mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity
monakhos/ansible/workstation.yaml

399 lines
11 KiB
YAML
Raw Permalink Blame History

- hosts: workstation
gather_facts: True
vars:
home: /home/{{ user }}
systemd_services:
system: []
user:
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_mbess"
enabled: true
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess"
mount_path: "{{ home }}/.mnt/srv06/warmd/mbess"
profile: perso
- from: "mount_sshfs"
name: "mount_sshfs_srv06_warmd_etb"
enabled: true
params:
ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem"
mount_path: "{{ home }}/.mnt/srv06/warmd/etb"
profile: perso
- name: "popequer_gitwatch@"
profile: all
- name: "hourly_remainder"
enabled: true
timer: true
profile: all
- name: "cliphist"
enabled: true
profile: all
- name: "kanshi"
enabled: true
profile: all
- name: "gammastep"
enabled: true
profile: all
- name: "swaybg"
enabled: true
profile: all
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks:
- name: Init arch
block:
- file:
path: /home/mbess/.monakhos
state: touch
- copy:
content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n"
dest: "{{ home }}/.monakhos"
- name: Change hostname
hostname:
name: "{{ device_name }}"
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true
community.general.pacman:
name:
- archlinux-keyring
- git
- openssh
- name: "Configure to auto load some kernel modules at boot"
become: true
copy:
content: "# managed by monakhos\ni2c-dev\n"
dest: "/etc/modules-load.d/auto.conf"
- name: Setup SSH client
include_role:
name: ssh
- name: Init pacman keyring
become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
# AUR SETUP
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay
include_role:
name: aur
vars:
packages:
- yay-bin
- name: Stub
file:
path: "{{ home }}/.stub"
state: touch
# INSTALL normal packages from YAML
- name: Install non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install sway
include_role:
name: sway
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Install requirements in dots
pip:
virtualenv: "{{ home }}/.dots/venv"
requirements: "{{ home }}/.dots/requirements.txt"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
- name: Setup config directories
file:
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
force: true
loop: "{{ config_files }}"
- name: Set default shell
become: true
user:
name: "{{ user }}"
shell: /usr/bin/fish
- name: Add user to useful group (docker)
become: true
user:
name: "{{ user }}"
groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup xremap
include_role:
name: xremap
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
loop: "{{ systemd_services.user }}"
when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)"
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup mount point folders
file:
path: "{{ home }}/.mnt/{{ item }}"
state: directory
recurse: true
when: "'perso' in enabled_profiles"
loop:
- srv06/warmd/mbess
- srv06/coldd/mbess
- srv06/warmd/etb
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
- name: Setup long-term local secrets
file:
path: "{{ home }}/.hidden/local_secrets"
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
path: "{{ home }}/.cache/secrets/"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
- name: Install pip packages
community.general.pipx:
name: "{{ item }}"
with_items: "{{ lookup('pipe', 'cat pip_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
# WORKSPACE
- name: Clone books sources
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources
when: "'perso' in enabled_profiles"
- name: Clone snippets space
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
- name: Setup OpenFortiVPN
when: '"pro" in enabled_profiles'
include_role:
name: openfortivpn
- name: Setup apps dir
file:
path: "{{ home }}/.apps"
state: directory
recurse: true
- name: Setup default browser link
file:
src: /usr/bin/librewolf
dest: "{{ home }}/.apps/browser"
state: link
force: true
- name: Set default browser
include_role:
name: xdg_browser
vars:
default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
# Final workspaces
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos
Reference in a new issue View git blame Copy permalink