dotfiles/playbook.yml

- name: configure system
  hosts: localhost
  connection: local
  become: false
  tasks:
    - name: read machine-specific variables
      include_vars:
        file: _machines/{{ ansible_hostname }}.yml
        name: machine
      tags:
        - always

    - name: read variables
      include_vars:
        file: variables.yml
      tags:
        - always

    - set_fact:
        distro: "{{ ansible_distribution|lower }}"
      tags:
        - always

    - name: check for valid distro
      assert:
        that: distro in ('archlinux')

    - block:
      - name: install ansible requirements
        package:
          name: "{{ packages[distro] }}"
          state: present
        become: true
        vars:
          packages:
            archlinux:
              - python-jmespath

    - block:
      - name: enable multilib repository
        blockinfile:
          path: /etc/pacman.conf
          block: |
            [multilib]
            Include = /etc/pacman.d/mirrorlist
          marker: "# {mark} ANSIBLE MANAGED multilib"
        become: true

      - name: enable parallel download
        blockinfile:
          path: /etc/pacman.conf
          insertafter: '\[options\]'
          block: |
            ParallelDownloads = 5
          marker: "# {mark} ANSIBLE MANAGED parallel_download"
        become: true

      - block:
        - name: upgrade system
          pacman:
            upgrade: true
            update_cache: true
          become: true
          changed_when: false

        tags: [system-update]

      - name: install pacman-contrib for paccache
        package:
          name: pacman-contrib
          state: present
        become: true

      - block:
        - name: install pacman cache clean service
          copy:
            dest: /etc/systemd/system/pacman-cache-cleanup.service
            owner: root
            group: root
            mode: '0644'
            content: |
              [Service]
              Type=oneshot
              ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'
              RemainAfterExit=true
          become: true

        - name: install pacman cache clean timer
          copy:
            dest: /etc/systemd/system/pacman-cache-cleanup.timer
            owner: root
            group: root
            mode: '0644'
            content: |
              [Timer]
              OnCalendar=daily
          become: true

        - name: enable pacman cache clean timer
          systemd:
            name: pacman-cache-cleanup.timer
            enabled: true
            state: started
            daemon_reload: true
          become: true
        tags: [pacman_cache_cleanup]

      when: distro == 'archlinux'

    - block:
      - name: create dotfiles group
        group:
          name: dotfiles
          state: present
        become: true
        become_user: root

      - name: create dotfiles user
        user:
          name: dotfiles
          group: dotfiles
          home: /var/lib/dotfiles
          create_home: false
          shell: /bin/bash
          system: true
        become: true
        become_user: root

      - name: create dotfiles directory
        file:
          state: directory
          path: /var/lib/dotfiles
          owner: dotfiles
          group: dotfiles
          mode: '0775' # group needs write access!
        become: true
        become_user: root

      - name: fix permissions for dotfiles directory
        shell: |
          cd /var/lib/dotfiles
          if [[ -e .git ]] ; then
              # There is no sane way to specify the global .gitconfig to use, so we
              # actually have to override HOME so git looks into ~/.gitconfig
              export HOME="$(mktemp -d)"
              set -o pipefail
              set -o errexit
              git config --global --add safe.directory /var/lib/dotfiles
              git ls-tree -z --name-only HEAD | xargs --null chown --changes --recursive dotfiles:dotfiles
              git ls-tree -z --name-only HEAD | xargs --null chmod --changes --recursive g+wX
          else
              chown --changes --recursive dotfiles:dotfiles .
              chmod --changes --recursive g+wX .
          fi
        args:
          executable: /bin/bash
        register: dotfiles_permission_change
        become: true
        become_user: root
        changed_when: dotfiles_permission_change.stdout_lines|length > 0
      tags: [dotfiles-directory]

    - block:
      - name: install sudo
        package:
          state: present
          name: sudo

      - name: install dependencies for paru
        package:
          state: present
          name:
            - base-devel
            - git
        become: true

