Use aws-cli v2

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "ansible_roles/firefox"]
-	path = ansible_roles/firefox
-	url = https://github.com/staticdev/ansible-role-firefox
 [submodule "pkgbuilds/spotify"]
 	path = pkgbuilds/spotify
 	url = https://aur.archlinux.org/spotify.git
@@ -58,3 +55,6 @@
 [submodule "pkgbuilds/claude-code"]
 	path = pkgbuilds/claude-code
 	url = https://aur.archlinux.org/claude-code.git
+[submodule "pkgbuilds/aws-session-manager-plugin"]
+	path = pkgbuilds/aws-session-manager-plugin
+	url = https://aur.archlinux.org/aws-session-manager-plugin.git

_machines/hera.yml

@@ -18,6 +18,14 @@ additional_packages:
   - sddm
   - sddm-kcm
   - thunderbird
+  # kde archive manager
+  - ark
+  # kde image viewer
+  - gwenview
+  # german language packs
+  - hunspell-de
+  - thunderbird-i18n-de
+  - firefox-i18n-de
 
 users:
 - name: hannes

ansible.cfg

@@ -2,4 +2,4 @@
 retry_files_enabled = False
 nocows = 1
 roles_path = ./ansible_roles
-library = ./ansible_roles/firefox/library
+interpreter_python = "auto_silent"

applications/firefox.desktop

@@ -0,0 +1,4 @@
+[Desktop Entry]
+Type=Application
+Name=Firefox
+Exec=firefox-default --new-tab %u

autostart/autostart.target.j2

@@ -31,3 +31,4 @@ Wants=yubikey-touch-detector.service
 Wants=kdeconnect.service
 Wants=color-theme-dark.service
 Wants=workstation-mgr.service
+Wants=screencfg.service

autostart/services/firefox-gtk-override-bigger-font@.service

@@ -3,7 +3,7 @@ BindsTo=autostart.target
 After=windowmanager.target
 
 [Service]
-ExecStart=/usr/bin/env firefox --setDefaultBrowser -P %i
+ExecStart=/usr/bin/env firefox --profile %h/.mozilla/firefox/profile-%i
 PassEnvironment=DISPLAY
 Environment=XDG_CONFIG_HOME=%h/.config/gtk-3.0-overrides/bigger-font/
 Restart=always

autostart/services/firefox@.service

@@ -3,6 +3,6 @@ BindsTo=autostart.target
 After=windowmanager.target
 
 [Service]
-ExecStart=/usr/bin/env firefox --setDefaultBrowser -P %i
+ExecStart=/usr/bin/env firefox --profile %h/.mozilla/firefox/profile-%i
 PassEnvironment=DISPLAY
 Restart=always

autostart/services/screencfg.service

@@ -0,0 +1,8 @@
+[Unit]
+BindsTo=autostart.target
+After=windowmanager.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/screencfg watch --best
+Restart=always

bin/firefox-default

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+exec /usr/bin/firefox --profile "$HOME/.mozilla/firefox/profile-default" "${@}"

cargo/config.toml

@@ -3,4 +3,4 @@ rustc-wrapper = "sccache"
 
 [target.x86_64-unknown-linux-gnu]
 linker = "/usr/bin/clang"
-rustflags = ["-C", "link-arg=--ld-path=/usr/bin/mold"]
+rustflags = ["-Clink-arg=--ld-path=/usr/bin/wild"]

dotfiles.yml

@@ -99,6 +99,9 @@ dotfiles:
     to: .config/screencfg.toml
   - from: cargo/config.toml
     to: .local/state/cargo/config.toml
+  - from: applications
+    to: .local/share/applications
+    dir: true
 dotfiles_remove:
   - .gitconfig
   - .vimrc

git/gitconfig.j2

@@ -118,6 +118,13 @@
 [url "ssh://git@code.hkoerber.de:2222/"]
     insteadOf = https://code.hkoerber.de/
 
