dotfiles/user.yml

- name: configure sudoers
  lineinfile:
    path: /etc/sudoers
    line: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"
    regexp: "^{{ user.name }}\\s+"
  become: true
  become_user: root

- name: set shell
  user:
    name: "{{ user.name }}"
    shell: /usr/bin/zsh
  become: true
  become_user: root

- set_fact:
    user_groups:
      - libvirt
      - wheel
      - vboxusers
      - wireshark
      - docker
      - sudonopw
      - games
      - kvm
  tags: [always]

- set_fact:
    user_group_name: "{{ user.group|default(user.name) }}"
  tags: [always]

- name: create user group
  group:
    name: "{{ user_group_name }}"
    state: present
  become: true
  become_user: root

- name: set groups
  user:
    name: "{{ user.name }}"
    groups: "{{ [user_group_name, 'dotfiles'] + user_groups }}"
  become: true
  become_user: root

- name: create systemd directory
  file:
    state: directory
    path: "{{ item }}"
    owner: "{{ user.name }}"
    group: "{{ user_group_name }}"
  loop:
    - "/home/{{ user.name }}/.config/"
    - "/home/{{ user.name }}/.config/systemd/"
    - "/home/{{ user.name }}/.config/systemd/user/"

# No way to use the `systemd` module here, as it needs a logind
# session. So we have to handle the symlinks for masking ourselves.
- name: disable and mask systemd user units
  file:
    state: link
    dest: "/home/{{ user.name }}/.config/systemd/user/{{ item }}"
    src: "/dev/null"
  with_items:
    - gpg-agent.socket
    - gpg-agent-browser.socket
    - gpg-agent-ssh.socket
    - gpg-agent-extra.socket

- name: create directory for getty autologin
  file:
    state: directory
    path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d
    owner: root
    group: root
    mode: '0755'
  become: true
  become_user: root

- name: enable getty autologin
  copy:
    dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf
    owner: root
    group: root
    mode: '0644'
    content: |
      [Service]
      ExecStart=
      ExecStart=-/sbin/agetty --autologin {{ user.name }} --noclear %I $TERM
  become: true
  become_user: root

- block:
  - name: load dotfile list
    include_vars:
      file: dotfiles.yml

  - name: get state of empty directories
    stat:
      path: ~/{{ item.name }}
    register: empty_dir_stat
    with_items: "{{ empty_directories }}"
    check_mode: false

  - name: remove sysmlinks
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when: item.stat.exists and item.stat.islnk
    with_items: "{{ empty_dir_stat.results }}"

  - name: create empty directories for dotfiles
    file:
      state: directory
      path: ~/{{ item.name }}
      mode: "{{ item.mode | default('0755') }}"
    with_items: "{{ empty_directories }}"

  - name: link this folder to ~/.dotfiles
    file:
      state: link
      force: true
      follow: false
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      path: "/home/{{ user.name }}/.dotfiles"
      src: "{{ playbook_dir }}"
    become: true
    become_user: root

  - name: get state of copy targets
    stat:
      path: ~/{{ item.to }}
    register: copy_stat
    when: not item.template|default(false)
    with_items: "{{ dotfiles }}"
    check_mode: false

  - name: remove invalid copy target (directories)
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when:
      - not item.skipped is defined or not item.skipped
      - item.stat.exists
      - item.stat.isdir
    with_items: "{{ copy_stat.results }}"

  - name: make sure target directories exist
    file:
      state: directory
      path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_items: "{{ dotfiles }}"
    become: true
    become_user: root

  - name: link dotfiles
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/{{ item.to }}"
      src: /var/lib/dotfiles/{{ item.from }}
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    when: not item.template|default(false)
    with_items: "{{ dotfiles }}"
    become: true
    become_user: root

  - name: get state of template targets
    stat:
      path: ~/{{ item.to }}
    register: template_stat
    when: item.template|default(false)
    with_items: "{{ dotfiles }}"
    check_mode: false

