dotfiles/user.yml

- name: configure sudoers
  lineinfile:
    path: /etc/sudoers
    line: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"
    regexp: "^{{ user.name }}\\s+"
  become: true
  become_user: root

- name: set shell
  user:
    name: "{{ user.name }}"
    shell: /usr/bin/zsh
  become: true
  become_user: root

- set_fact:
    user_groups:
      - adm
      - cdrom
      - sudo
      - dip
      - plugdev
      - lpadmin
      - sambashare
      - docker
      - libvirt
  when: distro == 'ubuntu'
  tags: [always]

- set_fact:
    user_groups:
      - libvirt
      - wheel
      - vboxusers
      - wireshark
      - docker
      - sudonopw
      - games
      - kvm
  when: distro == 'archlinux'
  tags: [always]

- set_fact:
    user_group_name: "{{ user.group|default(user.name) }}"
  tags: [always]

- name: create user group
  group:
    name: "{{ user_group_name }}"
    state: present
  become: true
  become_user: root

- name: set groups
  user:
    name: "{{ user.name }}"
    groups: "{{ [user_group_name, 'dotfiles'] + user_groups }}"
  become: true
  become_user: root

- name: create systemd directory
  file:
    state: directory
    path: "{{ item }}"
    owner: "{{ user.name }}"
    group: "{{ user_group_name }}"
  loop:
    - "/home/{{ user.name }}/.config/"
    - "/home/{{ user.name }}/.config/systemd/"
    - "/home/{{ user.name }}/.config/systemd/user/"

# No way to use the `systemd` module here, as it needs a logind
# session. So we have to handle the symlinks for masking ourselves.
- name: disable and mask systemd user units
  file:
    state: link
    dest: "/home/{{ user.name }}/.config/systemd/user/{{ item }}"
    src: "/dev/null"
  with_items:
    - gpg-agent.socket
    - gpg-agent-browser.socket
    - gpg-agent-ssh.socket
    - gpg-agent-extra.socket

- name: create directory for getty autologin
  file:
    state: directory
    path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d
    owner: root
    group: root
    mode: '0755'
  become: true
  become_user: root

- name: enable getty autologin
  copy:
    dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf
    owner: root
    group: root
    mode: '0644'
    content: |
      [Service]
      ExecStart=
      ExecStart=-/sbin/agetty --autologin {{ user.name }} --noclear %I $TERM
  become: true
  become_user: root

- block:
  - name: load dotfile list
    include_vars:
      file: dotfiles.yml

  - name: get state of empty directories
    stat:
      path: ~/{{ item.name }}
    register: empty_dir_stat
    with_items: "{{ empty_directories }}"
    check_mode: false

  - name: remove sysmlinks
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when: item.stat.exists and item.stat.islnk
    with_items: "{{ empty_dir_stat.results }}"

  - name: create empty directories for dotfiles
    file:
      state: directory
      path: ~/{{ item.name }}
      mode: "{{ item.mode | default('0755') }}"
    with_items: "{{ empty_directories }}"

  - name: link this folder to ~/.dotfiles
    file:
      state: link
      force: true
      follow: false
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      path: "/home/{{ user.name }}/.dotfiles"
      src: "{{ playbook_dir }}"
    become: true
    become_user: root

  - name: get state of copy targets
    stat:
      path: ~/{{ item.to }}
    register: copy_stat
    when: not item.template|default(false)
    with_items: "{{ dotfiles }}"
    check_mode: false

  - name: remove invalid copy target (directories)
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when:
      - not item.skipped is defined or not item.skipped
      - item.stat.exists
      - item.stat.isdir
    with_items: "{{ copy_stat.results }}"

  - name: make sure target directories exist
    file:
      state: directory
      path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_items: "{{ dotfiles }}"
    become: true
    become_user: root

  - name: link dotfiles
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/{{ item.to }}"
      src: /var/lib/dotfiles/{{ item.from }}
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    when: not item.template|default(false)
    with_items: "{{ dotfiles }}"
    become: true
    become_user: root

  - name: get state of template targets
    stat:
      path: ~/{{ item.to }}
    register: template_stat
    when: item.template|default(false)
    with_items: "{{ dotfiles }}"
    check_mode: false

