Add yazi

README.md

@@ -18,7 +18,7 @@ For easier installation, the install scripts are available via shortlinks. To
 (re)install a new machine from a Arch live environment:
 
 ```
-curl --proto '=https' -sSfL https://s.hkoerber.de/i/${hostname}.sh | bash
+curl --proto '=https' -O -sSfL https://s.hkoerber.de/i/bootstrap.sh && bash bootstrap.sh {host}
 ```
 
 ## Manual Installation

_machines/ares.yml

@@ -2,6 +2,7 @@ font_size: 11
 
 gpu: amd
 cpu: amd
+encrypted_root: true
 
 users:
 - name: hannes

_machines/dionysus.yml

@@ -2,6 +2,7 @@ font_size: 11
 
 gpu: intel
 cpu: intel
+encrypted_root: true
 
 users:
 - name: hannes

_machines/hera-tasks.yml

@@ -1,13 +1,5 @@
 ---
-- name: Enable sddm
-  ansible.builtin.systemd:
-    name: sddm.service
-    enabled: true
-    daemon_reload: true
-  become: true
-
 - name: Autoupdate
-  tags: [test]
   block:
     - name: Deploy autoupdate script
       copy:
@@ -35,7 +27,10 @@
               exit 0
           fi
 
-          pacman --sync --refresh --sysupgrade --noprogressbar --noconfirm
+          # Make sure that keys are up to date, otherwise sig checks may fail
+          pacman --sync --noprogressbar --noconfirm --refresh --needed archlinux-keyring
+
+          pacman --sync --noprogressbar --noconfirm --sysupgrade
 
     - name: Install pacman autoupdate service
       ansible.builtin.copy:
@@ -91,7 +86,6 @@
           - dotfiles
           - libvirt
           - wheel
-          - vboxusers
           - wireshark
           - docker
           - sudonopw
@@ -102,31 +96,167 @@
         skeleton: /dev/null
       become: true
 
-- name: Create sddm config folder
+- name: Display Manager
-  ansible.builtin.file:
+  block:
-    state: directory
+    - name: Enable sddm
-    path: /etc/sddm.conf.d/
+      ansible.builtin.systemd:
-    owner: root
+        name: sddm.service
-    group: root
+        enabled: true
-    mode: "0755"
+        daemon_reload: true
+      become: true
 
-- name: Enable autologin
+    - name: Create sddm config folder
-  ansible.builtin.copy:
+      ansible.builtin.file:
-    dest: /etc/sddm.conf.d/autologin.conf
+        state: directory
-    owner: root
+        path: /etc/sddm.conf.d/
-    group: root
+        owner: root
-    mode: "0644"
+        group: root
-    content: |
+        mode: "0755"
-      [Autologin]
-      User=herta
-      Session=plasma
 
