diff --git a/group_vars/silverblue.yml b/group_vars/silverblue.yml index 046bef4..756be5d 100644 --- a/group_vars/silverblue.yml +++ b/group_vars/silverblue.yml @@ -1,15 +1,9 @@ -flatpak_remotes: - flathub: - state: present - url: https://flathub.org/repo/flathub.flatpakrepo +services_flatpak_remotes: flathub-beta: state: present url: https://flathub.org/beta-repo/flathub-beta.flatpakrepo - fedora: - state: present - url: oci+https://registry.fedoraproject.org -flatpak_flatpaks: +services_flatpak_packages: com.belmoussaoui.Obfuscate: state: present remote: flathub @@ -109,9 +103,6 @@ flatpak_flatpaks: org.libreoffice.LibreOffice: state: present remote: flathub - org.mozilla.firefox: - state: present - remote: flathub org.remmina.Remmina: state: absent remote: flathub @@ -183,7 +174,7 @@ flatpak_flatpaks: state: present remote: fedora -rpm_ostree_base_packages: +rpm_ostree_basePackages: firefox: state: absent gnome-software-rpm-ostree: @@ -195,7 +186,7 @@ rpm_ostree_kargs: 'rd.luks.options=discard': state: absent -rpm_ostree_layered_packages: +rpm_ostree_layeredPackages: ansible: state: present atool: @@ -254,10 +245,6 @@ rpm_ostree_layered_packages: state: present tmux: state: present - virt-manager: - state: present - libvirt-client: - state: present wl-clipboard: state: present youtube-dl: @@ -265,42 +252,6 @@ rpm_ostree_layered_packages: zsh: state: present -etc_firewalld: - syncthing: - zone: FedoraWorkstation - state: enabled - -etc_sysctl_params: - kernel.unprivileged_bpf_disabled: - value: 1 - state: present - fs.inotify.max_user_watches: - value: 524288 - state: present - -etc_fstab_entries: - root: - path: / - fstype: btrfs - opts: noatime,subvol=root,compress=zstd:1,x-systemd.device-timeout=0 - passno: 0 - dump: 0 - state: present - home: - path: /home - fstype: btrfs - opts: subvol=home,compress=zstd:1,x-systemd.device-timeout=0 - passno: 0 - dump: 0 - state: present - docker: - path: /var/lib/docker - fstype: btrfs - opts: subvol=docker,compress=zstd:1,x-systemd.device-timeout=0 - passno: 0 - dump: 0 - state: mounted - -users: +config_users: flexo: shell: /bin/zsh diff --git a/host_vars/chapek9.yml b/host_vars/chapek9.yml index 2657839..b8117c9 100644 --- a/host_vars/chapek9.yml +++ b/host_vars/chapek9.yml @@ -1,7 +1,7 @@ --- -etc_hostname: chapek9 +config_hostname: chapek9 -etc_fstab_entries_overwrite: +config_fstab_entries_overrides: root: src: UUID=254d6a53-398a-4a53-93d1-c45e61263791 home: @@ -9,7 +9,7 @@ etc_fstab_entries_overwrite: docker: src: UUID=254d6a53-398a-4a53-93d1-c45e61263791 -rpm_ostree_kargs_overwrite: +rpm_ostree_kargs_overrides: 'i915.enable_psr=0': state: present 'mem_sleep_default=deep': diff --git a/host_vars/ice9.yml b/host_vars/ice9.yml index 73a8d0f..79e9cb2 100644 --- a/host_vars/ice9.yml +++ b/host_vars/ice9.yml @@ -1,7 +1,7 @@ --- -etc_hostname: ice9 +config_hostname: ice9 -etc_fstab_entries_overwrite: +config_fstab_entries_overrides: root: src: UUID=aa63fb86-3fc9-42d1-82ca-7d47d0238765 home: @@ -9,7 +9,7 @@ etc_fstab_entries_overwrite: docker: src: UUID=aa63fb86-3fc9-42d1-82ca-7d47d0238765 -flatpak_flatpaks_overwrite: +services_flatpak_packages_overrides: com.github.Bleuzen.FFaudioConverter: state: present remote: flathub @@ -35,6 +35,6 @@ flatpak_flatpaks_overwrite: state: present remote: flathub -rpm_ostree_layered_packages_overwrite: +rpm_ostree_layeredPackages_overrides: radeontop: state: present diff --git a/host_vars/vinci.yml b/host_vars/vinci.yml index 0637fb7..c862d70 100644 --- a/host_vars/vinci.yml +++ b/host_vars/vinci.yml @@ -1,7 +1,7 @@ --- -etc_hostname: vinci +config_hostname: vinci -etc_fstab_entries_overwrite: +config_fstab_entries_overrides: root: src: UUID=9296ebbe-a288-48e4-a9cd-0a80374c7c46 home: @@ -9,7 +9,7 @@ etc_fstab_entries_overwrite: docker: src: UUID=9296ebbe-a288-48e4-a9cd-0a80374c7c46 -flatpak_flatpaks_overwrite: +services_flatpak_packages_overrides: com.discordapp.Discord: state: absent remote: flathub @@ -38,13 +38,13 @@ flatpak_flatpaks_overwrite: state: present remote: flathub -rpm_ostree_layered_packages_overwrite: +rpm_ostree_layeredPackages_overrides: iftop: state: present nethogs: state: present -rpm_ostree_kargs_overwrite: +rpm_ostree_kargs_overrides: 'i915.enable_psr=0': state: absent 'mem_sleep_default=deep': diff --git a/roles/config/defaults/main.yml b/roles/config/defaults/main.yml new file mode 100644 index 0000000..76865a7 --- /dev/null +++ b/roles/config/defaults/main.yml @@ -0,0 +1,51 @@ +--- +config_hostname: fedora + +config_users_enable: true +config_users: + morbo: + shell: /bin/zsh + +config_grub_enable: true + +config_firewalld_enable: true +config_firewalld_services: + syncthing: + zone: FedoraWorkstation + state: enabled + +config_sysctl_enable: true +config_sysctl_params: + kernel.unprivileged_bpf_disabled: + value: 1 + state: present + fs.inotify.max_user_watches: + value: 524288 + state: present + +config_btrfs_enable: false +config_btrfsmaintenance_enable: false + +config_fstab_enable: true +config_fstab_entries: + root: + path: / + fstype: btrfs + opts: noatime,subvol=root,compress=zstd:1,x-systemd.device-timeout=0 + passno: 0 + dump: 0 + state: present + home: + path: /home + fstype: btrfs + opts: subvol=home,compress=zstd:1,x-systemd.device-timeout=0 + passno: 0 + dump: 0 + state: present + docker: + path: /var/lib/docker + fstype: btrfs + opts: subvol=docker,compress=zstd:1,x-systemd.device-timeout=0 + passno: 0 + dump: 0 + state: mounted diff --git a/roles/config/handlers/main.yml b/roles/config/handlers/main.yml new file mode 100644 index 0000000..1b069b6 --- /dev/null +++ b/roles/config/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: "config: Apply rpm-ostree changes live" + ansible.builtin.command: + cmd: rpm-ostree ex apply-live + become: yes + ignore_errors: yes + when: config_rpm_ostree_applyLive | bool diff --git a/roles/config/tasks/btrfs.yml b/roles/config/tasks/btrfs.yml new file mode 100644 index 0000000..58c4af6 --- /dev/null +++ b/roles/config/tasks/btrfs.yml @@ -0,0 +1,7 @@ +--- +- name: "btrfs: Install btrfsmaintenance" + community.general.rpm_ostree_pkg: + name: btrfsmaintenance + state: "present" + become: yes + when: config_btrfsmaintenance_enable | bool diff --git a/roles/etc/tasks/fstab.yml b/roles/config/tasks/fstab.yml similarity index 59% rename from roles/etc/tasks/fstab.yml rename to roles/config/tasks/fstab.yml index a687ca9..24f61fe 100644 --- a/roles/etc/tasks/fstab.yml +++ b/roles/config/tasks/fstab.yml @@ -1,15 +1,15 @@ --- -- name: Configure fstab +- name: "fstab: Configure mountpoints" block: - - name: Merge variables + - name: "fstab: Merge variables" set_fact: - etc_fstab_entries: '{{ etc_fstab_entries | combine(etc_fstab_entries_overwrite, recursive=True) }}' + config_fstab_entries: '{{ config_fstab_entries | combine(config_fstab_entries_overrides, recursive=True) }}' when: - - etc_fstab_entries_overwrite | default() + - config_fstab_entries_overrides | default() #- name: Mount btrfs root # ansible.posix.mount: - # src: "'/dev/mapper/luks-' + {{ etc_fstab_btrfs_root }}" + # src: "'/dev/mapper/luks-' + {{ config_fstab_btrfs_root }}" # path: "/mnt" # become: yes @@ -19,11 +19,11 @@ # #cmd: "btrfs subvolume create {{ item }}" # msg: "{{ item }}" # become: yes - # loop: "{{ lookup('dict', etc_fstab_entries, wantlist=True) }}" + # loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}" # when: # "item.value.path != '/' and item.value.path != '/home'" - - name: Write fstab entries + - name: "fstab: Write entries" ansible.posix.mount: src: "{{ item.value.src }}" path: "{{ item.value.path }}" @@ -33,4 +33,4 @@ dump: "{{ item.value.dump }}" state: "{{ item.value.state }}" become: yes - loop: "{{ lookup('dict', etc_fstab_entries, wantlist=True) }}" + loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}" diff --git a/roles/etc/tasks/blscfg.yml b/roles/config/tasks/grub.yml similarity index 77% rename from roles/etc/tasks/blscfg.yml rename to roles/config/tasks/grub.yml index c0988ff..e1fec18 100644 --- a/roles/etc/tasks/blscfg.yml +++ b/roles/config/tasks/grub.yml @@ -1,5 +1,5 @@ --- -- name: Check if BootLoaderSpec is enabled +- name: "grub: Check if BootLoaderSpec is enabled" ansible.builtin.lineinfile: path: /etc/default/grub line: 'GRUB_ENABLE_BLSCFG=true' @@ -8,7 +8,7 @@ check_mode: yes register: conf -- name: Enable BootLoaderSpec +- name: "grub: Enable BootLoaderSpec" ansible.builtin.command: cmd: grub2-switch-to-blscfg become: yes diff --git a/roles/config/tasks/main.yml b/roles/config/tasks/main.yml new file mode 100644 index 0000000..c4815fe --- /dev/null +++ b/roles/config/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Include users + ansible.builtin.include: users.yml + when: config_users_enable | bool + +- name: Include grub + ansible.builtin.include: grub.yml + when: config_grub_enable | bool + +- name: Include networking + ansible.builtin.include: networking.yml + +- name: Include sysctl + ansible.builtin.include: sysctl.yml + when: config_sysctl_enable | bool + +- name: Include btrfs + ansible.builtin.include: btrfs.yml + when: config_btrfs_enable | bool + +- name: Include fstab + ansible.builtin.include: fstab.yml + when: config_fstab_enable | bool diff --git a/roles/config/tasks/networking.yml b/roles/config/tasks/networking.yml new file mode 100644 index 0000000..8bbf322 --- /dev/null +++ b/roles/config/tasks/networking.yml @@ -0,0 +1,17 @@ +--- +- name: "config: Set hostname" + ansible.builtin.hostname: + name: "{{ config_hostname }}" + use: systemd + become: yes + +- name: "firewalld: Configure services" + ansible.posix.firewalld: + service: "{{ item.key }}" + zone: "{{ item.value.zone }}" + state: "{{ item.value.state }}" + immediate: yes + permanent: yes + become: yes + loop: "{{ lookup('dict', config_firewalld_services, wantlist=True) }}" + when: config_firewalld_enable | bool diff --git a/roles/etc/tasks/sysctl.yml b/roles/config/tasks/sysctl.yml similarity index 67% rename from roles/etc/tasks/sysctl.yml rename to roles/config/tasks/sysctl.yml index c162a92..eb495f7 100644 --- a/roles/etc/tasks/sysctl.yml +++ b/roles/config/tasks/sysctl.yml @@ -1,5 +1,5 @@ --- -- name: Configure sysctl +- name: "sysctl: Change settings" ansible.posix.sysctl: name: "{{ item.key }}" value: "{{ item.value.value }}" @@ -7,4 +7,4 @@ sysctl_file: "/etc/sysctl.d/100-custom.conf" sysctl_set: yes become: yes - loop: "{{ lookup('dict', etc_sysctl_params, wantlist=True) }}" + loop: "{{ lookup('dict', config_sysctl_params, wantlist=True) }}" diff --git a/roles/etc/tasks/users.yml b/roles/config/tasks/users.yml similarity index 52% rename from roles/etc/tasks/users.yml rename to roles/config/tasks/users.yml index 6ad87c9..290fcdc 100644 --- a/roles/etc/tasks/users.yml +++ b/roles/config/tasks/users.yml @@ -1,7 +1,7 @@ --- -- name: Update users +- name: "config: Update user shell" ansible.builtin.user: name: "{{ item.key }}" shell: "{{ item.value.shell }}" become: yes - loop: "{{ lookup('dict', users, wantlist=True) }}" + loop: "{{ lookup('dict', config_users, wantlist=True) }}" diff --git a/roles/etc/defaults/main.yml b/roles/etc/defaults/main.yml deleted file mode 100644 index 493b202..0000000 --- a/roles/etc/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -etc_set_hostname: true -etc_enable_BLSCFG: true -etc_update_users: true -etc_enable_NTS: true -etc_enable_fwupd_refresh: true -etc_configure_firewalld: true -etc_configure_sysctl: true -etc_configure_fstab: true -etc_configure_btrfs: false diff --git a/roles/etc/handlers/main.yml b/roles/etc/handlers/main.yml deleted file mode 100644 index 506cdc5..0000000 --- a/roles/etc/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -- name: Restart chronyd - ansible.builtin.systemd: - name: chronyd - state: restarted - enabled: yes - become: yes diff --git a/roles/etc/tasks/btrfs.yml b/roles/etc/tasks/btrfs.yml deleted file mode 100644 index 3084dba..0000000 --- a/roles/etc/tasks/btrfs.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# TODO: snapper, btrfsmaintainance diff --git a/roles/etc/tasks/firewalld.yml b/roles/etc/tasks/firewalld.yml deleted file mode 100644 index 95e850b..0000000 --- a/roles/etc/tasks/firewalld.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Configure firewalld - ansible.posix.firewalld: - service: "{{ item.key }}" - zone: "{{ item.value.zone }}" - state: "{{ item.value.state }}" - immediate: yes - permanent: yes - become: yes - loop: "{{ lookup('dict', etc_firewalld, wantlist=True) }}" diff --git a/roles/etc/tasks/main.yml b/roles/etc/tasks/main.yml deleted file mode 100644 index d7f1111..0000000 --- a/roles/etc/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Set hostname - ansible.builtin.hostname: - name: "{{ etc_hostname }}" - use: systemd - become: yes - when: etc_set_hostname | bool - -- name: Enable fwupd-refresh timer - ansible.builtin.systemd: - name: fwupd-refresh.timer - state: started - enabled: yes - become: yes - when: etc_enable_fwupd_refresh | bool - -- name: Include users.yml - ansible.builtin.include: users.yml - when: etc_update_users | bool - -- name: Include blscfg.yml - ansible.builtin.include: blscfg.yml - when: etc_enable_BLSCFG | bool - -- name: Include nts.yml - ansible.builtin.include: nts.yml - when: etc_enable_NTS | bool - -- name: Include firewalld.yml - ansible.builtin.include: firewalld.yml - when: etc_configure_firewalld | bool - -- name: Include sysctl.yml - ansible.builtin.include: sysctl.yml - when: etc_configure_sysctl | bool - -- name: Include btrfs.yml - ansible.builtin.include: btrfs.yml - when: etc_configure_btrfs | bool -- name: Include fstab.yml - ansible.builtin.include: fstab.yml - when: etc_configure_fstab | bool diff --git a/roles/etc/tasks/nts.yml b/roles/etc/tasks/nts.yml deleted file mode 100644 index af4ecd6..0000000 --- a/roles/etc/tasks/nts.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Enable NTS - ansible.builtin.template: - src: chrony.conf.j2 - dest: /etc/chrony.conf - become: yes - notify: Restart chronyd diff --git a/roles/etc/templates/chrony.conf.j2 b/roles/etc/templates/chrony.conf.j2 deleted file mode 100644 index f67c814..0000000 --- a/roles/etc/templates/chrony.