{ dotsfiles_repo_url }}" + dest: "{{ dotsfiles_repo_path.stdout }}" +- name: Read config map + ansible.builtin.slurp: + src: "{{ dotsfiles_repo_path.stdout }}/confs/config_map.yaml" + register: dotsfiles_map_yaml +- name: Install configs from config map + ansible.builtin.include_tasks: + file: install_configs.yaml + vars: + config_map: "{{ (dotsfiles_map_yaml.content | b64decode | from_yaml).config_map }}" +- name: Read glue scripts config + ansible.builtin.slurp: + src: "{{ dotsfiles_repo_path.stdout }}/glue_scripts/config.yaml" + register: glue_scripts_config_yaml +- name: Install glue scripts + ansible.builtin.include_tasks: + file: install_glue_scripts.yaml + vars: + config: "{{ (glue_scripts_config_yaml.content | b64decode | from_yaml) }}" diff --git a/ansible/roles/keyboard/files/keyd_default.conf b/ansible/roles/keyboard/files/keyd_default.conf new file mode 100644 index 0000000..ac8be05 --- /dev/null +++ b/ansible/roles/keyboard/files/keyd_default.conf @@ -0,0 +1,8 @@ +[ids] +* + +[main] +capslock = esc +# Ascii grave back tick and Ascii tilde +esc = grave + diff --git a/ansible/roles/keyboard/tasks/main.yaml b/ansible/roles/keyboard/tasks/main.yaml new file mode 100644 index 0000000..a14a7cf --- /dev/null +++ b/ansible/roles/keyboard/tasks/main.yaml @@ -0,0 +1,26 @@ +# install and configure keyd +# (low-level key remapping daemon for linux) +- name: Install keyd package + become: true + community.general.pacman: + name: keyd + +- name: Create keyd config dir + become: true + ansible.builtin.file: + path: /etc/keyd + state: directory + recurse: false + +- name: Copy keyd config + become: true + ansible.builtin.copy: + src: keyd_default.conf + dest: /etc/keyd/default.conf + +- name: Enable systemd service + become: true + ansible.builtin.systemd_service: + name: "keyd" + state: "started" + enabled: true diff --git a/ansible/roles/ssh/tasks/main.yaml b/ansible/roles/ssh/tasks/main.yaml index 0d18721..c233dfa 100644 --- a/ansible/roles/ssh/tasks/main.yaml +++ b/ansible/roles/ssh/tasks/main.yaml @@ -24,25 +24,29 @@ owner: "{{ user }}" mode: u=rw,g=,o= -- name: Create temporary build directory +- delegate_to: localhost ansible.builtin.tempfile: state: directory suffix: ssh_known_hosts register: tempdir_known_hosts - name: Load known hosts from profiles + delegate_to: localhost template: - # load from controller host - src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/known_hosts" + # load from controller host, from the work profile repository + src: "{{ profiles_paths[item.name] }}/configs/ssh/known_hosts" dest: "{{ tempdir_known_hosts.path }}/{{ item.name }}" with_items: "{{ enabled_profiles }}" +# - name: Execute a command +# ansible.builtin.command: "sleep infinity" + - name: Concat known hosts template: src: ssh/known_hosts dest: "{{ home }}/.ssh/known_hosts" vars: - tempdir_known_hosts: "{{ tempdir_known_hosts }}" + origin_dir: "{{ tempdir_known_hosts.path }}" - name: Ensure ssh config profiles dir exists file: @@ -51,7 +55,7 @@ - name: Load ssh config of profiles template: - src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/config" + src: "{{ profiles_paths[item.name] }}/configs/ssh/config" dest: "{{ home }}/.ssh/profiles/{{ item.name }}" mode: u=rw,g=,o= with_items: "{{ enabled_profiles }}" diff --git a/ansible/roles/systemd_user/tasks/main.yaml b/ansible/roles/systemd_user/tasks/main.yaml new file mode 100644 index 0000000..1d964f1 --- /dev/null +++ b/ansible/roles/systemd_user/tasks/main.yaml @@ -0,0 +1,51 @@ +# Main task of the role to setup systemd user scope services and timer +# Expected var "user_systemd_services" and "template_dir" +- name: Setup systemd user services folder + file: + path: "{{ home }}/.config/systemd/user" + state: directory + recurse: true + +- name: Setup user units file + template: + src: "{{ template_dir }}/{{ unit.name }}.service" + dest: "{{ home }}/.config/systemd/user/{{ unit.name }}.service" + loop_control: + loop_var: unit + with_items: "{{ user_systemd_services }}" + +- name: Setup user timers + with_items: "{{ systemd_services.user }}" + loop_control: + loop_var: unit + when: "unit.timer is defined and unit.timer" + template: + src: "{{ template_dir }}/{{ unit.name }}.timer" + dest: "{{ home }}/.config/systemd/user/{{ unit.name }}.timer" + +- name: