Apply ansible-lint
This commit is contained in:
179
playbook.yml
179
playbook.yml
@@ -1,41 +1,42 @@
|
||||
---
|
||||
- name: configure system
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: false
|
||||
tasks:
|
||||
- name: read machine-specific variables
|
||||
include_vars:
|
||||
- name: Read machine-specific variables
|
||||
ansible.builtin.include_vars:
|
||||
file: _machines/{{ ansible_hostname }}.yml
|
||||
name: machine
|
||||
tags:
|
||||
- always
|
||||
|
||||
- set_fact:
|
||||
distro: "{{ ansible_distribution|lower }}"
|
||||
- ansible.builtin.set_fact:
|
||||
distro: "{{ ansible_distribution | lower }}"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: check for valid distro
|
||||
assert:
|
||||
- name: Check for valid distro
|
||||
ansible.builtin.assert:
|
||||
that: distro in ('archlinux')
|
||||
|
||||
- block:
|
||||
- name: install ansible requirements
|
||||
package:
|
||||
name: "{{ packages[distro] }}"
|
||||
state: present
|
||||
become: true
|
||||
vars:
|
||||
packages:
|
||||
archlinux:
|
||||
- python-jmespath
|
||||
- name: Install ansible requirements
|
||||
ansible.builtin.package:
|
||||
name: "{{ packages[distro] }}"
|
||||
state: present
|
||||
become: true
|
||||
vars:
|
||||
packages:
|
||||
archlinux:
|
||||
- python-jmespath
|
||||
|
||||
- name: pacman
|
||||
- name: Pacman
|
||||
tags:
|
||||
- pacman
|
||||
block:
|
||||
- name: enable multilib repository
|
||||
blockinfile:
|
||||
- name: Enable multilib repository
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
block: |
|
||||
[multilib]
|
||||
@@ -43,56 +44,57 @@
|
||||
marker: "# {mark} ANSIBLE MANAGED multilib"
|
||||
become: true
|
||||
|
||||
- name: enable parallel download
|
||||
blockinfile:
|
||||
- name: Enable parallel download
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
insertafter: '\[options\]'
|
||||
insertafter: "\\[options\\]"
|
||||
block: |
|
||||
ParallelDownloads = 5
|
||||
marker: "# {mark} ANSIBLE MANAGED parallel_download"
|
||||
become: true
|
||||
|
||||
- name: install pacman-contrib for paccache
|
||||
package:
|
||||
- name: Install pacman-contrib for paccache
|
||||
ansible.builtin.package:
|
||||
name: pacman-contrib
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: install pacman cache clean service
|
||||
copy:
|
||||
dest: /etc/systemd/system/pacman-cache-cleanup.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'
|
||||
RemainAfterExit=true
|
||||
become: true
|
||||
- name: Install pacman cache clean service
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/pacman-cache-cleanup.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: |
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'
|
||||
RemainAfterExit=true
|
||||
become: true
|
||||
|
||||
- name: install pacman cache clean timer
|
||||
copy:
|
||||
dest: /etc/systemd/system/pacman-cache-cleanup.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
- name: Install pacman cache clean timer
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/pacman-cache-cleanup.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: |
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
become: true
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
become: true
|
||||
|
||||
- name: enable pacman cache clean timer
|
||||
systemd:
|
||||
name: pacman-cache-cleanup.timer
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
||||
become: true
|
||||
- ansible.builtin.systemd:
|
||||
name: pacman-cache-cleanup.timer
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
name: Enable pacman cache clean timer
|
||||
|
||||
- name: dotfiles directory
|
||||
tags:
|
||||
@@ -122,7 +124,7 @@
|
||||
path: /var/lib/dotfiles
|
||||
owner: dotfiles
|
||||
group: dotfiles
|
||||
mode: '0775' # group needs write access!
|
||||
mode: "0775" # group needs write access!
