- hosts: workstation gather_facts: True vars: home: /home/{{ user }} systemd_services: system: [] user: - from: "mount_sshfs" name: "mount_sshfs_srv06_warmd_mbess" enabled: true params: ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess" mount_path: "{{ home }}/.mnt/srv06/warmd/mbess" profile: perso - from: "mount_sshfs" name: "mount_sshfs_srv06_warmd_etb" enabled: true params: ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem" mount_path: "{{ home }}/.mnt/srv06/warmd/etb" profile: perso - name: "popequer_gitwatch@" profile: all - name: "hourly_remainder" enabled: true timer: true profile: all - name: "cliphist" enabled: true profile: all - name: "gammastep" enabled: true profile: all - name: "swaybg" enabled: true profile: all config_files: - dir: fish name: config.fish - dir: tmux name: tmux.conf - dir: alacritty name: alacritty.toml - dir: wofi name: style.css - dir: kanshi name: config - dir: sway name: config - dir: helix name: config.toml - dir: i3status-rust name: config.toml - dir: git name: config - dir: nvim name: init.lua - dir: nvim name: lua # lua dir # for desktop notifications - dir: dunst name: dunstrc tasks: - name: Init arch block: - file: path: /home/mbess/.workstation_setup_state state: touch - copy: content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"name\":\"{{ device_name }}\", \"profile\":\"{{ profile }}\"}\n" dest: "{{ home }}/.workstation_setup_state" - become: yes become_user: "{{ user }}" file: path: "{{ home }}/.monakhos_mbess" state: touch - name: Change hostname hostname: name: "{{ device_name }}" - name: Setup ssh dir file: path: "{{ home }}/.ssh" state: directory recurse: true owner: "{{ user }}" - name: Update pacman repo become: true community.general.pacman: update_cache: true upgrade: true - name: Install some basic packages become: true community.general.pacman: name: - archlinux-keyring - git - openssh - name: Init pacman keyring become: true # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) block: - stat: path: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state_stat - when: pacman_key_state_stat.stat.exists slurp: src: "{{ home }}/.cache/monakhos/pacman_key_state" register: pacman_key_state - when: pacman_key_state.content is defined name: "pacman key state debug 1" debug: msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}" - when: not pacman_key_state_stat.stat.exists block: - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - name: Copy pre-generated ssh keys when: "not target_is_real" block: - copy: src: ./vm_files/remote_key dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519" mode: u=rw,g=,o= - copy: src: ./vm_files/remote_key.pub dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub" mode: u=rw,g=,o= - name: Config git template: src: ssh_config dest: "{{ home }}/.ssh/config" owner: "{{ user }}" mode: u=rw,g=,o= - name: Load known hosts template: src: known_hosts dest: "{{ home }}/.ssh/known_hosts" owner: "{{ user }}" mode: u=rw,g=,o= # INSTALL from YAML - name: Install packages from YAML files (excluding AUR) become: true community.general.pacman: name: "{{ (lookup('file', 'arch_packages.json') | from_json)['native'] }}" # the python script will return a list of packages - name: Install sway include_role: name: sway # DOTS - name: Clone dots file git: key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519" repo: "git@forge.lefuturiste.fr:mbess/dots.git" dest: "{{ home }}/.dots" - name: Install requirements in dots pip: virtualenv: "{{ home }}/.dots/venv" requirements: "{{ home }}/.dots/requirements.txt" - name: Setup DNS and unbound include_role: name: dns - name: Setup config directories file: path: "{{ home }}/.config/{{ item.dir }}" state: directory recurse: true loop: "{{ config_files }}" - name: Setup symbolic links to config files file: src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" state: link force: true loop: "{{ config_files }}" - name: Set default shell become: true user: name: "{{ user }}" shell: /usr/bin/fish - name: Add user to useful group (docker) become: true user: name: "{{ user }}" groups: ["docker"] - name: Create machine.fish template: src: fish/machine.fish dest: "{{ home }}/.config/fish/machine.fish" - name: Create the aur_builder user become: yes ansible.builtin.user: name: aur_builder create_home: yes group: wheel - name: Allow the `aur_builder` user to run `sudo pacman` without a password become: yes ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' create: yes mode: 0644 validate: 'visudo -cf %s' - name: Setup xremap include_role: name: xremap # AUR packages - name: Install yay import_role: name: aur vars: packages: - yay-bin - name: Install AUR packages from YAML file become: true import_role: name: aur vars: packages: "{{ (lookup('file', 'arch_packages.json') | from_json)['aur'] }}" # SYSTEMD user services - name: Setup systemd user services folder file: path: "{{ home }}/.config/systemd/user" state: directory recurse: true - name: Setup user units loop: "{{ systemd_services.user }}" when: "item.from is not defined and (item.profile == 'all' or item.profile == profile)" template: src: "systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" vars: service_params: "{{ item.params }}" - name: Setup user unit with from loop: "{{ systemd_services.user }}" when: "item.from is defined and (item.profile == 'all' or item.profile == profile)" template: src: "systemd/user/{{ item.from }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" vars: service_params: "{{ item.params }}" - name: Setup user timers loop: "{{ systemd_services.user }}" when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" template: src: "systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" - name: Enable some systemd user services when: "item.enabled is defined and item.enabled" loop: "{{ systemd_services.user }}" systemd_service: daemon_reload: true scope: user name: "{{ item.name }}" state: started enabled: true - name: Enable some systemd user timers when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" loop: "{{ systemd_services.user }}" systemd_service: scope: user name: "{{ item.name }}.timer" state: started enabled: true # OTHERS - name: Setup mount point folders file: path: "{{ home }}/.mnt/{{ item }}" state: directory recurse: true when: "profile == 'perso'" loop: - srv06/warmd/mbess - srv06/coldd/mbess - srv06/warmd/etb - name: Setup triage folder file: path: "{{ home }}/triage" state: directory recurse: true - name: Setup quick notes folder file: path: "{{ home }}/quick/notes" state: directory recurse: true - name: Setup quick docs folder file: path: "{{ home }}/quick/docs" state: directory recurse: true - name: Setup quick screenshot folder file: path: "{{ home }}/quick/screenshots" state: directory recurse: true - name: Setup temporary secrets folder (cookies jar) file: path: "{{ home }}/.cache/secrets/" state: directory recurse: true - name: Setup vaults dir gpg home file: path: "{{ home }}/.vaults/gpg-homes" state: directory recurse: true - name: Setup vaults dir store unixpass file: path: "{{ home }}/.vaults/pass" state: directory recurse: true - name: Setup main popequer notebook include_role: name: popequer_notebook - name: Install pip packages community.general.pipx: name: "{{ item }}" loop: "{{ (lookup('file', 'pip_packages.json') | from_json)['native'] }}" - name: Enable bluetooth service become: true ansible.builtin.systemd_service: name: bluetooth state: started enabled: true # WORKSPACE - name: Clone books sources ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" dest: /home/mbess/workspace/books_sources when: "profile == 'perso'" - name: Clone snippets space ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/snippets.git" dest: /home/mbess/workspace/snippets - name: Setup wofi link become: true file: src: "/usr/bin/wofi" dest: "/usr/bin/rofi" state: link - name: Setup OpenFortiVPN when: 'profile == "pro"' include_role: name: openfortivpn - name: Setup apps dir file: path: "{{ home }}/.apps" state: directory recurse: true - name: Setup default browser link file: src: /usr/bin/librewolf dest: "{{ home }}/.apps/browser" state: link force: true - name: Set default browser include_role: name: xdg_browser vars: default_browser: librewolf # Final workspaces - name: Clone monakhos ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" dest: /home/mbess/workspace/monakhos