  - name: remove invalid template target (directory or symlink)
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when:
      - not item.skipped is defined or not item.skipped
      - item.stat.exists
      - not item.stat.isreg
    with_items: "{{ template_stat.results }}"

  - name: deploy dotfiles templates
    template:
      src: /home/{{ user.name }}/.dotfiles/{{ item.from }}.j2
      dest: "/home/{{ user.name }}/{{ item.to }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      force: true
    become: true
    become_user: root
    when: item.template|default(false)
    with_items: "{{ dotfiles }}"

  - name: create directories
    file:
      state: directory
      path: "{{ item }}"
    with_items:
      - ~/.var/lib
      - ~/.var/log
      - ~/.var/run
      - ~/.usr/lib

  - name: stat ~/bin
    stat:
      path: "/home/{{ user.name }}/bin"
    register: bin_stat
    check_mode: false

  - name: remove ~/bin if not a link
    file:
      state: absent
      path: "/home/{{ user.name }}/bin"
    when:
      - bin_stat.stat.exists
      - not bin_stat.stat.islnk

  - name: create ~/.opt and ~/.optbin
    file:
      path: "{{ item }}"
      state: directory
    with_items:
      - ~/.opt/
      - ~/.optbin/

  - name: symlink opt programs
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/.optbin/{{ item.name }}"
      src: "/home/{{ user.name }}/.opt/{{ item.optpath }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_items:
      - name: hugo
        optpath: hugo
      - name: drone
        optpath: drone

  - name: link bin directory
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/bin"
      src: /var/lib/dotfiles/bin
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
  tags:
    - dotfiles

- name: create intermediate directories for vim-plug
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - ~/.local/
    - ~/.local/share/
    - ~/.local/share/nvim/
    - ~/.local/share/nvim/site/
    - ~/.local/share/nvim/site/autoload/
    - ~/.vim/
    - ~/.vim/autoload

- block:
  - name: install vim-plug
    copy:
      src: contrib/vim-plug/plug.vim
      dest: ~/.vim/autoload/plug.vim
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      mode: "0644"

  - name: symlink vim-plug for neovim
    file:
      state: link
      path: ~/.local/share/nvim/site/autoload/plug.vim
      src: ~/.vim/autoload/plug.vim
      force: true

  - name: install vim plugins
    command: /usr/bin/nvim -f -E -s -c "source ~/.vimrc" +PlugInstall +qall
    register: vim_plugins_stdout
    check_mode: false
    changed_when: vim_plugins_stdout.stdout_lines|length != 0

  - name: compile youcompleteme
    # --force-sudo is required, as the script refuses to run
    # in a sudo environment (i.e. if the SUDO_USER env variable
    # is set). But of course, ansible uses that to assume the
    # other user. It's fine.
    shell: |
      cd ~/.local/share/nvim/plugged/YouCompleteMe/
      python3 ./install.py --force-sudo
    args:
      creates: "{{ lookup('fileglob', '~/.local/share/nvim/plugged/YouCompleteMe/third_party/ycmd/ycm_core.*so') }}"

- block:
  - name: firefox - create chrome directory
    file:
      path: ~/.mozilla/firefox/{{ item.name }}/chrome/
      state: directory
      mode: '0755'
    with_items: "{{ user.firefox_profiles }}"
    when: user.firefox_profiles is defined
    tags:
      - firefox

  - name: firefox - configure firefox custom css
    copy:
      dest: ~/.mozilla/firefox/{{ item.name }}/chrome/userChrome.css
      content: |
        #TabsToolbar {
          visibility: collapse !important;
        }
        #titlebar {
          visibility: collapse !important;
        }
        #sidebar-header {
          visibility: collapse !important;
        }
        #sidebar {
          width: 400px !important;
        }
    when: item.manage_css
    with_items: "{{ user.firefox_profiles | default([]) }}"
    tags:
      - firefox

- block:
  - name: set portfolio performance version
    set_fact:
      portfolio_performace_version: "0.50.0"

  - name: look of current installation
    stat:
      path: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}
    register: stat_portfolio_performance_installation

  - block:
    - name: create temporary directory
      tempfile:
        state: directory
      register: tempdir

