hannes/dotfiles
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Streamling tagging & formatting

Browse Source
This commit is contained in:
Hannes Körber
2024-04-26 12:04:12 +02:00
parent eecd828d60
commit ea804c530d
2 changed files with 786 additions and 778 deletions
Download Patch File Download Diff File Expand all files Collapse all files

944
playbook.yml
View File

@@ -36,509 +36,512 @@
archlinux: archlinux:
- python-jmespath - python-jmespath
- block: - name: pacman
- name: enable multilib repository tags:
blockinfile: - pacman
path: /etc/pacman.conf block:
block: | - name: enable multilib repository
[multilib] blockinfile:
Include = /etc/pacman.d/mirrorlist path: /etc/pacman.conf
marker: "# {mark} ANSIBLE MANAGED multilib" block: |
become: true [multilib]
Include = /etc/pacman.d/mirrorlist
- name: enable parallel download marker: "# {mark} ANSIBLE MANAGED multilib"
blockinfile:
path: /etc/pacman.conf
insertafter: '\[options\]'
block: |
ParallelDownloads = 5
marker: "# {mark} ANSIBLE MANAGED parallel_download"
become: true
- block:
- name: upgrade system
pacman:
upgrade: true
update_cache: true
become: true become: true
- name: enable parallel download
blockinfile:
path: /etc/pacman.conf
insertafter: '\[options\]'
block: |
ParallelDownloads = 5
marker: "# {mark} ANSIBLE MANAGED parallel_download"
become: true
- block:
- name: upgrade system
pacman:
upgrade: true
update_cache: true
become: true
changed_when: false
tags: [system-update]
- name: install pacman-contrib for paccache
package:
name: pacman-contrib
state: present
become: true
- block:
- name: install pacman cache clean service
copy:
dest: /etc/systemd/system/pacman-cache-cleanup.service
owner: root
group: root
mode: '0644'
content: |
[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'
RemainAfterExit=true
become: true
- name: install pacman cache clean timer
copy:
dest: /etc/systemd/system/pacman-cache-cleanup.timer
owner: root
group: root
mode: '0644'
content: |
[Timer]
OnCalendar=daily
become: true
- name: enable pacman cache clean timer
systemd:
name: pacman-cache-cleanup.timer
enabled: true
state: started
daemon_reload: true
become: true
- name: dotfiles directory
tags:
- dotfiles-directory
block:
- name: create dotfiles group
group:
name: dotfiles
state: present
become: true
become_user: root
- name: create dotfiles user
user:
name: dotfiles
group: dotfiles
home: /var/lib/dotfiles
create_home: false
shell: /bin/bash
system: true
become: true
become_user: root
- name: create dotfiles directory
file:
state: directory
path: /var/lib/dotfiles
owner: dotfiles
group: dotfiles
mode: '0775' # group needs write access!
become: true
become_user: root
- name: fix permissions for dotfiles directory
shell: |
chown --changes --recursive dotfiles:dotfiles .
chmod --changes --recursive g+rwX .
args:
executable: /bin/bash
chdir: /var/lib/dotfiles
register: dotfiles_permission_change
become: true
become_user: root
changed_when: dotfiles_permission_change.stdout_lines|length > 0
- name: packages
tags:
- packages
block:
- name: load package list
include_vars:
file: packages.yml
- name: force-update iptables to iptables-nft on arch
shell: pacman -Q iptables && yes | pacman -S iptables-nft
changed_when: false changed_when: false
tags: [system-update]
- name: install pacman-contrib for paccache
package:
name: pacman-contrib
state: present
become: true
- block:
- name: install pacman cache clean service
copy:
dest: /etc/systemd/system/pacman-cache-cleanup.service
owner: root
group: root
mode: '0644'
content: |
[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/paccache -rk1 && /usr/bin/paccache -ruk0'
RemainAfterExit=true
become: true become: true
- name: install pacman cache clean timer - set_fact:
copy: defined_packages: "{{ packages|json_query('keys(list)') }}"
dest: /etc/systemd/system/pacman-cache-cleanup.timer
owner: root - set_fact:
group: root distro_packages: "{{ packages|json_query('list.*.%s'|format(distro)) }}"
mode: '0644'
content: | - name: check list
[Timer] assert:
OnCalendar=daily that: "defined_packages|length == distro_packages|length"
- set_fact:
defined_packages_remove: "{{ packages|json_query('keys(remove)') }}"
- set_fact:
distro_packages_remove: "{{ packages|json_query('remove.*.%s'|format(distro)) }}"
- name: check list
assert:
that: "defined_packages_remove|length == distro_packages_remove|length"
- name: remove packages
package:
name: "{{ packages|json_query(query) }}"
state: absent
become: true
vars:
query: "{{ 'remove.*.%s[]'|format(distro) }}"
