diff --git a/playbook.yml b/playbook.yml index 76f76d7..7761e50 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,41 +1,42 @@ +--- - name: configure system hosts: localhost connection: local become: false tasks: - - name: read machine-specific variables - include_vars: + - name: Read machine-specific variables + ansible.builtin.include_vars: file: _machines/{{ ansible_hostname }}.yml name: machine tags: - always - - set_fact: - distro: "{{ ansible_distribution|lower }}" + - ansible.builtin.set_fact: + distro: "{{ ansible_distribution | lower }}" tags: - always - - name: check for valid distro - assert: + - name: Check for valid distro + ansible.builtin.assert: that: distro in ('archlinux') - block: - - name: install ansible requirements - package: - name: "{{ packages[distro] }}" - state: present - become: true - vars: - packages: - archlinux: - - python-jmespath + - name: Install ansible requirements + ansible.builtin.package: + name: "{{ packages[distro] }}" + state: present + become: true + vars: + packages: + archlinux: + - python-jmespath - - name: pacman + - name: Pacman tags: - pacman block: - - name: enable multilib repository - blockinfile: + - name: Enable multilib repository + ansible.builtin.blockinfile: path: /etc/pacman.conf block: | [multilib] @@ -43,56 +44,57 @@ marker: "# {mark} ANSIBLE MANAGED multilib" become: true - - name: enable parallel download - blockinfile: + - name: Enable parallel download + ansible.builtin.blockinfile: path: /etc/pacman.conf - insertafter: '\[options\]' + insertafter: "\\[options\\]" block: | ParallelDownloads = 5 marker: "# {mark} ANSIBLE MANAGED parallel_download" become: true - - name: install pacman-contrib for paccache - package: + - name: Install pacman-contrib for paccache + ansible.builtin.package: name: pacman-contrib state: present become: true - block: - - name: install pacman cache clean service - copy: - dest: /etc/systemd/system/pacman-cache-cleanup.service - owner: root - group: root - mode: '0644' - content: | - [Service] - Type=oneshot - ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0' - RemainAfterExit=true - become: true + - name: Install pacman cache clean service + ansible.builtin.copy: + dest: /etc/systemd/system/pacman-cache-cleanup.service + owner: root + group: root + mode: "0644" + content: | + [Service] + Type=oneshot + ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0' + RemainAfterExit=true + become: true - - name: install pacman cache clean timer - copy: - dest: /etc/systemd/system/pacman-cache-cleanup.timer - owner: root - group: root - mode: '0644' - content: | - [Timer] - OnCalendar=daily + - name: Install pacman cache clean timer + ansible.builtin.copy: + dest: /etc/systemd/system/pacman-cache-cleanup.timer + owner: root + group: root + mode: "0644" + content: | + [Timer] + OnCalendar=daily - [Install] - WantedBy=multi-user.target - become: true + [Install] + WantedBy=multi-user.target + become: true - - name: enable pacman cache clean timer - systemd: - name: pacman-cache-cleanup.timer - enabled: true - state: started - daemon_reload: true - become: true + - ansible.builtin.systemd: + name: pacman-cache-cleanup.timer + enabled: true + state: started + daemon_reload: true + become: true + + name: Enable pacman cache clean timer - name: dotfiles directory tags: @@ -122,7 +124,7 @@ path: /var/lib/dotfiles owner: dotfiles group: dotfiles - mode: '0775' # group needs write access! + mode: "0775" # group needs write access! become: true become_user: root @@ -307,7 +309,7 @@ file: path: "/var/lib/makepkg/{{ item.name }}/" state: directory - mode: '0700' + mode: "0700" owner: makepkg group: makepkg become_user: makepkg @@ -320,7 +322,7 @@ file: path: "/var/lib/makepkg/{{ item.name }}/gnupg" state: directory - mode: '0700' + mode: "0700" owner: makepkg group: makepkg become_user: makepkg @@ -491,8 +493,7 @@ become: true with_nested: - "{{ aur_packages }}" - - - - build + - - build - src loop_control: label: "{{ item[0].name }}/{{ item[1] }}" @@ -518,7 +519,7 @@ - name: use vz4 for mkinitcpio compression lineinfile: path: /etc/mkinitcpio.conf - regexp: '^#?COMPRESSION=.*$' + regexp: "^#?COMPRESSION=.