ansible-void/setup.yaml

---
- name: SSH
  hosts: all
  tags: ssh

  tasks:
    - name: Ensure root ssh directory exists
      file:
        path: /root/.ssh
        state: directory

    - name: Import SSH keys
      authorized_key:
        user: root
        key: '{{ item }}'
        state: present
      loop: '{{ ssh_keys }}'


- name: General
  hosts: all
  tags: general

  tasks:
    - name: Install services
      community.general.xbps:
        name:
          - avahi
          - chrony
        state: present

    - name: Enable services
      community.general.runit:
        name: '{{ item }}'
        enabled: true
        state: started
      loop:
        - avahi-daemon
        - chronyd

    - name: Disable unneeded services
      community.general.runit:
        name: '{{ item }}'
        enabled: false
        state: stopped
      loop:
        - wpa_supplicant


- name: Users
  hosts: all
  tags: users

  tasks:
    - name: Set bash as default shell for root
      user:
        name: root
        shell: /bin/bash

    - name: User student
      user:
        name: student
        password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
        groups:
          # Arduino serial access
          - dialout
        state: present

    - name: Lock bash configuration files for student
      # Can be removed after LDAP setup
      file:
        path: '{{ item }}'
        owner: root
        group: root
        mode: 0644
        state: touch
      loop:
        - /home/student/.bashrc
        - /home/student/.bash_profile

    - name: Disable SSH for user student
      ansible.builtin.lineinfile:
        path: "/etc/ssh/sshd_config"
        line: "DenyUsers student"
        create: true


- name: Software
  hosts: all
  tags: software

  tasks:
    - name: Add non-free repository
      community.general.xbps:
        name: void-repo-nonfree
        state: present

    - name: Upgrade all packages
      community.general.xbps:
        upgrade: true

    - name: Install common packages
      community.general.xbps:
        name: '{{ xbps_install }}'
        state: present
      when: xbps_install

    - name: Install video drivers
      community.general.xbps:
        name:
          - mesa-dri
          - vulkan-loader
          - mesa-vulkan-radeon
          - amdvlk
          - xf86-video-amdgpu
          - mesa-vaapi
          - mesa-vdpau
          - intel-video-accel
          - mesa-vulkan-intel

    - name: Recursively remove packages
      community.general.xbps:
        name: '{{ xbps_remove }}'
        state: absent
        recurse: true
      when: xbps_remove

    - name: Clear xbps cache
      command: 'xbps-remove -O'

    - name: Purge old kernels
      command: 'vkpurge rm all'


- name: Gnome
  hosts: all
  tags:
    - gnome
    - software

  handlers:
    - name: Update dconf database
      command: 'dconf update'

  tasks:
    - name: Install Gnome
      community.general.xbps:
        name:
          - dbus
          - gnome
          - gdm
          - xorg  # Prevents a crash on some systems
          - mesa-vdpau
          - mesa-vaapi
          - pipewire
        state: present

    - name: Enable services
      community.general.runit:
        name: '{{ item }}'
        enabled: true
        state: started
      loop:
        - dbus
        - gdm

    - name: Copy session cleanup script
      copy:
        src: 'files/session-cleanup.sh'
        dest: '/etc/gdm/PostSession/Default'
        mode: '0755'

    - name: Enable autologin
      copy:
        src: 'files/desktop/autologin'
        dest: '/etc/gdm/custom.conf'
      notify: Update dconf database

    - name: Ensure directories exist
      file:
        path: '{{item}}'
        state: directory
      loop:
        - /etc/dconf/db/local.d
        - /etc/dconf/db/local.d/locks

    - name: Create user profile
      copy:
        src: 'files/desktop/profile/user'
        dest: '/etc/dconf/profile/user'

    - name: Copy configuration files
      copy:
        src: 'files/desktop/main'
        dest: '/etc/dconf/db/local.d/main'
      notify: Update dconf database

    - name: Set screen timeout
      template:
        src: 'files/desktop/screensaver'
        dest: '/etc/dconf/db/local.d/screensaver'
      notify: Update dconf database