      - name: create build user on arch
        user:
          name: makepkg
          home: /var/lib/makepkg
          create_home: true
          shell: /bin/bash
          system: true
        become: true

      - name: create paru user on arch
        user:
          name: paru
          home: /var/lib/paru
          create_home: true
          shell: /bin/bash
          system: true
        become: true

      - name: configure passwordless sudo for paru user
        copy:
          owner: root
          group: root
          mode: "0600"
          dest: /etc/sudoers.d/paru
          content: |
            paru ALL=(ALL) NOPASSWD: /usr/bin/pacman
        become: true

      - name: check if paru is already installed
        shell: |
          set -o errexit

          if pacman -Qi paru-bin >/dev/null 2>&1; then
              exit 100
          fi
          exit 0
        args:
          executable: /bin/bash
        changed_when: false
        check_mode: false
        failed_when: result.rc not in (0, 100)
        register: result

      - name: build paru on arch
        shell: |
          set -o errexit

          mkdir -p /tmp/paru-build
          cd /tmp/paru-build

          curl -L -O https://aur.archlinux.org/cgit/aur.git/snapshot/paru-bin.tar.gz
          tar xvf paru-bin.tar.gz
          cd paru-bin
          makepkg
        args:
          executable: /bin/bash
        become: true # do not build as root!
        become_user: makepkg
        when: result.rc != 100

      - name: install paru
        shell: |
          set -o errexit

          pacman --noconfirm -U /tmp/paru-build/paru-bin/paru-bin-*.pkg.tar.zst
          rm -rf /tmp/paru-build
        args:
          executable: /bin/bash
        become: true
        when: result.rc != 100

      when: distro == 'archlinux'


    - block:
      - name: load package list
        include_vars:
          file: packages.yml

      - name: force-update iptables to iptables-nft on arch
        shell: pacman -Q iptables && yes | pacman -S iptables-nft
        changed_when: false
        become: true
        when: distro == 'archlinux'

      - set_fact:
          defined_packages: "{{ packages|json_query('keys(list)') }}"

      - set_fact:
          distro_packages: "{{ packages|json_query('list.*.%s'|format(distro)) }}"

      - name: check list
        assert:
          that: "defined_packages|length == distro_packages|length"

      - set_fact:
          defined_packages_remove: "{{ packages|json_query('keys(remove)') }}"

      - set_fact:
          distro_packages_remove: "{{ packages|json_query('remove.*.%s'|format(distro)) }}"

      - name: check list
        assert:
          that: "defined_packages_remove|length == distro_packages_remove|length"

      - name: remove packages
        package:
          name: "{{ packages|json_query(query) }}"
          state: absent
        become: true
        vars:
          query: "{{ 'remove.*.%s[]'|format(distro) }}"

      - name: install packages
        package:
          name: "{{ packages|json_query(query) }}"
          state: present
        become: true
        vars:
          query: "{{ 'list.*.%s[]'|format(distro) }}"

      - name: install machine-specific packages
        package:
          name: "{{ machine.packages }}"
          state: present
        when: machine.packages is defined
        become: true

      tags: [packages]

    - block:
      - name: configure timesyncd on arch
        copy:
          owner: root
          group: root
          mode: "0644"
          dest: /etc/systemd/timesyncd.conf
          content: |
            [Time]
            NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
            FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
        become: true

      - name: install lz4
        package:
          name: lz4
          state: present
        become: true

      - name: use lz4 for mkinitcpio compression
        lineinfile:
          path: /etc/mkinitcpio.conf
          regexp: '^#?COMPRESSION=.*$'
          line: 'COMPRESSION="lz4"'
        become: true
        notify:
          - rebuild initrd
      when: distro == 'archlinux'

    - set_fact:
        disable_services:
          - sshd
      when: distro == 'archlinux'

    - name: disable services
      service:
        state: stopped
        enabled: false
        name: "{{ item }}"
      with_items: "{{ disable_services }}"
      become: true
      when: manage_services|default(true)|bool

