mirror of
https://github.com/gjkcz/ansible-void.git
synced 2025-11-04 03:50:26 +01:00
274 lines
6.0 KiB
YAML
274 lines
6.0 KiB
YAML
---
|
|
- name: SSH
|
|
hosts: all
|
|
tags: ssh
|
|
roles:
|
|
- role: ssh
|
|
vars:
|
|
ssh_keys:
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm981GRiUIsp8e4bTDv+d9SyHfQ8P18W5oovgmAfnip em@x210
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqmyaaIqRU9hx8PxRnIqe/pRANIxrEEscuMWrHZF1yh snowflake@flakeX230
|
|
|
|
|
|
- name: General
|
|
hosts: all
|
|
tags: general
|
|
|
|
tasks:
|
|
- name: Install services
|
|
community.general.xbps:
|
|
name:
|
|
- avahi
|
|
- chrony
|
|
state: present
|
|
|
|
- name: Enable services
|
|
community.general.runit:
|
|
name: '{{ item }}'
|
|
enabled: true
|
|
state: started
|
|
loop:
|
|
- avahi-daemon
|
|
- chronyd
|
|
|
|
- name: Disable unneeded services
|
|
community.general.runit:
|
|
name: '{{ item }}'
|
|
enabled: false
|
|
state: stopped
|
|
loop:
|
|
- wpa_supplicant
|
|
|
|
|
|
- name: Users
|
|
hosts: all
|
|
tags: users
|
|
|
|
tasks:
|
|
- name: Set bash as default shell for root
|
|
user:
|
|
name: root
|
|
shell: /bin/bash
|
|
|
|
- name: User student
|
|
user:
|
|
name: student
|
|
password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
|
|
groups:
|
|
# Arduino serial access
|
|
- dialout
|
|
state: present
|
|
|
|
- name: Lock bash configuration files for student
|
|
# Can be removed after LDAP setup
|
|
file:
|
|
path: '{{ item }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
state: touch
|
|
loop:
|
|
- /home/student/.bashrc
|
|
- /home/student/.bash_profile
|
|
|
|
- name: Disable SSH for user student
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/ssh/sshd_config"
|
|
line: "DenyUsers student"
|
|
create: true
|
|
|
|
|
|
- name: Software
|
|
hosts: all
|
|
tags: software
|
|
|
|
tasks:
|
|
- name: Add non-free repository
|
|
community.general.xbps:
|
|
name: void-repo-nonfree
|
|
state: present
|
|
|
|
- name: Upgrade all packages
|
|
community.general.xbps:
|
|
upgrade: true
|
|
|
|
- name: Install common packages
|
|
community.general.xbps:
|
|
name: '{{ xbps_install }}'
|
|
state: present
|
|
when: xbps_install
|
|
|
|
- name: Install video drivers
|
|
community.general.xbps:
|
|
name:
|
|
- mesa-dri
|
|
- vulkan-loader
|
|
- mesa-vulkan-radeon
|
|
- amdvlk
|
|
- xf86-video-amdgpu
|
|
- mesa-vaapi
|
|
- mesa-vdpau
|
|
- intel-video-accel
|
|
- mesa-vulkan-intel
|
|
|
|
- name: Recursively remove packages
|
|
community.general.xbps:
|
|
name: '{{ xbps_remove }}'
|
|
state: absent
|
|
recurse: true
|
|
when: xbps_remove
|
|
|
|
- name: Clear xbps cache
|
|
command: 'xbps-remove -O'
|
|
|
|
- name: Purge old kernels
|
|
command: 'vkpurge rm all'
|
|
|
|
|
|
- name: Gnome
|
|
hosts: all
|
|
tags:
|
|
- gnome
|
|
- software
|
|
|
|
handlers:
|
|
- name: Update dconf database
|
|
command: 'dconf update'
|
|
|
|
tasks:
|
|
- name: Install Gnome
|
|
community.general.xbps:
|
|
name:
