--- - name: Autoupdate block: - name: Deploy autoupdate script copy: owner: root group: root mode: "0755" dest: /usr/local/bin/pacman-autoupdate content: | #!/usr/bin/env bash set -o errexit set -o nounset set -o pipefail # Prevent failures when not battery present shopt -s nullglob for battery in /sys/class/power_supply/*/capacity ; do capacity="$(< "$battery")" if (( "${capacity}" < 40 )) ; then printf "Battery at %s%%, exiting\n" "${capacity}" >&2 exit 0 fi done if nmcli --terse --fields GENERAL.METERED dev show 2>/dev/null | grep -q "yes" ; then printf "Detected metered connection, exiting\n" >&2 exit 0 fi # Make sure that keys are up to date, otherwise sig checks may fail pacman --sync --noprogressbar --noconfirm --refresh --needed archlinux-keyring pacman --sync --noprogressbar --noconfirm --sysupgrade - name: Install pacman autoupdate service ansible.builtin.copy: dest: /etc/systemd/system/pacman-autoupdate.service owner: root group: root mode: "0644" content: | [Service] Type=oneshot ExecStart=/usr/local/bin/pacman-autoupdate become: true - name: Install pacman autoupdate timer ansible.builtin.copy: dest: /etc/systemd/system/pacman-autoupdate.timer owner: root group: root mode: "0644" content: | [Timer] OnCalendar=daily OnBootSec=5min OnUnitInactiveSec=120min [Install] WantedBy=multi-user.target - name: Enable pacman autoupdate timer ansible.builtin.systemd: name: pacman-autoupdate.timer enabled: true state: started daemon_reload: true become: true become: true - name: User configuration block: - name: Create user group ansible.builtin.group: name: "herta" state: present become: true - name: Create user ansible.builtin.user: name: "herta" state: present home: "/home/herta" create_home: true groups: - dotfiles - libvirt - wheel - wireshark - docker - sudonopw - games - kvm - video shell: /usr/bin/zsh skeleton: /dev/null become: true - name: Display Manager block: - name: Enable sddm ansible.builtin.systemd: name: sddm.service enabled: true daemon_reload: true become: true - name: Create sddm config folder ansible.builtin.file: state: directory path: /etc/sddm.conf.d/ owner: root group: root mode: "0755" - name: Enable autologin ansible.builtin.copy: dest: /etc/sddm.conf.d/autologin.conf owner: root group: root mode: "0644" content: | [Autologin] User=herta Session=plasma - name: Lock on startup ansible.builtin.copy: dest: /etc/xdg/kscreenlockerrc owner: root group: root mode: "0644" content: | [Daemon] LockOnStart=true - name: Backup block: - name: create restic config directory file: path: /etc/restic state: directory owner: root group: root mode: "0755" become: true - name: create restic exclude file copy: dest: /etc/restic/exclude.lst content: | /home/*/.cache/** /home/*/.mozilla/firefox/*/Cache/** owner: root group: root mode: "0755" become: true - name: create restic cache directory file: path: /var/cache/restic state: directory owner: root group: root mode: "0700" become: true - name: create restic wrapper script copy: owner: root group: root mode: "0700" dest: /usr/local/bin/restic-cmd content: | #!/usr/bin/env bash source /etc/restic/env set -o nounset set -o errexit set -o pipefail export B2_ACCOUNT_ID export B2_ACCOUNT_KEY export RESTIC_PASSWORD_FILE=/etc/restic/repopassword restic \ --cache-dir=/var/cache/restic/ \ --repo="b2:${BUCKET_NAME}:backup" \ --password-file=/etc/restic/repopassword \ --verbose \ "${@}" become: true - name: add backup script copy: owner: root group: root mode: "0700" dest: /usr/local/bin/restic-backup content: | #!/usr/bin/env bash set -o nounset set -o errexit set -o pipefail run() { name="${1}" ; shift printf '[%s] %s - start\n' "${name}" "$(date --utc --iso-8601=seconds)" "${@}" printf '[%s] %s - end\n' "${name}" "$(date --utc --iso-8601=seconds)" } run backup restic-cmd \ backup \ --exclude-file /etc/restic/exclude.lst \ /home/ run forget restic-cmd \ forget \ --prune --keep-daily 30 \ --keep-monthly 12 \ --keep-yearly 3 become: true - name: Install restic backup service ansible.builtin.copy: dest: /etc/systemd/system/restic-backup.service owner: root group: root mode: "0644" content: | [Service] Type=oneshot ExecStart=systemd-inhibit /usr/local/bin/restic-backup become: true - name: Install restic backup timer ansible.builtin.copy: dest: /etc/systemd/system/restic-backup.timer owner: root group: root mode: "0644" content: | [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=multi-user.target become: true - name: Enable restic backup timer ansible.builtin.systemd: name: restic-backup.timer enabled: true state: started daemon_reload: true become: true