    - set_fact:
        enable_services:
          - NetworkManager
          - docker
          - libvirtd
          - systemd-timesyncd
          - pcscd

    - name: enable services
      service:
        state: started
        enabled: true
        name: "{{ item }}"
      with_items: "{{ enable_services }}"
      become: true
      when: manage_services|default(true)|bool

    - name: get systemd boot target
      command: systemctl get-default
      register: systemd_target
      changed_when: false
      check_mode: false

    - set_fact:
        default_target: multi-user.target

    - name: set systemd boot target
      command: systemctl set-default {{ default_target }}
      when: systemd_target.stdout != default_target
      become: true

    - name: handle lid switch
      lineinfile:
        path: /etc/systemd/logind.conf
        regexp: '^HandleLidSwitch='
        line: 'HandleLidSwitch=ignore'
      become: true

    - name: handle power key
      lineinfile:
        path: /etc/systemd/logind.conf
        regexp: '^HandlePowerKey='
        line: 'HandlePowerKey=suspend'
      become: true

    - name: create sudonopw group
      group:
        name: sudonopw
        system: true

    - name: configure passwordless sudo
      copy:
        owner: root
        group: root
        mode: "0600"
        dest: /etc/sudoers.d/sudonopw
        content: |
          %sudonopw ALL=(ALL) NOPASSWD: ALL
      become: true

    - block:
      - name: install AMDGPU packages
        package:
          name:
            - mesa
            - lib32-mesa
            - xf86-video-amdgpu
            - vulkan-radeon
            - lib32-vulkan-radeon
            - libva-mesa-driver
            - lib32-libva-mesa-driver
            - mesa-vdpau
            - lib32-mesa-vdpau
          state: present
        become: true

      - name: set AMDGPU options
        copy:
          owner: root
          group: root
          mode: "0600"
          dest: /etc/X11/xorg.conf.d/20-amdgpu.conf
          content: |
            Section "Device"
                Identifier "AMD"
                Driver "amdgpu"
                Option "VariableRefresh" "true"
                Option "TearFree" "true"
            EndSection
        become: true

      when:
        - distro == 'archlinux'
        - machine.gpu is defined and machine.gpu == 'amd'

    - block:
      - block:
        - name: install spotify from AUR via paru
          shell: |
            curl -sS https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg | gpg --import
            yes 1 | paru --skipreview --aur --batchinstall --noconfirm -S spotify
          become: true
          become_user: paru
          args:
            creates: /usr/bin/spotify

      tags: [spotify]

    - set_fact:
        users: "{{ machine.users }}"
      tags:
        - always

    - include_tasks: user.yml
      args:
        apply:
          become: true
          become_user: "{{ user.name }}"
      with_items: "{{ users }}"
      no_log: True # less spam
      loop_control:
        loop_var: user
      tags:
        - always

  handlers:
    - name: rebuild initrd
      command: mkinitcpio -P
      become: true
      register: mkinitcpio_cmd
      failed_when: >
        mkinitcpio_cmd.rc != 0
        and
        not (mkinitcpio_cmd.rc == 1 and "file not found: `fsck.overlay'" in mkinitcpio_cmd.stderr)
Give configure task a proper name 2020-04-11 14:07:51 +02:00			`- name: configure system`
			`hosts: localhost`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00			`connection: local`
			`become: false`
			`tasks:`
Enable templating for dotfiles 2018-08-17 19:44:31 +02:00			`- name: read machine-specific variables`
			`include_vars:`
			`file: _machines/{{ ansible_hostname }}.yml`
			`name: machine`
			`tags:`
			`- always`

Read variables from separate file 2021-10-31 13:24:43 +01:00			`- name: read variables`
			`include_vars:`
			`file: variables.yml`
			`tags:`
			`- always`

