Fix permissions for gpg directory

.gitmodules

@@ -13,3 +13,6 @@
 [submodule "pkgbuilds/vim-plug"]
 	path = pkgbuilds/vim-plug
 	url = https://aur.archlinux.org/vim-plug.git
+[submodule "pkgbuilds/terraform-ls-bin"]
+	path = pkgbuilds/terraform-ls-bin
+	url = https://aur.archlinux.org/terraform-ls-bin.git

_machines/ares.yml

@@ -3,8 +3,6 @@ font_size_2: 12
 
 gpu: amd
 
-i3bar_icon_padding: " "
-
 users:
 - name: hannes
   vt: 1

_machines/neptune.yml

@@ -1,7 +1,7 @@
 font_size_1: 12
 font_size_2: 12
 
-i3bar_icon_padding: ""
+gpu: nvidia
 
 users:
 - name: hannes-work

autostart/services/laptop-lid.service

@@ -5,6 +5,6 @@ ConditionPathExists=%t/features/machine_is_laptop
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/env bash -c 'grep "^${ACPI_LID_NAME}.*enabled" /proc/acpi/wakeup && echo " ${ACPI_LID_NAME}" | sudo tee /proc/acpi/wakeup || true'
+ExecStart=/usr/bin/env bash -c 'grep "^LID.*enabled" /proc/acpi/wakeup && echo " LID" | sudo tee /proc/acpi/wakeup || true'
 RemainAfterExit=true
 PassEnvironment=DISPLAY

autostart/services/xresources.service

@@ -4,6 +4,6 @@ After=windowmanager.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/env xrdb -merge -I%h %h/.Xresources
+ExecStart=/usr/bin/env xrdb -merge -I%h %h/.config/Xresources
 RemainAfterExit=true
 PassEnvironment=DISPLAY

detect-missing-packages.py

@@ -16,4 +16,4 @@ for appname, appconfig in apps['packages']['list'].items():
                 missing_config[distro] = []
             missing_config[distro].append(appname)
 
-print(yaml.dump(missing_config))
+print(yaml.dump(missing_config), end="")

dotfiles.yml

@@ -1,6 +1,4 @@
 empty_directories:
-  - name: .gnupg
-    mode: '0700'
   - name: .config/nvim
   - name: .config/rofi
   - name: .config/gtk-3.0
@@ -15,17 +13,18 @@ empty_directories:
   - name: .config/git
   - name: .config/tmux
   - name: .config/i3
+  - name: .config/zsh
 dotfiles:
   - from: git/gitconfig
     to: .config/git/config
     template: true
   - from: gnupg/dirmngr.conf
-    to: .gnupg/dirmngr.conf
+    to: .local/state/gnupg/dirmngr.conf
   - from: gnupg/gpg-agent.conf
-    to: .gnupg/gpg-agent.conf
+    to: .local/state/gnupg/gpg-agent.conf
     template: true
   - from: gnupg/gpg.conf
-    to: .gnupg/gpg.conf
+    to: .local/state/gnupg/gpg.conf
     template: true
   - from: i3/config
     to: .config/i3/config
@@ -44,16 +43,17 @@ dotfiles:
   - from: vim/vimrc
     to: .config/nvim/init.vim
   - from: x/Xresources
-    to: .Xresources
-    template: true
+    to: .config/Xresources
   - from: x/xinitrc
-    to: .xinitrc
+    to: .config/xinitrc
   - from: zsh/zprofile
-    to: .zprofile
+    to: .config/zsh/.zprofile
     template: true
   - from: zsh/zshrc
-    to: .zshrc
+    to: .config/zsh/.zshrc
     template: true
+  - from: zsh/zshenv
+    to: .zshenv
   - from: dunst/dunstrc
     to: .config/dunstrc
     template: true

gnupg/gpg-agent.conf.j2

@@ -9,3 +9,6 @@ enable-ssh-support
 {% endif %}
 
 pinentry-program /usr/bin/pinentry-qt
+
+extra-socket none
+browser-socket none

i3/i3status-rust/config.toml.j2

@@ -1,4 +1,4 @@
-icons_format = "{{ machine.i3bar_icon_padding }}{icon}{{ machine.i3bar_icon_padding }}"
+icons_format = "{icon}"
 