  - name: remove invalid template target (directory or symlink)
    file:
      path: "{{ item.stat.path }}"
      state: absent
    when:
      - not item.skipped is defined or not item.skipped
      - item.stat.exists
      - not item.stat.isreg
    with_items: "{{ template_stat.results }}"

  - name: deploy dotfiles templates
    template:
      src: /var/lib/dotfiles/{{ item.from }}.j2
      dest: "/home/{{ user.name }}/{{ item.to }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      force: true
    become: true
    become_user: root
    when: item.template|default(false)
    with_items: "{{ dotfiles }}"

  - name: create directories
    file:
      state: directory
      path: "{{ item }}"
    with_items:
      - ~/tmp
      - ~/.var/lib
      - ~/.var/log
      - ~/.var/run
      - ~/.usr/lib

  - name: stat ~/bin
    stat:
      path: "/home/{{ user.name }}/bin"
    register: bin_stat
    check_mode: false

  - name: remove ~/bin if not a link
    file:
      state: absent
      path: "/home/{{ user.name }}/bin"
    when:
      - bin_stat.stat.exists
      - not bin_stat.stat.islnk

  - name: create ~/.opt and ~/.optbin
    file:
      path: "{{ item }}"
      state: directory
    with_items:
      - ~/.opt/
      - ~/.optbin/

  - name: symlink opt programs
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/.optbin/{{ item.name }}"
      src: "/home/{{ user.name }}/.opt/{{ item.optpath }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_items:
      - name: hugo
        optpath: hugo
      - name: drone
        optpath: drone

  - name: link bin directory
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/bin"
      src: /var/lib/dotfiles/bin
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
  tags:
    - dotfiles

- block:
  - name: create intermediate directories for vim-plug
    file:
      path: "{{ item }}"
      state: directory
    with_items:
      - ~/.local/
      - ~/.local/share/
      - ~/.local/share/nvim/
      - ~/.local/share/nvim/site/
      - ~/.local/share/nvim/site/autoload/
      - ~/.vim/
      - ~/.vim/autoload

  - name: install vim-plug
    copy:
      src: contrib/vim-plug/plug.vim
      dest: ~/.vim/autoload/plug.vim
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      mode: "0644"

  - name: symlink vim-plug for neovim
    file:
      state: link
      path: ~/.local/share/nvim/site/autoload/plug.vim
      src: ~/.vim/autoload/plug.vim
      force: true

  - name: install vim plugins
    command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +PlugInstall +qall'
    register: vim_plugin_install
    changed_when: vim_plugin_install.stderr != ""

  - name: install go binaries for vim
    command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +GoInstallBinaries +qall'
    changed_when: false

  - name: update vim plugins
    command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +PlugUpdate +qall'
    register: vim_plugin_update
    changed_when: vim_plugin_update.stderr != ""
    tags: [user-update]

  - name: update go binaries for vim
    command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +GoUpdateBinaries +qall'
    changed_when: false
    tags: [user-update]
  tags: [vim-plugins]

- block:
  - name: create firefox directories
    firefox_profile:
      name: "{{ item.key }}"
    loop: "{{ user.firefox_profiles | dict2items }}"
    register: firefox_profile_names

  - set_fact:
      firefox_preferences:
        browser.aboutConfig.showWarning: false
        extensions.pocket.enabled: false
        toolkit.legacyUserProfileCustomizations.stylesheets: true
        browser.contentblocking.category: "strict"
        browser.newtabpage.enabled: false
        browser.shell.checkDefaultBrowser: false
        browser.startup.homepage: "about:blank"
        privacy.trackingprotection.enabled: true
        privacy.trackingprotection.socialtracking.enabled: true
        general.smoothScroll: false

        # Restore last session on startup
        # https://support.mozilla.org/de/questions/1235263
        browser.startup.page: 3
        browser.sessionstore.resume_from_crash: true

        # "Play DRM-controlled content"
        media.eme.enabled: true

        # "Recommend (extensions|features) as you browse"
        browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons: false
        browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features: false