+# https://stackoverflow.com/a/71971739
+[url "https://github.com/"]
+    insteadOf = "git@github.com:"
+[url "git@github.com:"]
+    pushInsteadOf = "https://github.com/"
+    pushInsteadOf = "git@github.com:"
+
 [init]
 	defaultBranch = main
 [safe]

i3/i3status-rust/config.toml.j2

@@ -100,12 +100,6 @@ block = "custom"
 json = true
 command = "ping -n -q -w 2 -c 1 8.8.8.8 >/dev/null 2>/dev/null && printf '{\"text\":\"\",\"state\":\"Info\"}' || printf '{\"text\":\"\",\"state\":\"Critical\"}'"
 
-[[block]]
-block = "custom"
-command = "workstation-client weather get"
-# caching is handled by the workstation daemon
-interval = 60
-
 [[block]]
 block = "time"
 interval = 1

maintenance.sh

@@ -3,7 +3,7 @@
 set -o nounset
 set -o errexit
 
-sudo bash -c "pacman -Sy --needed archlinux-keyring && pacman -Su"
+sudo bash -c "pacman -Sy --needed --noconfirm archlinux-keyring && pacman -Su"
 
 ./update-aur-pkgs.sh
 

packages.yml

@@ -318,8 +318,6 @@ fzf:
   archlinux: ["fzf"]
 chromium:
   archlinux: ["chromium"]
-signal:
-  archlinux: ["signal-desktop"]
 go:
   archlinux: ["go", "gopls", "delve"]
 helix:
@@ -327,7 +325,7 @@ helix:
 keepassxc:
   archlinux: ["keepassxc"]
 awscli:
-  archlinux: ["aws-cli"]
+  archlinux: ["aws-cli-v2"]
 mariadb-client:
   archlinux: ["mariadb-clients"]
 php:
@@ -376,6 +374,7 @@ json:
 markdown:
   archlinux:
     - marksman
+    - mdformat
 lldb:
   archlinux:
     - lldb
@@ -447,6 +446,9 @@ mold:
   archlinux:
     - clang
     - mold
+wild:
+  archlinux:
+    - wild
 arch-packaging:
   archlinux:
     - namcap

playbook.yml

@@ -6,13 +6,13 @@
   tasks:
     - name: Read machine-specific variables
       ansible.builtin.include_vars:
-        file: _machines/{{ ansible_hostname }}.yml
+        file: _machines/{{ ansible_facts['hostname'] }}.yml
         name: machine
       tags:
         - always
 
     - ansible.builtin.set_fact:
-        distro: "{{ ansible_distribution | lower }}"
+        distro: "{{ ansible_facts['distribution'] | lower }}"
       tags:
         - always
 
@@ -208,13 +208,29 @@
           changed_when: unconfigured_packages_cmd.rc == 123
           become: true
 
-    - name: Enable reflector timer
+    - name: reflector
-      ansible.builtin.systemd:
+      block:
-        name: reflector.timer
+      - name: Configure reflector
-        enabled: true
+        ansible.builtin.copy:
-        state: started
+          dest: /etc/xdg/reflector/reflector.conf
-        daemon_reload: true
+          owner: root
-      become: true
+          group: root
+          mode: "0644"
+          content: |
+            --save /etc/pacman.d/mirrorlist
+            --protocol https
+            --country Germany
+            --latest 5
+            --sort age
+        become: true
+
+      - name: Enable reflector timer
+        ansible.builtin.systemd:
+          name: reflector.timer
+          enabled: true
+          state: started
+          daemon_reload: true
+        become: true
 
     - name: aur
       tags:
@@ -245,7 +261,7 @@
                   #!/usr/bin/env bash
                   source ./env
                   echo lel
-                  curl -sSf --proto '=https' https://download.spotify.com/debian/pubkey_C85668DF69375001.gpg | gpg --import -
+                  curl -sSf --proto '=https' https://download.spotify.com/debian/pubkey_5384CE82BA52C83A.gpg | gpg --import -
 
               - name: nodejs-intelephense
               - name: terraform-ls-bin
@@ -433,13 +449,14 @@
 
               source ./PKGBUILD
 
-              for arch in "${arch[@]}" ; do
+              for a in "${arch[@]}" ; do
-                if [[ "${arch}" == "any" ]] ; then
+                if [[ "${a}" == "any" ]] ; then
                   arch="any"
                   break
                 fi
-                if [[ "${arch}" == "x86_64" ]] ; then
+                if [[ "${a}" == "x86_64" ]] ; then
                   arch="x86_64"
+                  break
                 fi
               done
 