Move variable assignments to beginning 2018-02-08 21:45:02 +01:00			`- set_fact:`
			`distro: "{{ ansible_distribution\|lower }}"`
Enable templating for dotfiles 2018-08-17 19:44:31 +02:00			`tags:`
			`- always`
Move variable assignments to beginning 2018-02-08 21:45:02 +01:00
Standardize capitalization of ansible task names 2021-10-06 21:21:09 +02:00			`- name: check for valid distro`
Assert running on a valid distro 2020-03-02 11:52:45 +01:00			`assert:`
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`that: distro in ('archlinux')`
Assert running on a valid distro 2020-03-02 11:52:45 +01:00
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- block:`
			`- name: install ansible requirements`
			`package:`
			`name: "{{ packages[distro] }}"`
			`state: present`
			`become: true`
			`vars:`
			`packages:`
			`archlinux:`
			`- python-jmespath`
Add step for system upgrade on ubuntu 2020-03-02 11:52:45 +01:00
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- block:`
			`- name: enable multilib repository`
			`blockinfile:`
			`path: /etc/pacman.conf`
			`block: \|`
			`[multilib]`
			`Include = /etc/pacman.d/mirrorlist`
			`marker: "# {mark} ANSIBLE MANAGED multilib"`
			`become: true`
Implement system update for fedora 2020-03-03 23:33:14 +01:00
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- name: enable parallel download`
			`blockinfile:`
			`path: /etc/pacman.conf`
			`insertafter: '\[options\]'`
			`block: \|`
			`ParallelDownloads = 5`
			`marker: "# {mark} ANSIBLE MANAGED parallel_download"`
			`become: true`
Install jmespath in playbook instead of install script 2022-06-30 20:41:40 +02:00
Do system update after pacman configuration 2024-04-10 19:55:21 +02:00			`- block:`
			`- name: upgrade system`
			`pacman:`
			`upgrade: true`
			`update_cache: true`
			`become: true`
			`changed_when: false`

			`tags: [system-update]`

Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- name: install pacman-contrib for paccache`
			`package:`
			`name: pacman-contrib`
			`state: present`
			`become: true`
pacman: Enable parallel downloads 2021-08-13 18:53:01 +02:00
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- block:`
			`- name: install pacman cache clean service`
			`copy:`
			`dest: /etc/systemd/system/pacman-cache-cleanup.service`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`content: \|`
			`[Service]`
			`Type=oneshot`
			`ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'`
			`RemainAfterExit=true`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`become: true`

Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- name: install pacman cache clean timer`
			`copy:`
			`dest: /etc/systemd/system/pacman-cache-cleanup.timer`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`content: \|`
			`[Timer]`
			`OnCalendar=daily`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`become: true`

Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- name: enable pacman cache clean timer`
			`systemd:`
			`name: pacman-cache-cleanup.timer`
			`enabled: true`
			`state: started`
			`daemon_reload: true`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`become: true`
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`tags: [pacman_cache_cleanup]`
Add support for arch linux 2020-12-08 22:00:44 +01:00
Remove ubuntu support 2024-04-10 15:57:38 +02:00			`when: distro == 'archlinux'`
Add step for system upgrade on ubuntu 2020-03-02 11:52:45 +01:00
Manage /var/lib/dotfiles as soon as possible 2022-07-02 15:44:02 +02:00			`- block:`
			`- name: create dotfiles group`
			`group:`
			`name: dotfiles`
			`state: present`
			`become: true`
			`become_user: root`

			`- name: create dotfiles user`
			`user:`
			`name: dotfiles`
			`group: dotfiles`
			`home: /var/lib/dotfiles`
			`create_home: false`
			`shell: /bin/bash`
			`system: true`
			`become: true`
			`become_user: root`

			`- name: create dotfiles directory`
			`file:`
			`state: directory`
			`path: /var/lib/dotfiles`
			`owner: dotfiles`
			`group: dotfiles`
			`mode: '0775' # group needs write access!`
			`become: true`
			`become_user: root`