*$" line: 'COMPRESSION="lz4"' become: true notify: @@ -632,22 +633,22 @@ - name: handle lid switch lineinfile: path: /etc/systemd/logind.conf - regexp: '^HandleLidSwitch=' - line: 'HandleLidSwitch=ignore' + regexp: "^HandleLidSwitch=" + line: "HandleLidSwitch=ignore" become: true - name: handle power key lineinfile: path: /etc/systemd/logind.conf - regexp: '^HandlePowerKey=' - line: 'HandlePowerKey=suspend' + regexp: "^HandlePowerKey=" + line: "HandlePowerKey=suspend" become: true - name: limit journald size lineinfile: path: /etc/systemd/journald.conf - regexp: '^#?SystemMaxUse=.*$' - line: 'SystemMaxUse=50M' + regexp: "^#?SystemMaxUse=.*$" + line: "SystemMaxUse=50M" become: true notify: - restart journald @@ -755,31 +756,31 @@ # See https://bbs.archlinux.org/viewtopic.php?id=259764 - block: - - name: configure pacman to skip installing nextcloud dbus file - blockinfile: - path: /etc/pacman.conf - insertafter: '^#NoExtract' - block: | - NoExtract = usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service - marker: "# {mark} ANSIBLE MANAGED noextract nextcloud" - become: true + - name: configure pacman to skip installing nextcloud dbus file + blockinfile: + path: /etc/pacman.conf + insertafter: "^#NoExtract" + block: | + NoExtract = usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service + marker: "# {mark} ANSIBLE MANAGED noextract nextcloud" + become: true - - name: remove nextcloud dbus file - file: - path: /usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service - state: absent - become: true + - name: remove nextcloud dbus file + file: + path: /usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service + state: absent + become: true - name: try to make gpg agent behave block: - - name: configure pacman to skip installing gpg user units - blockinfile: - path: /etc/pacman.conf - insertafter: '^#NoExtract' - block: | - NoExtract = usr/lib/systemd/user/gpg-agent* - marker: "# {mark} ANSIBLE MANAGED noextract gpg-agent" - become: true + - name: configure pacman to skip installing gpg user units + blockinfile: + path: /etc/pacman.conf + insertafter: "^#NoExtract" + block: | + NoExtract = usr/lib/systemd/user/gpg-agent* + marker: "# {mark} ANSIBLE MANAGED noextract gpg-agent" + become: true - name: backlight configuration tags: @@ -791,7 +792,7 @@ dest: /etc/udev/rules.d/backlight.rules owner: root group: root - mode: '0644' + mode: "0644" content: | ACTION=="add", SUBSYSTEM=="backlight", RUN+="/bin/chgrp video $sys$devpath/brightness", RUN+="/bin/chmod g+w $sys$devpath/brightness" become: true @@ -804,7 +805,7 @@ tags: - user with_items: "{{ users }}" - no_log: True # less spam + no_log: true # less spam loop_control: loop_var: user tags: diff --git a/user.yml b/user.yml index 9a448f5..84d5f15 100644 --- a/user.yml +++ b/user.yml @@ -1,7 +1,8 @@ -- name: base user configuration +--- +- name: Base user configuration tags: [user:base] block: - - set_fact: + - ansible.builtin.set_fact: user_groups: - libvirt - wheel @@ -13,15 +14,15 @@ - kvm - video - - name: create user group - group: + - name: Create user group + ansible.builtin.group: name: "{{ user.name }}" state: present become: true become_user: root - - name: create user - user: + - name: Create user + ansible.builtin.user: name: "{{ user.name }}" state: present home: "/home/{{ user.name }}" @@ -32,8 +33,8 @@ become: true become_user: root -- name: create systemd directory - file: +- name: Create systemd directory + ansible.builtin.file: state: directory path: "{{ item }}" owner: "{{ user.name }}" @@ -43,22 +44,22 @@ - "/home/{{ user.name }}/.config/systemd/" - "/home/{{ user.name }}/.config/systemd/user/" -- name: create directory for getty autologin - file: +- name: Create directory for getty autologin + ansible.builtin.file: state: directory path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d owner: root group: root - mode: '0755' + mode: "0755" become: true become_user: root -- name: enable getty autologin - copy: +- name: Enable getty autologin + ansible.builtin.copy: dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf owner: root group: root - mode: '0644' + mode: "0644" content: | [Service] ExecStart= @@ -66,16 +67,16 @@ become: true become_user: root -- name: configure dotfiles +- name: Configure dotfiles tags: - user:dotfiles block: - - name: load dotfile list - include_vars: + - name: Load dotfile list + ansible.builtin.include_vars: file: dotfiles.yml - - name: get state of empty directories - stat: + - name: Get state of empty directories + ansible.builtin.stat: path: ~/{{ item.name }} register: empty_dir_stat with_items: "{{ empty_directories }}" @@ -83,8 +84,8 @@ loop_control: label: "{{ item.name }}" - - name: remove symlinks - file: + - name: Remove symlinks + ansible.builtin.file: path: "{{ item.stat.path }}" state: absent when: item.stat.exists and item.stat.islnk @@ -92,8 +93,8 @@ loop_control: label: "{{ item.item.name }}" - - name: create empty directories for dotfiles - file: + - name: Create empty directories for dotfiles + ansible.builtin.file: state: directory path: ~/{{ item.name }} mode: "{{ item.mode | default('0755') }}" @@ -101,8 +102,8 @@ loop_control: label: "{{ item.name }}" - - name: link this folder to ~/.dotfiles - file: + - name: Link this folder to ~/.dotfiles + ansible.builtin.file: state: link force: true follow: false @@ -113,8 +114,8 @@ become: true become_user: root - - name: get state of copy targets - stat: + - name: Get state of copy targets + ansible.builtin.stat: path: ~/{{ item.to }} register: copy_stat when: not item.template|default(false) @@ -123,8 +124,8 @@ loop_control: label: "{{ item.to }}" - - name: remove invalid copy target (symlinks) - file: + - name: Remove invalid copy target (symlinks) + ansible.builtin.file: path: "{{ item.stat.path }}" state: absent when: @@ -135,10 +136,10 @@ loop_control: label: "{{ item.item.from }}" - - name: make sure target directories exist - file: + - name: Make sure target directories exist + ansible.builtin.file: state: directory - path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}" + path: "{{ (['/home', user.name, item.to] | join('/')) | dirname }}" owner: "{{ user.name }}" group: "{{ user.name }}" with_items: "{{ dotfiles }}" @@ -147,8 +148,8 @@ loop_control: label: "{{ item.to }}" - - name: copy dotfiles - copy: + - name: Copy dotfiles + ansible.builtin.copy: dest: "/home/{{ user.name }}/{{ item.to }}" src: /var/lib/dotfiles/{{ item.from }} owner: "{{ user.name }}" @@ -160,8 +161,8 @@ loop_control: label: "{{ item.to }}" - - name: copy directories - synchronize: + - name: Copy directories + ansible.posix.synchronize: dest: "/home/{{ user.name }}/{{ item.to }}/" src: /var/lib/dotfiles/{{ item.from }}/ archive: false @@ -180,8 +181,8 @@ loop_control: label: "{{ item.to }}" - - name: apply directory permissions - file: + - name: Apply directory permissions + ansible.builtin.file: dest: "/home/{{ user.name }}/{{ item.to }}/" owner: "{{ user.name }}" group: "{{ user.name }}" @@ -193,8 +194,8 @@ loop_control: label: "{{ item.to }}" - - name: get state of template targets - stat: + - name: Get state of template targets + ansible.builtin.stat: path: ~/{{ item.to }} register: template_stat when: item.template|default(false) @@ -203,8 +204,8 @@ loop_control: label: "{{ item.to }}" - - name: remove invalid template target (directory or symlink) - file: + - name: Remove invalid template target (directory or symlink) + ansible.builtin.file: path: "{{ item.stat.path }}" state: absent when: @@ -215,8 +216,8 @@ loop_control: label: "{{ item.item.to }}" - - name: deploy dotfiles templates - template: + - name: Deploy dotfiles templates + ansible.builtin.template: src: /var/lib/dotfiles/{{ item.from }}.j2 dest: "/home/{{ user.name }}/{{ item.to }}" owner: "{{ user.name }}" @@ -229,35 +230,35 @@ loop_control: label: "{{ item.to }}" - - name: remove dotfiles - file: + - name: Remove dotfiles + ansible.builtin.file: state: absent path: "/home/{{ user.name }}/{{ item }}" loop: "{{ dotfiles_remove }}" - - name: create directories - file: + - name: Create directories + ansible.builtin.file: state: directory path: "{{ item }}" with_items: - ~/tmp - - name: stat ~/bin - stat: + - name: Stat ~/bin + ansible.builtin.stat: path: "/home/{{ user.name }}/bin" register: bin_stat check_mode: false - - name: remove ~/bin if not a link - file: + - name: Remove ~/bin if not a link + ansible.builtin.file: state: absent path: "/home/{{ user.name }}/bin" when: - bin_stat.stat.exists - not bin_stat.stat.islnk - - name: link bin directory - file: + - name: Link bin directory + ansible.builtin.file: state: link force: true follow: false @@ -266,32 +267,32 @@ owner: "{{ user.name }}" group: "{{ user.name }}" -- name: vim +- name: Vim tags: - user:vim block: - - name: install vim plugins - command: nvim --headless +PlugInstall +qall + - name: Install vim plugins + ansible.builtin.command: nvim --headless +PlugInstall +qall register: vim_plugin_install changed_when: vim_plugin_install.stderr != "" - - name: update vim plugins - command: nvim --headless +PlugUpdate +qall + - name: Update vim plugins + ansible.builtin.command: nvim --headless +PlugUpdate +qall register: vim_plugin_update changed_when: vim_plugin_update.stderr != "" -- name: firefox +- name: Firefox tags: - user:firefox block: - - name: create firefox directories + - name: Create firefox directories firefox_profile: name: "{{ item.key }}" loop: "{{ user.firefox_profiles | dict2items }}" check_mode: false register: firefox_profile_names - - set_fact: + - ansible.builtin.set_fact: firefox_preferences: browser.aboutConfig.showWarning: false extensions.pocket.enabled: false @@ -341,25 +342,25 @@ # remove ad tracking garbage dom.private-attribution.submission.enabled: false - - include_role: + - ansible.builtin.include_role: name: firefox vars: firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}" loop: "{{ user.firefox_profiles | dict2items }}" when: not ansible_check_mode - - name: firefox - create chrome directory - file: + - name: Firefox - create chrome directory + ansible.builtin.file: path: "{{ item.profile_path }}/chrome/" state: directory - mode: '0755' + mode: "0755" with_items: "{{ firefox_profile_names.results }}" when: not ansible_check_mode loop_control: label: "{{ item.profile_path }}" - - name: firefox - configure firefox custom css - copy: + - name: Firefox - configure firefox custom css + ansible.builtin.copy: dest: "{{ item.profile_path }}/chrome/userChrome.css" content: | #TabsToolbar { @@ -378,12 +379,12 @@ loop_control: label: "{{ item.profile_path }}" -- name: handle user units +- name: Handle user units tags: - user:units block: - - name: link user service files - file: + - name: Link user service files + ansible.builtin.file: state: link force: true follow: false @@ -393,12 +394,12 @@ group: "{{ user.name }}" with_fileglob: /var/lib/dotfiles/services/* -- name: handle autostart units +- name: Handle autostart units tags: - user:autostart block: - - name: create systemd user directory - file: + - name: Create systemd user directory + ansible.builtin.file: state: directory path: ~/{{ item }} loop: @@ -406,8 +407,8 @@ - .config/systemd/ - .config/systemd/user/ - - name: link autostart service files - file: + - name: Link autostart service files + ansible.builtin.file: state: link force: true follow: false @@ -417,21 +418,21 @@ group: "{{ user.name }}" with_fileglob: /var/lib/dotfiles/autostart/services/* - - name: get state of autostart.target - stat: + - name: Get state of autostart.target + ansible.builtin.stat: path: "/home/{{ user.name }}/.config/systemd/user/autostart.target" register: autostart_target_stat - - name: remove invalid autostart.target - file: + - name: Remove invalid autostart.target + ansible.builtin.file: path: "/home/{{ user.name }}/.config/systemd/user/autostart.target" state: absent when: - autostart_target_stat.stat.exists - not autostart_target_stat.stat.isreg - - name: deploy autostart.target - template: + - name: Deploy autostart.target + ansible.builtin.template: src: ./autostart/autostart.target.j2 dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target" owner: "{{ user.name }}" @@ -439,20 +440,19 @@ force: true follow: false -- name: gpg +- name: Gpg tags: - user:gpg + when: user.gpg_key is defined block: - - name: import gpg key - command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc + - name: Import gpg key + ansible.builtin.command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc register: gpg_import_output changed_when: not ("unchanged" in gpg_import_output.stderr) - - name: trust gpg key - shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6" + - name: Trust gpg key + ansible.builtin.shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6" args: executable: /bin/bash # required for <<< register: gpg_trust_output changed_when: gpg_trust_output.stderr_lines|length > 0 - - when: user.gpg_key is defined