-- name: Lock on startup
+    - name: Enable autologin
-  ansible.builtin.copy:
+      ansible.builtin.copy:
-    dest: /etc/xdg/kscreenlockerrc
+        dest: /etc/sddm.conf.d/autologin.conf
-    owner: root
+        owner: root
-    group: root
+        group: root
-    mode: "0644"
+        mode: "0644"
-    content: |
+        content: |
-      [Daemon]
+          [Autologin]
-      LockOnStart=true
+          User=herta
+          Session=plasma
+
+    - name: Lock on startup
+      ansible.builtin.copy:
+        dest: /etc/xdg/kscreenlockerrc
+        owner: root
+        group: root
+        mode: "0644"
+        content: |
+          [Daemon]
+          LockOnStart=true
+
+- name: Backup
+  block:
+    - name: create restic config directory
+      file:
+        path: /etc/restic
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+      become: true
+
+    - name: create restic exclude file
+      copy:
+        dest: /etc/restic/exclude.lst
+        content: |
+          /home/*/.cache/**
+          /home/*/.mozilla/firefox/*/Cache/**
+        owner: root
+        group: root
+        mode: "0755"
+      become: true
+
+    - name: create restic cache directory
+      file:
+        path: /var/cache/restic
+        state: directory
+        owner: root
+        group: root
+        mode: "0700"
+      become: true
+
+    - name: create restic wrapper script
+      copy:
+        owner: root
+        group: root
+        mode: "0700"
+        dest: /usr/local/bin/restic-cmd
+        content: |
+          #!/usr/bin/env bash
+          source /etc/restic/env
+
+          set -o nounset
+          set -o errexit
+          set -o pipefail
+
+          export B2_ACCOUNT_ID
+          export B2_ACCOUNT_KEY
+
+          export RESTIC_PASSWORD_FILE=/etc/restic/repopassword
+
+          restic \
+            --cache-dir=/var/cache/restic/ \
+            --repo="b2:${BUCKET_NAME}:backup" \
+            --password-file=/etc/restic/repopassword \
+            --verbose \
+            "${@}"
+      become: true
+
+    - name: add backup script
+      copy:
+        owner: root
+        group: root
+        mode: "0700"
+        dest: /usr/local/bin/restic-backup
+        content: |
+          #!/usr/bin/env bash
+
+          set -o nounset
+          set -o errexit
+          set -o pipefail
+
+          run() {
+            name="${1}" ; shift
+            printf '[%s] %s - start\n' "${name}" "$(date --utc --iso-8601=seconds)"
+            "${@}"
+            printf '[%s] %s - end\n' "${name}" "$(date --utc --iso-8601=seconds)"
+          }
+
+          run backup restic-cmd \
+              backup \
+              --exclude-file /etc/restic/exclude.lst \
+              /home/
+
+          run forget restic-cmd \
+              forget \
+              --prune
+              --keep-daily 30 \
+              --keep-monthly 12 \
+              --keep-yearly 3
+      become: true
+
+
+    - name: Install restic backup service
+      ansible.builtin.copy:
+        dest: /etc/systemd/system/restic-backup.service
+        owner: root
+        group: root
+        mode: "0644"
+        content: |
+          [Service]
+          Type=oneshot
+          ExecStart=systemd-inhibit /usr/local/bin/restic-backup
+      become: true
+
+    - name: Install restic backup timer
+      ansible.builtin.copy:
+        dest: /etc/systemd/system/restic-backup.timer
+        owner: root
+        group: root
+        mode: "0644"
+        content: |
+          [Timer]
+          OnCalendar=daily
+          Persistent=true
+
+          [Install]
+          WantedBy=multi-user.target
+      become: true
+
+    - name: Enable restic backup timer
+      ansible.builtin.systemd:
+        name: restic-backup.timer
+        enabled: true
+        state: started
+        daemon_reload: true
+      become: true

_machines/hera.yml

@@ -2,6 +2,7 @@ font_size: 11
 
 gpu: intel
 cpu: intel
+encrypted_root: false
 
 # make sure that display manager works
 system_default_target: "graphical.target"

_machines/neptune.yml

@@ -2,6 +2,7 @@ font_size: 11
 
 gpu: nvidia
 cpu: intel
+encrypted_root: true
 
 users:
 - name: hannes-work

drivers.yml

@@ -26,3 +26,9 @@ gpu:
     - lib32-vulkan-nouveau
     - vulkan-headers
     - vulkan-tools
+  intel:
+    - mesa
+    - mesa-utils
+    - lib32-mesa
+    - vulkan-intel
+    - lib32-vulkan-intel

install_scripts/ares.sh

@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
     device: ${DEVICE}
 
     ${DEVICE}1 : name=uefi      , size=512M , type=uefi
-    ${DEVICE}2 : name=boot      , size=512M , type=linux
+    ${DEVICE}2 : name=boot      , size=1G   , type=linux
     ${DEVICE}3 : name=cryptpart ,             type=linux
 EOF
 
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
 127.0.1.1 ares
 EOF
 
-sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
+sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
 
 mkinitcpio -P
 

install_scripts/dionysus.sh

@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
     device: ${DEVICE}
 
     ${DEVICE}p1 : name=uefi      , size=512M , type=uefi
-    ${DEVICE}p2 : name=boot      , size=512M , type=linux
+    ${DEVICE}p2 : name=boot      , size=1G   , type=linux
     ${DEVICE}p3 : name=cryptpart ,             type=linux
 EOF
 
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
 127.0.1.1 dionysus
 EOF
 
-sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
+sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
 
 mkinitcpio -P
 

install_scripts/hera.sh

@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
     device: ${DEVICE}
 
     ${DEVICE}p1 : name=uefi, size=512M , type=uefi
-    ${DEVICE}p2 : name=boot, size=512M , type=linux
+    ${DEVICE}p2 : name=boot, size=1G   , type=linux
     ${DEVICE}p3 : name=swap, size=16G  , type=linux
     ${DEVICE}p4 : name=root, size=60G  , type=linux
     ${DEVICE}p5 : name=home,             type=linux
@@ -83,7 +83,7 @@ cat <<EOF > /etc/hosts
 127.0.1.1 hera
 EOF
 
-sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block filesystems resume fsck)/' /etc/mkinitcpio.conf
+sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems resume fsck)/' /etc/mkinitcpio.conf
 
 mkinitcpio -P
 

install_scripts/neptune.sh

@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
     device: ${DEVICE}
 
     ${DEVICE}p1 : name=uefi      , size=512M , type=uefi
-    ${DEVICE}p2 : name=boot      , size=512M , type=linux
+    ${DEVICE}p2 : name=boot      , size=1G   , type=linux
     ${DEVICE}p3 : name=cryptpart ,             type=linux
 EOF
 