			`- name: fix permissions for dotfiles directory`
			`shell: \|`
			`cd /var/lib/dotfiles`
Fix fixing of /var/lib/dotfiles permissions 2022-07-02 15:56:34 +02:00			`if [[ -e .git ]] ; then`
			`# There is no sane way to specify the global .gitconfig to use, so we`
			`# actually have to override HOME so git looks into ~/.gitconfig`
			`export HOME="$(mktemp -d)"`
			`set -o pipefail`
			`set -o errexit`
			`git config --global --add safe.directory /var/lib/dotfiles`
			`git ls-tree -z --name-only HEAD \| xargs --null chown --changes --recursive dotfiles:dotfiles`
			`git ls-tree -z --name-only HEAD \| xargs --null chmod --changes --recursive g+wX`
			`else`
			`chown --changes --recursive dotfiles:dotfiles .`
			`chmod --changes --recursive g+wX .`
			`fi`
Manage /var/lib/dotfiles as soon as possible 2022-07-02 15:44:02 +02:00			`args:`
			`executable: /bin/bash`
			`register: dotfiles_permission_change`
			`become: true`
			`become_user: root`
			`changed_when: dotfiles_permission_change.stdout_lines\|length > 0`
			`tags: [dotfiles-directory]`

Install paru on arch 2020-12-09 23:58:24 +01:00			`- block:`
Install sudo for "become" on arch 2020-12-11 18:04:14 +01:00			`- name: install sudo`
			`package:`
ansible: Use correct "state" for package module 2021-10-02 11:04:22 +02:00			`state: present`
Install sudo for "become" on arch 2020-12-11 18:04:14 +01:00			`name: sudo`

Install build dependencies for paru 2020-12-11 18:18:15 +01:00			`- name: install dependencies for paru`
			`package:`
ansible: Use correct "state" for package module 2021-10-02 11:04:22 +02:00			`state: present`
Install build dependencies for paru 2020-12-11 18:18:15 +01:00			`name:`
			`- base-devel`
			`- git`
Fix install of paru dependency installation 2020-12-11 20:08:14 +01:00			`become: true`
Install build dependencies for paru 2020-12-11 18:18:15 +01:00
Build AUR packages as separate user on arch 2020-12-11 17:53:32 +01:00			`- name: create build user on arch`
			`user:`
			`name: makepkg`
			`home: /var/lib/makepkg`
			`create_home: true`
			`shell: /bin/bash`
			`system: true`
Fix some arch-specific "becomes" 2021-10-06 21:17:54 +02:00			`become: true`
Build AUR packages as separate user on arch 2020-12-11 17:53:32 +01:00
Add separate paru user for installs 2021-10-03 15:44:48 +02:00			`- name: create paru user on arch`
			`user:`
			`name: paru`
			`home: /var/lib/paru`
			`create_home: true`
			`shell: /bin/bash`
			`system: true`
Fix some arch-specific "becomes" 2021-10-06 21:17:54 +02:00			`become: true`
Add separate paru user for installs 2021-10-03 15:44:48 +02:00
			`- name: configure passwordless sudo for paru user`
			`copy:`
			`owner: root`
			`group: root`
			`mode: "0600"`
			`dest: /etc/sudoers.d/paru`
			`content: \|`
			`paru ALL=(ALL) NOPASSWD: /usr/bin/pacman`
			`become: true`

paru: Fix installation 2020-12-20 20:37:43 +01:00			`- name: check if paru is already installed`
Install paru on arch 2020-12-09 23:58:24 +01:00			`shell: \|`
			`set -o errexit`

gitignore git bundles 2022-06-30 06:38:05 +02:00			`if pacman -Qi paru-bin >/dev/null 2>&1; then`
Install paru on arch 2020-12-09 23:58:24 +01:00			`exit 100`
			`fi`
paru: Fix installation 2020-12-20 20:37:43 +01:00			`exit 0`
			`args:`
			`executable: /bin/bash`
			`changed_when: false`
			`check_mode: false`
			`failed_when: result.rc not in (0, 100)`
			`register: result`

