- hosts: workstation gather_facts: True vars: home: /home/{{ user }} systemd_services: system: [] user: - from: "mount_sshfs" name: "mount_sshfs_srv06_warmd_mbess" enabled: true params: ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess" mount_path: "{{ home }}/.mnt/srv06/warmd/mbess" profile: perso - from: "mount_sshfs" name: "mount_sshfs_srv06_warmd_etb" enabled: true params: ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem" mount_path: "{{ home }}/.mnt/srv06/warmd/etb" profile: perso - name: "popequer_gitwatch@" profile: all - name: "hourly_remainder" enabled: true timer: true profile: all - name: "cliphist" enabled: true profile: all - name: "kanshi" enabled: true profile: all - name: "gammastep" enabled: true profile: all - name: "swaybg" enabled: true profile: all config_files: - dir: fish name: config.fish - dir: tmux name: tmux.conf - dir: alacritty name: alacritty.toml - dir: wofi name: style.css - dir: kanshi name: config - dir: sway name: config - dir: helix name: config.toml - dir: i3status-rust name: config.toml - dir: git name: config - dir: nvim name: init.lua - dir: nvim name: lua # lua dir # for desktop notifications - dir: dunst name: dunstrc tasks: - name: Init arch block: - file: path: /home/mbess/.monakhos state: touch - copy: content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n" dest: "{{ home }}/.monakhos" - name: Change hostname hostname: name: "{{ device_name }}" - name: Update pacman repo become: true community.general.pacman: update_cache: true upgrade: true - name: Install some basic packages become: true community.general.pacman: name: - archlinux-keyring - git - openssh - name: "Configure to auto load some kernel modules at boot" become: true copy: content: "# managed by monakhos\ni2c-dev\n" dest: "/etc/modules-load.d/auto.conf" - name: Setup SSH client include_role: name: ssh - name: Init pacman keyring become: true # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) block: - stat: path: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state_stat - when: pacman_key_state_stat.stat.exists slurp: src: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state - when: pacman_key_state.content is defined name: "pacman key state debug 1" debug: msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}" - when: not pacman_key_state_stat.stat.exists block: - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" # AUR SETUP - name: Create the aur_builder user become: yes ansible.builtin.user: name: aur_builder create_home: yes group: wheel - name: Allow the `aur_builder` user to run `sudo pacman` without a password become: yes ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' create: yes mode: 0644 validate: 'visudo -cf %s' - name: Install yay include_role: name: aur vars: packages: - yay-bin - name: Stub file: path: "{{ home }}/.stub" state: touch # INSTALL normal packages from YAML - name: Install non-AUR packages become: true community.general.pacman: name: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}" with_items: "{{ packages_categories }}" - name: Install AUR packages include_role: name: aur vars: packages: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}" with_items: "{{ packages_categories }}" - name: Install sway include_role: name: sway # DOTS - name: Clone dots file git: key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519" repo: "git@forge.lefuturiste.fr:mbess/dots.git" dest: "{{ home }}/.dots" - name: Install requirements in dots pip: virtualenv: "{{ home }}/.dots/venv" requirements: "{{ home }}/.dots/requirements.txt" - name: Setup DNS and unbound include_role: name: dns - name: Symbolic link to user .profile file: src: "{{ home }}/.profile" dest: "{{ home }}/.dots/config/.profile" state: link force: true - name: Setup config directories file: path: "{{ home }}/.config/{{ item.dir }}" state: directory recurse: true loop: "{{ config_files }}" - name: Setup symbolic links to config files file: src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" state: link force: true loop: "{{ config_files }}" - name: Set default shell become: true user: name: "{{ user }}" shell: /usr/bin/fish - name: Add user to useful group (docker) become: true user: name: "{{ user }}" groups: ["docker"] - name: Create machine.fish template: src: fish/machine.fish dest: "{{ home }}/.config/fish/machine.fish" - name: Setup xremap include_role: name: xremap # SYSTEMD user services - name: Setup systemd user services folder file: path: "{{ home }}/.config/systemd/user" state: directory recurse: true - name: Setup user units loop: "{{ systemd_services.user }}" when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" vars: service_params: "{{ item.params }}" - name: Setup user unit with from loop: "{{ systemd_services.user }}" when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.from }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" vars: service_params: "{{ item.params }}" - name: Setup user timers loop: "{{ systemd_services.user }}" when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" - name: Enable some systemd user services when: "item.enabled is defined and item.enabled" loop: "{{ systemd_services.user }}" systemd_service: daemon_reload: true scope: user name: "{{ item.name }}" state: started enabled: true - name: Enable some systemd user timers when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" loop: "{{ systemd_services.user }}" systemd_service: scope: user name: "{{ item.name }}.timer" state: started enabled: true # OTHERS - name: Setup mount point folders file: path: "{{ home }}/.mnt/{{ item }}" state: directory recurse: true when: "'perso' in enabled_profiles" loop: - srv06/warmd/mbess - srv06/coldd/mbess - srv06/warmd/etb - name: Setup triage folder file: path: "{{ home }}/triage" state: directory recurse: true - name: Setup quick notes folder file: path: "{{ home }}/quick/notes" state: directory recurse: true - name: Setup quick docs folder file: path: "{{ home }}/quick/docs" state: directory recurse: true - name: Setup quick screenshot folder file: path: "{{ home }}/quick/screenshots" state: directory recurse: true - name: Setup long-term local secrets file: path: "{{ home }}/.local/secrets" state: directory recurse: true - name: Setup directory to contains local root CA file: path: "{{ home }}/.local/secrets/root_ca" state: directory recurse: true - name: Setup temporary secrets folder file: path: "{{ home }}/.cache/secrets" state: directory recurse: true - name: Setup vaults dir gpg home file: path: "{{ home }}/.vaults/gpg-homes" state: directory recurse: true - name: Setup vaults dir store unixpass file: path: "{{ home }}/.vaults/pass" state: directory recurse: true - name: Setup workspace folder file: path: "{{ home }}/workspace" state: directory recurse: true - name: Setup main popequer notebook include_role: name: popequer_notebook - name: Install pip packages community.general.pipx: name: "{{ item }}" with_items: "{{ lookup('pipe', 'cat pip_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" - name: Enable bluetooth service become: true ansible.builtin.systemd_service: name: bluetooth state: started enabled: true - name: Setup wofi link become: true file: src: "/usr/bin/wofi" dest: "/usr/bin/rofi" state: link - name: Setup OpenFortiVPN when: '"pro" in enabled_profiles' include_role: name: openfortivpn - name: Setup apps dir file: path: "{{ home }}/.apps" state: directory recurse: true - name: Setup default browser link file: src: /usr/bin/librewolf dest: "{{ home }}/.apps/browser" state: link force: true - name: Set default browser include_role: name: xdg_browser vars: default_browser: librewolf - name: Patch desktop entries for wayland include_role: name: wayland_fixer # Initialize Workspaces - name: Clone books sources ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" dest: /home/mbess/workspace/books_sources when: "'perso' in enabled_profiles" - name: Clone general programming snippets ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/snippets.git" dest: /home/mbess/workspace/snippets - name: Clone monakhos ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" dest: /home/mbess/workspace/monakhos