        # "Ask to save logins and passwords for websites"
        signon.rememberSignons: false

        # "Allow Firefox to make personalized extension recommendations"
        browser.discovery.enabled: false

        # "Allow Firefox to install and run studies"
        app.shield.optoutstudies.enabled: false

        # "Check spelling as you type"
        layout.spellcheckDefault: 0

        # Ask for download directory
        browser.download.useDownloadDir: false

        # (Try to) disable automatic update, as firefox is pulling a Windows
        app.update.auto: false
        app.update.service.enabled: false

        # remove this camera / microphone overlay when in calls or similar
        privacy.webrtc.legacyGlobalIndicator: false

        # use distro updates instead
        app.update.auto: false

  - include_role:
      name: firefox
    vars:
      firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}"
    loop: "{{ user.firefox_profiles | dict2items }}"
    when: not ansible_check_mode

  - name: firefox - create chrome directory
    file:
      path: "{{ item.profile_path }}/chrome/"
      state: directory
      mode: '0755'
    with_items: "{{ firefox_profile_names.results }}"
    when: not ansible_check_mode

  - name: firefox - configure firefox custom css
    copy:
      dest: "{{ item.profile_path }}/chrome/userChrome.css"
      content: |
        #TabsToolbar {
          visibility: collapse !important;
        }
        #titlebar {
          visibility: collapse !important;
        }
        #sidebar-header {
          visibility: collapse !important;
        }
    when:
      - not ansible_check_mode
      - user.firefox_profiles[item.profile_name].manage_css is sameas True
    with_items: "{{ firefox_profile_names.results }}"
  tags:
    - firefox

- block:
  - name: look of current installation
    stat:
      path: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}
    register: stat_portfolio_performance_installation

  - block:
    - name: create temporary directory
      tempfile:
        state: directory
      register: tempdir

    - name: download portfolio performance
      get_url:
        url: https://github.com/buchen/portfolio/releases/download/{{ portfolio_performace_version }}/PortfolioPerformance-{{ portfolio_performace_version }}-linux.gtk.x86_64.tar.gz
        dest: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"
        force: false

    - name: create destination directory
      file:
        state: directory
        path: "{{ tempdir.path }}/PortfolioPerformance"
      when: not stat_portfolio_performance_installation.stat.exists

    - name: unpack portfolio performance
      unarchive:
        src: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"
        owner: "{{ user.name }}"
        group: "{{ user_group_name }}"
        mode: '0755'
        dest: "{{ tempdir.path }}/PortfolioPerformance"
        remote_src: true

    - name: install portfolio performance
      synchronize:
        src: "{{ tempdir.path }}/PortfolioPerformance"
        dest: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}
        recursive: true
        checksum: true
        delete: true

    - name: clean up temp directory
      file:
        path: "{{ tempdir.path }}"
        state: absent

    when:
      - not stat_portfolio_performance_installation.stat.exists
      - not ansible_check_mode

  - name: link portfolio performance
    file:
      src: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}/PortfolioPerformance/portfolio/PortfolioPerformance
      dest: /home/{{ user.name }}/.optbin/portfolio-performance
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      state: link
      force: true
  tags:
    - portfolio-performance

- name: handle autostart units
  block:
  - name: create systemd user directory
    file:
      state: directory
      path: ~/{{ item }}
    loop:
      - .config/
      - .config/systemd/
      - .config/systemd/user/

  - name: link autostart service files
    file:
      state: link
      force: true
      follow: false
      path: "/home/{{ user.name }}/.config/systemd/user/{{ item | basename }}"
      src: "{{ item }}"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
    with_fileglob: /var/lib/dotfiles/autostart/services/*

  - name: get state of autostart.target
    stat:
      path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
    register: autostart_target_stat

  - name: remove invalid autostart.target
    file:
      path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
      state: absent
    when:
      - autostart_target_stat.stat.exists
      - not autostart_target_stat.stat.isreg

  - name: deploy autostart.target
    template:
      src: ./autostart/autostart.target.j2
      dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      force: true
      follow: false

  tags:
    - autostart

- block:
  - name: import gpg key
    command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
    register: gpg_import_output
    changed_when: not ("unchanged" in gpg_import_output.stderr)