- name: install packages
package:
name: "{{ packages|json_query(query) }}"
state: present
become: true
vars:
query: "{{ 'list.*.%s[]'|format(distro) }}"
- name: install machine-specific packages
package:
name: "{{ machine.packages }}"
state: present
when: machine.packages is defined
become: true become: true
- name: enable pacman cache clean timer - name: aur
systemd: tags:
name: pacman-cache-cleanup.timer - aur
enabled: true block:
state: started - name: create build user on arch
daemon_reload: true user:
name: makepkg
home: /var/lib/makepkg
create_home: true
shell: /bin/bash
system: true
become: true become: true
tags: [pacman_cache_cleanup]
when: distro == 'archlinux' - set_fact:
aur_packages:
- name: portfolio-performance-bin
preexec: |
#!/usr/bin/env bash
source ./env
curl -sSf --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/E46E6F8FF02E4C83569084589239277F560C95AC | gpg --import -
- block: - name: nodejs-intelephense
- name: create dotfiles group
group:
name: dotfiles
state: present
become: true
become_user: root
- name: create dotfiles user - name: spotify
user: preexec: |
name: dotfiles #!/usr/bin/env bash
group: dotfiles source ./env
home: /var/lib/dotfiles curl -sSf --proto '=https' https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | gpg --import -
create_home: false
shell: /bin/bash
system: true
become: true
become_user: root
- name: create dotfiles directory - name: vim-plug
file:
state: directory
path: /var/lib/dotfiles
owner: dotfiles
group: dotfiles
mode: '0775' # group needs write access!
become: true
become_user: root
- name: fix permissions for dotfiles directory - set_fact:
shell: | aur_packages: "{{ aur_packages|map(attribute='dependencies', default=[]) | flatten + aur_packages }}"
chown --changes --recursive dotfiles:dotfiles .
chmod --changes --recursive g+rwX .
args:
executable: /bin/bash
chdir: /var/lib/dotfiles
register: dotfiles_permission_change
become: true
become_user: root
changed_when: dotfiles_permission_change.stdout_lines|length > 0
tags: [dotfiles-directory]
- block: - name: install dependencies
- name: load package list shell: |
include_vars: aur_packages=({{ aur_packages | map(attribute='name') | join(' ') }})
file: packages.yml
- name: force-update iptables to iptables-nft on arch source pkgbuilds/{{ item.name }}/PKGBUILD
shell: pacman -Q iptables && yes | pacman -S iptables-nft
changed_when: false
become: true
when: distro == 'archlinux'
- set_fact: installed=0
defined_packages: "{{ packages|json_query('keys(list)') }}"
- set_fact: dependencies=(${depends[@]} ${makedepends[@]})
distro_packages: "{{ packages|json_query('list.*.%s'|format(distro)) }}" for dep in "${dependencies[@]}" ; do
aur=0
for aur_pkg in "${aur_packages[@]}" ; do
if [[ "${aur_pkg}" == "${dep}" ]] ; then
aur=1
break
fi
done
- name: check list if (( aur )) ; then
assert: continue
that: "defined_packages|length == distro_packages|length" fi
- set_fact: if ! pacman -Qq "${dep}" >/dev/null 2>&1 ; then
defined_packages_remove: "{{ packages|json_query('keys(remove)') }}" installed=1
pacman -S --noconfirm --needed "${dep}"
- set_fact:
distro_packages_remove: "{{ packages|json_query('remove.*.%s'|format(distro)) }}"
- name: check list
assert:
that: "defined_packages_remove|length == distro_packages_remove|length"
- name: remove packages
package:
name: "{{ packages|json_query(query) }}"
state: absent
become: true
vars:
query: "{{ 'remove.*.%s[]'|format(distro) }}"
- name: install packages
package:
name: "{{ packages|json_query(query) }}"
state: present
become: true
vars:
query: "{{ 'list.*.%s[]'|format(distro) }}"
- name: install machine-specific packages
package:
name: "{{ machine.packages }}"
state: present
when: machine.packages is defined
become: true
tags: [packages]
- block:
- name: create build user on arch
user:
name: makepkg
home: /var/lib/makepkg
create_home: true
shell: /bin/bash
system: true
become: true
- set_fact:
aur_packages:
- name: portfolio-performance-bin
preexec: |
#!/usr/bin/env bash
source ./env
curl -sSf --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/E46E6F8FF02E4C83569084589239277F560C95AC | gpg --import -
- name: nodejs-intelephense
- name: spotify
preexec: |
#!/usr/bin/env bash
source ./env
curl -sSf --proto '=https' https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | gpg --import -
- name: vim-plug
- set_fact:
aur_packages: "{{ aur_packages|map(attribute='dependencies', default=[]) | flatten + aur_packages }}"
- name: install dependencies