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
@@ -307,7 +309,7 @@
|
||||
file:
|
||||
path: "/var/lib/makepkg/{{ item.name }}/"
|
||||
state: directory
|
||||
mode: '0700'
|
||||
mode: "0700"
|
||||
owner: makepkg
|
||||
group: makepkg
|
||||
become_user: makepkg
|
||||
@@ -320,7 +322,7 @@
|
||||
file:
|
||||
path: "/var/lib/makepkg/{{ item.name }}/gnupg"
|
||||
state: directory
|
||||
mode: '0700'
|
||||
mode: "0700"
|
||||
owner: makepkg
|
||||
group: makepkg
|
||||
become_user: makepkg
|
||||
@@ -491,8 +493,7 @@
|
||||
become: true
|
||||
with_nested:
|
||||
- "{{ aur_packages }}"
|
||||
-
|
||||
- build
|
||||
- - build
|
||||
- src
|
||||
loop_control:
|
||||
label: "{{ item[0].name }}/{{ item[1] }}"
|
||||
@@ -518,7 +519,7 @@
|
||||
- name: use vz4 for mkinitcpio compression
|
||||
lineinfile:
|
||||
path: /etc/mkinitcpio.conf
|
||||
regexp: '^#?COMPRESSION=.*$'
|
||||
regexp: "^#?COMPRESSION=.*$"
|
||||
line: 'COMPRESSION="lz4"'
|
||||
become: true
|
||||
notify:
|
||||
@@ -632,22 +633,22 @@
|
||||
- name: handle lid switch
|
||||
lineinfile:
|
||||
path: /etc/systemd/logind.conf
|
||||
regexp: '^HandleLidSwitch='
|
||||
line: 'HandleLidSwitch=ignore'
|
||||
regexp: "^HandleLidSwitch="
|
||||
line: "HandleLidSwitch=ignore"
|
||||
become: true
|
||||
|
||||
- name: handle power key
|
||||
lineinfile:
|
||||
path: /etc/systemd/logind.conf
|
||||
regexp: '^HandlePowerKey='
|
||||
line: 'HandlePowerKey=suspend'
|
||||
regexp: "^HandlePowerKey="
|
||||
line: "HandlePowerKey=suspend"
|
||||
become: true
|
||||
|
||||
- name: limit journald size
|
||||
lineinfile:
|
||||
path: /etc/systemd/journald.conf
|
||||
regexp: '^#?SystemMaxUse=.*$'
|
||||
line: 'SystemMaxUse=50M'
|
||||
regexp: "^#?SystemMaxUse=.*$"
|
||||
line: "SystemMaxUse=50M"
|
||||
become: true
|
||||
notify:
|
||||
- restart journald
|
||||
@@ -755,31 +756,31 @@
|
||||
|
||||
# See https://bbs.archlinux.org/viewtopic.php?id=259764
|
||||
- block:
|
||||
- name: configure pacman to skip installing nextcloud dbus file
|
||||
blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
insertafter: '^#NoExtract'
|
||||
block: |
|
||||
NoExtract = usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
|
||||
marker: "# {mark} ANSIBLE MANAGED noextract nextcloud"
|
||||
become: true
|
||||
- name: configure pacman to skip installing nextcloud dbus file
|
||||
blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
insertafter: "^#NoExtract"
|
||||
block: |
|
||||
NoExtract = usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
|
||||
marker: "# {mark} ANSIBLE MANAGED noextract nextcloud"
|
||||
become: true
|
||||
|
||||
- name: remove nextcloud dbus file
|
||||
file:
|
||||
path: /usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
|
||||
state: absent
|
||||
become: true
|
||||
- name: remove nextcloud dbus file
|
||||
file:
|
||||
path: /usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
|
||||
state: absent
|
||||
become: true
|
||||
|
||||
- name: try to make gpg agent behave
|
||||
block:
|
||||
- name: configure pacman to skip installing gpg user units
|
||||
blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
insertafter: '^#NoExtract'
|
||||
block: |
|
||||
NoExtract = usr/lib/systemd/user/gpg-agent*
|
||||
marker: "# {mark} ANSIBLE MANAGED noextract gpg-agent"
|
||||
become: true
|
||||
- name: configure pacman to skip installing gpg user units
|
||||
blockinfile:
|
||||
path: /etc/pacman.conf
|
||||
insertafter: "^#NoExtract"
|
||||
block: |
|
||||
NoExtract = usr/lib/systemd/user/gpg-agent*
|
||||
marker: "# {mark} ANSIBLE MANAGED noextract gpg-agent"
|
||||
become: true
|
||||
|
||||
- name: backlight configuration
|
||||
tags:
|
||||
@@ -791,7 +792,7 @@
|
||||
dest: /etc/udev/rules.d/backlight.rules
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
content: |
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="/bin/chgrp video $sys$devpath/brightness", RUN+="/bin/chmod g+w $sys$devpath/brightness"
|
||||
become: true
|
||||
@@ -804,7 +805,7 @@
|
||||
tags:
|
||||
- user
|
||||
with_items: "{{ users }}"
|
||||
no_log: True # less spam
|
||||
no_log: true # less spam
|
||||