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
 127.0.1.1 neptune
 EOF
 
-sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
+sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
 
 mkinitcpio -P
 

maintenance.sh

@@ -3,7 +3,7 @@
 set -o nounset
 set -o errexit
 
-sudo pacman -Syu
+sudo bash -c "pacman -Sy --needed archlinux-keyring && pacman -Syu"
 
 ./update-aur-pkgs.sh
 

packages.yml

@@ -226,8 +226,6 @@ cloc:
   archlinux: ["cloc"]
 bwm-ng:
   archlinux: ["bwm-ng"]
-virtualbox:
-  archlinux: ["virtualbox"]
 ssh:
   archlinux: ["openssh"]
 sshfs:
@@ -573,3 +571,20 @@ podman:
 pulumi:
   archlinux:
     - pulumi
+reflector:
+  archlinux:
+    - reflector
+yazi:
+  archlinux:
+    - yazi
+    - ffmpeg
+    - 7zip
+    - jq
+    - poppler
+    - fd
+    - ripgrep
+    - fzf
+    - xsel
+    - zoxide
+    - resvg
+    - imagemagick

playbook.yml

@@ -208,6 +208,14 @@
           changed_when: unconfigured_packages_cmd.rc == 123
           become: true
 
+    - name: Enable reflector timer
+      ansible.builtin.systemd:
+        name: reflector.timer
+        enabled: true
+        state: started
+        daemon_reload: true
+      become: true
+
     - name: aur
       tags:
         - aur
@@ -530,6 +538,25 @@
         state: present
       become: true
 
+    - name: set mkinitcpio hooks
+      set_fact:
+        mkinitcpio_hooks: "base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck"
+      when: machine.encrypted_root|bool
+
+    - name: set mkinitcpio hooks
+      set_fact:
+        mkinitcpio_hooks: "base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems resume fsck"
+      when: not machine.encrypted_root|bool
+
+    - name: configure mkinitcpio hooks
+      lineinfile:
+        path: /etc/mkinitcpio.conf
+        regexp: "^#?HOOKS=.*$"
+        line: 'HOOKS=({{ mkinitcpio_hooks }})'
+      become: true
+      notify:
+        - rebuild initrd
+
     - name: use vz4 for mkinitcpio compression
       lineinfile:
         path: /etc/mkinitcpio.conf
@@ -761,6 +788,15 @@
                     name: "{{ drivers.gpu.nvidia }}"
                     state: present
                   become: true
+
+            - name: Intel configuration
+              when: machine.gpu == 'intel'
+              block:
+                - name: install intel packages
+                  package:
+                    name: "{{ drivers.gpu.intel }}"
+                    state: present
+                  become: true
           when:
             - machine.gpu is defined
 

update-aur-pkgs.sh

@@ -11,7 +11,7 @@ for pkg in pkgbuilds/* ; do
         printf "checking local package %s\n" "${pkg}"
         (
             builtin cd "${pkg}" || exit 1
-            makepkg --nodeps --nobuild --noextract
+            makepkg --nodeps --nobuild --noextract --cleanbuild
         )
     fi
     if git status --porcelain "${pkg}" | grep -q . ; then

user.yml

@@ -6,7 +6,6 @@
         user_groups:
           - libvirt
           - wheel
-          - vboxusers
           - wireshark
           - docker
           - sudonopw
@@ -27,7 +26,8 @@
         state: present
         home: "/home/{{ user.name }}"
         create_home: true
-        groups: "{{ [user.name, 'dotfiles'] + user_groups }}"
+        group: "{{ user.name }}"
+        groups: "{{ ['dotfiles'] + user_groups }}"
         shell: /usr/bin/zsh
         skeleton: /dev/null
       become: true

zsh/zshrc.j2

@@ -379,6 +379,16 @@ tmp() {
     fi
 }
 
+# taken verbatim from https://yazi-rs.github.io/docs/quick-start, extended with "command" in
+# the last line to not use aliased `rm`
+function y() {
+    local tmp="$(mktemp -t "yazi-cwd.XXXXXX")" cwd
+    yazi "$@" --cwd-file="$tmp"
+    IFS= read -r -d '' cwd < "$tmp"
+    [ -n "$cwd" ] && [ "$cwd" != "$PWD" ] && builtin cd -- "$cwd"
+    command rm -f -- "$tmp"
+}
+
 setopt PROMPT_SUBST
 
 autoload -Uz vcs_info