shell: |
aur_packages=({{ aur_packages | map(attribute='name') | join(' ') }})
source pkgbuilds/{{ item.name }}/PKGBUILD
installed=0
dependencies=(${depends[@]} ${makedepends[@]})
for dep in "${dependencies[@]}" ; do
aur=0
for aur_pkg in "${aur_packages[@]}" ; do
if [[ "${aur_pkg}" == "${dep}" ]] ; then
aur=1
break
fi fi
done done
if (( aur )) ; then if (( installed )) ; then
continue
fi
if ! pacman -Qq "${dep}" >/dev/null 2>&1 ; then
installed=1
pacman -S --noconfirm --needed "${dep}"
fi
done
if (( installed )) ; then
exit 123
else
exit 0
fi
args:
executable: /bin/bash
register: install_deps
failed_when: install_deps.rc not in (0, 123)
changed_when: install_deps.rc == 123
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create build root directory
file:
path: "/var/lib/makepkg/{{ item.name }}/"
state: directory
mode: '0700'
owner: makepkg
group: makepkg
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create build gpg directory
file:
path: "/var/lib/makepkg/{{ item.name }}/gnupg"
state: directory
mode: '0700'
owner: makepkg
group: makepkg
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create env file
copy:
dest: /var/lib/makepkg/{{ item.name }}/env
owner: makepkg
group: makepkg
mode: "0600"
content: |
export GNUPGHOME="/var/lib/makepkg/{{ item.name }}/gnupg"
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_before
loop_control:
label: "{{ item.name }}"
- name: install preexec script
copy:
dest: /var/lib/makepkg/{{ item.name }}/preexec
owner: makepkg
group: makepkg
mode: "0700"
content: "{{ item.preexec }}"
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_after
loop_control:
label: "{{ item.name }}"
- name: run preexec script
command:
cmd: "{{ item.1.stat.path }}"
chdir: "{{ item.1.stat.path | dirname }}"
become_user: makepkg
become: true
when:
- not item[0].stat.exists
- item[0].stat.checksum|default('') != item[1].stat.checksum
loop: "{{ preexec_before.results| reject('skipped')|zip(preexec_after.results| reject('skipped')) }}"
loop_control:
label: "{{ item.1.stat.path }}"
- name: create build script
copy:
owner: makepkg
group: makepkg
mode: "0700"
dest: /var/lib/makepkg/{{ item.name }}/build.sh
content: |
#!/usr/bin/env bash
source /var/lib/makepkg/{{ item.name }}/env
export PKGEXT='.pkg.tar'
export BUILDDIR=/var/lib/makepkg/{{ item.name }}/build/
export SRCDEST=/var/lib/makepkg/{{ item.name }}/src/
export PKGDEST=/var/lib/makepkg/{{ item.name }}/
cd /var/lib/dotfiles/pkgbuilds/{{ item.name }}/
source ./PKGBUILD
for arch in "${arch[@]}" ; do
if [[ "${arch}" == "any" ]] ; then
arch="any"
break
fi
if [[ "${arch}" == "x86_64" ]] ; then
arch="x86_64"
fi
done
if [[ ! "${arch}" ]] ; then
printf 'unsupported arch' >&2
exit 1
fi
if [[ "${epoch}" ]] ; then
version="${epoch}:${pkgver}-${pkgrel}"
else
version="${pkgver}-${pkgrel}"
fi
filename="${PKGDEST%/}/${pkgname}-${version}-${arch}${PKGEXT}"
needed_build=0
if [[ ! -e "${filename}" ]] ; then
needed_build=1
makepkg \
--clean \
--nosign || exit 1
fi
printf '%s' "${filename}" > /var/lib/makepkg/{{ item.name }}/pkgname
become: true
become_user: makepkg
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create install script
copy:
owner: root
group: root
mode: "0700"
dest: /var/lib/makepkg/{{ item.name }}/install.sh
content: |
#!/usr/bin/env bash
sudo -u makepkg -g makepkg /var/lib/makepkg/{{ item.name }}/build.sh || exit 1
filename="$(</var/lib/makepkg/{{ item.name }}/pkgname)"
name=$(pacman -Qi --file "${filename}" | grep '^Name' | awk '{print $3}')
version=$(pacman -Qi --file "${filename}" | grep '^Version' | awk '{print $3}')
if [[ "$(pacman -Q "${name}")" == "${name} ${version}" ]] ; then
exit 0
else
pacman --upgrade --needed --noconfirm "$filename" || exit 1
exit 123 exit 123
else
exit 0
fi fi
become: true args:
loop: "{{ aur_packages }}" executable: /bin/bash
loop_control: register: install_deps
label: "{{ item.name }}" failed_when: install_deps.rc not in (0, 123)
changed_when: install_deps.rc == 123
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: build and install aur package - name: create build root directory
command: /var/lib/makepkg/{{ item.name }}/install.sh file:
register: aur_install path: "/var/lib/makepkg/{{ item.name }}/"
changed_when: aur_install.rc == 123 state: directory
failed_when: aur_install.rc not in (0, 123) mode: '0700'
become: true owner: makepkg
loop: "{{ aur_packages }}" group: makepkg
loop_control: become_user: makepkg
label: "{{ item.name }}" become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: clean up build leftovers - name: create build gpg directory