@@ -842,6 +859,175 @@
               ACTION=="add", SUBSYSTEM=="backlight", RUN+="/bin/chgrp video $sys$devpath/brightness", RUN+="/bin/chmod g+w $sys$devpath/brightness"
           become: true
 
+    - name: Firefox
+      tags:
+        - firefox
+      block:
+        - name: create firefox directories
+          file:
+            state: directory
+            path: "{{ item }}"
+            owner: root
+            group: root
+            mode: "0775"
+          become: true
+          become_user: root
+          loop:
+            - /etc/firefox
+            - /etc/firefox/policies
+
+        - set_fact:
+            firefox_policy:
+              policies:
+                AutofillAddressEnabled: false
+                AutofillCreditCardEnabled: false
+                DefaultDownloadDirectory: "${home}/download"
+                DisableFeedbackCommands: true
+                DisableFirefoxAccounts: true
+                DisableFirefoxStudies: true
+                DisableForgetButton: true
+                DisableMasterPasswordCreation: true
+                DisableProfileImport: true
+                DisableProfileRefresh: true
+                DisableSafeMode: true
+                DisableSetDesktopBackground: true
+                DisableTelemetry: true
+                DisplayBookmarksToolbar: "always"
+                DisplayMenuBar: "default-off"
+                DontCheckDefaultBrowser: true
+                EnableTrackingProtection:
+                  Value: true
+                  Locked: false
+                  Category: "strict"
+                  BaselineExceptions: true
+                  ConvenienceExceptions: false
+                ExtensionSettings:
+                  "*":
+                    allowed_types:
+                      - extension
+                  "jid1-KKzOGWgsW3Ao4Q@jetpack": # I don't care about cookies
+                    installation_mode: "normal_installed"
+                    install_url: "https://addons.mozilla.org/firefox/downloads/file/4202634/i_dont_care_about_cookies.xpi"
+                    default_area: "menupanel"
+                    private_browsing: true
+                    updates_disabled: false
+                  "uBlock0@raymondhill.net": # Ublock origin
+                    installation_mode: "normal_installed"
+                    install_url: "https://addons.mozilla.org/firefox/downloads/file/4598854/ublock_origin-1.67.0.xpi"
+                    default_area: "navbar"
+                    private_browsing: true
+                    updates_disabled: false
+                  "treestyletab@piro.sakura.ne.jp": # I don't care about cookies
+                    installation_mode: "normal_installed"
+                    install_url: "https://addons.mozilla.org/firefox/downloads/file/4602712/tree_style_tab-4.2.7.xpi"
+                    default_area: "navbar"
+                    private_browsing: true
+                    updates_disabled: false
+                  "{9063c2e9-e07c-4c2c-9646-cfe7ca8d0498}": # Old Reddit redirect
+                    installation_mode: "normal_installed"
+                    install_url: "https://addons.mozilla.org/firefox/downloads/file/4526031/old_reddit_redirect-2.0.9.xpi"
+                    default_area: "menupanel"
+                    private_browsing: true
+                    updates_disabled: false
+                FirefoxHome:
+                  Search: false
+                  TopSites: false
+                  SponsoredTopSites: false
+                  Highlights: false
+                  Pocket: false
+                  Stories: false
+                  SponsoredPocket: false
+                  SponsoredStories: false
+                  Snippets: false
+                  Locked: true
+                GenerativeAI:
+                  Enabled: false
+                  Chatbot: false
+                  LinkPreviews: false
+                  TabGroups: false
+                Homepage:
+                  URL: "about:newtab"
+                  StartPage: "previous-session"
+                MicrosoftEntraSSO: false
+                NewTabPage: false
+                NoDefaultBookmarks: true
+                OfferToSaveLogins: false
+                OverrideFirstRunPage: ""
+                PasswordManagerEnabled: false
+                Preferences:
+                  "browser.translations.automaticallyPopup":
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                  "browser.aboutConfig.showWarning":
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                  "general.smoothScroll":
+                    Value: true
+                    Status: "default"
+                    Type: "boolean"
+                  # "Play DRM-controlled content"
+                  "media.eme.enabled":
+                    Value: true
+                    Status: "default"
+                    Type: "boolean"
+                  # Restore last session on startup
+                  # https://support.mozilla.org/de/questions/1235263
+                  "browser.startup.page":
+                    Value: 3
+                    Status: "default"
+                    Type: "number"
+                  # reload the tabs properly when restoring
+                  "browser.sessionstore.restore_on_demand":
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                  # "Check spelling as you type"
+                  "layout.spellcheckDefault":
+                    Value: 0
+                    Status: "default"
+                    Type: "number"
+                  # remove ad tracking garbage
+                  "dom.private-attribution.submission.enabled":
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                  # (Try to) disable automatic update, as firefox is pulling a Windows
+                  "app.update.auto":
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                  "app.update.service.enabled": 
+                    Value: false
+                    Status: "default"
+                    Type: "boolean"
+                PromptForDownloadLocation: false
+                RequestedLocales:
+                  - en-US
+                  - de
+                SearchSuggestEnabled: false
+                ShowHomeButton: false
+                SkipTermsOfUse: true
+                UserMessaging:
+                  ExtensionRecommendations: false
+                  FeatureRecommendations: false
+                  UrlbarInterventions: false
+                  SkipOnboarding: true
+                  MoreFromMozilla: false
+                  FirefoxLabs: false
+                VisualSearchEnabled: false
+
+        - name: Firefox global policies
+          ansible.builtin.copy:
+            dest: "/etc/firefox/policies/policies.json"
+            owner: root
+            group: root
+            mode: "0644"
+            content: "{{ firefox_policy | to_nice_json }}"
+          become: true
+          become_user: root
+
     - set_fact:
         users: "{{ machine.users }}"
       tags:
@@ -864,7 +1050,7 @@
     - include_tasks: "{{ item }}"
       with_first_found:
         - files:
-            - "_machines/{{ ansible_hostname }}-tasks.yml"
+            - "_machines/{{ ansible_facts['hostname'] }}-tasks.yml"
           skip: true
       tags:
         - always

