--- - name: SSH hosts: all tags: ssh roles: - role: ssh vars: ssh_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm981GRiUIsp8e4bTDv+d9SyHfQ8P18W5oovgmAfnip em@x210 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqmyaaIqRU9hx8PxRnIqe/pRANIxrEEscuMWrHZF1yh snowflake@flakeX230 - name: General hosts: all tags: general tasks: - name: Install services community.general.xbps: name: - avahi - chrony state: present - name: Enable services community.general.runit: name: '{{ item }}' enabled: true state: started loop: - avahi-daemon - chronyd - name: Disable unneeded services community.general.runit: name: '{{ item }}' enabled: false state: stopped loop: - wpa_supplicant - name: Users hosts: all tags: users tasks: - name: Set bash as default shell for root user: name: root shell: /bin/bash - name: User student user: name: student password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0 groups: # Arduino serial access - dialout state: present - name: Lock bash configuration files for student # Can be removed after LDAP setup file: path: '{{ item }}' owner: root group: root mode: 0644 state: touch loop: - /home/student/.bashrc - /home/student/.bash_profile - name: Disable SSH for user student ansible.builtin.lineinfile: path: "/etc/ssh/sshd_config" line: "DenyUsers student" create: true - name: Software hosts: all tags: software tasks: - name: Add non-free repository community.general.xbps: name: void-repo-nonfree state: present - name: Upgrade all packages community.general.xbps: upgrade: true - name: Install common packages community.general.xbps: name: '{{ xbps_install }}' state: present when: xbps_install - name: Install video drivers community.general.xbps: name: - mesa-dri - vulkan-loader - mesa-vulkan-radeon - amdvlk - xf86-video-amdgpu - mesa-vaapi - mesa-vdpau - intel-video-accel - mesa-vulkan-intel - name: Recursively remove packages community.general.xbps: name: '{{ xbps_remove }}' state: absent recurse: true when: xbps_remove - name: Clear xbps cache command: 'xbps-remove -O' - name: Purge old kernels command: 'vkpurge rm all' - name: Gnome hosts: all tags: - gnome - software handlers: - name: Update dconf database command: 'dconf update' tasks: - name: Install Gnome community.general.xbps: name: - dbus - gnome - gdm - xorg # Prevents a crash on some systems - mesa-vdpau - mesa-vaapi - pipewire state: present - name: Enable services community.general.runit: name: '{{ item }}' enabled: true state: started loop: - dbus - gdm - name: Copy session cleanup script copy: src: 'files/session-cleanup.sh' dest: '/etc/gdm/PostSession/Default' mode: '0755' - name: Enable autologin copy: src: 'files/desktop/autologin' dest: '/etc/gdm/custom.conf' notify: Update dconf database - name: Ensure directories exist file: path: '{{item}}' state: directory loop: - /etc/dconf/db/local.d - /etc/dconf/db/local.d/locks - name: Create user profile copy: src: 'files/desktop/profile/user' dest: '/etc/dconf/profile/user' - name: Copy configuration files copy: src: 'files/desktop/main' dest: '/etc/dconf/db/local.d/main' notify: Update dconf database - name: Set screen timeout template: src: 'files/desktop/screensaver' dest: '/etc/dconf/db/local.d/screensaver' notify: Update dconf database - name: PipeWire hosts: all tags: pipewire tasks: - name: Install PipeWire community.general.xbps: name: - pipewire - wireplumber state: present - name: Ensure configuration directories exist file: path: '/etc/pipewire/pipewire.conf.d/' state: directory - name: Copy PipeWire configuration copy: src: '{{ item.src }}' dest: '{{ item.dest }}' loop: - src: 'files/pipewire/pipewire.conf' dest: '/etc/pipewire/pipewire.conf' - src: 'files/pipewire/10-wireplumber.conf' dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf' - name: Symlink PipeWire to autostart file: src: '{{ item.src }}' dest: '{{ item.dest }}' state: link loop: - src: '/usr/share/applications/pipewire.desktop' dest: '/etc/xdg/autostart/pipewire.desktop' - src: '/usr/share/applications/pipewire-pulse.desktop' dest: '/etc/xdg/autostart/pipewire-pulse.desktop' - name: GRUB hosts: all tags: grub handlers: - name: grub-mkconfig command: 'grub-mkconfig -o /boot/grub/grub.cfg' tasks: - name: Copy GRUB configuration template: src: 'files/grub/grub' dest: '/etc/default/grub' notify: grub-mkconfig - name: Firefox hosts: all tasks: - name: Ensure Firefox extensions folder exists file: path: "/usr/lib64/firefox/distribution/extensions" state: directory - name: Install firefox extensions copy: src: "{{ item }}" dest: "/usr/lib64/firefox/distribution/extensions/" loop: - "files/firefox/uBlock0@raymondhill.net.xpi" - name: Bakaláři hosts: teachers roles: - bakalari