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# {{ ansible_managed }} - -# These servers were defined in the installation: -server time.cloudflare.com iburst nts - -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (https://www.pool.ntp.org/join.html). - -# Use NTP servers from DHCP. -#sourcedir /run/chrony-dhcp - -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Allow the system clock to be stepped in the first three updates -# if its offset is larger than 1 second. -makestep 1.0 3 - -# Enable kernel synchronization of the real-time clock (RTC). -rtcsync - -# Enable hardware timestamping on all interfaces that support it. -#hwtimestamp * - -# Increase the minimum number of selectable sources required to adjust -# the system clock. -#minsources 2 - -# Allow NTP client access from local network. -#allow 192.168.0.0/16 - -# Serve time even if not synchronized to a time source. -#local stratum 10 - -# Require authentication (nts or key option) for all NTP sources. -#authselectmode require - -# Specify file containing keys for NTP authentication. -keyfile /etc/chrony.keys - -# Save NTS keys and cookies. -ntsdumpdir /var/lib/chrony - -# Insert/delete leap seconds by slewing instead of stepping. -#leapsecmode slew - -# Get TAI-UTC offset and leap seconds from the system tz database. -leapsectz right/UTC - -# Specify directory for log files. -logdir /var/log/chrony - -# Select which information is logged. -#log measurements statistics tracking diff --git a/roles/flatpak/defaults/main.yml b/roles/flatpak/defaults/main.yml deleted file mode 100644 index fd395ba..0000000 --- a/roles/flatpak/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -flatpak_configure_remotes: true -flatpak_alter_flatpaks: true -flatpak_automatic_updates: true diff --git a/roles/flatpak/tasks/flatpaks.yml b/roles/flatpak/tasks/flatpaks.yml deleted file mode 100644 index 3d53ca3..0000000 --- a/roles/flatpak/tasks/flatpaks.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Merge Flatpaks and overwrites - set_fact: - flatpak_flatpaks: '{{ flatpak_flatpaks | combine(flatpak_flatpaks_overwrite) }}' - when: flatpak_flatpaks_overwrite | default() - -- name: Add/remove Flatpaks - community.general.flatpak: - name: "{{ item.key }}" - state: "{{ item.value.state }}" - remote: "{{ item.value.remote }}" - loop: "{{ lookup('dict', flatpak_flatpaks, wantlist=True) }}" diff --git a/roles/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml deleted file mode 100644 index 969e622..0000000 --- a/roles/flatpak/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: Include remotes.yml - ansible.builtin.include: remotes.yml - when: flatpak_configure_remotes | bool - -- name: Include flatpaks.yml - ansible.builtin.include: flatpaks.yml - when: flatpak_alter_flatpaks | bool - -# https://github.com/flatpak/flatpak/issues/3847#issuecomment-818532856 -- name: Enable flatpak Automatic Update - block: - - name: Place systemd service and timer - ansible.builtin.template: - src: "{{ item }}" - dest: "/etc/systemd/system/{{ item | regex_replace('.j2', '') }}" - owner: root - group: root - mode: '0644' - become: yes - with_items: - - flatpak-automatic.service.j2 - - flatpak-automatic.timer.j2 - when: flatpak_automatic_updates | bool - - - name: Enable systemd timer - ansible.builtin.systemd: - name: flatpak-automatic.timer - state: started - enabled: yes - daemon_reload: yes - become: yes - when: flatpak_automatic_updates | bool - - - name: Update Flatpaks - ansible.builtin.command: - cmd: flatpak update -y - when: flatpak_automatic_updates | bool - -- name: Disable flatpak Automatic Update - block: - - name: Disable systemd timer - ansible.builtin.systemd: - name: flatpak-automatic.timer - state: stopped - enabled: no - become: yes - when: not flatpak_automatic_updates | bool - - - name: Remove systemd service and timer - ansible.builtin.file: - path: "/etc/systemd/system/{{ item }}" - state: absent - become: yes - with_items: - - flatpak-automatic.service - - flatpak-automatic.timer - when: not flatpak_automatic_updates | bool diff --git a/roles/flatpak/tasks/remotes.yml b/roles/flatpak/tasks/remotes.yml deleted file mode 100644 index 090975b..0000000 --- a/roles/flatpak/tasks/remotes.