- name: PipeWire
  hosts: all
  tags: pipewire

  tasks:
    - name: Install PipeWire
      community.general.xbps:
        name:
          - pipewire
          - wireplumber
        state: present

    - name: Ensure configuration directories exist
      file:
        path: '/etc/pipewire/pipewire.conf.d/'
        state: directory

    - name: Copy PipeWire configuration
      copy:
        src: '{{ item.src }}'
        dest: '{{ item.dest }}'
      loop:
        - src: 'files/pipewire/pipewire.conf'
          dest: '/etc/pipewire/pipewire.conf'
        - src: 'files/pipewire/10-wireplumber.conf'
          dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf'

    - name: Symlink PipeWire to autostart
      file:
        src: '{{ item.src }}'
        dest: '{{ item.dest }}'
        state: link
      loop:
        - src: '/usr/share/applications/pipewire.desktop'
          dest: '/etc/xdg/autostart/pipewire.desktop'
        - src: '/usr/share/applications/pipewire-pulse.desktop'
          dest: '/etc/xdg/autostart/pipewire-pulse.desktop'


- name: GRUB
  hosts: all
  tags: grub

  handlers:
    - name: grub-mkconfig
      command: 'grub-mkconfig -o /boot/grub/grub.cfg'

  tasks:
    - name: Copy GRUB configuration
      template:
        src: 'files/grub/grub'
        dest: '/etc/default/grub'
      notify: grub-mkconfig


- name: Firefox
  hosts: all

  tasks:
    - name: Ensure Firefox extensions folder exists
      file:
        path: "/usr/lib64/firefox/distribution/extensions"
        state: directory

    - name: Install firefox extensions
      copy:
        src: "{{ item }}"
        dest: "/usr/lib64/firefox/distribution/extensions/"
      loop:
        - "files/firefox/uBlock0@raymondhill.net.xpi"


- name: Bakaláři
  hosts: teachers
  tags: bakalari

  tasks:
    - name: Create a desktop shortcut for Bakaláři
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      loop:
        - src: "files/bakalari/bakalari.desktop"
          dest: "/usr/share/applications/bakalari.desktop"
        - src: "files/bakalari/bakalari.png"
          dest: "/usr/share/icons/bakalari.png"
Initial commit 2023-04-29 19:51:14 +02:00			`---`
			`- name: SSH`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: ssh`
Initial commit 2023-04-29 19:51:14 +02:00
			`tasks:`
			`- name: Ensure root ssh directory exists`
			`file:`
			`path: /root/.ssh`
			`state: directory`

			`- name: Import SSH keys`
			`authorized_key:`
			`user: root`
			`key: '{{ item }}'`
			`state: present`
			`loop: '{{ ssh_keys }}'`


			`- name: General`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: general`
Initial commit 2023-04-29 19:51:14 +02:00
			`tasks:`
Simpler service handling 2023-05-01 18:18:57 +02:00			`- name: Install services`
Initial commit 2023-04-29 19:51:14 +02:00			`community.general.xbps:`
			`name:`
			`- avahi`
			`- chrony`
			`state: present`

Simpler service handling 2023-05-01 18:18:57 +02:00			`- name: Enable services`
Initial commit 2023-04-29 19:51:14 +02:00			`community.general.runit:`
Simpler service handling 2023-05-01 18:18:57 +02:00			`name: '{{ item }}'`
Initial commit 2023-04-29 19:51:14 +02:00			`enabled: true`
			`state: started`
Simpler service handling 2023-05-01 18:18:57 +02:00			`loop:`
			`- avahi-daemon`
			`- chronyd`
Initial commit 2023-04-29 19:51:14 +02:00
Simpler service handling 2023-05-01 18:18:57 +02:00			`- name: Disable unneeded services`
Initial commit 2023-04-29 19:51:14 +02:00			`community.general.runit:`
			`name: '{{ item }}'`
			`enabled: false`
			`state: stopped`
			`loop:`
Simpler service handling 2023-05-01 18:18:57 +02:00			`- wpa_supplicant`
Initial commit 2023-04-29 19:51:14 +02:00