  - name: trust gpg key
    shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"
    args:
      executable: /bin/bash # required for <<<
    register: gpg_trust_output
    changed_when: gpg_trust_output.stderr_lines|length > 0

  when: user.gpg_key is defined
  tags: [gpg]

- block:
  - name: add passwordstore init script
    copy:
      dest: /home/{{ user.name }}/.optbin/pass
      owner: "{{ user.name }}"
      group: "{{ user_group_name }}"
      mode: '0755'
      content: |
        #!/usr/bin/env bash

        set -o nounset
        set -o errexit

        if [[ ! -e ~/.password-store ]] ; then
          printf '%s\n' 'This is the first time running pass, initializting repository ...'

          git clone ssh://git@code.hkoerber.de:2222/hannes/passwordstore.git ~/.password-store

          printf '%s\n' 'Done'
        fi

        command -p pass "${@}"
  when: user.enable_passwordstore|default(false) is sameas true
  tags: [passwordstore]
Multi-user setup 2019-11-14 09:16:55 +01:00			`- name: configure sudoers`
			`lineinfile:`
			`path: /etc/sudoers`
			`line: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"`
			`regexp: "^{{ user.name }}\\s+"`
			`become: true`
			`become_user: root`

			`- name: set shell`
			`user:`
			`name: "{{ user.name }}"`
			`shell: /usr/bin/zsh`
			`become: true`
			`become_user: root`

Add support for arch linux 2020-12-08 22:00:44 +01:00			`- set_fact:`
			`user_groups:`
			`- libvirt`
			`- wheel`
			`- vboxusers`
			`- wireshark`
			`- docker`
			`- sudonopw`
Add user to "games" group on arch 2020-12-12 13:27:11 +01:00			`- games`
Fix libvirt setup on arch 2021-02-09 21:33:04 +01:00			`- kvm`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`tags: [always]`

Fix user group handling 2020-02-23 14:59:27 +01:00			`- set_fact:`
			`user_group_name: "{{ user.group\|default(user.name) }}"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`tags: [always]`
Fix user group handling 2020-02-23 14:59:27 +01:00
Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`- name: create user group`
			`group:`
Fix user group handling 2020-02-23 14:59:27 +01:00			`name: "{{ user_group_name }}"`
Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`state: present`
Multi-user setup 2019-11-14 09:16:55 +01:00			`become: true`
			`become_user: root`

Use global dotfiles directory 2019-11-14 10:40:16 +01:00			`- name: set groups`
Multi-user setup 2019-11-14 09:16:55 +01:00			`user:`
			`name: "{{ user.name }}"`
Fix user group handling 2020-02-23 14:59:27 +01:00			`groups: "{{ [user_group_name, 'dotfiles'] + user_groups }}"`
Multi-user setup 2019-11-14 09:16:55 +01:00			`become: true`
			`become_user: root`

ansible: Fix systemd user unit masking 2021-09-25 19:08:16 +02:00			`- name: create systemd directory`
			`file:`
			`state: directory`
			`path: "{{ item }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`loop:`
			`- "/home/{{ user.name }}/.config/"`
			`- "/home/{{ user.name }}/.config/systemd/"`
			`- "/home/{{ user.name }}/.config/systemd/user/"`

			# No way to use the `systemd` module here, as it needs a logind
			`# session. So we have to handle the symlinks for masking ourselves.`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00			`- name: disable and mask systemd user units`
ansible: Fix systemd user unit masking 2021-09-25 19:08:16 +02:00			`file:`
			`state: link`
			`dest: "/home/{{ user.name }}/.config/systemd/user/{{ item }}"`
			`src: "/dev/null"`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00			`with_items:`
			`- gpg-agent.socket`
			`- gpg-agent-browser.socket`
			`- gpg-agent-ssh.socket`
Update gpg-agent service blacklist 2021-10-02 11:07:33 +02:00			`- gpg-agent-extra.socket`
Fix systemd user unit names in scripts 2020-12-11 20:05:55 +01:00
Multi-user setup 2019-11-14 09:16:55 +01:00			`- name: create directory for getty autologin`
			`file:`
			`state: directory`
			`path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d`
			`owner: root`
			`group: root`
			`mode: '0755'`
			`become: true`
			`become_user: root`