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Merge Flatpak remotes and overwrites - set_fact: - flatpak_remotes: '{{ flatpak_remotes | combine(flatpak_remotes_overwrite) }}' - when: flatpak_remotes_overwrite | default() - -- name: Add/remove Flatpak remotes - community.general.flatpak_remote: - name: "{{ item.key }}" - state: "{{ item.value.state }}" - flatpakrepo_url: "{{ item.value.url }}" - become: true - loop: "{{ lookup('dict', flatpak_remotes, wantlist=True) }}" diff --git a/roles/rpm-ostree/defaults/main.yml b/roles/rpm-ostree/defaults/main.yml index 4f3b2bc..b56e94e 100644 --- a/roles/rpm-ostree/defaults/main.yml +++ b/roles/rpm-ostree/defaults/main.yml @@ -1,10 +1,21 @@ --- -rpm_ostree_base_packages_list: [] # don't delete this -rpm_ostree_layered_packages_removal_list: [] # don't delete this -rpm_ostree_layered_packages_install_list: [] # don't delete this +# these list are only for role internal tasks +# this is needed for constructing a package list +# to vastly reduce installation time +rpm_ostree_layeredPackages_removalList: [] +rpm_ostree_layeredPackages_installList: [] -rpm_ostree_alter_base_packages: true -rpm_ostree_alter_layered_packages: true -rpm_ostree_configure_kargs: true -rpm_ostree_enable_autoupdates: true -rpm_ostree_apply_live: false +rpm_ostree_enable: true +rpm_ostree_autoUpdate: true +rpm_ostree_modifyBasePackages: true +rpm_ostree_modifyLayeredPackages: true +rpm_ostree_modifyKargs: true +rpm_ostree_basePackages: + firefox: + state: absent +rpm_ostree_layeredPackages: + ansible: + state: present +rpm_ostree_kargs: + 'rd.luks.options=discard': + state: present \ No newline at end of file diff --git a/roles/rpm-ostree/handlers/main.yml b/roles/rpm-ostree/handlers/main.yml index 55ca902..1b4b24f 100644 --- a/roles/rpm-ostree/handlers/main.yml +++ b/roles/rpm-ostree/handlers/main.yml @@ -1,17 +1,13 @@ --- -- name: Reload rpm-ostree configuration +- name: "rpm-ostree: Reload rpm-ostree configuration" ansible.builtin.command: cmd: rpm-ostree reload become: yes -- name: Enable rpm-ostree-automatic +- name: "rpm-ostree: Enable timer" ansible.builtin.systemd: name: rpm-ostreed-automatic.timer state: started enabled: yes - become: yes - -- name: Reload systemd units - ansible.builtin.systemd: daemon_reload: yes become: yes diff --git a/roles/rpm-ostree/tasks/main.yml b/roles/rpm-ostree/tasks/main.yml index 2b3ffc9..565b02a 100644 --- a/roles/rpm-ostree/tasks/main.yml +++ b/roles/rpm-ostree/tasks/main.yml @@ -1,120 +1,4 @@ --- -#- name: Create base package list -# set_fact: -# rpm_ostree_base_packages_list: "{{ rpm_ostree_base_packages_list + [item.key] }}" -# loop: "{{ lookup('dict', rpm_ostree_base_packages, wantlist=True) }}" -# when: -# - item.value.state == 'absent' -# - rpm_ostree_alter_base_packages | bool -# -#- name: Remove base packages -# ansible.builtin.shell: -# cmd: rpm-ostree override remove "{{ rpm_ostree_base_packages_list }}" || /bin/true -# register: result -# become: yes -# changed_when: '"Run \"systemctl reboot\" to start a reboot" in result.stdout' -# when: -# - rpm_ostree_alter_base_packages | bool - -- name: Remove base packages - ansible.builtin.shell: - cmd: rpm-ostree override remove "{{ item.key }}" || /bin/true - register: result - become: yes - changed_when: '"Run \"systemctl reboot\" to start a reboot" in result.stdout' - loop: "{{ lookup('dict', rpm_ostree_base_packages, wantlist=True) }}" - when: - - item.value.state == 'absent' - - rpm_ostree_alter_base_packages | bool - -- name: Reset base packages - ansible.builtin.shell: - cmd: rpm-ostree override reset "{{ item.key }}" || /bin/true - register: result - become: yes - changed_when: '"Run \"systemctl reboot\" to start a reboot" in result.stdout' - loop: "{{ lookup('dict', rpm_ostree_base_packages) }}" - when: - - item.value.state == 'present' - - rpm_ostree_alter_base_packages | bool - -- name: Merge kernel params and overwrites - set_fact: - rpm_ostree_kargs: '{{ rpm_ostree_kargs | combine(rpm_ostree_kargs_overwrite) }}' - when: rpm_ostree_kargs_overwrite | default() - -- name: Set kernel parameters - ansible.builtin.command: - cmd: rpm-ostree kargs --append-if-missing="{{ item.key }}" - register: result - become: yes - changed_when: '"Kernel arguments updated" in result.stdout' - loop: "{{ lookup('dict', rpm_ostree_kargs, wantlist=True) }}" - when: - - item.value.state == 'present' - - rpm_ostree_configure_kargs | bool - -- name: Remove kernel parameters - ansible.builtin.command: - cmd: rpm-ostree kargs --delete-if-present="{{ item.key }}" - register: result - become: yes - changed_when: '"Kernel arguments updated" in result.stdout' - loop: "{{ lookup('dict', rpm_ostree_kargs, wantlist=True) }}" - when: - - item.value.state == 'absent' - - rpm_ostree_configure_kargs | bool - -- name: Enable autostaging and autoupdates - ansible.builtin.replace: - path: /etc/rpm-ostreed.conf - regexp: '^#AutomaticUpdatePolicy=none' - replace: 'AutomaticUpdatePolicy=stage' - become: yes - notify: - - Reload rpm-ostree configuration - - Enable rpm-ostree-automatic - when: rpm_ostree_enable_autoupdates | bool - -- name: Merge layered packages and