file: file:
path: /var/lib/makepkg/{{ item[0].name }}/{{ item[1] }}/ path: "/var/lib/makepkg/{{ item.name }}/gnupg"
state: absent state: directory
become_user: makepkg mode: '0700'
become: true owner: makepkg
with_nested: group: makepkg
- "{{ aur_packages }}" become_user: makepkg
- become: true
- build loop: "{{ aur_packages }}"
- src loop_control:
loop_control: label: "{{ item.name }}"
label: "{{ item[0].name }}/{{ item[1] }}"
tags: ["aur"] - name: create env file
when: distro == 'archlinux' copy:
dest: /var/lib/makepkg/{{ item.name }}/env
owner: makepkg
group: makepkg
mode: "0600"
content: |
export GNUPGHOME="/var/lib/makepkg/{{ item.name }}/gnupg"
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- block: - name: check preexec script
- name: configure timesyncd on arch stat:
copy: path: /var/lib/makepkg/{{ item.name }}/preexec
owner: root become_user: makepkg
group: root become: true
mode: "0644" when: item.preexec is defined
dest: /etc/systemd/timesyncd.conf loop: "{{ aur_packages }}"
content: | register: preexec_before
[Time] loop_control:
NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org label: "{{ item.name }}"
FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
become: true
- name: install lz4 - name: install preexec script
package: copy:
name: lz4 dest: /var/lib/makepkg/{{ item.name }}/preexec
state: present owner: makepkg
become: true group: makepkg
mode: "0700"
content: "{{ item.preexec }}"
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: use lz4 for mkinitcpio compression - name: check preexec script
lineinfile: stat:
path: /etc/mkinitcpio.conf path: /var/lib/makepkg/{{ item.name }}/preexec
regexp: '^#?COMPRESSION=.*$' become_user: makepkg
line: 'COMPRESSION="lz4"' become: true
become: true when: item.preexec is defined
notify: loop: "{{ aur_packages }}"
- rebuild initrd register: preexec_after
when: distro == 'archlinux' loop_control:
label: "{{ item.name }}"
- set_fact: - name: run preexec script
disable_services: command:
- sshd cmd: "{{ item.1.stat.path }}"
when: distro == 'archlinux' chdir: "{{ item.1.stat.path | dirname }}"
become_user: makepkg
become: true
when:
- not item[0].stat.exists
- item[0].stat.checksum|default('') != item[1].stat.checksum
loop: "{{ preexec_before.results| reject('skipped')|zip(preexec_after.results| reject('skipped')) }}"
loop_control:
label: "{{ item.1.stat.path }}"
- name: disable services - name: create build script
service: copy:
state: stopped owner: makepkg
enabled: false group: makepkg
name: "{{ item }}" mode: "0700"
with_items: "{{ disable_services }}" dest: /var/lib/makepkg/{{ item.name }}/build.sh
content: |
#!/usr/bin/env bash
source /var/lib/makepkg/{{ item.name }}/env
export PKGEXT='.pkg.tar'
export BUILDDIR=/var/lib/makepkg/{{ item.name }}/build/
export SRCDEST=/var/lib/makepkg/{{ item.name }}/src/
export PKGDEST=/var/lib/makepkg/{{ item.name }}/
cd /var/lib/dotfiles/pkgbuilds/{{ item.name }}/
source ./PKGBUILD
for arch in "${arch[@]}" ; do
if [[ "${arch}" == "any" ]] ; then
arch="any"
break
fi
if [[ "${arch}" == "x86_64" ]] ; then
arch="x86_64"
fi
done
if [[ ! "${arch}" ]] ; then
printf 'unsupported arch' >&2
exit 1
fi
if [[ "${epoch}" ]] ; then
version="${epoch}:${pkgver}-${pkgrel}"
else
version="${pkgver}-${pkgrel}"
fi
filename="${PKGDEST%/}/${pkgname}-${version}-${arch}${PKGEXT}"
needed_build=0
if [[ ! -e "${filename}" ]] ; then
needed_build=1
makepkg \
--clean \
--nosign || exit 1
fi
printf '%s' "${filename}" > /var/lib/makepkg/{{ item.name }}/pkgname
become: true
become_user: makepkg
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create install script
copy:
owner: root
group: root
mode: "0700"
dest: /var/lib/makepkg/{{ item.name }}/install.sh
content: |
#!/usr/bin/env bash
sudo -u makepkg -g makepkg /var/lib/makepkg/{{ item.name }}/build.sh || exit 1
filename="$(</var/lib/makepkg/{{ item.name }}/pkgname)"
name=$(pacman -Qi --file "${filename}" | grep '^Name' | awk '{print $3}')
version=$(pacman -Qi --file "${filename}" | grep '^Version' | awk '{print $3}')
if [[ "$(pacman -Q "${name}")" == "${name} ${version}" ]] ; then
exit 0
else
pacman --upgrade --needed --noconfirm "$filename" || exit 1
exit 123
fi
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: build and install aur package
command: /var/lib/makepkg/{{ item.name }}/install.sh
register: aur_install
changed_when: aur_install.rc == 123
failed_when: aur_install.rc not in (0, 123)