Enable user services + with_items: "{{ user_systemd_services }}" + loop_control: + loop_var: unit + systemd_service: + daemon_reload: true + scope: user + name: "{{ unit.name }}" + state: started + enabled: true + +- name: Enable user timers + with_items: "{{ systemd_services.user }}" + loop_control: + loop_var: unit + when: "unit.timer is defined and unit.timer" + systemd_service: + scope: user + name: "{{ unit.name }}.timer" + state: started + enabled: true + +- name: Reload user daemon + systemd_service: + scope: user + daemon_reload: true diff --git a/ansible/run_ansible_playbook.sh b/ansible/run_ansible_playbook.sh index 4ca44cd..90d4c1f 100755 --- a/ansible/run_ansible_playbook.sh +++ b/ansible/run_ansible_playbook.sh @@ -13,7 +13,12 @@ export ANSIBLE_LOG_PATH=ansible_run.log rm $base/vm_files ln -s $workdir $base/vm_files -ansible-playbook $base/workstation.yaml \ +export ANSIBLE_PLAYBOOK="${ANSIBLE_PLAYBOOK:-workstation.yaml}" +export ANSIBLE_REPO="${ANSIBLE_REPO:-$base}" + +playbookPath="$ANSIBLE_REPO/$ANSIBLE_PLAYBOOK" + +ansible-playbook $playbookPath \ -v \ --ask-become-pass \ -i "inventory.yaml" \ diff --git a/ansible/setup_desktop_workstation.yaml b/ansible/setup_desktop_workstation.yaml new file mode 100644 index 0000000..63c74f8 --- /dev/null +++ b/ansible/setup_desktop_workstation.yaml @@ -0,0 +1,36 @@ +# Desktop workstation non-root setup playbook +# This playbook contains user setup for the graphical Sway desktop environment +# that doesn't require root +- hosts: workstation + gather_facts: True + vars: + home: /home/{{ user }} + tasks: + - name: "Setup systemd user services and timers" + include_role: + name: systemd_user + vars: + user_systemd_services: + - name: "cliphist" + enabled: true + - name: "kanshi" + enabled: true + - name: "gammastep" + enabled: true + - name: "swaybg" + enabled: true + # - name: "hourly_remainder" + # enabled: true + # timer: true + template_dir: "systemd/user" + + - name: Read glue scripts config + ansible.builtin.slurp: + src: "glue_scripts/config.yaml" + register: glue_scripts_config_yaml + - name: Install glue scripts + ansible.builtin.include_tasks: + file: install_glue_scripts.yaml + vars: + config: "{{ (glue_scripts_config_yaml.content | b64decode | from_yaml) }}" + glue_scripts_config_yaml: "{{ lookup('file', 'desktop_glue_scripts/config.yaml') }}" diff --git a/ansible/setup_dotsfiles.yaml b/ansible/setup_dotsfiles.yaml new file mode 100644 index 0000000..ceeadb0 --- /dev/null +++ b/ansible/setup_dotsfiles.yaml @@ -0,0 +1,15 @@ +- hosts: workstation + gather_facts: False + vars: + home: /home/{{ user }} + tasks: + - name: Setup dotsfile (copy) + include_role: + name: dotsfiles + vars: + dotsfiles_repo_name: "{{ dotsfiles_repo.name }}" + dotsfiles_repo_url: "{{ dotsfiles_repo.repo_url }}" + with_items: "{{ dotsfiles_repos }}" + loop_control: + loop_var: dotsfiles_repo + diff --git a/ansible/setup_low-level_desktop_workstation.yaml b/ansible/setup_low-level_desktop_workstation.yaml new file mode 100644 index 0000000..8e084bf --- /dev/null +++ b/ansible/setup_low-level_desktop_workstation.yaml @@ -0,0 +1,14 @@ +# Low-level Desktop workstation playbook (require become) +# This playbook is used to setup low-level settings (like Human Interface devices and screen) +- hosts: workstation + gather_facts: True + vars: + home: /home/{{ user }} + tasks: + - name: Configure low-level keyboard device + include_role: + name: keyboard + - name: Configure low-level display interface + include_role: + name: display + diff --git a/ansible/templates/ssh/known_hosts b/ansible/templates/ssh/known_hosts index 0335d34..6d69ad0 100644 --- a/ansible/templates/ssh/known_hosts +++ b/ansible/templates/ssh/known_hosts @@ -27,7 +27,7 @@ codeberg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTY # ============================== # Profile: {{ enabled_profile.name }} # ============================== -{{ lookup('file', tempdir_known_hosts.path + '/' + enabled_profile.name) }} +{{ lookup('file', origin_dir + '/' + enabled_profile.name) }} {% endfor %} diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml index 6afb0bc..31deb41 100644 --- a/ansible/workstation.yaml +++ b/ansible/workstation.yaml @@ -2,67 +2,6 @@ gather_facts: True vars: home: /home/{{ user }} - systemd_services: - system: [] - user: - - from: "mount_sshfs" - name: "mount_sshfs_srv06_warmd_mbess" - enabled: true - params: - ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess" - mount_path: "{{ home }}/.mnt/srv06/warmd/mbess" - profile: perso - - from: "mount_sshfs" - name: "mount_sshfs_srv06_warmd_etb" - enabled: true - params: - ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem" - mount_path: "{{ home }}/.mnt/srv06/warmd/etb" - profile: perso - - name: "popequer_gitwatch@" - profile: all - - name: "hourly_remainder" - enabled: true - timer: true - profile: all - - name: "cliphist" - enabled: true - profile: all - - name: "kanshi" - enabled: true - profile: all - - name: "gammastep" - enabled: true - profile: all - - name: "swaybg" - enabled: true - profile: all - config_files: - - dir: fish - name: config.fish - - dir: tmux - name: tmux.conf - - dir: alacritty - name: alacritty.toml - - dir: wofi - name: style.css - - dir: kanshi - name: config - - dir: sway - name: config - - dir: helix - name: config.toml - - dir: i3status-rust - name: config.toml - - dir: git - name: config - - dir: nvim - name: init.lua - - dir: nvim - name: lua # lua dir - # for desktop notifications - - dir: dunst - name: dunstrc tasks: - name: Init arch block: @@ -74,6 +13,7 @@ dest: "{{ home }}/.monakhos" - name: Change hostname + become: true hostname: name: "{{ device_name }}" @@ -121,11 +61,6 @@ - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - - name: Install global tools (Python packages) - include_role: - name: uv_tools - with_items: "{{ lookup('pipe', 'cat python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" - # AUR SETUP - name: Create the aur_builder user become: yes @@ -155,61 +90,29 @@ path: "{{ home }}/.stub" state: touch - # INSTALL normal packages from YAML - - name: Install non-AUR packages + # INSTALL essentials packages from YAML + - name: Install essentials non-AUR packages become: true community.general.pacman: - name: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" + name: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" with_items: "{{ packages_categories }}" - - name: Install AUR packages + - name: Install essentials AUR packages include_role: name: aur vars: - packages: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" + packages: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" with_items: "{{ packages_categories }}" - name: Install sway include_role: name: sway - # DOTS - - name: Clone dots file - git: - key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519" - repo: "git@forge.lefuturiste.fr:mbess/dots.git" - dest: "{{ home }}/.dots" - - - name: Install requirements in dots - pip: - virtualenv: "{{ home }}/.dots/venv" - requirements: "{{ home }}/.dots/requirements.txt" - - - name: Setup DNS and unbound + # Install essentials tools with UV + - name: Install essentials global tools (Python packages) include_role: - name: dns - - - name: Symbolic link to user .profile - file: - src: "{{ home }}/.profile" - dest: "{{ home }}/.dots/config/.profile" - state: link - force: true - - - name: Setup config directories - file: - path: "{{ home }}/.config/{{ item.dir }}" - state: directory - recurse: true - loop: "{{ config_files }}" - - - name: Setup symbolic links to config files - file: - src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" - dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" - state: link - force: true - loop: "{{ config_files }}" + name: uv_tools + with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" - name: Set default shell become: true @@ -223,151 +126,6 @@ name: "{{ user }}" groups: ["docker"] - - name: Create machine.fish - template: - src: fish/machine.fish - dest: "{{ home }}/.config/fish/machine.fish" - - - name: Setup xremap - include_role: - name: xremap - - # SYSTEMD user services - - name: Setup systemd user services folder - file: - path: "{{ home }}/.config/systemd/user" - state: directory - recurse: true - - - name: Setup user units - loop: "{{ systemd_services.user }}" - when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)" - template: - src: "systemd/user/{{ item.name }}.service" - dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" - vars: - service_params: "{{ item.params }}" - - - name: Setup