 [icons]
 icons = "awesome"
@@ -55,14 +55,7 @@ update = true
 
 [[block]]
 block = "net"
-format = " $icon{ $signal_strength|}{ $ssid | }"
-
-[[block]]
-block = "load"
-format = " $icon $1m.eng(w:4) "
-warning = 4
-critical = 1000
-interval = 1
+format = " $icon{ $signal_strength|}{ $ssid.str(max_width:10) | }"
 
 [[block]]
 block = "battery"

packages.yml

@@ -68,6 +68,11 @@ packages:
       archlinux: ["ttf-linux-libertine"]
     font-emoji:
       archlinux: ["noto-fonts-emoji"]
+    fonts:
+      archlinux:
+        - noto-fonts
+        - noto-fonts-extra
+        - noto-fonts-cjk
     git:
       # tk required for gitk
       archlinux: ["git", "tk", "git-delta", "git-filter-repo"]
@@ -145,7 +150,7 @@ packages:
     black:
       archlinux: ["python-black"]
     xbacklight:
-      archlinux: ["xorg-xbacklight"]
+      archlinux: ["acpilight"]
     wireshark:
       archlinux: ["wireshark-cli", "wireshark-qt"]
     nmap:
@@ -299,7 +304,7 @@ packages:
     signal:
       archlinux: ["signal-desktop"]
     go:
-      archlinux: ["go", "gopls"]
+      archlinux: ["go", "gopls", "delve"]
     helix:
       archlinux: ["helix"]
     keepassxc:
@@ -440,6 +445,9 @@ packages:
     css:
       archlinux:
         - vscode-css-languageserver
+    watchexec:
+      archlinux:
+        - watchexec
 
   remove:
     mousepad:

playbook.yml

@@ -238,6 +238,8 @@
 
               - name: vim-plug
 
+              - name: terraform-ls-bin
+
         - set_fact:
             aur_packages: "{{ aur_packages|map(attribute='dependencies', default=[]) | flatten + aur_packages }}"
 
@@ -605,39 +607,55 @@
           permit nopass nolog setenv {PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin} :sudonopw
       become: true
 
-    - block:
-      - name: install AMDGPU packages
-        package:
-          name:
-            - mesa
-            - lib32-mesa
-            - xf86-video-amdgpu
-            - vulkan-radeon
-            - lib32-vulkan-radeon
-            - libva-mesa-driver
-            - lib32-libva-mesa-driver
-            - mesa-vdpau
-            - lib32-mesa-vdpau
-          state: present
-        become: true
+    - name: gpu configuration
+      tags:
+        - gpu
+      block:
+        - name: AMD configuration
+          when: machine.gpu == 'amd'
+          block:
+            - name: install AMDGPU packages
+              package:
+                name:
+                  - mesa
+                  - lib32-mesa
+                  - xf86-video-amdgpu
+                  - vulkan-radeon
+                  - lib32-vulkan-radeon
+                  - libva-mesa-driver
+                  - lib32-libva-mesa-driver
+                  - mesa-vdpau
+                  - lib32-mesa-vdpau
+                state: present
+              become: true
 
-      - name: set AMDGPU options
-        copy:
-          owner: root
-          group: root
-          mode: "0600"
-          dest: /etc/X11/xorg.conf.d/20-amdgpu.conf
-          content: |
-            Section "Device"
-                Identifier "AMD"
-                Driver "amdgpu"
-                Option "VariableRefresh" "true"
-                Option "TearFree" "true"
-            EndSection
-        become: true
+            - name: set AMDGPU options
+              copy:
+                owner: root
+                group: root
+                mode: "0600"
+                dest: /etc/X11/xorg.conf.d/20-amdgpu.conf
+                content: |
+                  Section "Device"
+                      Identifier "AMD"
+                      Driver "amdgpu"
+                      Option "VariableRefresh" "true"
+                      Option "TearFree" "true"
+                  EndSection
+              become: true
 