			`- name: build paru on arch`
			`shell: \|`
			`set -o errexit`
Install paru on arch 2020-12-09 23:58:24 +01:00
			`mkdir -p /tmp/paru-build`
			`cd /tmp/paru-build`

gitignore git bundles 2022-06-30 06:38:05 +02:00			`curl -L -O https://aur.archlinux.org/cgit/aur.git/snapshot/paru-bin.tar.gz`
			`tar xvf paru-bin.tar.gz`
			`cd paru-bin`
Install paru on arch 2020-12-09 23:58:24 +01:00			`makepkg`
			`args:`
			`executable: /bin/bash`
Build AUR packages as separate user on arch 2020-12-11 17:53:32 +01:00			`become: true # do not build as root!`
			`become_user: makepkg`
paru: Fix installation 2020-12-20 20:37:43 +01:00			`when: result.rc != 100`
Install paru on arch 2020-12-09 23:58:24 +01:00
			`- name: install paru`
			`shell: \|`
			`set -o errexit`

gitignore git bundles 2022-06-30 06:38:05 +02:00			`pacman --noconfirm -U /tmp/paru-build/paru-bin/paru-bin-*.pkg.tar.zst`
Install paru on arch 2020-12-09 23:58:24 +01:00			`rm -rf /tmp/paru-build`
			`args:`
			`executable: /bin/bash`
			`become: true`
			`when: result.rc != 100`

			`when: distro == 'archlinux'`


Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- block:`
			`- name: load package list`
			`include_vars:`
			`file: packages.yml`

Fix iptables install on arch 2021-10-02 12:54:11 +02:00			`- name: force-update iptables to iptables-nft on arch`
Fix iptables-nft to iptables on arch 2022-06-30 06:38:05 +02:00			`shell: pacman -Q iptables && yes \| pacman -S iptables-nft`
Fix iptables install on arch 2021-10-02 12:54:11 +02:00			`changed_when: false`
Fix some arch-specific "becomes" 2021-10-06 21:17:54 +02:00			`become: true`
Only use iptables hack on arch 2021-10-03 11:07:35 +02:00			`when: distro == 'archlinux'`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- set_fact:`
			`defined_packages: "{{ packages\|json_query('keys(list)') }}"`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- set_fact:`
			`distro_packages: "{{ packages\|json_query('list.*.%s'\|format(distro)) }}"`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`- name: check list`
			`assert:`
			`that: "defined_packages\|length == distro_packages\|length"`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00
Add removal list of installed packages 2020-10-05 22:03:05 +02:00			`- set_fact:`
			`defined_packages_remove: "{{ packages\|json_query('keys(remove)') }}"`

			`- set_fact:`
			`distro_packages_remove: "{{ packages\|json_query('remove.*.%s'\|format(distro)) }}"`

			`- name: check list`
			`assert:`
			`that: "defined_packages_remove\|length == distro_packages_remove\|length"`

Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`- name: remove packages`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`package:`
			`name: "{{ packages\|json_query(query) }}"`
Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`state: absent`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`become: true`
			`vars:`
Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`query: "{{ 'remove.*.%s[]'\|format(distro) }}"`
Add removal list of installed packages 2020-10-05 22:03:05 +02:00
Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`- name: install packages`
Add removal list of installed packages 2020-10-05 22:03:05 +02:00			`package:`
			`name: "{{ packages\|json_query(query) }}"`
Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`state: present`
Add removal list of installed packages 2020-10-05 22:03:05 +02:00			`become: true`
			`vars:`
Remove packages before installing packages 2022-06-30 06:38:05 +02:00			`query: "{{ 'list.*.%s[]'\|format(distro) }}"`
Purge packages on ubuntu 2022-01-04 18:13:14 +01:00
Enable machine-specific packages 2020-12-09 00:15:54 +01:00			`- name: install machine-specific packages`
			`package:`
			`name: "{{ machine.packages }}"`
			`state: present`
			`when: machine.packages is defined`
			`become: true`

Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`tags: [packages]`
Update ansible/dotbot scripts 2018-02-05 20:09:05 +01:00
Add support for arch linux 2020-12-08 22:00:44 +01:00			`- block:`
			`- name: configure timesyncd on arch`
			`copy:`
			`owner: root`
			`group: root`
			`mode: "0644"`
			`dest: /etc/systemd/timesyncd.conf`
			`content: \|`
			`[Time]`
			`NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org`
			`FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org`
Fix timesyncd configuration in arch 2020-12-09 19:36:41 +01:00			`become: true`
Compress mkinitcpio with lz4 on arch 2020-12-09 21:43:57 +01:00
			`- name: install lz4`
			`package:`
			`name: lz4`
ansible: Use correct "state" for package module 2021-10-02 11:04:22 +02:00			`state: present`
Compress mkinitcpio with lz4 on arch 2020-12-09 21:43:57 +01:00			`become: true`

			`- name: use lz4 for mkinitcpio compression`
			`lineinfile:`
			`path: /etc/mkinitcpio.conf`
			`regexp: '^#?COMPRESSION=.*$'`
			`line: 'COMPRESSION="lz4"'`
			`become: true`
Add handler to rebuild initrd if config changed 2020-12-09 21:48:20 +01:00			`notify:`
			`- rebuild initrd`
Fix timesyncd configuration in arch 2020-12-09 19:36:41 +01:00			`when: distro == 'archlinux'`
Add support for arch linux 2020-12-08 22:00:44 +01:00
			`- set_fact:`
			`disable_services:`
			`- sshd`
			`when: distro == 'archlinux'`
Fix SSH service disabling on fedora 2019-05-20 21:29:26 +02:00
Expand playbook 2018-02-09 17:56:43 +01:00			`- name: disable services`
			`service:`
			`state: stopped`
			`enabled: false`
			`name: "{{ item }}"`
Fix SSH service disabling on fedora 2019-05-20 21:29:26 +02:00			`with_items: "{{ disable_services }}"`
Expand playbook 2018-02-09 17:56:43 +01:00			`become: true`
Add testing in docker 2020-12-08 23:41:35 +01:00			`when: manage_services\|default(true)\|bool`
Add support for arch linux 2020-12-08 22:00:44 +01:00
			`- set_fact:`
			`enable_services:`
			`- NetworkManager`
			`- docker`
			`- libvirtd`
			`- systemd-timesyncd`
Enable pcscd service for yubikeys 2020-12-11 20:08:25 +01:00			`- pcscd`
Expand playbook 2018-02-09 17:56:43 +01:00
			`- name: enable services`
			`service:`
			`state: started`
			`enabled: true`
			`name: "{{ item }}"`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`with_items: "{{ enable_services }}"`
Do not manage docker service on fedora 2020-02-23 14:56:14 +01:00			`become: true`
Add testing in docker 2020-12-08 23:41:35 +01:00			`when: manage_services\|default(true)\|bool`
Do not manage docker service on fedora 2020-02-23 14:56:14 +01:00
Expand playbook 2018-02-09 17:56:43 +01:00			`- name: get systemd boot target`
			`command: systemctl get-default`
			`register: systemd_target`
			`changed_when: false`
Make checkrun work 2020-04-01 10:15:58 +02:00			`check_mode: false`
Expand playbook 2018-02-09 17:56:43 +01:00
			`- set_fact:`
			`default_target: multi-user.target`

			`- name: set systemd boot target`
			`command: systemctl set-default {{ default_target }}`
			`when: systemd_target.stdout != default_target`
			`become: true`

			`- name: handle lid switch`
			`lineinfile:`
			`path: /etc/systemd/logind.conf`
			`regexp: '^HandleLidSwitch='`
			`line: 'HandleLidSwitch=ignore'`
			`become: true`

			`- name: handle power key`
			`lineinfile:`
			`path: /etc/systemd/logind.conf`
			`regexp: '^HandlePowerKey='`
			`line: 'HandlePowerKey=suspend'`
			`become: true`

Remove ubuntu support 2024-04-10 15:57:38 +02:00			`- name: create sudonopw group`
			`group:`
			`name: sudonopw`
			`system: true`