user unit with from - loop: "{{ systemd_services.user }}" - when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)" - template: - src: "systemd/user/{{ item.from }}.service" - dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" - vars: - service_params: "{{ item.params }}" - - - name: Setup user timers - loop: "{{ systemd_services.user }}" - when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" - template: - src: "systemd/user/{{ item.name }}.timer" - dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" - - - name: Enable some systemd user services - when: "item.enabled is defined and item.enabled" - loop: "{{ systemd_services.user }}" - systemd_service: - daemon_reload: true - scope: user - name: "{{ item.name }}" - state: started - enabled: true - - - name: Enable some systemd user timers - when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" - loop: "{{ systemd_services.user }}" - systemd_service: - scope: user - name: "{{ item.name }}.timer" - state: started - enabled: true - - # OTHERS - - name: Setup mount point folders - file: - path: "{{ home }}/.mnt/{{ item }}" - state: directory - recurse: true - when: "'perso' in enabled_profiles" - loop: - - srv06/warmd/mbess - - srv06/coldd/mbess - - srv06/warmd/etb - - name: Setup triage folder - file: - path: "{{ home }}/triage" - state: directory - recurse: true - - name: Setup quick notes folder - file: - path: "{{ home }}/quick/notes" - state: directory - recurse: true - - name: Setup quick docs folder - file: - path: "{{ home }}/quick/docs" - state: directory - recurse: true - - name: Setup quick screenshot folder - file: - path: "{{ home }}/quick/screenshots" - state: directory - recurse: true - - name: Setup long-term local secrets - file: - path: "{{ home }}/.local/secrets" - state: directory - recurse: true - - name: Setup directory to contains local root CA - file: - path: "{{ home }}/.local/secrets/root_ca" - state: directory - recurse: true - - name: Setup temporary secrets folder - file: - path: "{{ home }}/.cache/secrets" - state: directory - recurse: true - - name: Setup vaults dir gpg home - file: - path: "{{ home }}/.vaults/gpg-homes" - state: directory - recurse: true - - name: Setup vaults dir store unixpass - file: - path: "{{ home }}/.vaults/pass" - state: directory - recurse: true - - name: Setup workspace folder - file: - path: "{{ home }}/workspace" - state: directory - recurse: true - - - name: Setup main popequer notebook - include_role: - name: popequer_notebook - - - name: Enable bluetooth service - become: true - ansible.builtin.systemd_service: - name: bluetooth - state: started - enabled: true - - - name: Setup wofi link - become: true - file: - src: "/usr/bin/wofi" - dest: "/usr/bin/rofi" - state: link - - - name: Setup OpenFortiVPN - when: '"pro" in enabled_profiles' - include_role: - name: openfortivpn - - name: Setup apps dir file: path: "{{ home }}/.apps" @@ -387,21 +145,25 @@ vars: default_browser: librewolf - - name: Patch desktop entries for wayland - include_role: - name: wayland_fixer + # INSTALL extra packages from YAML + - name: Install extra non-AUR packages + become: true + community.general.pacman: + name: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" - # Initialize Workspaces - - name: Clone books sources - ansible.builtin.git: - repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" - dest: /home/mbess/workspace/books_sources - when: "'perso' in enabled_profiles" - - name: Clone general programming snippets - ansible.builtin.git: - repo: "git@forge.lefuturiste.fr:mbess/snippets.git" - dest: /home/mbess/workspace/snippets - - name: Clone monakhos - ansible.builtin.git: - repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" - dest: /home/mbess/workspace/monakhos + - name: Install extra AUR packages + include_role: + name: aur + vars: + packages: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" + with_items: "{{ packages_categories }}" + + - name: Install extra global tools (Python packages) + include_role: + name: uv_tools + with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" + + - name: Setup DNS forwarding (with Unbound) + include_role: + name: dns diff --git a/main.yaml b/main.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/main.yaml @@ -0,0 +1 @@ +