+        - name: Nvidia configuration
+          when: machine.gpu == 'nvidia'
+          block:
+            - name: install nouveau packages
+              package:
+                name:
+                  - mesa
+                  - lib32-mesa
+                state: present
+              become: true
       when:
-        - machine.gpu is defined and machine.gpu == 'amd'
+        - machine.gpu is defined
 
     - set_fact:
         users: "{{ machine.users }}"
@@ -661,6 +679,21 @@
           state: absent
         become: true
 
+    - name: backlight configuration
+      tags:
+        - backlight
+      block:
+        # See https://wiki.archlinux.org/title/backlight#ACPI
+        - name: create udev rule to allow video group backlight access
+          copy:
+            dest: /etc/udev/rules.d/backlight.rules
+            owner: root
+            group: root
+            mode: '0644'
+            content: |
+              ACTION=="add", SUBSYSTEM=="backlight", RUN+="/bin/chgrp video $sys$devpath/brightness", RUN+="/bin/chmod g+w $sys$devpath/brightness"
+          become: true
+
     - include_tasks: user.yml
       args:
         apply:

remove-unconfigured-packages.sh

@@ -3,7 +3,6 @@
 declare -a aurdeps=()
 
 proctected=(
-  nvidia-dkms
   intel-ucode
   amd-ucode
   base
@@ -37,5 +36,7 @@ readarray -d $'\0' -t packages_to_remove < <(comm --zero-terminated -13 \
     printf '%s\0' "${package}"
   done) 
 
-sudo pacman -Rcns "${packages_to_remove[@]}"
+if (( "${#packages_to_remove}" > 0 )) ; then
+    sudo pacman -Rcns "${packages_to_remove[@]}"
+fi
 

user.yml

@@ -1,32 +1,36 @@
-- set_fact:
-    user_groups:
-      - libvirt
-      - wheel
-      - vboxusers
-      - wireshark
-      - docker
-      - sudonopw
-      - games
-      - kvm
+- name: base user configuration
+  tags: [user:base]
+  block:
+    - set_fact:
+        user_groups:
+          - libvirt
+          - wheel
+          - vboxusers
+          - wireshark
+          - docker
+          - sudonopw
+          - games
+          - kvm
+          - video
 
-- name: create user group
-  group:
-    name: "{{ user.name }}"
-    state: present
-  become: true
-  become_user: root
+    - name: create user group
+      group:
+        name: "{{ user.name }}"
+        state: present
+      become: true
+      become_user: root
 
-- name: create user
-  user:
-    name: "{{ user.name }}"
-    state: present
-    home: "/home/{{ user.name }}"
-    create_home: true
-    groups: "{{ [user.name, 'dotfiles'] + user_groups }}"
-    shell: /usr/bin/zsh
-    skeleton: /dev/null
-  become: true
-  become_user: root
+    - name: create user
+      user:
+        name: "{{ user.name }}"
+        state: present
+        home: "/home/{{ user.name }}"
+        create_home: true
+        groups: "{{ [user.name, 'dotfiles'] + user_groups }}"
+        shell: /usr/bin/zsh
+        skeleton: /dev/null
+      become: true
+      become_user: root
 
 - name: create systemd directory
   file:
@@ -39,30 +43,6 @@
     - "/home/{{ user.name }}/.config/systemd/"
     - "/home/{{ user.name }}/.config/systemd/user/"
 