			`- name: Users`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: users`
Initial commit 2023-04-29 19:51:14 +02:00
			`tasks:`
			`- name: Set bash as default shell for root`
			`user:`
			`name: root`
			`shell: /bin/bash`

			`- name: User student`
			`user:`
			`name: student`
			`password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0`
			`groups:`
			`# Arduino serial access`
			`- dialout`
			`state: present`

			`- name: Lock bash configuration files for student`
			`# Can be removed after LDAP setup`
			`file:`
			`path: '{{ item }}'`
			`owner: root`
			`group: root`
Fix mode for bash configuration lock 2023-06-08 11:32:12 +02:00			`mode: 0644`
Initial commit 2023-04-29 19:51:14 +02:00			`state: touch`
			`loop:`
			`- /home/student/.bashrc`
			`- /home/student/.bash_profile`

			`- name: Disable SSH for user student`
			`ansible.builtin.lineinfile:`
			`path: "/etc/ssh/sshd_config"`
			`line: "DenyUsers student"`
			`create: true`


			`- name: Software`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: software`
Initial commit 2023-04-29 19:51:14 +02:00
			`tasks:`
			`- name: Add non-free repository`
			`community.general.xbps:`
			`name: void-repo-nonfree`
			`state: present`

			`- name: Upgrade all packages`
			`community.general.xbps:`
			`upgrade: true`

Install video drivers Most PCs have an AMD GPU, but some replacements only have Intel. The intel-specific packages can later be excluded, albeit it doesn't hurt to have them installed. Intel-only hosts: - MU02 - MU03 2023-11-17 16:40:53 +01:00			`- name: Install common packages`
Initial commit 2023-04-29 19:51:14 +02:00			`community.general.xbps:`
			`name: '{{ xbps_install }}'`
			`state: present`
			`when: xbps_install`

Install video drivers Most PCs have an AMD GPU, but some replacements only have Intel. The intel-specific packages can later be excluded, albeit it doesn't hurt to have them installed. Intel-only hosts: - MU02 - MU03 2023-11-17 16:40:53 +01:00			`- name: Install video drivers`
			`community.general.xbps:`
			`name:`
			`- mesa-dri`
			`- vulkan-loader`
			`- mesa-vulkan-radeon`
			`- amdvlk`
			`- xf86-video-amdgpu`
			`- mesa-vaapi`
			`- mesa-vdpau`
			`- intel-video-accel`
			`- mesa-vulkan-intel`

Initial commit 2023-04-29 19:51:14 +02:00			`- name: Recursively remove packages`
			`community.general.xbps:`
			`name: '{{ xbps_remove }}'`
			`state: absent`
			`recurse: true`
			`when: xbps_remove`

XBPS cache and kernel cleanup 2023-06-09 10:55:55 +02:00			`- name: Clear xbps cache`
			`command: 'xbps-remove -O'`

			`- name: Purge old kernels`
			`command: 'vkpurge rm all'`

Initial commit 2023-04-29 19:51:14 +02:00
			`- name: Gnome`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags:`
			`- gnome`
			`- software`
Initial commit 2023-04-29 19:51:14 +02:00
			`handlers:`
			`- name: Update dconf database`
			`command: 'dconf update'`

			`tasks:`
			`- name: Install Gnome`
			`community.general.xbps:`
			`name:`
			`- dbus`
			`- gnome`
			`- gdm`
			`- xorg # Prevents a crash on some systems`
			`- mesa-vdpau`
			`- mesa-vaapi`
			`- pipewire`
			`state: present`

			`- name: Enable services`
			`community.general.runit:`
			`name: '{{ item }}'`
			`enabled: true`
			`state: started`
			`loop:`
			`- dbus`
			`- gdm`

Fix cleanup script copy on new systems 2023-11-01 15:41:14 +01:00			`- name: Copy session cleanup script`
			`copy:`
			`src: 'files/session-cleanup.sh'`
			`dest: '/etc/gdm/PostSession/Default'`
			`mode: '0755'`

