Configure libvirt properly

services: Make unit suffix explicit
dotfiles-directory: Rework permission assertion
2024-10-02 23:45:53 +02:00 · 2024-10-02 23:45:53 +02:00 · 2024-10-02 23:45:53 +02:00 · 2024-10-02 23:18:18 +02:00
1 changed files with 78 additions and 11 deletions
--- a/playbook.yml
+++ b/playbook.yml
@@ -136,17 +136,29 @@
          become: true
          become_user: root

-        - name: fix permissions for dotfiles directory
+        - name: fix group for dotfiles directory
          shell: |
-            chown --changes --recursive dotfiles:dotfiles .
-            chmod --changes --recursive g+rwX .
+            chgrp --changes --recursive dotfiles . | grep -v "changed group of './.git/index'"
+          args:
+            executable: /bin/bash
+            chdir: /var/lib/dotfiles
+          register: dotfiles_group_change
+          become: true
+          become_user: root
+          failed_when: dotfiles_group_change.rc not in (0, 1)
+          changed_when: dotfiles_group_change.rc == 0 # == lines selected, i.e. some output
+
+        - name: fix group permissions for dotfiles directory
+          shell: |
+            chmod --changes --recursive g+rwX . | grep -v "mode of './.git/index'"
          args:
            executable: /bin/bash
            chdir: /var/lib/dotfiles
          register: dotfiles_permission_change
          become: true
          become_user: root
-          changed_when: dotfiles_permission_change.stdout_lines|length > 0
+          failed_when: dotfiles_permission_change.rc not in (0, 1)
+          changed_when: dotfiles_permission_change.rc == 0 # == lines selected, i.e. some output

    - name: packages
      tags:
@@ -514,28 +526,78 @@
      notify:
        - rebuild initrd

+    - name: libvirtd
+      tags:
+        - libvirtd
+      # Arch defaults to systemd socket activation. Hate that stuff, just run the
+      # damn daemon (so I notice early when something is wrong, not just when I
+      # want to use it).
+      block:
+        - name: mask sockets
+          service:
+            state: stopped
+            enabled: false
+            masked: true
+            name: "{{ item }}"
+          loop:
+            - libvirtd.socket
+            - libvirtd-tls.socket
+            - libvirtd-tcp.socket
+            - libvirtd-ro.socket
+            - libvirtd-admin.socket
+          become: true
+
+        # the libvirtd unit file contains the following setting:
+        #
+        # Environment=LIBVIRTD_ARGS="--timeout 120"
+        #
+        # This will make libvirtd stop after 120 seconds without connections or running
+        # domains. To convince the daemon to just keep being a daemon, this needs to be
+        # removed. Fortunately, the unit also contains the following:
+        #
+        # EnvironmentFile=-/etc/conf.d/libvirtd
+        #
+        # And `EnvironmentFile` trumps `Environment`. Otherwise we'd need to do some
+        # damn systemd override shenanigans.
+        - name: configure libvirtd env variable override
+          copy:
+            owner: root
+            group: root
+            mode: "0600"
+            dest: /etc/conf.d/libvirtd
+            content: |
+              LIBVIRTD_ARGS=
+          become: true
+          notify:
+            - restart libvirtd
+
+        - name: enable libvirtd
+          service:
+            state: started
+            enabled: true
+            name: libvirtd.service
+          become: true
+
    - name: services
      tags:
        - services
      block:
        - set_fact:
            disable_services:
-              - sshd.service
+              - sshd

        - name: disable services
          service:
            state: stopped
            enabled: false
-            name: "{{ item }}"
+            name: "{{ item }}.service"
          with_items: "{{ disable_services }}"
          become: true
-          when: manage_services|default(true)|bool

        - set_fact:
            enable_services:
              - NetworkManager
              - docker
-              - libvirtd
              - systemd-timesyncd
              - pcscd

@@ -543,10 +605,9 @@
          service:
            state: started
            enabled: true
-            name: "{{ item }}"
+            name: "{{ item }}.service"
          with_items: "{{ enable_services }}"
          become: true
-          when: manage_services|default(true)|bool

    - name: get systemd boot target
      command: systemctl get-default
@@ -758,3 +819,9 @@
        name: systemd-journald
        state: restarted
      become: true
+
+    - name: restart libvirtd
+      service:
+        name: libvirtd
+        state: restarted
+      become: true
Author	SHA1	Message	Date
Hannes Körber	146cbf39b7	Configure libvirt properly	2024-10-02 23:45:53 +02:00
Hannes Körber	59d9c95224	services: Make unit suffix explicit	2024-10-02 23:45:53 +02:00
Hannes Körber	9330040e00	dotfiles-directory: Rework permission assertion	2024-10-02 23:45:53 +02:00
Hannes Körber	34ad7579f1	Remove unused conditional	2024-10-02 23:18:18 +02:00