			`- name: enable getty autologin`
			`copy:`
			`dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`content: \|`
			`[Service]`
			`ExecStart=`
			`ExecStart=-/sbin/agetty --autologin {{ user.name }} --noclear %I $TERM`
			`become: true`
			`become_user: root`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- block:`
			`- name: load dotfile list`
			`include_vars:`
			`file: dotfiles.yml`

			`- name: get state of empty directories`
			`stat:`
			`path: ~/{{ item.name }}`
			`register: empty_dir_stat`
			`with_items: "{{ empty_directories }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove sysmlinks`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when: item.stat.exists and item.stat.islnk`
			`with_items: "{{ empty_dir_stat.results }}"`

			`- name: create empty directories for dotfiles`
			`file:`
			`state: directory`
			`path: ~/{{ item.name }}`
			`mode: "{{ item.mode \| default('0755') }}"`
			`with_items: "{{ empty_directories }}"`

			`- name: link this folder to ~/.dotfiles`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`path: "/home/{{ user.name }}/.dotfiles"`
			`src: "{{ playbook_dir }}"`
			`become: true`
			`become_user: root`

			`- name: get state of copy targets`
			`stat:`
			`path: ~/{{ item.to }}`
			`register: copy_stat`
			`when: not item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove invalid copy target (directories)`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when:`
			`- not item.skipped is defined or not item.skipped`
			`- item.stat.exists`
			`- item.stat.isdir`
			`with_items: "{{ copy_stat.results }}"`

dotfiles: Ensure target directory exists 2020-10-05 22:04:19 +02:00			`- name: make sure target directories exist`
			`file:`
			`state: directory`
			`path: "{{ (['/home', user.name, item.to]\|join('/')) \| dirname }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_items: "{{ dotfiles }}"`
			`become: true`
			`become_user: root`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- name: link dotfiles`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/{{ item.to }}"`
			`src: /var/lib/dotfiles/{{ item.from }}`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`when: not item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
			`become: true`
			`become_user: root`

			`- name: get state of template targets`
			`stat:`
			`path: ~/{{ item.to }}`
			`register: template_stat`
			`when: item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove invalid template target (directory or symlink)`
			`file:`
			`path: "{{ item.stat.path }}"`
			`state: absent`
			`when:`
			`- not item.skipped is defined or not item.skipped`
			`- item.stat.exists`
			`- not item.stat.isreg`
			`with_items: "{{ template_stat.results }}"`

			`- name: deploy dotfiles templates`
			`template:`
Fix template deployment 2024-04-10 16:01:07 +02:00			`src: /var/lib/dotfiles/{{ item.from }}.j2`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`dest: "/home/{{ user.name }}/{{ item.to }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`force: true`
			`become: true`
			`become_user: root`
			`when: item.template\|default(false)`
			`with_items: "{{ dotfiles }}"`

			`- name: create directories`
			`file:`
			`state: directory`
			`path: "{{ item }}"`
			`with_items:`
Create a ~/tmp directory 2021-10-10 17:04:57 +02:00			`- ~/tmp`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- ~/.var/lib`
			`- ~/.var/log`
			`- ~/.var/run`
			`- ~/.usr/lib`

			`- name: stat ~/bin`
			`stat:`
			`path: "/home/{{ user.name }}/bin"`
			`register: bin_stat`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: remove ~/bin if not a link`
			`file:`
			`state: absent`
			`path: "/home/{{ user.name }}/bin"`
			`when:`
			`- bin_stat.stat.exists`
			`- not bin_stat.stat.islnk`

			`- name: create ~/.opt and ~/.optbin`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`with_items:`
			`- ~/.opt/`
			`- ~/.optbin/`

			`- name: symlink opt programs`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/.optbin/{{ item.name }}"`
			`src: "/home/{{ user.name }}/.opt/{{ item.optpath }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_items:`
			`- name: hugo`
			`optpath: hugo`
			`- name: drone`
			`optpath: drone`

