- hosts: workstation gather_facts: True vars: home: /home/{{ user }} systemd_services: system: [] user: - name: "sshfs_srv06_warmd" enabled: true - name: "popequer_gitwatch@" - name: "hourly_remainder" enabled: true timer: true - name: "cliphist" enabled: true config_files: - dir: fish name: config.fish - dir: tmux name: tmux.conf - dir: alacritty name: alacritty.toml - dir: wofi name: style.css - dir: sway name: config - dir: helix name: config.toml - dir: i3status-rust name: config.toml - dir: git name: config - dir: nvim name: init.lua - dir: nvim name: lua # lua dir # for desktop notifications - dir: dunst name: dunstrc tasks: - name: Init arch block: - file: path: /home/mbess/.workstation_setup_state state: touch - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state - name: Update pacman repo become: true community.general.pacman: update_cache: true upgrade: true - name: Install some basic packages become: true community.general.pacman: name: - archlinux-keyring - git - openssh - name: Init pacman keyring become: true # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) block: - stat: path: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state_stat - when: pacman_key_state_stat.stat.exists slurp: src: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state - when: pacman_key_state.content is defined name: "pacman key state debug 1" debug: msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}" - when: not pacman_key_state_stat.stat.exists block: - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - name: Copy pre-generated ssh keys when: "not target_is_real" block: - copy: src: ./vm_files/remote_key dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519" mode: u=rw,g=,o= - copy: src: ./vm_files/remote_key.pub dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub" mode: u=rw,g=,o= - name: Config git template: src: ssh_config dest: "{{ home }}/.ssh/config" owner: "{{ user }}" mode: u=rw,g=,o= - name: Load known hosts template: src: known_hosts dest: "{{ home }}/.ssh/known_hosts" owner: "{{ user }}" mode: u=rw,g=,o= # INSTALL from YAML - name: Install packages from YAML files (excluding AUR) become: true community.general.pacman: name: "{{ (lookup('file', 'arch_packages.json') | from_json)['native'] }}" # the python script will return a list of packages # DOTS - name: Clone dots file git: repo: "git@forge.lefuturiste.fr:mbess/dots.git" dest: "{{ home }}/.dots" - name: Install requirements in dots pip: virtualenv: "{{ home }}/.dots/venv" requirements: "{{ home }}/.dots/requirements.txt" - name: Setup DNS and unbound include_role: name: dns - name: Setup config directories file: path: "{{ home }}/.config/{{ item.dir }}" state: directory recurse: true loop: "{{ config_files }}" - name: Setup symbolic links to config files file: src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" state: link loop: "{{ config_files }}" - name: Set default shell become: true user: name: "{{ user }}" shell: /usr/bin/fish - name: Create machine.fish template: src: fish/machine.fish dest: "{{ home }}/.config/fish/machine.fish" - name: Create the aur_builder user become: yes ansible.builtin.user: name: aur_builder create_home: yes group: wheel - name: Allow the `aur_builder` user to run `sudo pacman` without a password become: yes ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' create: yes mode: 0644 validate: 'visudo -cf %s' - name: Setup xremap include_role: name: xremap # AUR packages - name: Install yay import_role: name: aur vars: packages: - yay-bin - name: Install AUR packages from YAML file become: true import_role: name: aur vars: packages: "{{ (lookup('file', 'arch_packages.json') | from_json)['aur'] }}" # SYSTEMD - name: Setup systemd user services folder file: path: "{{ home }}/.config/systemd/user" state: directory recurse: true - name: Setup user units template: src: "systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" loop: "{{ systemd_services.user }}" - name: Setup user timers when: "item.timer is defined and item.timer" loop: "{{ systemd_services.user }}" template: src: "systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" - name: Enable some systemd user services when: "item.enabled is defined and item.enabled" loop: "{{ systemd_services.user }}" systemd_service: daemon_reload: true scope: user name: "{{ item.name }}" state: started enabled: true - name: Enable some systemd user timers when: "item.timer is defined and item.timer" loop: "{{ systemd_services.user }}" systemd_service: scope: user name: "{{ item.name }}.timer" state: started enabled: true # OTHERS - name: Setup quick notes folder file: path: "{{ home }}/.hidden/quick_notes/" state: directory recurse: true - name: Setup temporary secrets folder (cookies jar) file: path: "{{ home }}/.cache/secrets/" state: directory recurse: true - name: Setup main popequer notebook include_role: name: popequer_notebook - name: Install others packages community.general.pipx: name: "{{ item }}" loop: - azlyrics2 - lesspass - jc - xkcd-pass - yewtube - name: Enable bluetooth service become: true ansible.builtin.systemd_service: name: bluetooth state: started enabled: true # WORKSPACE - name: Clone books sources ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" dest: /home/mbess/workspace/books_sources - name: Clone monakhos ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" dest: /home/mbess/workspace/monakhos - name: Setup wofi link become: true file: src: "/usr/bin/wofi" dest: "/usr/bin/rofi" state: link