loop_control:
|
||||
loop_var: user
|
||||
tags:
|
||||
|
||||
178
user.yml
178
user.yml
@@ -1,7 +1,8 @@
|
||||
- name: base user configuration
|
||||
---
|
||||
- name: Base user configuration
|
||||
tags: [user:base]
|
||||
block:
|
||||
- set_fact:
|
||||
- ansible.builtin.set_fact:
|
||||
user_groups:
|
||||
- libvirt
|
||||
- wheel
|
||||
@@ -13,15 +14,15 @@
|
||||
- kvm
|
||||
- video
|
||||
|
||||
- name: create user group
|
||||
group:
|
||||
- name: Create user group
|
||||
ansible.builtin.group:
|
||||
name: "{{ user.name }}"
|
||||
state: present
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
- name: Create user
|
||||
ansible.builtin.user:
|
||||
name: "{{ user.name }}"
|
||||
state: present
|
||||
home: "/home/{{ user.name }}"
|
||||
@@ -32,8 +33,8 @@
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
- name: create systemd directory
|
||||
file:
|
||||
- name: Create systemd directory
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
owner: "{{ user.name }}"
|
||||
@@ -43,22 +44,22 @@
|
||||
- "/home/{{ user.name }}/.config/systemd/"
|
||||
- "/home/{{ user.name }}/.config/systemd/user/"
|
||||
|
||||
- name: create directory for getty autologin
|
||||
file:
|
||||
- name: Create directory for getty autologin
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /etc/systemd/system/getty@tty{{ user.vt }}.service.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
- name: enable getty autologin
|
||||
copy:
|
||||
- name: Enable getty autologin
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/getty@tty{{ user.vt }}.service.d/override.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
@@ -66,16 +67,16 @@
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
- name: configure dotfiles
|
||||
- name: Configure dotfiles
|
||||
tags:
|
||||
- user:dotfiles
|
||||
block:
|
||||
- name: load dotfile list
|
||||
include_vars:
|
||||
- name: Load dotfile list
|
||||
ansible.builtin.include_vars:
|
||||
file: dotfiles.yml
|
||||
|
||||
- name: get state of empty directories
|
||||
stat:
|
||||
- name: Get state of empty directories
|
||||
ansible.builtin.stat:
|
||||
path: ~/{{ item.name }}
|
||||
register: empty_dir_stat
|
||||
with_items: "{{ empty_directories }}"
|
||||
@@ -83,8 +84,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
|
||||
- name: remove symlinks
|
||||
file:
|
||||
- name: Remove symlinks
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.stat.path }}"
|
||||
state: absent
|
||||
when: item.stat.exists and item.stat.islnk
|
||||
@@ -92,8 +93,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
|
||||
- name: create empty directories for dotfiles
|
||||
file:
|
||||
- name: Create empty directories for dotfiles
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: ~/{{ item.name }}
|
||||
mode: "{{ item.mode | default('0755') }}"
|
||||
@@ -101,8 +102,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
|
||||
- name: link this folder to ~/.dotfiles
|
||||
file:
|
||||
- name: Link this folder to ~/.dotfiles
|
||||
ansible.builtin.file:
|
||||
state: link
|
||||
force: true
|
||||
follow: false
|
||||
@@ -113,8 +114,8 @@
|
||||
become: true
|
||||
become_user: root
|
||||
|
||||
- name: get state of copy targets
|
||||
stat:
|
||||
- name: Get state of copy targets
|
||||
ansible.builtin.stat:
|
||||
path: ~/{{ item.to }}
|
||||
register: copy_stat
|
||||
when: not item.template|default(false)
|
||||
@@ -123,8 +124,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: remove invalid copy target (symlinks)
|
||||
file:
|
||||
- name: Remove invalid copy target (symlinks)
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.stat.path }}"
|
||||
state: absent
|
||||
when:
|
||||
@@ -135,10 +136,10 @@
|
||||
loop_control:
|
||||
label: "{{ item.item.from }}"
|
||||
|
||||
- name: make sure target directories exist
|
||||
file:
|
||||
- name: Make sure target directories exist
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}"
|
||||
path: "{{ (['/home', user.name, item.to] | join('/')) | dirname }}"
|
||||
owner: "{{ user.name }}"
|
||||
group: "{{ user.name }}"
|
||||
with_items: "{{ dotfiles }}"
|
||||