			`- name: link bin directory`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/bin"`
			`src: /var/lib/dotfiles/bin`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
Multi-user setup 2019-11-14 09:16:55 +01:00			`tags:`
			`- dotfiles`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- block:`
Move vim-plug directory creation into correct tagged block 2021-10-03 23:18:25 +02:00			`- name: create intermediate directories for vim-plug`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`with_items:`
			`- ~/.local/`
			`- ~/.local/share/`
			`- ~/.local/share/nvim/`
			`- ~/.local/share/nvim/site/`
			`- ~/.local/share/nvim/site/autoload/`
			`- ~/.vim/`
			`- ~/.vim/autoload`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- name: install vim-plug`
Use vim-plug submodule 2020-04-01 10:35:22 +02:00			`copy:`
			`src: contrib/vim-plug/plug.vim`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`dest: ~/.vim/autoload/plug.vim`
Use vim-plug submodule 2020-04-01 10:35:22 +02:00			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: "0644"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: symlink vim-plug for neovim`
			`file:`
			`state: link`
			`path: ~/.local/share/nvim/site/autoload/plug.vim`
			`src: ~/.vim/autoload/plug.vim`
			`force: true`

			`- name: install vim plugins`
Set GOROOT correctly 2021-10-06 21:18:03 +02:00			`command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +PlugInstall +qall'`
Fix nvim plugin install 2021-10-03 23:18:48 +02:00			`register: vim_plugin_install`
			`changed_when: vim_plugin_install.stderr != ""`
Update vim plugin installations 2021-10-03 14:24:46 +02:00
			`- name: install go binaries for vim`
Set GOROOT correctly 2021-10-06 21:18:03 +02:00			`command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +GoInstallBinaries +qall'`
Update vim plugin installations 2021-10-03 14:24:46 +02:00			`changed_when: false`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
Add vim plugin update 2021-10-03 12:30:09 +02:00			`- name: update vim plugins`
Set GOROOT correctly 2021-10-06 21:18:03 +02:00			`command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +PlugUpdate +qall'`
Fix nvim plugin install 2021-10-03 23:18:48 +02:00			`register: vim_plugin_update`
			`changed_when: vim_plugin_update.stderr != ""`
Split user and system updates 2022-05-02 20:20:24 +02:00			`tags: [user-update]`
Update vim plugin installations 2021-10-03 14:24:46 +02:00
			`- name: update go binaries for vim`
Set GOROOT correctly 2021-10-06 21:18:03 +02:00			`command: sh -c 'PATH=/usr/local/go/bin:$PATH GOROOT=/usr/local/go GOPATH=/home/{{ user.name }}/.go /usr/bin/nvim --headless +GoUpdateBinaries +qall'`
Update vim plugin installations 2021-10-03 14:24:46 +02:00			`changed_when: false`
Split user and system updates 2022-05-02 20:20:24 +02:00			`tags: [user-update]`
Update vim plugin installations 2021-10-03 14:24:46 +02:00			`tags: [vim-plugins]`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- block:`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`- name: create firefox directories`
			`firefox_profile:`
			`name: "{{ item.key }}"`
			`loop: "{{ user.firefox_profiles \| dict2items }}"`
			`register: firefox_profile_names`

			`- set_fact:`
			`firefox_preferences:`
			`browser.aboutConfig.showWarning: false`
			`extensions.pocket.enabled: false`
			`toolkit.legacyUserProfileCustomizations.stylesheets: true`
			`browser.contentblocking.category: "strict"`
			`browser.newtabpage.enabled: false`
			`browser.shell.checkDefaultBrowser: false`
			`browser.startup.homepage: "about:blank"`
			`privacy.trackingprotection.enabled: true`
			`privacy.trackingprotection.socialtracking.enabled: true`
			`general.smoothScroll: false`

			`# Restore last session on startup`
			`# https://support.mozilla.org/de/questions/1235263`
			`browser.startup.page: 3`
			`browser.sessionstore.resume_from_crash: true`