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: clean up build leftovers
file:
path: /var/lib/makepkg/{{ item[0].name }}/{{ item[1] }}/
state: absent
become_user: makepkg
become: true
with_nested:
- "{{ aur_packages }}"
-
- build
- src
loop_control:
label: "{{ item[0].name }}/{{ item[1] }}"
- name: configure timesyncd on arch
copy:
owner: root
group: root
mode: "0644"
dest: /etc/systemd/timesyncd.conf
content: |
[Time]
NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
become: true become: true
when: manage_services|default(true)|bool
- set_fact: - name: install lz4
enable_services: package:
- NetworkManager name: lz4
- docker state: present
- libvirtd
- systemd-timesyncd
- pcscd
- name: enable services
service:
state: started
enabled: true
name: "{{ item }}"
with_items: "{{ enable_services }}"
become: true become: true
when: manage_services|default(true)|bool
- name: use vz4 for mkinitcpio compression
lineinfile:
path: /etc/mkinitcpio.conf
regexp: '^#?COMPRESSION=.*$'
line: 'COMPRESSION="lz4"'
become: true
notify:
- rebuild initrd
- name: services
tags:
- services
block:
- set_fact:
disable_services:
- sshd.service
- name: disable services
service:
state: stopped
enabled: false
name: "{{ item }}"
with_items: "{{ disable_services }}"
become: true
when: manage_services|default(true)|bool
- set_fact:
enable_services:
- NetworkManager
- docker
- libvirtd
- systemd-timesyncd
- pcscd
- name: enable services
service:
state: started
enabled: true
name: "{{ item }}"
with_items: "{{ enable_services }}"
become: true
when: manage_services|default(true)|bool
- name: get systemd boot target - name: get systemd boot target
command: systemctl get-default command: systemctl get-default
@@ -634,7 +637,6 @@
become: true become: true
when: when:
- distro == 'archlinux'
- machine.gpu is defined and machine.gpu == 'amd' - machine.gpu is defined and machine.gpu == 'amd'
- set_fact: - set_fact:
@@ -664,6 +666,8 @@
apply: apply:
become: true become: true
become_user: "{{ user.name }}" become_user: "{{ user.name }}"
tags:
- user
with_items: "{{ users }}" with_items: "{{ users }}"
no_log: True # less spam no_log: True # less spam
loop_control: loop_control:

620
user.yml
View File

@@ -8,7 +8,6 @@
- sudonopw - sudonopw
- games - games
- kvm - kvm
tags: [always]
- name: create user group - name: create user group
group: group:
@@ -81,340 +80,345 @@
become: true become: true
become_user: root become_user: root
- block: - name: configure dotfiles
- name: load dotfile list
include_vars:
file: dotfiles.yml
- name: get state of empty directories
stat:
path: ~/{{ item.name }}
register: empty_dir_stat
with_items: "{{ empty_directories }}"
check_mode: false
loop_control:
label: "{{ item.name }}"
- name: remove symlinks
file:
path: "{{ item.stat.path }}"
state: absent
when: item.stat.exists and item.stat.islnk
with_items: "{{ empty_dir_stat.results }}"
loop_control:
label: "{{ item.item.name }}"
- name: create empty directories for dotfiles
file:
state: directory
path: ~/{{ item.name }}
mode: "{{ item.mode | default('0755') }}"
with_items: "{{ empty_directories }}"
loop_control:
label: "{{ item.name }}"
- name: link this folder to ~/.dotfiles
file:
state: link
force: true
follow: false
owner: "{{ user.name }}"
group: "{{ user.name }}"
path: "/home/{{ user.name }}/.dotfiles"
src: "{{ playbook_dir }}"
become: true
become_user: root
- name: get state of copy targets
stat:
path: ~/{{ item.to }}
register: copy_stat
when: not item.template|default(false)
with_items: "{{ dotfiles }}"
check_mode: false
loop_control:
label: "{{ item.to }}"
- name: remove invalid copy target (directories)
file:
path: "{{ item.stat.path }}"
state: absent
when:
- not item.skipped is defined or not item.skipped
- item.stat.exists
- item.stat.isdir
with_items: "{{ copy_stat.results }}"
loop_control:
label: "{{ item.item.from }}"
- name: make sure target directories exist
file:
state: directory
path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
with_items: "{{ dotfiles }}"
become: true
become_user: root
loop_control:
label: "{{ item.to }}"
- name: link dotfiles
file:
state: link
force: true
follow: false
path: "/home/{{ user.name }}/{{ item.to }}"
src: /var/lib/dotfiles/{{ item.from }}
owner: "{{ user.name }}"
group: "{{ user.name }}"
when: not item.template|default(false)
with_items: "{{ dotfiles }}"
become: true
become_user: root
loop_control:
label: "{{ item.to }}"
- name: get state of template targets
stat:
path: ~/{{ item.to }}
register: template_stat
when: item.template|default(false)
