init commit
This commit is contained in:
opalvaults
20
roles/workstation/files/systemd/user/syncthing.service
Normal file
20
roles/workstation/files/systemd/user/syncthing.service
Normal file
@@ -0,0 +1,20 @@
|
||||
[Unit]
|
||||
Description=Syncthing - Open Source Continuous File Synchronization
|
||||
Documentation=man:syncthing(1)
|
||||
StartLimitIntervalSec=60
|
||||
StartLimitBurst=4
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
|
||||
Restart=on-failure
|
||||
RestartSec=1
|
||||
SuccessExitStatus=3 4
|
||||
RestartForceExitStatus=3 4
|
||||
|
||||
# Hardening
|
||||
SystemCallArchitectures=native
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
108
roles/workstation/tasks/main.yml
Normal file
108
roles/workstation/tasks/main.yml
Normal file
@@ -0,0 +1,108 @@
|
||||
---
|
||||
- name: Install packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
loop: "{{ packages }}"
|
||||
|
||||
- name: Install pip3 packages
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ pip_packages }}"
|
||||
|
||||
# Flatpak
|
||||
- name: Add flathub repository
|
||||
community.general.flatpak_remote:
|
||||
name: flathub
|
||||
state: present
|
||||
method: user
|
||||
flatpakrepo_url: https://flathub.org/repo/flathub.flatpakrepo
|
||||
become: yes
|
||||
become_user: opal
|
||||
become_method: su
|
||||
|
||||
- name: Install flatpak packages
|
||||
community.general.flatpak:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
method: user
|
||||
loop: "{{ flatpak_packages }}"
|
||||
become: yes
|
||||
become_user: opal
|
||||
become_method: su
|
||||
|
||||
# Default directory management
|
||||
- name: Create or ensure presence of custom home directories
|
||||
file:
|
||||
path: /home/opal/{{ item }}
|
||||
state: directory
|
||||
mode: '0755'
|
||||
owner: opal
|
||||
group: opal
|
||||
loop: "{{ create_directories }}"
|
||||
|
||||
- name: Remove default home directories if present
|
||||
file:
|
||||
path: /home/opal/{{ item }}
|
||||
state: absent
|
||||
loop: "{{ remove_directories }}"
|
||||
|
||||
# SSH Initial Setup
|
||||
- name: Create/Ensure ~/.ssh directories
|
||||
file:
|
||||
path: "/home/{{ item.value.name }}/.ssh"
|
||||
state: directory
|
||||
mode: 0700
|
||||
owner: "{{ item.value.name }}"
|
||||
group: "{{ item.value.group }}"
|
||||
loop: "{{ init_users | dict2items }}"
|
||||
|
||||
# # Git repositories
|
||||
# - name: Pull dotfiles down from git
|
||||
# git:
|
||||
# repo: 'git@codeberg.org:opalvaults/opalfiles.git'
|
||||
# dest: "/home/opal/opalfiles"
|
||||
# key_file: "/home/opal/.ssh/ry_ecdsa"
|
||||
# become: yes
|
||||
# become_user: opal
|
||||
# become_method: su
|
||||
|
||||
# - name: Pull cookbook down from git
|
||||
# git:
|
||||
# repo: 'git@codeberg.org:opalvaults/sysadmin-cookbook.git'
|
||||
# dest: "/home/opal/projects/sysadmin-cookbook"
|
||||
# key_file: "/home/opal/.ssh/ry_ecdsa"
|
||||
# become: yes
|
||||
# become_user: opal
|
||||
# become_method: su
|
||||
|
||||
# # Docker
|
||||
# - name: Add Docker apt key
|
||||
# apt_key:
|
||||
# url: https://download.docker.com/linux/ubuntu/gpg
|
||||
# state: present
|
||||
|
||||
# - name: Add Docker apt repository
|
||||
# apt_repository:
|
||||
# repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
|
||||
# state: present
|
||||
|
||||
# - name: Install docker packages
|
||||
# apt:
|
||||
# name: "{{ docker_packages }}"
|
||||
# state: present
|
||||
# update_cache: yes
|
||||
|
||||
# - name: Ensure Docker group exists
|
||||
# group:
|
||||
# name: docker
|
||||
# state: present
|
||||
|
||||
# - name: Add allowed users to group 'Docker'
|
||||
# user:
|
||||
# name: '{{ item }}'
|
||||
# groups: docker
|
||||
# append: yes
|
||||
# loop: '{{ docker_users }}'
|
||||
77
roles/workstation/vars/main.yml
Normal file
77
roles/workstation/vars/main.yml
Normal file
@@ -0,0 +1,77 @@
|
||||
---
|
||||
packages:
|
||||
- zsh
|
||||
- python3-pip
|
||||
- borgbackup
|
||||
- vim
|
||||
- git
|
||||
- alacritty
|
||||
- emacs
|
||||
- stow
|
||||
- ansible
|
||||
- bat
|
||||
- exa
|
||||
- ripgrep
|
||||
- curl
|
||||
- gnupg2
|
||||
- RemoteBox
|
||||
- spice-vdagent
|
||||
- firefox
|
||||
- sway
|
||||
- swaybg
|
||||
- swayidle
|
||||
- swaylock
|
||||
- waybar
|
||||
- wofi
|
||||
- libtool
|
||||
- cmake
|
||||
- make
|
||||
- tldr
|
||||
- syncthing
|
||||
|
||||
flatpak_packages:
|
||||
- im.riot.Riot
|
||||
- org.signal.Signal
|
||||
|
||||
pip_packages:
|
||||
- borgmatic
|
||||
- keep
|
||||
|
||||
docker_packages:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-compose-plugin
|
||||
|
||||
docker_users:
|
||||
- opal
|
||||
|
||||
remove_directories:
|
||||
- Templates
|
||||
- Videos
|
||||
- Documents
|
||||
- Music
|
||||
- Downloads
|
||||
- Pictures
|
||||
- Public
|
||||
- Desktop
|
||||
|
||||
create_directories:
|
||||
- projects
|
||||
- bin
|
||||
- documents
|
||||
- music
|
||||
- downloads
|
||||
- scripts
|
||||
- pictures
|
||||
|
||||
init_users:
|
||||
opal:
|
||||
name: opal
|
||||
uid: 2000
|
||||
group: opal
|
||||
groups: wheel
|
||||
state: present
|
||||
shell: /usr/bin/zsh
|
||||
create_home: true
|
||||
|
||||
Reference in New Issue
Block a user