			`- name: configure passwordless sudo`
			`copy:`
			`owner: root`
			`group: root`
			`mode: "0600"`
			`dest: /etc/sudoers.d/sudonopw`
			`content: \|`
			`%sudonopw ALL=(ALL) NOPASSWD: ALL`
			`become: true`
Add support for arch linux 2020-12-08 22:00:44 +01:00
			`- block:`
			`- name: install AMDGPU packages`
			`package:`
			`name:`
			`- mesa`
			`- lib32-mesa`
			`- xf86-video-amdgpu`
			`- vulkan-radeon`
			`- lib32-vulkan-radeon`
			`- libva-mesa-driver`
			`- lib32-libva-mesa-driver`
			`- mesa-vdpau`
			`- lib32-mesa-vdpau`
ansible: Use correct "state" for package module 2021-10-02 11:04:22 +02:00			`state: present`
Add support for arch linux 2020-12-08 22:00:44 +01:00			`become: true`

			`- name: set AMDGPU options`
			`copy:`
			`owner: root`
			`group: root`
			`mode: "0600"`
			`dest: /etc/X11/xorg.conf.d/20-amdgpu.conf`
			`content: \|`
			`Section "Device"`
			`Identifier "AMD"`
			`Driver "amdgpu"`
			`Option "VariableRefresh" "true"`
			`Option "TearFree" "true"`
			`EndSection`
Fix permissions for config of AMDGPU 2020-12-09 15:27:47 +01:00			`become: true`
Add support for arch linux 2020-12-08 22:00:44 +01:00
			`when:`
			`- distro == 'archlinux'`
			`- machine.gpu is defined and machine.gpu == 'amd'`

Add some fancy rust cmdline programs 2021-10-29 15:50:06 +02:00			`- block:`
Install spotify via paru on arch 2021-10-03 15:44:59 +02:00			`- block:`
			`- name: install spotify from AUR via paru`
			`shell: \|`
Update spotify apt key 2022-05-02 20:42:15 +02:00			`curl -sS https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg \| gpg --import`
Install spotify via paru on arch 2021-10-03 15:44:59 +02:00			`yes 1 \| paru --skipreview --aur --batchinstall --noconfirm -S spotify`
			`become: true`
			`become_user: paru`
			`args:`
			`creates: /usr/bin/spotify`
Install spotify via third-party repo on ubuntu 2021-10-02 11:07:14 +02:00
			`tags: [spotify]`

Multi-user setup 2019-11-14 09:16:55 +01:00			`- set_fact:`
			`users: "{{ machine.users }}"`
Update vim plugin install 2018-08-17 21:16:54 +02:00			`tags:`
Multi-user setup 2019-11-14 09:16:55 +01:00			`- always`
Update vim plugin install 2018-08-17 21:16:54 +02:00
Multi-user setup 2019-11-14 09:16:55 +01:00			`- include_tasks: user.yml`
Update vim plugin install 2018-08-17 21:16:54 +02:00			`args:`
Multi-user setup 2019-11-14 09:16:55 +01:00			`apply:`
			`become: true`
			`become_user: "{{ user.name }}"`
			`with_items: "{{ users }}"`
Make inlcude_ tasks less spammy 2021-10-31 13:39:51 +01:00			`no_log: True # less spam`
Multi-user setup 2019-11-14 09:16:55 +01:00			`loop_control:`
			`loop_var: user`
Add tags for components and Makefile targets 2020-03-03 17:31:48 +01:00			`tags:`
			`- always`
Add handler to rebuild initrd if config changed 2020-12-09 21:48:20 +01:00
			`handlers:`
			`- name: rebuild initrd`
			`command: mkinitcpio -P`
			`become: true`
Fix running mkinitcpio in docker 2021-10-03 15:25:35 +02:00			`register: mkinitcpio_cmd`
			`failed_when: >`
			`mkinitcpio_cmd.rc != 0`
			`and`
			not (mkinitcpio_cmd.rc == 1 and "file not found: `fsck.overlay'" in mkinitcpio_cmd.stderr)