with_items: "{{ dotfiles }}"
check_mode: false
loop_control:
label: "{{ item.to }}"
- name: remove invalid template target (directory or symlink)
file:
path: "{{ item.stat.path }}"
state: absent
when:
- not item.skipped is defined or not item.skipped
- item.stat.exists
- not item.stat.isreg
with_items: "{{ template_stat.results }}"
loop_control:
label: "{{ item.item.to }}"
- name: deploy dotfiles templates
template:
src: /var/lib/dotfiles/{{ item.from }}.j2
dest: "/home/{{ user.name }}/{{ item.to }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
force: true
become: true
become_user: root
when: item.template|default(false)
with_items: "{{ dotfiles }}"
loop_control:
label: "{{ item.to }}"
- name: remove dotfiles
file:
state: absent
path: "/home/{{ user.name }}/{{ item }}"
loop: "{{ dotfiles_remove }}"
- name: create directories
file:
state: directory
path: "{{ item }}"
with_items:
- ~/tmp
- name: stat ~/bin
stat:
path: "/home/{{ user.name }}/bin"
register: bin_stat
check_mode: false
- name: remove ~/bin if not a link
file:
state: absent
path: "/home/{{ user.name }}/bin"
when:
- bin_stat.stat.exists
- not bin_stat.stat.islnk
- name: link bin directory
file:
state: link
force: true
follow: false
path: "/home/{{ user.name }}/bin"
src: /var/lib/dotfiles/bin
owner: "{{ user.name }}"
group: "{{ user.name }}"
tags: tags:
- dotfiles - dotfiles
block:
- name: load dotfile list
include_vars:
file: dotfiles.yml
- block: - name: get state of empty directories
- name: install vim plugins stat:
command: nvim --headless +PlugInstall +qall path: ~/{{ item.name }}
register: vim_plugin_install register: empty_dir_stat
changed_when: vim_plugin_install.stderr != "" with_items: "{{ empty_directories }}"
check_mode: false
loop_control:
label: "{{ item.name }}"
- name: update vim plugins - name: remove symlinks
command: nvim --headless +PlugUpdate +qall file:
register: vim_plugin_update path: "{{ item.stat.path }}"
changed_when: vim_plugin_update.stderr != "" state: absent
when: item.stat.exists and item.stat.islnk
with_items: "{{ empty_dir_stat.results }}"
loop_control:
label: "{{ item.item.name }}"
tags: [vim-plugins] - name: create empty directories for dotfiles
file:
state: directory
path: ~/{{ item.name }}
mode: "{{ item.mode | default('0755') }}"
with_items: "{{ empty_directories }}"
loop_control:
label: "{{ item.name }}"
- block: - name: link this folder to ~/.dotfiles
- name: create firefox directories file:
firefox_profile: state: link
name: "{{ item.key }}" force: true
loop: "{{ user.firefox_profiles | dict2items }}" follow: false
register: firefox_profile_names owner: "{{ user.name }}"
group: "{{ user.name }}"
path: "/home/{{ user.name }}/.dotfiles"
src: "{{ playbook_dir }}"
become: true
become_user: root
- set_fact: - name: get state of copy targets
firefox_preferences: stat:
browser.aboutConfig.showWarning: false path: ~/{{ item.to }}
extensions.pocket.enabled: false register: copy_stat
toolkit.legacyUserProfileCustomizations.stylesheets: true when: not item.template|default(false)
browser.contentblocking.category: "strict" with_items: "{{ dotfiles }}"
browser.newtabpage.enabled: false check_mode: false
browser.shell.checkDefaultBrowser: false loop_control:
browser.startup.homepage: "about:blank" label: "{{ item.to }}"
privacy.trackingprotection.enabled: true
privacy.trackingprotection.socialtracking.enabled: true
general.smoothScroll: false
# Restore last session on startup - name: remove invalid copy target (directories)
# https://support.mozilla.org/de/questions/1235263 file:
browser.startup.page: 3 path: "{{ item.stat.path }}"
browser.sessionstore.resume_from_crash: true state: absent
when:
- not item.skipped is defined or not item.skipped
- item.stat.exists
- item.stat.isdir
with_items: "{{ copy_stat.results }}"
loop_control:
label: "{{ item.item.from }}"
# "Play DRM-controlled content" - name: make sure target directories exist
media.eme.enabled: true file:
state: directory
path: "{{ (['/home', user.name, item.to]|join('/')) | dirname }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
with_items: "{{ dotfiles }}"
become: true
become_user: root
loop_control:
label: "{{ item.to }}"
# "Recommend (extensions|features) as you browse" - name: link dotfiles
browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons: false file:
browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features: false state: link
force: true
follow: false
path: "/home/{{ user.name }}/{{ item.to }}"
src: /var/lib/dotfiles/{{ item.from }}