-- name: disable undesired services
-  tags:
-    - undesired-services
-  block:
-    - set_fact:
-        undesired_user_services:
-          - gpg-agent.socket
-          - gpg-agent.sock.service
-          - gpg-agent-browser.socket
-          - gpg-agent-ssh.socket
-          - gpg-agent-extra.socket
-          - xdg-user-dirs-update.service
-          - gnome-keyring-daemon.service
-
-    # systemd needs a login session, machinectl handles that for us
-    - name: stop and mask undesired services
-      command:
-        cmd: machinectl --quiet --uid {{ user.name }} shell -- .host /usr/bin/env systemctl --user mask --now "{{ item }}"
-      become: true
-      become_user: root
-      register: undesired_service_cmd
-      changed_when: undesired_service_cmd.stderr != ""
-      loop: "{{ undesired_user_services }}"
-
 - name: create directory for getty autologin
   file:
     state: directory
@@ -88,7 +68,7 @@
 
 - name: configure dotfiles
   tags:
-    - dotfiles
+    - user:dotfiles
   block:
     - name: load dotfile list
       include_vars:
@@ -258,7 +238,7 @@
 
 - name: vim
   tags:
-    - vim
+    - user:vim
   block:
     - name: install vim plugins
       command: nvim --headless +PlugInstall +qall
@@ -272,7 +252,7 @@
 
 - name: firefox
   tags:
-    - firefox
+    - user:firefox
   block:
     - name: create firefox directories
       firefox_profile:
@@ -365,7 +345,7 @@
 
 - name: handle autostart units
   tags:
-    - autostart
+    - user:autostart
   block:
     - name: create systemd user directory
       file:
@@ -411,7 +391,7 @@
 
 - name: gpg
   tags:
-    - gpg
+    - user:gpg
   block:
     - name: import gpg key
       command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc

zsh/zprofile.j2

@@ -4,15 +4,7 @@ if [[ "$(passwd --status $USER | awk '{print $2}')" =~ ^(NP|L)$ ]] ; then
     while ! sudo passwd $USER ; do ; done
 fi
 
-_path=(
-    "$HOME/bin"
-    "$HOME/.cargo/bin"
-)
-
-for part in ${_path[@]} ; do
-    PATH="${part}:$PATH"
-done
-export PATH
+export PATH="${PATH}:${HOME}/bin"
 
 export EDITOR="helix"
 export VISUAL="helix"
@@ -25,10 +17,19 @@ export LANG=en_US.UTF-8
 export LC_TIME=de_DE.UTF-8
 export LC_COLLATE=C
 
-export GOPATH=~/.go
-export PATH=$PATH:$(go env GOPATH)/bin
+export XAUTHORITY="$XDG_RUNTIME_DIR"/Xauthority
 
-export ACPI_LID_NAME=LID
+export RUSTUP_HOME="$XDG_DATA_HOME"/rustup
+
+export GOPATH="$XDG_DATA_HOME"/go
+export GOMODCACHE="$XDG_CACHE_HOME"/go/mod 
+
+export SQLITE_HISTORY=$XDG_STATE_HOME/sqlite_history
+
+export KUBECONFIG="$XDG_CONFIG_HOME/kube"
+export KUBECACHEDIR="$XDG_CACHE_HOME/kube"
+
+export PATH="$PATH:$(go env GOPATH)/bin"
 
 export QT_QPA_PLATFORMTHEME=qt5ct
 
@@ -37,12 +38,30 @@ export XDG_CACHE_HOME="$HOME/.cache"
 export XDG_DATA_HOME="$HOME/.local/share"
 export XDG_STATE_HOME="$HOME/.local/state"
 