@@ -147,8 +148,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: copy dotfiles
|
||||
copy:
|
||||
- name: Copy dotfiles
|
||||
ansible.builtin.copy:
|
||||
dest: "/home/{{ user.name }}/{{ item.to }}"
|
||||
src: /var/lib/dotfiles/{{ item.from }}
|
||||
owner: "{{ user.name }}"
|
||||
@@ -160,8 +161,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: copy directories
|
||||
synchronize:
|
||||
- name: Copy directories
|
||||
ansible.posix.synchronize:
|
||||
dest: "/home/{{ user.name }}/{{ item.to }}/"
|
||||
src: /var/lib/dotfiles/{{ item.from }}/
|
||||
archive: false
|
||||
@@ -180,8 +181,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: apply directory permissions
|
||||
file:
|
||||
- name: Apply directory permissions
|
||||
ansible.builtin.file:
|
||||
dest: "/home/{{ user.name }}/{{ item.to }}/"
|
||||
owner: "{{ user.name }}"
|
||||
group: "{{ user.name }}"
|
||||
@@ -193,8 +194,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: get state of template targets
|
||||
stat:
|
||||
- name: Get state of template targets
|
||||
ansible.builtin.stat:
|
||||
path: ~/{{ item.to }}
|
||||
register: template_stat
|
||||
when: item.template|default(false)
|
||||
@@ -203,8 +204,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: remove invalid template target (directory or symlink)
|
||||
file:
|
||||
- name: Remove invalid template target (directory or symlink)
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.stat.path }}"
|
||||
state: absent
|
||||
when:
|
||||
@@ -215,8 +216,8 @@
|
||||
loop_control:
|
||||
label: "{{ item.item.to }}"
|
||||
|
||||
- name: deploy dotfiles templates
|
||||
template:
|
||||
- name: Deploy dotfiles templates
|
||||
ansible.builtin.template:
|
||||
src: /var/lib/dotfiles/{{ item.from }}.j2
|
||||
dest: "/home/{{ user.name }}/{{ item.to }}"
|
||||
owner: "{{ user.name }}"
|
||||
@@ -229,35 +230,35 @@
|
||||
loop_control:
|
||||
label: "{{ item.to }}"
|
||||
|
||||
- name: remove dotfiles
|
||||
file:
|
||||
- name: Remove dotfiles
|
||||
ansible.builtin.file:
|
||||
state: absent
|
||||
path: "/home/{{ user.name }}/{{ item }}"
|
||||
loop: "{{ dotfiles_remove }}"
|
||||
|
||||
- name: create directories
|
||||
file:
|
||||
- name: Create directories
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
with_items:
|
||||
- ~/tmp
|
||||
|
||||
- name: stat ~/bin
|
||||
stat:
|
||||
- name: Stat ~/bin
|
||||
ansible.builtin.stat:
|
||||
path: "/home/{{ user.name }}/bin"
|
||||
register: bin_stat
|
||||
check_mode: false
|
||||
|
||||
- name: remove ~/bin if not a link
|
||||
file:
|
||||
- name: Remove ~/bin if not a link
|
||||
ansible.builtin.file:
|
||||
state: absent
|
||||
path: "/home/{{ user.name }}/bin"
|
||||
when:
|
||||
- bin_stat.stat.exists
|
||||
- not bin_stat.stat.islnk
|
||||
|
||||
- name: link bin directory
|
||||
file:
|
||||
- name: Link bin directory
|
||||
ansible.builtin.file:
|
||||
state: link
|
||||
force: true
|
||||
follow: false
|
||||
@@ -266,32 +267,32 @@
|
||||
owner: "{{ user.name }}"
|
||||
group: "{{ user.name }}"
|
||||
|
||||
- name: vim
|
||||
- name: Vim
|
||||
tags:
|
||||
- user:vim
|
||||
block:
|
||||
- name: install vim plugins
|
||||
command: nvim --headless +PlugInstall +qall
|
||||
- name: Install vim plugins
|
||||
ansible.builtin.command: nvim --headless +PlugInstall +qall
|
||||
register: vim_plugin_install
|
||||
changed_when: vim_plugin_install.stderr != ""
|
||||
|
||||
- name: update vim plugins
|
||||
command: nvim --headless +PlugUpdate +qall
|
||||
- name: Update vim plugins
|
||||
ansible.builtin.command: nvim --headless +PlugUpdate +qall
|
||||
register: vim_plugin_update
|
||||
changed_when: vim_plugin_update.stderr != ""
|
||||
|
||||
- name: firefox
|
||||
- name: Firefox
|
||||
tags:
|
||||
- user:firefox
|
||||
block:
|
||||
- name: create firefox directories
|
||||
- name: Create firefox directories
|
||||
firefox_profile:
|
||||
name: "{{ item.key }}"
|
||||
loop: "{{ user.firefox_profiles | dict2items }}"
|
||||
check_mode: false
|
||||
register: firefox_profile_names
|
||||
|
||||
- set_fact:
|
||||
- ansible.builtin.set_fact:
|
||||
firefox_preferences:
|
||||