user.yml

@@ -274,99 +274,79 @@
   tags:
     - user:firefox
   block:
-    - name: Create firefox directories
+    - name: Create firefox base directories
-      firefox_profile:
-        name: "{{ item.key }}"
-      loop: "{{ user.firefox_profiles | dict2items }}"
-      check_mode: false
-      register: firefox_profile_names
-
-    - ansible.builtin.set_fact:
-        firefox_preferences:
-          browser.aboutConfig.showWarning: false
-          extensions.pocket.enabled: false
-          toolkit.legacyUserProfileCustomizations.stylesheets: true
-          browser.contentblocking.category: "strict"
-          browser.newtabpage.enabled: false
-          browser.startup.homepage: "about:blank"
-          privacy.trackingprotection.enabled: true
-          privacy.trackingprotection.socialtracking.enabled: true
-          general.smoothScroll: true
-
-          # Restore last session on startup
-          # https://support.mozilla.org/de/questions/1235263
-          browser.startup.page: 3
-          # reload the tabs properly when restoring
-          browser.sessionstore.restore_on_demand: false
-
-          # "Play DRM-controlled content"
-          media.eme.enabled: true
-
-          # "Recommend (extensions|features) as you browse"
-          browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons: false
-          browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features: false
-
-          # "Ask to save logins and passwords for websites"
-          signon.rememberSignons: false
-
-          # "Allow Firefox to make personalized extension recommendations"
-          browser.discovery.enabled: false
-
-          # "Allow Firefox to install and run studies"
-          app.shield.optoutstudies.enabled: false
-
-          # "Check spelling as you type"
-          layout.spellcheckDefault: 0
-
-          # Ask for download directory
-          browser.download.useDownloadDir: false
-
-          # (Try to) disable automatic update, as firefox is pulling a Windows
-          app.update.auto: false
-          app.update.service.enabled: false
-
-          # remove this camera / microphone overlay when in calls or similar
-          privacy.webrtc.legacyGlobalIndicator: false
-
-          # remove ad tracking garbage
-          dom.private-attribution.submission.enabled: false
-
-    - ansible.builtin.include_role:
-        name: firefox
-      vars:
-        firefox_profiles: "{{ {item.key: item.value} | combine({item.key: {'preferences': firefox_preferences}}, recursive=True) }}"
-      loop: "{{ user.firefox_profiles | dict2items }}"
-      when: not ansible_check_mode
-
-    - name: Firefox - create chrome directory
       ansible.builtin.file:
-        path: "{{ item.profile_path }}/chrome/"
+        path: "{{ item }}"
         state: directory
         mode: "0755"
-      with_items: "{{ firefox_profile_names.results }}"
+      loop:
-      when: not ansible_check_mode
+        - "~/.mozilla/"
-      loop_control:
+        - "~/.mozilla/firefox/"
-        label: "{{ item.profile_path }}"
 