-export GNUPGHOME="$HOME/.gnupg"
-
 export PASSWORD_STORE_DIR="$HOME/.password-store"
 
 export GTK2_RC_FILES=${XDG_CONFIG_HOME}/gtkrc-2.0
 
+export CARGO_HOME="${XDG_STATE_HOME}/cargo"
+export PATH="${PATH}:${CARGO_HOME}/bin"
+
+export PASSWORD_STORE_DIR="$XDG_STATE_HOME"/pass
+
+export ANSIBLE_HOME="${XDG_CONFIG_HOME}/ansible"
+export ANSIBLE_CONFIG="${XDG_CONFIG_HOME}/ansible.cfg"
+export ANSIBLE_GALAXY_CACHE_DIR="${XDG_CACHE_HOME}/ansible/galaxy_cache"
+
+export DOCKER_CONFIG="$XDG_CONFIG_HOME"/docker
+
+export GNUPGHOME="$XDG_STATE_HOME"/gnupg
+mkdir -p "${GNUPGHOME}"
+chmod --quiet 700 "${GNUPGHOME}"
+
+export PYTHON_HISTORY=$XDG_STATE_HOME/python/history
+export PYTHONPYCACHEPREFIX=$XDG_CACHE_HOME/python
+
+export XINITRC="$XDG_CONFIG_HOME"/xinitrc
+
 umask 0022
 
 {% set env = machine.environment | combine(user.environment) %}

zsh/zshenv

@@ -0,0 +1 @@
+ZDOTDIR="$HOME/.config/zsh"

zsh/zshrc.j2

@@ -1,16 +1,8 @@
-[[ -z "$PS1" ]] && return
-
 {% if user.gpg_agent %}
 export GPG_TTY=$(tty)
 export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
 {% endif %}
 
-if [[ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] ; then
-    source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
-elif [[ -f /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]] ; then
-    source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
-fi
-
 {% if user.ssh_agent %}
 if ! pgrep -u "$USER" ssh-agent > /dev/null ; then
     ssh-agent > "$XDG_RUNTIME_DIR/ssh-agent.env"
@@ -61,7 +53,12 @@ bindkey '^x^e' edit-command-line
 
 HISTSIZE=100000
 SAVEHIST=100000
-HISTFILE="$HOME/.zsh_history"
+HISTFILE="$XDG_STATE_HOME/zsh_history"
+
+# Completion files: Use XDG dirs
+[ -d "$XDG_CACHE_HOME"/zsh ] || mkdir -p "$XDG_CACHE_HOME"/zsh
+zstyle ':completion:*' cache-path "$XDG_CACHE_HOME"/zsh/zcompcache
+compinit -d "$XDG_CACHE_HOME"/zsh/zcompdump-$ZSH_VERSION
 
 alias vim="nvim"
 
@@ -169,10 +166,6 @@ gitmaster() {
     git stash pop
 }
 
-_remote() {
-    [[ -n "$SSH_CONNECTION" ]]
-}
-
 cd() {
     builtin cd "$@" && ls
 }
@@ -371,30 +364,15 @@ tmp() {
     cd "$(mktemp -d)"
 }
 
-autoload -Uz vcs_info
-
-_vcsbase="%{$fg[red]%}[%r] %{$fg[blue]%}[%{%B%}%b%{$fg[red]%}%m%{$fg[blue]%}] %{$fg[red]%}%{%B%}%c%u"
-
-zstyle ':vcs_info:*' stagedstr 'I'
-zstyle ':vcs_info:*' unstagedstr 'M'
-
-zstyle ':vcs_info:*' enable git
-zstyle ':vcs_info:*' check-for-changes true
-zstyle ':vcs_info:*' get-revision true
-
-zstyle ':vcs_info:git*' formats "$_vcsbase"
-zstyle ':vcs_info:git*' actionformats "%{$fg[red]%}(%a) $_vcsbase"
-
-zstyle ':vcs_info:git*+set-message:*' hooks git-untracked git-st git-remotebranch
-
 +vi-git-untracked() {
     if [[ $(git rev-parse --is-inside-work-tree 2> /dev/null) == 'true' ]] && \
     [[ $(git ls-files --other --directory --exclude-standard | sed q | wc -l | tr -d ' ') == 1 ]] ; then
-        hook_com[unstaged]+='?%f'
+        hook_com[unstaged]+='+U'
     fi
 }
 
-+vi-git-st() {
++vi-git-remotebranch() {
+    local remote
     local ahead behind
     local -a gitstatus
 