Initial commit 2023-04-29 19:51:14 +02:00			`- name: Enable autologin`
			`copy:`
			`src: 'files/desktop/autologin'`
			`dest: '/etc/gdm/custom.conf'`
			`notify: Update dconf database`

			`- name: Ensure directories exist`
			`file:`
			`path: '{{item}}'`
			`state: directory`
			`loop:`
			`- /etc/dconf/db/local.d`
			`- /etc/dconf/db/local.d/locks`

			`- name: Create user profile`
			`copy:`
			`src: 'files/desktop/profile/user'`
			`dest: '/etc/dconf/profile/user'`

			`- name: Copy configuration files`
			`copy:`
			`src: 'files/desktop/main'`
			`dest: '/etc/dconf/db/local.d/main'`
			`notify: Update dconf database`

			`- name: Set screen timeout`
			`template:`
			`src: 'files/desktop/screensaver'`
			`dest: '/etc/dconf/db/local.d/screensaver'`
			`notify: Update dconf database`


Add sound support with PipeWire 2023-05-01 18:15:29 +02:00			`- name: PipeWire`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: pipewire`
Add sound support with PipeWire 2023-05-01 18:15:29 +02:00
			`tasks:`
			`- name: Install PipeWire`
			`community.general.xbps:`
			`name:`
			`- pipewire`
			`- wireplumber`
			`state: present`

			`- name: Ensure configuration directories exist`
			`file:`
			`path: '/etc/pipewire/pipewire.conf.d/'`
			`state: directory`

			`- name: Copy PipeWire configuration`
			`copy:`
			`src: '{{ item.src }}'`
			`dest: '{{ item.dest }}'`
			`loop:`
			`- src: 'files/pipewire/pipewire.conf'`
			`dest: '/etc/pipewire/pipewire.conf'`
			`- src: 'files/pipewire/10-wireplumber.conf'`
			`dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf'`

			`- name: Symlink PipeWire to autostart`
			`file:`
			`src: '{{ item.src }}'`
			`dest: '{{ item.dest }}'`
			`state: link`
			`loop:`
			`- src: '/usr/share/applications/pipewire.desktop'`
			`dest: '/etc/xdg/autostart/pipewire.desktop'`
			`- src: '/usr/share/applications/pipewire-pulse.desktop'`
			`dest: '/etc/xdg/autostart/pipewire-pulse.desktop'`


Initial commit 2023-04-29 19:51:14 +02:00			`- name: GRUB`
			`hosts: all`
Add tags 2023-06-08 11:27:16 +02:00			`tags: grub`
Initial commit 2023-04-29 19:51:14 +02:00
			`handlers:`
			`- name: grub-mkconfig`
			`command: 'grub-mkconfig -o /boot/grub/grub.cfg'`

			`tasks:`
			`- name: Copy GRUB configuration`
			`template:`
			`src: 'files/grub/grub'`
			`dest: '/etc/default/grub'`
			`notify: grub-mkconfig`


			`- name: Firefox`
			`hosts: all`

			`tasks:`
			`- name: Ensure Firefox extensions folder exists`
			`file:`
			`path: "/usr/lib64/firefox/distribution/extensions"`
			`state: directory`

			`- name: Install firefox extensions`
			`copy:`
			`src: "{{ item }}"`
			`dest: "/usr/lib64/firefox/distribution/extensions/"`
			`loop:`
			`- "files/firefox/uBlock0@raymondhill.net.xpi"`


			`- name: Bakaláři`
			`hosts: teachers`
Add tags 2023-06-08 11:27:16 +02:00			`tags: bakalari`
Initial commit 2023-04-29 19:51:14 +02:00
			`tasks:`
			`- name: Create a desktop shortcut for Bakaláři`
			`copy:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`loop:`
			`- src: "files/bakalari/bakalari.desktop"`
			`dest: "/usr/share/applications/bakalari.desktop"`
			`- src: "files/bakalari/bakalari.png"`
			`dest: "/usr/share/icons/bakalari.png"`