|
|
- dbus
|
|
- gnome
|
|
- gdm
|
|
- xorg # Prevents a crash on some systems
|
|
- mesa-vdpau
|
|
- mesa-vaapi
|
|
- pipewire
|
|
state: present
|
|
|
|
- name: Enable services
|
|
community.general.runit:
|
|
name: '{{ item }}'
|
|
enabled: true
|
|
state: started
|
|
loop:
|
|
- dbus
|
|
- gdm
|
|
|
|
- name: Copy session cleanup script
|
|
copy:
|
|
src: 'files/session-cleanup.sh'
|
|
dest: '/etc/gdm/PostSession/Default'
|
|
mode: '0755'
|
|
|
|
- name: Enable autologin
|
|
copy:
|
|
src: 'files/desktop/autologin'
|
|
dest: '/etc/gdm/custom.conf'
|
|
notify: Update dconf database
|
|
|
|
- name: Ensure directories exist
|
|
file:
|
|
path: '{{item}}'
|
|
state: directory
|
|
loop:
|
|
- /etc/dconf/db/local.d
|
|
- /etc/dconf/db/local.d/locks
|
|
|
|
- name: Create user profile
|
|
copy:
|
|
src: 'files/desktop/profile/user'
|
|
dest: '/etc/dconf/profile/user'
|
|
|
|
- name: Copy configuration files
|
|
copy:
|
|
src: 'files/desktop/main'
|
|
dest: '/etc/dconf/db/local.d/main'
|
|
notify: Update dconf database
|
|
|
|
- name: Set screen timeout
|
|
template:
|
|
src: 'files/desktop/screensaver'
|
|
dest: '/etc/dconf/db/local.d/screensaver'
|
|
notify: Update dconf database
|
|
|
|
|
|
- name: PipeWire
|
|
hosts: all
|
|
tags: pipewire
|
|
|
|
tasks:
|
|
- name: Install PipeWire
|
|
community.general.xbps:
|
|
name:
|
|
- pipewire
|
|
- wireplumber
|
|
state: present
|
|
|
|
- name: Ensure configuration directories exist
|
|
file:
|
|
path: '/etc/pipewire/pipewire.conf.d/'
|
|
state: directory
|
|
|
|
- name: Copy PipeWire configuration
|
|
copy:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
loop:
|
|
- src: 'files/pipewire/pipewire.conf'
|
|
dest: '/etc/pipewire/pipewire.conf'
|
|
- src: 'files/pipewire/10-wireplumber.conf'
|
|
dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf'
|
|
|
|
- name: Symlink PipeWire to autostart
|
|
file:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
state: link
|
|
loop:
|
|
- src: '/usr/share/applications/pipewire.desktop'
|
|
dest: '/etc/xdg/autostart/pipewire.desktop'
|
|
- src: '/usr/share/applications/pipewire-pulse.desktop'
|
|
dest: '/etc/xdg/autostart/pipewire-pulse.desktop'
|
|
|
|
|
|
- name: GRUB
|
|
hosts: all
|
|
tags: grub
|
|
|
|
handlers:
|
|
- name: grub-mkconfig
|
|
command: 'grub-mkconfig -o /boot/grub/grub.cfg'
|
|
|
|
tasks:
|
|
- name: Copy GRUB configuration
|
|
template:
|
|
src: 'files/grub/grub'
|
|
dest: '/etc/default/grub'
|
|
notify: grub-mkconfig
|
|
|
|
|
|
- name: Firefox
|
|
hosts: all
|
|
|
|
tasks:
|
|
- name: Ensure Firefox extensions folder exists
|
|
file:
|
|
path: "/usr/lib64/firefox/distribution/extensions"
|
|
state: directory
|
|
|
|
- name: Install firefox extensions
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/usr/lib64/firefox/distribution/extensions/"
|
|
loop:
|
|
- "files/firefox/uBlock0@raymondhill.net.xpi"
|
|
|
|
|
|
- name: Bakaláři
|
|
hosts: teachers
|
|
roles:
|
|
- bakalari
|