overwrites - set_fact: - rpm_ostree_layered_packages: '{{ rpm_ostree_layered_packages | combine(rpm_ostree_layered_packages_overwrite) }}' - when: rpm_ostree_layered_packages_overwrite | default() - -- name: Create layered package list for removal - set_fact: - rpm_ostree_layered_packages_removal_list: "{{ rpm_ostree_layered_packages_removal_list + [item.key] }}" - loop: "{{ lookup('dict', rpm_ostree_layered_packages, wantlist=True) }}" - when: - - item.value.state == 'absent' - - rpm_ostree_alter_layered_packages | bool - -- name: Remove layered packages - community.general.rpm_ostree_pkg: - name: "{{ rpm_ostree_layered_packages_removal_list }}" - state: "absent" - become: yes - ignore_errors: yes - when: rpm_ostree_alter_layered_packages | bool - -- name: Create layered package list for installation - set_fact: - rpm_ostree_layered_packages_install_list: "{{ rpm_ostree_layered_packages_install_list + [item.key] }}" - loop: "{{ lookup('dict', rpm_ostree_layered_packages, wantlist=True) }}" - when: - - item.value.state == 'present' - - rpm_ostree_alter_layered_packages | bool - -- name: Install layered packages - community.general.rpm_ostree_pkg: - name: "{{ rpm_ostree_layered_packages_install_list }}" - state: "present" - become: yes - ignore_errors: yes - when: rpm_ostree_alter_layered_packages | bool - -- name: Apply-live - ansible.builtin.command: - cmd: rpm-ostree ex apply-live - become: yes - when: rpm_ostree_apply_live | bool +- name: Include rpm-ostree + ansible.builtin.include: rpm-ostree.yml + when: rpm_ostree_enable | bool \ No newline at end of file diff --git a/roles/rpm-ostree/tasks/rpm-ostree.yml b/roles/rpm-ostree/tasks/rpm-ostree.yml new file mode 100644 index 0000000..37e2325 --- /dev/null +++ b/roles/rpm-ostree/tasks/rpm-ostree.yml @@ -0,0 +1,107 @@ +--- +- name: "rpm-ostree: Enable autoUpdate" + ansible.builtin.replace: + path: /etc/rpm-ostreed.conf + regexp: '^#AutomaticUpdatePolicy=none' + replace: 'AutomaticUpdatePolicy=stage' + become: yes + notify: + - "rpm-ostree: Reload rpm-ostree configuration" + - "rpm-ostree: Enable timer" + when: + - rpm_ostree_autoUpdate | bool + +# kernel params +- name: "rpm-ostree: Merge kargs with overrides" + set_fact: + rpm_ostree_kargs: '{{ rpm_ostree_kargs | combine(rpm_ostree_kargs_overrides) }}' + when: + - rpm_ostree_kargs_overrides | default() + - rpm_ostree_modifyKargs | bool + +- name: "rpm-ostree: Set kargs" + ansible.builtin.command: + cmd: rpm-ostree kargs --append-if-missing="{{ item.key }}" + register: result + become: yes + changed_when: '"Kernel arguments updated" in result.stdout' + loop: "{{ lookup('dict', rpm_ostree_kargs, wantlist=True) }}" + when: + - item.value.state == 'present' + - rpm_ostree_modifyKargs | bool + +- name: "rpm-ostree: Remove kargs" + ansible.builtin.command: + cmd: rpm-ostree kargs --delete-if-present="{{ item.key }}" + register: result + become: yes + changed_when: '"Kernel arguments updated" in result.stdout' + loop: "{{ lookup('dict', rpm_ostree_kargs, wantlist=True) }}" + when: + - item.value.state == 'absent' + - rpm_ostree_modifyKargs | bool + +# base packages +- name: "rpm-ostree: Remove basePackages" + ansible.builtin.shell: + cmd: rpm-ostree overrides remove "{{ item.key }}" || /bin/true + register: result + become: yes + changed_when: '"Run \"systemctl reboot\" to start a reboot" in result.stdout' + loop: "{{ lookup('dict', rpm_ostree_basePackages, wantlist=True) }}" + when: + - item.value.state == 'absent' + - rpm_ostree_modifyBasePackages | bool + +- name: "rpm-ostree: Reset basePackages" + ansible.builtin.shell: + cmd: rpm-ostree overrides reset "{{ item.key }}" || /bin/true + register: result + become: yes + changed_when: '"Run \"systemctl reboot\" to start a reboot" in result.stdout' + loop: "{{ lookup('dict', rpm_ostree_basePackages) }}" + when: + - item.value.state == 'present' + - rpm_ostree_modifyBasePackages | bool + +# layered packages +- name: "rpm-ostree: Merge layeredPackages with overrides" + set_fact: + rpm_ostree_layeredPackages: '{{ rpm_ostree_layeredPackages | combine(rpm_ostree_layeredPackages_overrides) }}' + when: + - rpm_ostree_layeredPackages_overrides | default() + - rpm_ostree_modifyLayeredPackages | bool + +- name: "rpm-ostree: Create removalList" + set_fact: + rpm_ostree_layeredPackages_removalList: "{{ rpm_ostree_layeredPackages_removalList + [item.key] }}" + loop: "{{ lookup('dict', rpm_ostree_layeredPackages, wantlist=True) }}" + when: + - item.value.state == 'absent' + - rpm_ostree_modifyLayeredPackages | bool + +- name: "rpm-ostree: Remove layeredPackages" + community.general.rpm_ostree_pkg: + name: "{{ rpm_ostree_layeredPackages_removalList }}" + state: "absent" + become: yes + ignore_errors: yes + when: + - rpm_ostree_modifyLayeredPackages | bool + +- name: "rpm-ostree: Create installList" + set_fact: + rpm_ostree_layeredPackages_installList: "{{ rpm_ostree_layeredPackages_installList + [item.key] }}" + loop: "{{ lookup('dict', rpm_ostree_layeredPackages, wantlist=True) }}" + when: + - item.value.state == 'present' + - rpm_ostree_modifyLayeredPackages | bool + +- name: "rpm-ostree: Install layeredPackages" + community.general.rpm_ostree_pkg: + name: "{{ rpm_ostree_layeredPackages_installList }}" + state: "present" + become: yes + ignore_errors: yes + when: + - rpm_ostree_modifyLayeredPackages | bool diff --git a/roles/services/defaults/main.yml b/roles/services/defaults/main.yml new file mode 100644 index 0000000..6df4527 --- /dev/null +++ b/roles/services/defaults/main.yml @@ -0,0 +1,44 @@ +--- +# this is necessary for setting up everything in one run +# otherwise the computers needs to be rebooted and the playbook +# needs to be re-run +services_rpm_ostree_applyLive: true + +services_libvirtd_enable: true +services_libvirtd_packages: + - virt-manager + - libvirt-client + +services_chrony_enableNTS: true +services_chrony_servers: + #- time.cloudflare.com + - nts.sth1.ntp.se + - nts.sth2.ntp.se + +services_snapper_enable: true +services_snapper_configs: + home: + allow_users: "" + allow_groups: "" + keep_hourly: "120" + keep_daily: "30" + keep_weekly: "0" + keep_monthly: "0" + keep_yearly: "0" + subvolume: "/home" + +services_flatpak_enable: true +services_flatpak_autoUpdate: true +services_flatpak_setRemotes: true +services_flatpak_installFlatpaks: true +services_flatpak_remotes: + flathub: + state: present + url: https://flathub.org/repo/flathub.flatpakrepo + fedora: + state: present + url: oci+https://registry.fedoraproject.org +services_flatpak_packages: + org.mozilla.firefox: + state: present + remote: flathub diff --git a/roles/services/handlers/main.yml b/roles/services/handlers/main.yml new file mode 100644 index 0000000..46fec91 --- /dev/null +++ b/roles/services/handlers/main.yml @@ -0,0 +1,38 @@ +--- +- name: "services: Apply rpm-ostree changes live" + ansible.builtin.command: + cmd: rpm-ostree ex apply-live + become: yes + when: services_rpm_ostree_applyLive | bool + +- name: "chrony: Restart service" + ansible.builtin.systemd: + name: chronyd + state: restarted + enabled: yes + become: yes + +- name: "snapper: Enable timers" + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - snapper-cleanup.timer + - snapper-timeline.timer + become: yes + +- name: "libvirtd: Enable service" + ansible.builtin.systemd: + name: libvirt.service + state: started + enabled: yes + become: yes + +- name: "flatpak: Enable timer" + ansible.builtin.systemd: + name: flatpak-automatic.timer + state: started + enabled: yes + daemon_reload: yes + become: yes \ No newline at end of file diff --git a/roles/services/tasks/chrony.yml b/roles/services/tasks/chrony.yml new file mode 100644 index 0000000..34d8bc9 --- /dev/null +++ b/roles/services/tasks/chrony.yml @@ -0,0 +1,8 @@ +--- +- name: "chrony: Enable NTS" + ansible.builtin.template: + src: chrony.conf.j2 + dest: /etc/chrony.conf + loop: '{{ services_chrony_servers }}' + become: yes + notify: "chrony: Restart service" diff --git a/roles/services/tasks/flatpak.yml b/roles/services/tasks/flatpak.yml new file mode 100644 index 0000000..fc39262 --- /dev/null +++ b/roles/services/tasks/flatpak.yml @@ -0,0 +1,48 @@ +--- +- name: "flatpak: Merge remotes with overrides" + set_fact: + services_flatpak_remotes: '{{ services_flatpak_remotes | combine(services_flatpak_remotes_overrides) }}' + when: + - services_flatpak_remotes_overrides | default() + - services_flatpak_setRemotes | bool + +- name: "flatpak: Merge packages with overrides" + set_fact: + services_flatpak_packages: '{{ services_flatpak_packages | combine(services_flatpak_packages_overrides) }}' + when: + - services_flatpak_packages_overrides | default() + - services_flatpak_installFlatpaks | bool + +- name: "flatpak: Add/remove remotes" + community.general.flatpak_remote: + name: "{{ item.key }}" + state: "{{ item.value.state }}" + flatpakrepo_url: "{{ item.value.url }}" + become: true + loop: "{{ lookup('dict', services_flatpak_remotes, wantlist=True) }}" + when: + - services_flatpak_setRemotes | bool + +- name: "flatpak: Add/remove packages" + community.general.flatpak: + name: "{{ item.key }}" + state: "{{ item.value.state }}" + remote: "{{ item.value.remote }}" + loop: "{{ lookup('dict', services_flatpak_packages, wantlist=True) }}" + when: + - services_flatpak_installFlatpaks | bool + +# https://github.com/flatpak/flatpak/issues/3847#issuecomment-818532856 +- name: "flatpak: Enable