    - name: download portfolio performance
      get_url:
        url: https://github.com/buchen/portfolio/releases/download/{{ portfolio_performace_version }}/PortfolioPerformance-{{ portfolio_performace_version }}-linux.gtk.x86_64.tar.gz
        dest: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"

    - name: create destination directory
      file:
        state: directory
        path: "{{ tempdir.path }}/PortfolioPerformance"
      when: not stat_portfolio_performance_installation.stat.exists

    - name: unpack portfolio performance
      unarchive:
        src: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"
        owner: "{{ user.name }}"
        group: "{{ user_group_name }}"
        mode: '0755'
        dest: "{{ tempdir.path }}/PortfolioPerformance"
        remote_src: true

    - name: clean up temp directory
      file:
        path: "{{ tempdir.path }"
        state: absent

    - name: install portfolio performance
      synchronize:
        src: "{{ tempdir.path }}/PortfolioPerformance"
        dest: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}
        recursive: true
        checksum: true
        delete: true

    when:
      - not stat_portfolio_performance_installation.stat.exists
      - not ansible_check_mode

  - name: link portfolio performance
    file:
      src: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}/PortfolioPerformance/portfolio/PortfolioPerformance
      dest: /home/{{ user.name }}/.optbin/portfolio-performance
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      state: link
      force: true

  tags:
    - portfolio-performance

- block:
  - name: set kubectl version
    set_fact:
      kubectl_version: v1.22.2

  - name: get current stable version
    uri:
      url: https://storage.googleapis.com/kubernetes-release/release/stable.txt
      return_content: true
    register: kubectl_stable_version_api
    check_mode: false

  - set_fact:
      kubectl_stable_version: "{{ kubectl_stable_version_api.content|trim }}"

  - set_fact:
      kubectl_outdated: "{{ kubectl_version != kubectl_stable_version }}"

  - name: warn if not on stable version
    fail:
      msg: "installing kubectl {{ kubectl_version }}, stable version would be {{ kubectl_stable_version }}"
    when: kubectl_outdated is sameas true
    ignore_errors: True

  - name: get kubectl
    get_url:
      url: https://storage.googleapis.com/kubernetes-release/release/{{ kubectl_version }}/bin/linux/amd64/kubectl
      dest: /home/{{ user.name }}/.opt/kubectl-{{ kubectl_version }}
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      mode: '0755'

  - name: link kubectl
    file:
      src: /home/{{ user.name }}/.opt/kubectl-{{ kubectl_version }}
      dest: /home/{{ user.name }}/.optbin/kubectl
      state: link

  tags:
    - kubectl

- block:
  - name: set terraform version
    set_fact:
      terraform_version: 1.0.2

  - name: stat current terraform binary
    stat:
      path: "/home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}"
    register: terraform_binary

  - name: create temporary download directory for terraform
    tempfile:
      state: directory
    register: terraform_download_dir
    when: not terraform_binary.stat.exists

  - name: get terraform
    get_url:
      url: "https://releases.hashicorp.com/terraform/{{ terraform_version }}/terraform_{{ terraform_version }}_linux_amd64.zip"
      dest: "{{ terraform_download_dir.path }}/terraform.zip"
    when: not terraform_binary.stat.exists

  - name: unpack terraform zip
    unarchive:
      src: "{{ terraform_download_dir.path }}/terraform.zip"
      dest: "{{ terraform_download_dir.path }}/"
      remote_src: true
    when: not terraform_binary.stat.exists

  - name: install terraform
    command: mv "{{ terraform_download_dir.path }}/terraform" /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}
    when: not terraform_binary.stat.exists

  - name: clean up download directory
    file:
      path: "{{ terraform_download_dir.path }}"
      state: absent
    when: not terraform_binary.stat.exists

  - name: link terraform
    file:
      src: /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}
      dest: /home/{{ user.name }}/.optbin/terraform
      state: link

  - name: get terraform version info
    command: /home/{{ user.name }}/.optbin/terraform version -json
    register: terraform_version_output
    changed_when: false

  - name: parse terraform version output
    set_fact:
      terraform_outdated: "{{ (terraform_version_output.stdout | from_json()).terraform_outdated }}"
    changed_when: false