@@ -404,43 +382,46 @@ zstyle ':vcs_info:git*+set-message:*' hooks git-untracked git-st git-remotebranc
     behind=$(git rev-list HEAD..${hook_com[branch]}@{upstream} 2>/dev/null | wc -l)
     (( $behind )) && gitstatus+=( "-${behind}" )
 
-    hook_com[misc]+=${(j:/:)gitstatus}
-}
-
-+vi-git-remotebranch() {
-    local remote
-
     remote=${$(git rev-parse --verify ${hook_com[branch]}@{upstream} \
         --symbolic-full-name 2>/dev/null)/refs\/remotes\/}
 
     if [[ -n ${remote} ]] ; then
-        hook_com[branch]="${hook_com[branch]} %b%{$fg[magenta]%}<${remote}>"
+        hook_com[branch]="%F{cyan}${hook_com[branch]}%F{$mainc}:%b%F{magenta}${remote}%F{yellow}${(j:/:)gitstatus}%F{$mainc}"
     fi
 }
 
+setopt PROMPT_SUBST
+
+autoload -Uz vcs_info
+
+zstyle ':vcs_info:*' stagedstr 'I'
+zstyle ':vcs_info:*' unstagedstr 'M'
+
+zstyle ':vcs_info:*' enable git
+zstyle ':vcs_info:*' check-for-changes true
+zstyle ':vcs_info:*' get-revision true
+
+zstyle ':vcs_info:*' formats "[%b] [%c%u]"
+zstyle ':vcs_info:*' actionformats '%a '
+
+zstyle ':vcs_info:git*+set-message:*' hooks git-untracked git-remotebranch
+
 precmd() {
     vcs_info
 }
 
-autoload -Uz vcs_info
-zstyle ':vcs_info:*' enable git hg
-zstyle ':vcs_info:*' check-for-changes true
-
-zstyle ':vcs_info:git*' formats "%{${fg[cyan]}%}[%{${fg[green]}%}%s%{${fg[cyan]}%}][%{${fg[blue]}%}%r/%S%%{${fg[cyan]}%}][%{${fg[blue]}%}%b%{${fg[yellow]}%}%m%u%c%{${fg[cyan]}%}]%{$reset_color%}"
-
-_topstr='%{$fg[green]%}%n@%m%{$fg[white]%}  ─  %{%B$fg[yellow]%}%~%{%b%} ${vcs_info_msg_0_}%{$fg[white]%} '
-botstr='%B${PINFO}%#%b '
-
-if _remote ; then
-    _topstr="%{$fg[red]%}[remote]%{$fg[white]%} ${_topstr}"
+if [[ -e "$XDG_RUNTIME_DIR/darkmode" ]] ; then
+    mainc=white
+else
+    mainc=black
 fi
 
-setopt prompt_subst
+_topstr='%F{green}%n%F{$mainc} ─ %B%F{yellow}%4~%b ${vcs_info_msg_0_}%F{$mainc} '
+botstr='%B${PINFO}%(!.#.$)%b '
 
-
-PROMPT='%{$fg[white]%}┌─ '"${_topstr}"'
+PROMPT='%F{$mainc}┌─ '"${_topstr}"'
 └─ '"${botstr}"
-RPROMPT="%{$fg[cyan]%}%*%{$fg[white]%} ─ [%?]"
+RPROMPT='%b%F{cyan}%*%F{$mainc} [%?]'
 
 autoload zkbd
 
@@ -472,4 +453,9 @@ bindkey '^i' expand-or-complete-prefix
 export FZF_DEFAULT_OPTS='--height 50% --border'
 eval "$(fzf --zsh)"
 
+# These have to be sourced at the end, see
+# https://github.com/zsh-users/zsh-syntax-highlighting?tab=readme-ov-file#why-must-zsh-syntax-highlightingzsh-be-sourced-at-the-end-of-the-zshrc-file
+source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
+source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
+
 {% endraw %}