			`# "Play DRM-controlled content"`
			`media.eme.enabled: true`

			`# "Recommend (extensions\|features) as you browse"`
			`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons: false`
			`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features: false`

			`# "Ask to save logins and passwords for websites"`
			`signon.rememberSignons: false`

			`# "Allow Firefox to make personalized extension recommendations"`
			`browser.discovery.enabled: false`

			`# "Allow Firefox to install and run studies"`
			`app.shield.optoutstudies.enabled: false`

Update firefox configuration 2022-05-02 20:16:41 +02:00			`# "Check spelling as you type"`
			`layout.spellcheckDefault: 0`

			`# Ask for download directory`
			`browser.download.useDownloadDir: false`

			`# (Try to) disable automatic update, as firefox is pulling a Windows`
			`app.update.auto: false`
			`app.update.service.enabled: false`

firefox: Disable camera/micro indicator 2021-11-25 14:23:29 +01:00			`# remove this camera / microphone overlay when in calls or similar`
			`privacy.webrtc.legacyGlobalIndicator: false`

firefox: (Try to) disable auto updates 2022-06-29 15:29:19 +02:00			`# use distro updates instead`
			`app.update.auto: false`

Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`- include_role:`
			`name: firefox`
			`vars:`
			`firefox_profiles: "{{ {item.key: item.value} \| combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}"`
			`loop: "{{ user.firefox_profiles \| dict2items }}"`
Make playbook more check-mode safe 2022-12-16 19:08:57 +01:00			`when: not ansible_check_mode`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- name: firefox - create chrome directory`
			`file:`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`path: "{{ item.profile_path }}/chrome/"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`state: directory`
			`mode: '0755'`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`with_items: "{{ firefox_profile_names.results }}"`
Make playbook more check-mode safe 2022-12-16 19:08:57 +01:00			`when: not ansible_check_mode`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00
			`- name: firefox - configure firefox custom css`
			`copy:`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`dest: "{{ item.profile_path }}/chrome/userChrome.css"`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`content: \|`
			`#TabsToolbar {`
			`visibility: collapse !important;`
			`}`
			`#titlebar {`
			`visibility: collapse !important;`
			`}`
			`#sidebar-header {`
			`visibility: collapse !important;`
			`}`
Make playbook more check-mode safe 2022-12-16 19:08:57 +01:00			`when:`
			`- not ansible_check_mode`
			`- user.firefox_profiles[item.profile_name].manage_css is sameas True`
Configure firefox extensions & settings 2021-10-10 17:04:50 +02:00			`with_items: "{{ firefox_profile_names.results }}"`
			`tags:`
			`- firefox`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- block:`
			`- name: look of current installation`
			`stat:`
			`path: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}`
			`register: stat_portfolio_performance_installation`

			`- block:`
Create tempdir only if necessary 2020-12-14 16:00:56 +01:00			`- name: create temporary directory`
			`tempfile:`
			`state: directory`
			`register: tempdir`

Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00			`- name: download portfolio performance`
			`get_url:`
			`url: https://github.com/buchen/portfolio/releases/download/{{ portfolio_performace_version }}/PortfolioPerformance-{{ portfolio_performace_version }}-linux.gtk.x86_64.tar.gz`
			`dest: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"`
ansible2.9: Specify force for get_url The default changed and I assumed it was "false", but it's "true" in older ansible versions. 2022-07-01 20:03:36 +02:00			`force: false`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- name: create destination directory`
			`file:`
			`state: directory`
			`path: "{{ tempdir.path }}/PortfolioPerformance"`
			`when: not stat_portfolio_performance_installation.stat.exists`

			`- name: unpack portfolio performance`
			`unarchive:`
			`src: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: '0755'`
			`dest: "{{ tempdir.path }}/PortfolioPerformance"`
			`remote_src: true`

			`- name: install portfolio performance`
			`synchronize:`
			`src: "{{ tempdir.path }}/PortfolioPerformance"`
			`dest: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}`
			`recursive: true`
			`checksum: true`
			`delete: true`