  - name: warn if terraform is outdated
    fail:
      msg: "current terraform v{{ terraform_version }} is out of date"
    when: terraform_outdated is sameas true
    ignore_errors: True

  tags:
    - terraform

- name: handle autostart units
  block:
  - name: create systemd user directory
    file:
      state: directory
      path: ~/{{ item }}
    loop:
      - .config/
      - .config/systemd/
      - .config/systemd/user/

  - name: link autostart service files
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/.config/systemd/user/{{ item | basename }}"
      src: "{{ item }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_fileglob: /var/lib/dotfiles/autostart/services/*

  - name: get state of autostart.target
    stat:
      path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
    register: autostart_target_stat

  - name: remove invalid autostart.target
    file:
      path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
      state: absent
    when:
      - autostart_target_stat.stat.exists
      - not autostart_target_stat.stat.isreg

  - name: deploy autostart.target
    template:
      src: ./autostart/autostart.target.j2
      dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      force: true
      follow: false

  tags:
    - autostart

- block:
  - name: import gpg key
    command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
    register: gpg_import_output
    changed_when: not ("unchanged" in gpg_import_output.stderr)

  - name: trust gpg key
    shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"
    args:
      executable: /bin/bash # required for <<<
    register: gpg_trust_output
    changed_when: gpg_trust_output.stderr_lines|length > 0

  when: user.gpg_key is defined
  tags: [gpg]

- block:
  - name: stat passwordstore checkout
    stat:
      path: /home/{{ user.name }}/.password-store
    register: passwordstore_checkout
  - name: check out passwordstore repository
    git:
      dest: /home/{{ user.name }}/.password-store
      repo: ssh://git@code.hkoerber.de:2222/hannes/passwordstore.git
      accept_hostkey: true
    when: not passwordstore_checkout.stat.exists
  when: user.enable_passwordstore|default(false) is sameas true
  tags: [passwordstore]
Multi-user setup 2019-11-14 09:16:55 +01:00			`- name: configure sudoers`
			`lineinfile:`
			`path: /etc/sudoers`
			`line: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"`
			`regexp: "^{{ user.name }}\\s+"`
			`become: true`
			`become_user: root`

			`- name: set shell`
			`user:`
			`name: "{{ user.name }}"`
			`shell: /usr/bin/zsh`
			`become: true`
			`become_user: root`

Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`- set_fact:`
			`user_groups:`
			`- adm`
			`- cdrom`
			`- sudo`
			`- dip`
			`- plugdev`
			`- lpadmin`
			`- sambashare`
			`- docker`
			`- libvirt`
			`when: distro == 'ubuntu'`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`tags: [always]`
Use global dotfiles directory 2019-11-14 10:40:16 +01:00
Add support for arch linux 2020-12-08 22:00:44 +01:00			`- set_fact:`
			`user_groups:`
			`- libvirt`
			`- wheel`
			`- vboxusers`
			`- wireshark`
			`- docker`
			`- sudonopw`
Add user to "games" group on arch 2020-12-12 13:27:11 +01:00			`- games`
Fix libvirt setup on arch 2021-02-09 21:33:04 +01:00			`- kvm`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`when: distro == 'archlinux'`
			`tags: [always]`

Fix user group handling 2020-02-23 14:59:27 +01:00			`- set_fact:`
			`user_group_name: "{{ user.group\|default(user.name) }}"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`tags: [always]`
Fix user group handling 2020-02-23 14:59:27 +01:00
Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`- name: create user group`
			`group:`
Fix user group handling 2020-02-23 14:59:27 +01:00			`name: "{{ user_group_name }}"`
Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`state: present`
Multi-user setup 2019-11-14 09:16:55 +01:00			`become: true`
			`become_user: root`

Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`- name: set groups`
Multi-user setup 2019-11-14 09:16:55 +01:00			`user:`
			`name: "{{ user.name }}"`
Fix user group handling 2020-02-23 14:59:27 +01:00			`groups: "{{ [user_group_name, 'dotfiles'] + user_groups }}"`
Multi-user setup 2019-11-14 09:16:55 +01:00			`become: true`
			`become_user: root`

ansible: Fix systemd user unit masking 2021-09-25 19:08:16 +02:00			`- name: create systemd directory`
			`file:`
			`state: directory`
			`path: "{{ item }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`loop:`
			`- "/home/{{ user.name }}/.config/"`
			`- "/home/{{ user.name }}/.config/systemd/"`
			`- "/home/{{ user.name }}/.config/systemd/user/"`

