- name: configure system hosts: localhost connection: local become: false tasks: - name: read machine-specific variables include_vars: file: _machines/{{ ansible_hostname }}.yml name: machine tags: - always - set_fact: distro: "{{ ansible_distribution|lower }}" tags: - always - name: Check for valid distro assert: that: distro in ('fedora', 'ubuntu', 'archlinux') - block: - block: - name: Update apt cache apt: update_cache: true become: true changed_when: false - name: Upgrade system apt: upgrade: dist become: true - name: Remove unused packages apt: autoremove: true become: true - name: Clean apt cache apt: autoclean: true become: true when: distro == 'ubuntu' - block: - name: Update dnf cache dnf: update_cache: true become: true - name: Upgrade system dnf: name: '*' state: latest update_cache: false become: true - name: Remove unused packages dnf: autoremove: true update_cache: false become: true when: distro == 'fedora' - block: - name: enable multilib repository blockinfile: path: /etc/pacman.conf block: | [multilib] Include = /etc/pacman.d/mirrorlist become: true - name: Upgrade system pacman: upgrade: true update_cache: true become: true changed_when: false - name: install pacman-contrib for paccache package: name: pacman-contrib state: installed become: true - name: Clean cache command: paccache -rk2 -ruk0 become: true when: distro == 'archlinux' tags: [update_system] - name: install selinux specials on fedora dnf: state: installed name: - python3-libselinux - policycoreutils-python-utils become: true when: distro == 'fedora' - block: - name: load package list include_vars: file: packages.yml - name: enable neovim ppa apt_repository: repo: 'ppa:neovim-ppa/stable' update_cache: true become: true when: distro == 'ubuntu' - set_fact: defined_packages: "{{ packages|json_query('keys(list)') }}" - set_fact: distro_packages: "{{ packages|json_query('list.*.%s'|format(distro)) }}" - name: check list assert: that: "defined_packages|length == distro_packages|length" - set_fact: defined_packages_remove: "{{ packages|json_query('keys(remove)') }}" - set_fact: distro_packages_remove: "{{ packages|json_query('remove.*.%s'|format(distro)) }}" - name: check list assert: that: "defined_packages_remove|length == distro_packages_remove|length" - name: install packages package: name: "{{ packages|json_query(query) }}" state: installed become: true vars: query: "{{ 'list.*.%s[]'|format(distro) }}" - name: remove packages package: name: "{{ packages|json_query(query) }}" state: absent become: true vars: query: "{{ 'remove.*.%s[]'|format(distro) }}" - name: install machine-specific packages package: name: "{{ machine.packages }}" state: present when: machine.packages is defined become: true tags: [packages] - block: - name: configure timesyncd on arch copy: owner: root group: root mode: "0644" dest: /etc/systemd/timesyncd.conf content: | [Time] NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org become: true when: distro == 'archlinux' - set_fact: disable_services: - sshd when: distro == 'fedora' - set_fact: disable_services: - ssh when: distro == 'ubuntu' - set_fact: disable_services: - sshd when: distro == 'archlinux' - name: disable services service: state: stopped enabled: false name: "{{ item }}" with_items: "{{ disable_services }}" become: true when: manage_services|default(true)|bool - set_fact: enable_services: - NetworkManager # does not work with fedora 31 due to the switch to cgroups v2: # https://github.com/docker/cli/issues/2104 # https://bugzilla.redhat.com/show_bug.cgi?id=1746355#c1 # - docker - libvirtd when: distro == 'fedora' - set_fact: enable_services: - NetworkManager - docker - libvirtd when: distro == 'ubuntu' - set_fact: enable_services: - NetworkManager - docker - libvirtd - systemd-timesyncd when: distro == 'archlinux' - name: enable services service: state: started enabled: true name: "{{ item }}" with_items: "{{ enable_services }}" become: true when: manage_services|default(true)|bool - name: get systemd boot target command: systemctl get-default register: systemd_target changed_when: false check_mode: false - set_fact: default_target: multi-user.target - name: set systemd boot target command: systemctl set-default {{ default_target }} when: systemd_target.stdout != default_target become: true - name: handle lid switch lineinfile: path: /etc/systemd/logind.conf regexp: '^HandleLidSwitch=' line: 'HandleLidSwitch=ignore' become: true - name: handle power key lineinfile: path: /etc/systemd/logind.conf regexp: '^HandlePowerKey=' line: 'HandlePowerKey=suspend' become: true - block: - name: create sudonopw group group: name: sudonopw system: true - name: configure passwordless sudo copy: owner: root group: root mode: "0600" dest: /etc/sudoers.d/sudonopw content: | %sudonopw ALL=(ALL) NOPASSWD: ALL become: true when: distro == 'archlinux' - block: - name: install AMDGPU packages package: name: - mesa - lib32-mesa - xf86-video-amdgpu - vulkan-radeon - lib32-vulkan-radeon - libva-mesa-driver - lib32-libva-mesa-driver - mesa-vdpau - lib32-mesa-vdpau state: installed become: true - name: set AMDGPU options copy: owner: root group: root mode: "0600" dest: /etc/X11/xorg.conf.d/20-amdgpu.conf content: | Section "Device" Identifier "AMD" Driver "amdgpu" Option "VariableRefresh" "true" Option "TearFree" "true" EndSection become: true when: - distro == 'archlinux' - machine.gpu is defined and machine.gpu == 'amd' - name: create dotfiles group group: name: dotfiles state: present become: true become_user: root - name: create dotfiles directory file: state: directory path: /var/lib/dotfiles owner: nobody group: dotfiles mode: '0775' # group needs write access! become: true become_user: root - set_fact: users: "{{ machine.users }}" tags: - always - include_tasks: user.yml args: apply: become: true become_user: "{{ user.name }}" with_items: "{{ users }}" loop_control: loop_var: user tags: - always