owner: "{{ user.name }}"
group: "{{ user.name }}"
when: not item.template|default(false)
with_items: "{{ dotfiles }}"
become: true
become_user: root
loop_control:
label: "{{ item.to }}"
# "Ask to save logins and passwords for websites" - name: get state of template targets
signon.rememberSignons: false stat:
path: ~/{{ item.to }}
register: template_stat
when: item.template|default(false)
with_items: "{{ dotfiles }}"
check_mode: false
loop_control:
label: "{{ item.to }}"
# "Allow Firefox to make personalized extension recommendations" - name: remove invalid template target (directory or symlink)
browser.discovery.enabled: false file:
path: "{{ item.stat.path }}"
state: absent
when:
- not item.skipped is defined or not item.skipped
- item.stat.exists
- not item.stat.isreg
with_items: "{{ template_stat.results }}"
loop_control:
label: "{{ item.item.to }}"
# "Allow Firefox to install and run studies" - name: deploy dotfiles templates
app.shield.optoutstudies.enabled: false template:
src: /var/lib/dotfiles/{{ item.from }}.j2
dest: "/home/{{ user.name }}/{{ item.to }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
force: true
become: true
become_user: root
when: item.template|default(false)
with_items: "{{ dotfiles }}"
loop_control:
label: "{{ item.to }}"
# "Check spelling as you type" - name: remove dotfiles
layout.spellcheckDefault: 0 file:
state: absent
path: "/home/{{ user.name }}/{{ item }}"
loop: "{{ dotfiles_remove }}"
# Ask for download directory - name: create directories
browser.download.useDownloadDir: false file:
state: directory
path: "{{ item }}"
with_items:
- ~/tmp
# (Try to) disable automatic update, as firefox is pulling a Windows - name: stat ~/bin
app.update.auto: false stat:
app.update.service.enabled: false path: "/home/{{ user.name }}/bin"
register: bin_stat
check_mode: false
# remove this camera / microphone overlay when in calls or similar - name: remove ~/bin if not a link
privacy.webrtc.legacyGlobalIndicator: false file:
state: absent
path: "/home/{{ user.name }}/bin"
when:
- bin_stat.stat.exists
- not bin_stat.stat.islnk
- include_role: - name: link bin directory
name: firefox file:
vars: state: link
firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}" force: true
loop: "{{ user.firefox_profiles | dict2items }}" follow: false
when: not ansible_check_mode path: "/home/{{ user.name }}/bin"
src: /var/lib/dotfiles/bin
owner: "{{ user.name }}"
group: "{{ user.name }}"
- name: firefox - create chrome directory - name: vim
file: tags:
path: "{{ item.profile_path }}/chrome/" - vim
state: directory block:
mode: '0755' - name: install vim plugins
with_items: "{{ firefox_profile_names.results }}" command: nvim --headless +PlugInstall +qall
when: not ansible_check_mode register: vim_plugin_install
loop_control: changed_when: vim_plugin_install.stderr != ""
label: "{{ item.profile_path }}"
- name: firefox - configure firefox custom css - name: update vim plugins
copy: command: nvim --headless +PlugUpdate +qall
dest: "{{ item.profile_path }}/chrome/userChrome.css" register: vim_plugin_update
content: | changed_when: vim_plugin_update.stderr != ""
#TabsToolbar {
visibility: collapse !important; - name: firefox
}
#titlebar {
visibility: collapse !important;
}
#sidebar-header {
visibility: collapse !important;
}
when:
- not ansible_check_mode
- user.firefox_profiles[item.profile_name].manage_css is sameas True
with_items: "{{ firefox_profile_names.results }}"
loop_control:
label: "{{ item.profile_path }}"
tags: tags:
- firefox - firefox
block:
- name: create firefox directories
firefox_profile:
name: "{{ item.key }}"
loop: "{{ user.firefox_profiles | dict2items }}"
check_mode: false
register: firefox_profile_names
- set_fact:
firefox_preferences:
browser.aboutConfig.showWarning: false
extensions.pocket.enabled: false
toolkit.legacyUserProfileCustomizations.stylesheets: true
browser.contentblocking.category: "strict"
browser.newtabpage.enabled: false
browser.shell.checkDefaultBrowser: false
browser.startup.homepage: "about:blank"
privacy.trackingprotection.enabled: true
privacy.trackingprotection.socialtracking.enabled: true
general.smoothScroll: false
# Restore last session on startup
# https://support.mozilla.org/de/questions/1235263
browser.startup.page: 3
browser.sessionstore.resume_from_crash: true
# "Play DRM-controlled content"
media.eme.enabled: true
# "Recommend (extensions|features) as you browse"
browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons: false
browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features: false
# "Ask to save logins and passwords for websites"
signon.rememberSignons: false
# "Allow Firefox to make personalized extension recommendations"
browser.discovery.enabled: false
# "Allow Firefox to install and run studies"
app.shield.optoutstudies.enabled: false
# "Check spelling as you type"
layout.spellcheckDefault: 0
# Ask for download directory
browser.download.useDownloadDir: false
# (Try to) disable automatic update, as firefox is pulling a Windows
app.update.auto: false
app.update.service.enabled: false
# remove this camera / microphone overlay when in calls or similar
privacy.webrtc.legacyGlobalIndicator: false
- include_role:
name: firefox
vars:
firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}"
loop: "{{ user.firefox_profiles | dict2items }}"
when: not ansible_check_mode
- name: firefox - create chrome directory
file:
path: "{{ item.profile_path }}/chrome/"
state: directory
mode: '0755'
with_items: "{{ firefox_profile_names.results }}"
when: not ansible_check_mode
loop_control:
label: "{{ item.profile_path }}"
- name: firefox - configure firefox custom css
copy:
dest: "{{ item.profile_path }}/chrome/userChrome.css"
content: |
#TabsToolbar {
visibility: collapse !important;
}
#titlebar {
visibility: collapse !important;
}
#sidebar-header {
visibility: collapse !important;
}
when:
- not ansible_check_mode
- user.firefox_profiles[item.profile_name].manage_css is sameas True
with_items: "{{ firefox_profile_names.results }}"
loop_control:
label: "{{ item.profile_path }}"
- name: handle autostart units - name: handle autostart units
block:
- name: create systemd user directory
file:
state: directory
path: ~/{{ item }}
loop:
- .config/
- .config/systemd/
- .config/systemd/user/
- name: link autostart service files
file:
state: link
force: true
follow: false
path: "/home/{{ user.name }}/.config/systemd/user/{{ item | basename }}"
src: "{{ item }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
with_fileglob: /var/lib/dotfiles/autostart/services/*
- name: get state of autostart.target
stat:
path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
register: autostart_target_stat
- name: remove invalid autostart.target
file:
path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
state: absent
when:
- autostart_target_stat.stat.exists
- not autostart_target_stat.stat.isreg
- name: deploy autostart.target
template:
src: ./autostart/autostart.target.j2
dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
owner: "{{ user.name }}"
group: "{{ user.name }}"
force: true
follow: false
tags: tags:
- autostart - autostart
block:
- name: create systemd user directory
file:
state: directory
path: ~/{{ item }}
loop:
- .config/
- .config/systemd/
- .config/systemd/user/
- block: - name: link autostart service files
- name: import gpg key file:
command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc state: link
register: gpg_import_output force: true
changed_when: not ("unchanged" in gpg_import_output.stderr) follow: false
path: "/home/{{ user.name }}/.config/systemd/user/{{ item | basename }}"
src: "{{ item }}"
owner: "{{ user.name }}"
group: "{{ user.name }}"
with_fileglob: /var/lib/dotfiles/autostart/services/*
- name: trust gpg key - name: get state of autostart.target
shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6" stat:
args: path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
executable: /bin/bash # required for <<< register: autostart_target_stat
register: gpg_trust_output
changed_when: gpg_trust_output.stderr_lines|length > 0 - name: remove invalid autostart.target
file:
path: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
state: absent
when:
- autostart_target_stat.stat.exists
- not autostart_target_stat.stat.isreg
- name: deploy autostart.target
template:
src: ./autostart/autostart.target.j2
dest: "/home/{{ user.name }}/.config/systemd/user/autostart.target"
owner: "{{ user.name }}"
group: "{{ user.name }}"
force: true
follow: false
- name: gpg
tags:
- gpg
block:
- name: import gpg key
command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
register: gpg_import_output
changed_when: not ("unchanged" in gpg_import_output.stderr)
- name: trust gpg key
shell: "gpg --import-ownertrust <<< {{ user.gpg_key.fingerprint }}:6"
args:
executable: /bin/bash # required for <<<
register: gpg_trust_output
changed_when: gpg_trust_output.stderr_lines|length > 0
when: user.gpg_key is defined when: user.gpg_key is defined
tags: [gpg]