autoUpdate" + ansible.builtin.template: + src: "{{ item }}" + dest: "/etc/systemd/system/{{ item | regex_replace('.j2', '') }}" + owner: root + group: root + mode: '0644' + become: yes + with_items: + - flatpak-automatic.service.j2 + - flatpak-automatic.timer.j2 + when: services_flatpak_autoUpdate | bool + notify: "flatpak: Enable timer" diff --git a/roles/services/tasks/libvirtd.yml b/roles/services/tasks/libvirtd.yml new file mode 100644 index 0000000..d2e4020 --- /dev/null +++ b/roles/services/tasks/libvirtd.yml @@ -0,0 +1,9 @@ +--- +- name: "libvirtd: Install packages" + community.general.rpm_ostree_pkg: + name: "{{ services_libvirtd_packages }}" + state: "present" + become: yes + notify: + - "services: Apply rpm-ostree changes live" + - "libvirtd: Enable service" diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml new file mode 100644 index 0000000..1502738 --- /dev/null +++ b/roles/services/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Include snapper + ansible.builtin.include: snapper.yml + when: services_snapper_enable | bool + +- name: Include libvirtd + ansible.builtin.include: libvirtd.yml + when: services_libvirtd_enable | bool + +- name: Include chrony + ansible.builtin.include: chrony.yml + when: services_chrony_enableNTS | bool + +- name: Include flatpak + ansible.builtin.include: flatpak.yml + when: services_flatpak_enable | bool \ No newline at end of file diff --git a/roles/services/tasks/snapper.yml b/roles/services/tasks/snapper.yml new file mode 100644 index 0000000..a396b96 --- /dev/null +++ b/roles/services/tasks/snapper.yml @@ -0,0 +1,42 @@ +--- +- name: "snapper: Install package" + community.general.rpm_ostree_pkg: + name: snapper + state: "present" + become: yes + notify: + - "services: Apply rpm-ostree changes live" + - "snapper: Enable timers" + +- name: "snapper: Create subvolumes" + ansible.builtin.shell: + cmd: "if [[ ! -d {{ item.value.subvolume }}/.snapshots ]]; then \ + btrfs subvol create {{ item.value.subvolume }}/.snapshots; fi" + with_dict: "{{ services_snapper_configs }}" + become: yes + notify: + - "services: Apply rpm-ostree changes live" + - "snapper: Enable timers" + +- name: "snapper: Create configuration folder" + ansible.builtin.file: + path: /etc/snapper/configs + state: directory + mode: '0755' + become: yes + notify: + - "services: Apply rpm-ostree changes live" + - "snapper: Enable timers" + +- name: "snapper: Place configurations" + ansible.builtin.template: + src: snapper-config.j2 + dest: "/etc/snapper/configs/{{ item.key }}" + owner: root + group: root + mode: '0644' + with_dict: "{{ services_snapper_configs }}" + become: yes + notify: + - "services: Apply rpm-ostree changes live" + - "snapper: Enable timers" diff --git a/roles/services/templates/chrony.conf.j2 b/roles/services/templates/chrony.conf.j2 new file mode 100644 index 0000000..f556d1b --- /dev/null +++ b/roles/services/templates/chrony.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} + +{% for server in services_chrony_servers %} +server {{ server }} iburst nts +{% endfor %} + +driftfile /var/lib/chrony/drift +makestep 1.0 3 +rtcsync +keyfile /etc/chrony.keys +ntsdumpdir /var/lib/chrony +leapsectz right/UTC +logdir /var/log/chrony diff --git a/roles/flatpak/templates/flatpak-automatic.service.j2 b/roles/services/templates/flatpak-automatic.service.j2 similarity index 100% rename from roles/flatpak/templates/flatpak-automatic.service.j2 rename to roles/services/templates/flatpak-automatic.service.j2 diff --git a/roles/flatpak/templates/flatpak-automatic.timer.j2 b/roles/services/templates/flatpak-automatic.timer.j2 similarity index 100% rename from roles/flatpak/templates/flatpak-automatic.timer.j2 rename to roles/services/templates/flatpak-automatic.timer.j2 diff --git a/roles/services/templates/snapper-config.j2 b/roles/services/templates/snapper-config.j2 new file mode 100644 index 0000000..a2e4864 --- /dev/null +++ b/roles/services/templates/snapper-config.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +ALLOW_USERS='{{ item.value.allow_users }}' +ALLOW_GROUPS='{{ item.value.allow_groups }}' +TIMELINE_CREATE=yes +TIMELINE_CLEANUP=yes +TIMELINE_LIMIT_HOURLY="{{ item.value.keep_hourly }}" +TIMELINE_LIMIT_DAILY="{{ item.value.keep_daily }}" +TIMELINE_LIMIT_WEEKLY="{{ item.value.keep_weekly }}" +TIMELINE_LIMIT_MONTHLY="{{ item.value.keep_monthly }}" +TIMELINE_LIMIT_YEARLY="{{ item.value.keep_yearly }}" + +FSTYPE="btrfs" +SUBVOLUME="{{ item.value.subvolume }}" diff --git a/silverblue.yml b/silverblue.yml index 2393cc0..bc4d879 100644 --- a/silverblue.yml +++ b/silverblue.yml @@ -4,6 +4,6 @@ - silverblue connection: "local" roles: - - flatpak - - etc + - config + - services - rpm-ostree