			# No way to use the `systemd` module here, as it needs a logind
			`# session. So we have to handle the symlinks for masking ourselves.`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00			`- name: disable and mask systemd user units`
ansible: Fix systemd user unit masking 2021-09-25 19:08:16 +02:00			`file:`
			`state: link`
			`dest: "/home/{{ user.name }}/.config/systemd/user/{{ item }}"`
			`src: "/dev/null"`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00			`with_items:`
			`- gpg-agent.socket`
			`- gpg-agent-browser.socket`
			`- gpg-agent-ssh.socket`
Update gpg-agent service blacklist 2021-10-02 11:07:33 +02:00			`- gpg-agent-extra.socket`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00
Multi-user setup 2019-11-14 09:16:55 +01:00			`- name: create directory for getty autologin`
			`file:`
			`state: directory`
			`path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d`
			`owner: root`
			`group: root`
			`mode: '0755'`
			`become: true`
			`become_user: root`

			`- name: enable getty autologin`
			`copy:`
			`dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`content: \|`
			`[Service]`
			`ExecStart=`
			`ExecStart=-/sbin/agetty --autologin {{ user.name }} --noclear %I $TERM`
			`become: true`
			`become_user: root`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- block:`
			`- name: load dotfile list`
			`include_vars:`
			`file: dotfiles.yml`

			`- name: get state of empty directories`
			`stat:`
			`path: ~/{{ item.name }}`
			`register: empty_dir_stat`
			`with_items: "{{ empty_directories }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove sysmlinks`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when: item.stat.exists and item.stat.islnk`
			`with_items: "{{ empty_dir_stat.results }}"`

			`- name: create empty directories for dotfiles`
			`file:`
			`state: directory`
			`path: ~/{{ item.name }}`
			`mode: "{{ item.mode \| default('0755') }}"`
			`with_items: "{{ empty_directories }}"`

			`- name: link this folder to ~/.dotfiles`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`path: "/home/{{ user.name }}/.dotfiles"`
			`src: "{{ playbook_dir }}"`
			`become: true`
			`become_user: root`

			`- name: get state of copy targets`
			`stat:`
			`path: ~/{{ item.to }}`
			`register: copy_stat`
			`when: not item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove invalid copy target (directories)`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when:`
			`- not item.skipped is defined or not item.skipped`
			`- item.stat.exists`
			`- item.stat.isdir`
			`with_items: "{{ copy_stat.results }}"`

dotfiles: Ensure target directory exists 2020-10-05 22:04:19 +02:00			`- name: make sure target directories exist`
			`file:`
			`state: directory`
			`path: "{{ (['/home', user.name, item.to]\|join('/')) \| dirname }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_items: "{{ dotfiles }}"`
			`become: true`
			`become_user: root`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- name: link dotfiles`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/{{ item.to }}"`
			`src: /var/lib/dotfiles/{{ item.from }}`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`when: not item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
			`become: true`
			`become_user: root`

			`- name: get state of template targets`
			`stat:`
			`path: ~/{{ item.to }}`
			`register: template_stat`
			`when: item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove invalid template target (directory or symlink)`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when:`
			`- not item.skipped is defined or not item.skipped`
			`- item.stat.exists`
			`- not item.stat.isreg`
			`with_items: "{{ template_stat.results }}"`

			`- name: deploy dotfiles templates`
			`template:`
			`src: /home/{{ user.name }}/.dotfiles/{{ item.from }}.j2`
			`dest: "/home/{{ user.name }}/{{ item.to }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`force: true`
			`become: true`
			`become_user: root`
			`when: item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`

			`- name: create directories`
			`file:`
			`state: directory`
			`path: "{{ item }}"`
			`with_items:`
			`- ~/.var/lib`
			`- ~/.var/log`
			`- ~/.var/run`
			`- ~/.usr/lib`