-    - name: Firefox - configure firefox custom css
+    - name: Create firefox profile directories
+      ansible.builtin.file:
+        path: "~/.mozilla/firefox/profile-{{ item.key }}"
+        state: directory
+        mode: "0755"
+      loop: "{{ user.firefox_profiles | dict2items }}"
+      loop_control:
+        label: "{{ item.key }}"
+
+    - name: Create chrome directory
+      ansible.builtin.file:
+        path: "~/.mozilla/firefox/profile-{{ item.key }}/chrome/"
+        state: directory
+        mode: "0755"
+      loop: "{{ user.firefox_profiles | dict2items }}"
+      loop_control:
+        label: "{{ item.key }}"
+
+    - name: Configure firefox custom css
       ansible.builtin.copy:
-        dest: "{{ item.profile_path }}/chrome/userChrome.css"
+        dest: "~/.mozilla/firefox/profile-{{ item.key }}/chrome/userChrome.css"
+        # from https://www.kvakil.me/posts/2023-09-12-my-tree-style-tab-configuration.html
         content: |
-          #TabsToolbar {
+          // Hide the title bar.
-            visibility: collapse !important;
-          }
           #titlebar {
+            appearance: none !important;
+            height: 0px;
+          }
+
+          #titlebar > #toolbar-menubar {
+            margin-top: 0px;
+          }
+
+          // Hide regular tab toolbar.
+          #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar > .toolbar-items {
+            opacity: 0;
+            pointer-events: none;
+          }
+
+          #main-window:not([tabsintitlebar="true"]) #TabsToolbar {
             visibility: collapse !important;
           }
-          #sidebar-header {
+
-            visibility: collapse !important;
+          // Hide the side toolbar noise.
+          #TabsToolbar {
+            min-width: 0 !important;
+            min-height: 0 !important;
+          }
+
+          #TabsToolbar > .titlebar-buttonbox-container {
+            display: block;
+            position: absolute;
+            top: 12px;
+            left: 0px;
+          }
+
+          #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
+            display: none;
           }
       when:
-        - not ansible_check_mode
+        - item.value.manage_css is sameas True
-        - user.firefox_profiles[item.profile_name].manage_css is sameas True
+      loop: "{{ user.firefox_profiles | dict2items }}"
-      with_items: "{{ firefox_profile_names.results }}"
       loop_control:
-        label: "{{ item.profile_path }}"
+        label: "{{ item.key }}"
 
 - name: Handle user units
   tags:

zsh/zprofile.j2

@@ -8,7 +8,7 @@ export PATH="${HOME}/bin:${PATH}"
 
 export EDITOR="helix"
 export VISUAL="helix"
-export BROWSER="firefox"
+export BROWSER="firefox-default"
 
 export PAGER="less"
 export LESS="FRX"

zsh/zshrc.j2

@@ -333,12 +333,7 @@ embiggen() {
 }
 
 journal() {
-    journaldir=~/sync/journal/
+    $EDITOR ~/sync/journal/"$(date +%Y-%m-%d).md"
-    file="$journaldir/$(date +%Y-%m-%d).md"
-    if [[ ! -e $file ]] ; then
-        cp $journaldir/template.md $file || return
-    fi
-    $EDITOR $file
 }
 
 prefix() {