Cleanup tempdir AFTER it is no longer used 2021-10-02 13:07:29 +02:00			`- name: clean up temp directory`
			`file:`
			`path: "{{ tempdir.path }}"`
			`state: absent`

Fix failure during check run 2021-01-27 14:21:58 +01:00			`when:`
			`- not stat_portfolio_performance_installation.stat.exists`
			`- not ansible_check_mode`
Add install of Portfolio Performance 2020-10-05 22:04:53 +02:00
			`- name: link portfolio performance`
			`file:`
			`src: /home/{{ user.name }}/.opt/portfolio-performance-{{ portfolio_performace_version }}/PortfolioPerformance/portfolio/PortfolioPerformance`
			`dest: /home/{{ user.name }}/.optbin/portfolio-performance`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`state: link`
			`force: true`
			`tags:`
			`- portfolio-performance`
Add install of kubectl 2020-10-05 22:05:02 +02:00
Use persistent systemd units for autostart 2020-12-20 20:36:27 +01:00			`- name: handle autostart units`
			`block:`
			`- name: create systemd user directory`
			`file:`
			`state: directory`
			`path: ~/{{ item }}`
			`loop:`
			`- .config/`
			`- .config/systemd/`
			`- .config/systemd/user/`

			`- name: link autostart service files`
			`file:`
			`state: link`
			`force: true`
			`follow: false`
			`path: "/home/{{ user.name }}/.config/systemd/user/{{ item \| basename }}"`
			`src: "{{ item }}"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`with_fileglob: /var/lib/dotfiles/autostart/services/*`

autostart: Template the autostart target unit file 2021-10-02 10:52:59 +02:00			`- name: get state of autostart.target`
			`stat:`
			`path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`register: autostart_target_stat`

			`- name: remove invalid autostart.target`
			`file:`
			`path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`state: absent`
			`when:`
			`- autostart_target_stat.stat.exists`
			`- not autostart_target_stat.stat.isreg`

			`- name: deploy autostart.target`
			`template:`
			`src: ./autostart/autostart.target.j2`
			`dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"`
			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`force: true`
			`follow: false`

Use persistent systemd units for autostart 2020-12-20 20:36:27 +01:00			`tags:`
			`- autostart`
Add personal gpg key configuration 2021-10-02 12:02:24 +02:00
			`- block:`
			`- name: import gpg key`
			`command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc`
			`register: gpg_import_output`
			`changed_when: not ("unchanged" in gpg_import_output.stderr)`

			`- name: trust gpg key`
			`shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"`
			`args:`
			`executable: /bin/bash # required for <<<`
			`register: gpg_trust_output`
			`changed_when: gpg_trust_output.stderr_lines\|length > 0`

			`when: user.gpg_key is defined`
			`tags: [gpg]`
Do initial passwordstore checkout 2021-10-02 12:02:36 +02:00
			`- block:`
Add pass wrapper to check out store 2021-10-03 12:24:11 +02:00			`- name: add passwordstore init script`
			`copy:`
Install pass wrapper in .optbin 2021-10-03 12:55:22 +02:00			`dest: /home/{{ user.name }}/.optbin/pass`
Add pass wrapper to check out store 2021-10-03 12:24:11 +02:00			`owner: "{{ user.name }}"`
			`group: "{{ user_group_name }}"`
			`mode: '0755'`
			`content: \|`
			`#!/usr/bin/env bash`

pass: Fix init script 2024-04-13 17:05:55 +02:00			`set -o nounset`
			`set -o errexit`

Add pass wrapper to check out store 2021-10-03 12:24:11 +02:00			`if [[ ! -e ~/.password-store ]] ; then`
			`printf '%s\n' 'This is the first time running pass, initializting repository ...'`

			`git clone ssh://git@code.hkoerber.de:2222/hannes/passwordstore.git ~/.password-store`

			`printf '%s\n' 'Done'`
			`fi`

Remove mypass 2024-04-13 17:46:21 +02:00			`command -p pass "${@}"`
Do initial passwordstore checkout 2021-10-02 12:02:36 +02:00			`when: user.enable_passwordstore\|default(false) is sameas true`
			`tags: [passwordstore]`