			`- name: stat ~/bin`
			`stat:`
			`path: "/home/{{ user.name }}/bin"`
			`register: bin_stat`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove ~/bin if not a link`
			`file:`
			`state: absent`
			`path: "/home/{{ user.name }}/bin"`
			`when:`
			`- bin_stat.stat.exists`
			`- not bin_stat.stat.islnk`

			`- name: create ~/.opt and ~/.optbin`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`with_items:`
			`- ~/.opt/`
			`- ~/.optbin/`

			`- name: symlink opt programs`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/.optbin/{{ item.name }}"`
			`src: "/home/{{ user.name }}/.opt/{{ item.optpath }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_items:`
			`- name: hugo`
			`optpath: hugo`
			`- name: drone`
			`optpath: drone`

			`- name: link bin directory`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/bin"`
			`src: /var/lib/dotfiles/bin`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
Multi-user setup 2019-11-14 09:16:55 +01:00			`tags:`
			`- dotfiles`

			`- name: create intermediate directories for vim-plug`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`with_items:`
			`- ~/.local/`
			`- ~/.local/share/`
			`- ~/.local/share/nvim/`
			`- ~/.local/share/nvim/site/`
			`- ~/.local/share/nvim/site/autoload/`
			`- ~/.vim/`
			`- ~/.vim/autoload`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- block:`
			`- name: install vim-plug`
Use vim-plug submodule 2020-04-01 10:35:22 +02:00			`copy:`
			`src: contrib/vim-plug/plug.vim`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`dest: ~/.vim/autoload/plug.vim`
Use vim-plug submodule 2020-04-01 10:35:22 +02:00			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: "0644"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: symlink vim-plug for neovim`
			`file:`
			`state: link`
			`path: ~/.local/share/nvim/site/autoload/plug.vim`
			`src: ~/.vim/autoload/plug.vim`
			`force: true`

			`- name: install vim plugins`
			`command: /usr/bin/nvim -f -E -s -c "source ~/.vimrc" +PlugInstall +qall`
			`register: vim_plugins_stdout`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`changed_when: vim_plugins_stdout.stdout_lines\|length != 0`

			`- name: compile youcompleteme`
vim: Fix YCM compilation 2021-09-25 19:09:30 +02:00			`# --force-sudo is required, as the script refuses to run`
			`# in a sudo environment (i.e. if the SUDO_USER env variable`
			`# is set). But of course, ansible uses that to assume the`
			`# other user. It's fine.`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`shell: \|`
			`cd ~/.local/share/nvim/plugged/YouCompleteMe/`
vim: Fix YCM compilation 2021-09-25 19:09:30 +02:00			`python3 ./install.py --force-sudo`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`args:`
YCM: Update compiled *.so path 2021-10-02 11:08:09 +02:00			`creates: "{{ lookup('fileglob', '~/.local/share/nvim/plugged/YouCompleteMe/third_party/ycmd/ycm_core.*so') }}"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- block:`
			`- name: firefox - create chrome directory`
			`file:`
			`path: ~/.mozilla/firefox/{{ item.name }}/chrome/`
			`state: directory`
			`mode: '0755'`
			`with_items: "{{ user.firefox_profiles }}"`
			`when: user.firefox_profiles is defined`
			`tags:`
			`- firefox`

			`- name: firefox - configure firefox custom css`
			`copy:`
			`dest: ~/.mozilla/firefox/{{ item.name }}/chrome/userChrome.css`
			`content: \|`
			`#TabsToolbar {`
			`visibility: collapse !important;`
			`}`
			`#titlebar {`
			`visibility: collapse !important;`
			`}`
			`#sidebar-header {`
			`visibility: collapse !important;`
			`}`
			`#sidebar {`
			`width: 400px !important;`
			`}`
			`when: item.manage_css`
			`with_items: "{{ user.firefox_profiles \| default([]) }}"`
			`tags:`
			`- firefox`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- block:`
			`- name: set portfolio performance version`
			`set_fact:`
portfolio-performance: Update to v0.50.0 2021-01-13 23:52:20 +01:00			`portfolio_performace_version: "0.50.0"`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- name: look of current installation`
			`stat:`
			`path: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}`
			`register: stat_portfolio_performance_installation`

