Compare commits
4 Commits
a34ab937e5
...
146cbf39b7
| Author | SHA1 | Date | |
|---|---|---|---|
| 146cbf39b7 | |||
| 59d9c95224 | |||
| 9330040e00 | |||
| 34ad7579f1 |
87
playbook.yml
87
playbook.yml
@@ -136,17 +136,29 @@
|
|||||||
become: true
|
become: true
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|
||||||
- name: fix permissions for dotfiles directory
|
- name: fix group for dotfiles directory
|
||||||
shell: |
|
shell: |
|
||||||
chown --changes --recursive dotfiles:dotfiles .
|
chgrp --changes --recursive dotfiles . | grep -v "changed group of './.git/index'"
|
||||||
chmod --changes --recursive g+rwX .
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
chdir: /var/lib/dotfiles
|
||||||
|
register: dotfiles_group_change
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
failed_when: dotfiles_group_change.rc not in (0, 1)
|
||||||
|
changed_when: dotfiles_group_change.rc == 0 # == lines selected, i.e. some output
|
||||||
|
|
||||||
|
- name: fix group permissions for dotfiles directory
|
||||||
|
shell: |
|
||||||
|
chmod --changes --recursive g+rwX . | grep -v "mode of './.git/index'"
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
chdir: /var/lib/dotfiles
|
chdir: /var/lib/dotfiles
|
||||||
register: dotfiles_permission_change
|
register: dotfiles_permission_change
|
||||||
become: true
|
become: true
|
||||||
become_user: root
|
become_user: root
|
||||||
changed_when: dotfiles_permission_change.stdout_lines|length > 0
|
failed_when: dotfiles_permission_change.rc not in (0, 1)
|
||||||
|
changed_when: dotfiles_permission_change.rc == 0 # == lines selected, i.e. some output
|
||||||
|
|
||||||
- name: packages
|
- name: packages
|
||||||
tags:
|
tags:
|
||||||
@@ -514,28 +526,78 @@
|
|||||||
notify:
|
notify:
|
||||||
- rebuild initrd
|
- rebuild initrd
|
||||||
|
|
||||||
|
- name: libvirtd
|
||||||
|
tags:
|
||||||
|
- libvirtd
|
||||||
|
# Arch defaults to systemd socket activation. Hate that stuff, just run the
|
||||||
|
# damn daemon (so I notice early when something is wrong, not just when I
|
||||||
|
# want to use it).
|
||||||
|
block:
|
||||||
|
- name: mask sockets
|
||||||
|
service:
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
masked: true
|
||||||
|
name: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- libvirtd.socket
|
||||||
|
- libvirtd-tls.socket
|
||||||
|
- libvirtd-tcp.socket
|
||||||
|
- libvirtd-ro.socket
|
||||||
|
- libvirtd-admin.socket
|
||||||
|
become: true
|
||||||
|
|
||||||
|
# the libvirtd unit file contains the following setting:
|
||||||
|
#
|
||||||
|
# Environment=LIBVIRTD_ARGS="--timeout 120"
|
||||||
|
#
|
||||||
|
# This will make libvirtd stop after 120 seconds without connections or running
|
||||||
|
# domains. To convince the daemon to just keep being a daemon, this needs to be
|
||||||
|
# removed. Fortunately, the unit also contains the following:
|
||||||
|
#
|
||||||
|
# EnvironmentFile=-/etc/conf.d/libvirtd
|
||||||
|
#
|
||||||
|
# And `EnvironmentFile` trumps `Environment`. Otherwise we'd need to do some
|
||||||
|
# damn systemd override shenanigans.
|
||||||
|
- name: configure libvirtd env variable override
|
||||||
|
copy:
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
dest: /etc/conf.d/libvirtd
|
||||||
|
content: |
|
||||||
|
LIBVIRTD_ARGS=
|
||||||
|
become: true
|
||||||
|
notify:
|
||||||
|
- restart libvirtd
|
||||||
|
|
||||||
|
- name: enable libvirtd
|
||||||
|
service:
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
name: libvirtd.service
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: services
|
- name: services
|
||||||
tags:
|
tags:
|
||||||
- services
|
- services
|
||||||
block:
|
block:
|
||||||
- set_fact:
|
- set_fact:
|
||||||
disable_services:
|
disable_services:
|
||||||
- sshd.service
|
- sshd
|
||||||
|
|
||||||
- name: disable services
|
- name: disable services
|
||||||
service:
|
service:
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: false
|
enabled: false
|
||||||
name: "{{ item }}"
|
name: "{{ item }}.service"
|
||||||
with_items: "{{ disable_services }}"
|
with_items: "{{ disable_services }}"
|
||||||
become: true
|
become: true
|
||||||
when: manage_services|default(true)|bool
|
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
enable_services:
|
enable_services:
|
||||||
- NetworkManager
|
- NetworkManager
|
||||||
- docker
|
- docker
|
||||||
- libvirtd
|
|
||||||
- systemd-timesyncd
|
- systemd-timesyncd
|
||||||
- pcscd
|
- pcscd
|
||||||
|
|
||||||
@@ -543,10 +605,9 @@
|
|||||||
service:
|
service:
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
name: "{{ item }}"
|
name: "{{ item }}.service"
|
||||||
with_items: "{{ enable_services }}"
|
with_items: "{{ enable_services }}"
|
||||||
become: true
|
become: true
|
||||||
when: manage_services|default(true)|bool
|
|
||||||
|
|
||||||
- name: get systemd boot target
|
- name: get systemd boot target
|
||||||
command: systemctl get-default
|
command: systemctl get-default
|
||||||
@@ -758,3 +819,9 @@
|
|||||||
name: systemd-journald
|
name: systemd-journald
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
- name: restart libvirtd
|
||||||
|
service:
|
||||||
|
name: libvirtd
|
||||||
|
state: restarted
|
||||||
|
become: true
|
||||||
|
|||||||
Reference in New Issue
Block a user