1
0
mirror of https://github.com/gjkcz/ansible-void.git synced 2024-12-22 19:26:38 +01:00
ansible-void/setup.yaml
2024-12-04 11:04:12 +01:00

275 lines
6.0 KiB
YAML

---
- name: SSH
hosts: all
tags: ssh
roles:
- role: ssh
vars:
ssh_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm981GRiUIsp8e4bTDv+d9SyHfQ8P18W5oovgmAfnip em@x210
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqmyaaIqRU9hx8PxRnIqe/pRANIxrEEscuMWrHZF1yh snowflake@flakeX230
- name: General
hosts: all
tags: general
tasks:
- name: Install services
community.general.xbps:
name:
- avahi
- chrony
state: present
- name: Enable services
community.general.runit:
name: '{{ item }}'
enabled: true
state: started
loop:
- avahi-daemon
- chronyd
- name: Disable unneeded services
community.general.runit:
name: '{{ item }}'
enabled: false
state: stopped
loop:
- wpa_supplicant
- name: Users
hosts: all
tags: users
tasks:
- name: Set bash as default shell for root
user:
name: root
shell: /bin/bash
- name: User student
user:
name: student
password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
groups:
# Arduino serial access
- dialout
state: present
- name: Lock bash configuration files for student
# Can be removed after LDAP setup
file:
path: '{{ item }}'
owner: root
group: root
mode: 0644
state: touch
loop:
- /home/student/.bashrc
- /home/student/.bash_profile
- name: Disable SSH for user student
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
line: "DenyUsers student"
create: true
- name: Software
hosts: all
tags: software
tasks:
- name: Add non-free repository
community.general.xbps:
name: void-repo-nonfree
state: present
- name: Upgrade all packages
community.general.xbps:
upgrade: true
- name: Install common packages
community.general.xbps:
name: '{{ xbps_install }}'
state: present
when: xbps_install
- name: Install video drivers
community.general.xbps:
name:
- mesa-dri
- vulkan-loader
- mesa-vulkan-radeon
- amdvlk
- xf86-video-amdgpu
- mesa-vaapi
- mesa-vdpau
- intel-video-accel
- mesa-vulkan-intel
- name: Recursively remove packages
community.general.xbps:
name: '{{ xbps_remove }}'
state: absent
recurse: true
when: xbps_remove
- name: Clear xbps cache
command: 'xbps-remove -O'
- name: Purge old kernels
command: 'vkpurge rm all'
- name: Gnome
hosts: all
tags:
- gnome
- software
handlers:
- name: Update dconf database
command: 'dconf update'
tasks:
- name: Install Gnome
community.general.xbps:
name:
- dbus
- gnome
- gdm
- xorg # Prevents a crash on some systems
- mesa-vdpau
- mesa-vaapi
- pipewire
state: present
- name: Enable services
community.general.runit:
name: '{{ item }}'
enabled: true
state: started
loop:
- dbus
- gdm
- name: Copy session cleanup script
copy:
src: 'files/session-cleanup.sh'
dest: '/etc/gdm/PostSession/Default'
mode: '0755'
- name: Enable autologin
copy:
src: 'files/desktop/autologin'
dest: '/etc/gdm/custom.conf'
notify: Update dconf database
- name: Ensure directories exist
file:
path: '{{item}}'
state: directory
loop:
- /etc/dconf/db/local.d
- /etc/dconf/db/local.d/locks
- name: Create user profile
copy:
src: 'files/desktop/profile/user'
dest: '/etc/dconf/profile/user'
- name: Copy configuration files
copy:
src: 'files/desktop/main'
dest: '/etc/dconf/db/local.d/main'
notify: Update dconf database
- name: Set screen timeout
template:
src: 'files/desktop/screensaver'
dest: '/etc/dconf/db/local.d/screensaver'
notify: Update dconf database
- name: PipeWire
hosts: all
tags: pipewire
tasks:
- name: Install PipeWire
community.general.xbps:
name:
- pipewire
- wireplumber
state: present
- name: Ensure configuration directories exist
file:
path: '/etc/pipewire/pipewire.conf.d/'
state: directory
- name: Copy PipeWire configuration
copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
loop:
- src: 'files/pipewire/pipewire.conf'
dest: '/etc/pipewire/pipewire.conf'
- src: 'files/pipewire/10-wireplumber.conf'
dest: '/etc/pipewire/pipewire.conf.d/10-wireplumber.conf'
- name: Symlink PipeWire to autostart
file:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
state: link
loop:
- src: '/usr/share/applications/pipewire.desktop'
dest: '/etc/xdg/autostart/pipewire.desktop'
- src: '/usr/share/applications/pipewire-pulse.desktop'
dest: '/etc/xdg/autostart/pipewire-pulse.desktop'
- name: GRUB
hosts: all
tags: grub
handlers:
- name: grub-mkconfig
command: 'grub-mkconfig -o /boot/grub/grub.cfg'
tasks:
- name: Copy GRUB configuration
template:
src: 'files/grub/grub'
dest: '/etc/default/grub'
notify: grub-mkconfig
- name: Firefox
hosts: all
tasks:
- name: Ensure Firefox extensions folder exists
file:
path: "/usr/lib64/firefox/distribution/extensions"
state: directory
- name: Install firefox extensions
copy:
src: "{{ item }}"
dest: "/usr/lib64/firefox/distribution/extensions/"
loop:
- "files/firefox/uBlock0@raymondhill.net.xpi"
- name: Bakaláři
hosts: teachers
tasks:
- name: Bakaláři
include_role:
name: bakalari