			`- block:`
Create tempdir only if necessary 2020-12-14 16:00:56 +01:00			`- name: create temporary directory`
			`tempfile:`
			`state: directory`
			`register: tempdir`

Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00			`- name: download portfolio performance`
			`get_url:`
			`url: https://github.com/buchen/portfolio/releases/download/{{ portfolio_performace_version }}/PortfolioPerformance-{{ portfolio_performace_version }}-linux.gtk.x86_64.tar.gz`
			`dest: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"`

			`- name: create destination directory`
			`file:`
			`state: directory`
			`path: "{{ tempdir.path }}/PortfolioPerformance"`
			`when: not stat_portfolio_performance_installation.stat.exists`

			`- name: unpack portfolio performance`
			`unarchive:`
			`src: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: '0755'`
			`dest: "{{ tempdir.path }}/PortfolioPerformance"`
			`remote_src: true`

PP: Remove temporary directory after download 2021-10-02 11:08:37 +02:00			`- name: clean up temp directory`
			`file:`
			`path: "{{ tempdir.path }"`
			`state: absent`

Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00			`- name: install portfolio performance`
			`synchronize:`
			`src: "{{ tempdir.path }}/PortfolioPerformance"`
			`dest: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}`
			`recursive: true`
			`checksum: true`
			`delete: true`

Fix failure during check run 2021-01-27 14:21:58 +01:00			`when:`
			`- not stat_portfolio_performance_installation.stat.exists`
			`- not ansible_check_mode`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- name: link portfolio performance`
			`file:`
			`src: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}/PortfolioPerformance/portfolio/PortfolioPerformance`
			`dest: /home/{{ user.name }}/.optbin/portfolio-performance`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`state: link`
			`force: true`

			`tags:`
			`- portfolio-performance`
Add install of kubectl 2020-10-05 22:05:02 +02:00
			`- block:`
			`- name: set kubectl version`
			`set_fact:`
Update kubectl 2021-10-02 11:08:43 +02:00			`kubectl_version: v1.22.2`
Add install of kubectl 2020-10-05 22:05:02 +02:00
			`- name: get current stable version`
			`uri:`
			`url: https://storage.googleapis.com/kubernetes-release/release/stable.txt`
			`return_content: true`
			`register: kubectl_stable_version_api`
kubectl: Fix check mode 2020-12-08 22:28:30 +01:00			`check_mode: false`
Add install of kubectl 2020-10-05 22:05:02 +02:00
			`- set_fact:`
			`kubectl_stable_version: "{{ kubectl_stable_version_api.content\|trim }}"`

			`- set_fact:`
			`kubectl_outdated: "{{ kubectl_version != kubectl_stable_version }}"`

			`- name: warn if not on stable version`
Update warning on outdated kubectl 2021-10-02 11:08:58 +02:00			`fail:`
Add install of kubectl 2020-10-05 22:05:02 +02:00			`msg: "installing kubectl {{ kubectl_version }}, stable version would be {{ kubectl_stable_version }}"`
			`when: kubectl_outdated is sameas true`
Update warning on outdated kubectl 2021-10-02 11:08:58 +02:00			`ignore_errors: True`
Add install of kubectl 2020-10-05 22:05:02 +02:00
			`- name: get kubectl`
			`get_url:`
			`url: https://storage.googleapis.com/kubernetes-release/release/{{ kubectl_version }}/bin/linux/amd64/kubectl`
			`dest: /home/{{ user.name }}/.opt/kubectl-{{ kubectl_version }}`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: '0755'`

			`- name: link kubectl`
			`file:`
			`src: /home/{{ user.name }}/.opt/kubectl-{{ kubectl_version }}`
			`dest: /home/{{ user.name }}/.optbin/kubectl`
			`state: link`

			`tags:`
			`- kubectl`
Use persistent systemd units for autostart 2020-12-20 20:36:27 +01:00
Manage terraform binary 2021-10-02 11:09:14 +02:00			`- block:`
			`- name: set terraform version`
			`set_fact:`
			`terraform_version: 1.0.2`

			`- name: stat current terraform binary`
			`stat:`
			`path: "/home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}"`
			`register: terraform_binary`