browser.aboutConfig.showWarning: false
|
||||
extensions.pocket.enabled: false
|
||||
@@ -341,25 +342,25 @@
|
||||
# remove ad tracking garbage
|
||||
dom.private-attribution.submission.enabled: false
|
||||
|
||||
- include_role:
|
||||
- ansible.builtin.include_role:
|
||||
name: firefox
|
||||
vars:
|
||||
firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}"
|
||||
loop: "{{ user.firefox_profiles | dict2items }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: firefox - create chrome directory
|
||||
file:
|
||||
- name: Firefox - create chrome directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.profile_path }}/chrome/"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
with_items: "{{ firefox_profile_names.results }}"
|
||||
when: not ansible_check_mode
|
||||
loop_control:
|
||||
label: "{{ item.profile_path }}"
|
||||
|
||||
- name: firefox - configure firefox custom css
|
||||
copy:
|
||||
- name: Firefox - configure firefox custom css
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ item.profile_path }}/chrome/userChrome.css"
|
||||
content: |
|
||||
#TabsToolbar {
|
||||
@@ -378,12 +379,12 @@
|
||||
loop_control:
|
||||
label: "{{ item.profile_path }}"
|
||||
|
||||
- name: handle user units
|
||||
- name: Handle user units
|
||||
tags:
|
||||
- user:units
|
||||
block:
|
||||
- name: link user service files
|
||||
file:
|
||||
- name: Link user service files
|
||||
ansible.builtin.file:
|
||||
state: link
|
||||
force: true
|
||||
follow: false
|
||||
@@ -393,12 +394,12 @@
|
||||
group: "{{ user.name }}"
|
||||
with_fileglob: /var/lib/dotfiles/services/*
|
||||
|
||||
- name: handle autostart units
|
||||
- name: Handle autostart units
|
||||
tags:
|
||||
- user:autostart
|
||||
block:
|
||||
- name: create systemd user directory
|
||||
file:
|
||||
- name: Create systemd user directory
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: ~/{{ item }}
|
||||
loop:
|
||||
@@ -406,8 +407,8 @@
|
||||
- .config/systemd/
|
||||
- .config/systemd/user/
|
||||
|
||||
- name: link autostart service files
|
||||
file:
|
||||
- name: Link autostart service files
|
||||
ansible.builtin.file:
|
||||
state: link
|
||||
force: true
|
||||
follow: false
|
||||
@@ -417,21 +418,21 @@
|
||||
group: "{{ user.name }}"
|
||||
with_fileglob: /var/lib/dotfiles/autostart/services/*
|
||||
|
||||
- name: get state of autostart.target
|
||||
stat:
|
||||
- name: Get state of autostart.target
|
||||
ansible.builtin.stat:
|
||||
path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
|
||||
register: autostart_target_stat
|
||||
|
||||
- name: remove invalid autostart.target
|
||||
file:
|
||||
- name: Remove invalid autostart.target
|
||||
ansible.builtin.file:
|
||||
path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
|
||||
state: absent
|
||||
when:
|
||||
- autostart_target_stat.stat.exists
|
||||
- not autostart_target_stat.stat.isreg
|
||||
|
||||
- name: deploy autostart.target
|
||||
template:
|
||||
- name: Deploy autostart.target
|
||||
ansible.builtin.template:
|
||||
src: ./autostart/autostart.target.j2
|
||||
dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
|
||||
owner: "{{ user.name }}"
|
||||
@@ -439,20 +440,19 @@
|
||||
force: true
|
||||
follow: false
|
||||
|
||||
- name: gpg
|
||||
- name: Gpg
|
||||
tags:
|
||||
- user:gpg
|
||||
when: user.gpg_key is defined
|
||||
block:
|
||||
- name: import gpg key
|
||||
command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
|
||||
- name: Import gpg key
|
||||
ansible.builtin.command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
|
||||
register: gpg_import_output
|
||||
changed_when: not ("unchanged" in gpg_import_output.stderr)
|
||||
|
||||
- name: trust gpg key
|
||||
shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"
|
||||
- name: Trust gpg key
|
||||
ansible.builtin.shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"
|
||||
args:
|
||||
executable: /bin/bash # required for <<<
|
||||
register: gpg_trust_output
|
||||
changed_when: gpg_trust_output.stderr_lines|length > 0
|
||||
|
||||
when: user.gpg_key is defined
|
||||
|
||||
Reference in New Issue
Block a user