			`- name: create temporary download directory for terraform`
			`tempfile:`
			`state: directory`
			`register: terraform_download_dir`
			`when: not terraform_binary.stat.exists`

			`- name: get terraform`
			`get_url:`
			`url: "https://releases.hashicorp.com/terraform/{{ terraform_version }}/terraform_{{ terraform_version }}_linux_amd64.zip"`
			`dest: "{{ terraform_download_dir.path }}/terraform.zip"`
			`when: not terraform_binary.stat.exists`

			`- name: unpack terraform zip`
			`unarchive:`
			`src: "{{ terraform_download_dir.path }}/terraform.zip"`
			`dest: "{{ terraform_download_dir.path }}/"`
			`remote_src: true`
			`when: not terraform_binary.stat.exists`

			`- name: install terraform`
			`command: mv "{{ terraform_download_dir.path }}/terraform" /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}`
			`when: not terraform_binary.stat.exists`

			`- name: clean up download directory`
			`file:`
			`path: "{{ terraform_download_dir.path }}"`
			`state: absent`
			`when: not terraform_binary.stat.exists`

			`- name: link terraform`
			`file:`
			`src: /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}`
			`dest: /home/{{ user.name }}/.optbin/terraform`
			`state: link`

			`- name: get terraform version info`
			`command: /home/{{ user.name }}/.optbin/terraform version -json`
			`register: terraform_version_output`
			`changed_when: false`

			`- name: parse terraform version output`
			`set_fact:`
			`terraform_outdated: "{{ (terraform_version_output.stdout \| from_json()).terraform_outdated }}"`
			`changed_when: false`

			`- name: warn if terraform is outdated`
			`fail:`
			`msg: "current terraform v{{ terraform_version }} is out of date"`
			`when: terraform_outdated is sameas true`
			`ignore_errors: True`

			`tags:`
			`- terraform`

Use persistent systemd units for autostart 2020-12-20 20:36:27 +01:00			`- name: handle autostart units`
			`block:`
			`- name: create systemd user directory`
			`file:`
			`state: directory`
			`path: ~/{{ item }}`
			`loop:`
			`- .config/`
			`- .config/systemd/`
			`- .config/systemd/user/`

			`- name: link autostart service files`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/.config/systemd/user/{{ item \| basename }}"`
			`src: "{{ item }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_fileglob: /var/lib/dotfiles/autostart/services/*`

autostart: Template the autostart target unit file 2021-10-02 10:52:59 +02:00			`- name: get state of autostart.target`
			`stat:`
			`path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`register: autostart_target_stat`

			`- name: remove invalid autostart.target`
			`file:`
			`path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`state: absent`
			`when:`
			`- autostart_target_stat.stat.exists`
			`- not autostart_target_stat.stat.isreg`

			`- name: deploy autostart.target`
			`template:`
			`src: ./autostart/autostart.target.j2`
			`dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`force: true`
			`follow: false`

Use persistent systemd units for autostart 2020-12-20 20:36:27 +01:00			`tags:`
			`- autostart`
Add personal gpg key configuration 2021-10-02 12:02:24 +02:00
			`- block:`
			`- name: import gpg key`
			`command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc`
			`register: gpg_import_output`
			`changed_when: not ("unchanged" in gpg_import_output.stderr)`

			`- name: trust gpg key`
			`shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"`
			`args:`
			`executable: /bin/bash # required for <<<`
			`register: gpg_trust_output`
			`changed_when: gpg_trust_output.stderr_lines\|length > 0`

			`when: user.gpg_key is defined`
			`tags: [gpg]`
Do initial passwordstore checkout 2021-10-02 12:02:36 +02:00
			`- block:`
			`- name: stat passwordstore checkout`
			`stat:`
			`path: /home/{{ user.name }}/.password-store`
			`register: passwordstore_checkout`
			`- name: check out passwordstore repository`
			`git:`
			`dest: /home/{{ user.name }}/.password-store`
			`repo: ssh://git@code.hkoerber.de:2222/hannes/passwordstore.git`
			`accept_hostkey: true`
			`when: not passwordstore_checkout.stat.exists`
			`when: user.enable_passwordstore\|default(false) is sameas true`
			`tags: [passwordstore]`