major refactoring

roles/services/defaults/main.yml

@@ -0,0 +1,44 @@
+---
+# this is necessary for setting up everything in one run
+# otherwise the computers needs to be rebooted and the playbook
+# needs to be re-run
+services_rpm_ostree_applyLive: true
+
+services_libvirtd_enable: true
+services_libvirtd_packages:
+  - virt-manager
+  - libvirt-client
+
+services_chrony_enableNTS: true
+services_chrony_servers:
+  #- time.cloudflare.com
+  - nts.sth1.ntp.se
+  - nts.sth2.ntp.se
+
+services_snapper_enable: true
+services_snapper_configs:
+  home:
+    allow_users: ""
+    allow_groups: ""
+    keep_hourly: "120"
+    keep_daily: "30"
+    keep_weekly: "0"
+    keep_monthly: "0"
+    keep_yearly: "0"
+    subvolume: "/home"
+
+services_flatpak_enable: true
+services_flatpak_autoUpdate: true
+services_flatpak_setRemotes: true
+services_flatpak_installFlatpaks: true
+services_flatpak_remotes:
+  flathub:
+    state: present
+    url: https://flathub.org/repo/flathub.flatpakrepo
+  fedora:
+    state: present
+    url: oci+https://registry.fedoraproject.org
+services_flatpak_packages:
+  org.mozilla.firefox:
+    state: present
+    remote: flathub

roles/services/handlers/main.yml

@@ -0,0 +1,38 @@
+---
+- name: "services: Apply rpm-ostree changes live"
+  ansible.builtin.command:
+    cmd: rpm-ostree ex apply-live
+  become: yes
+  when: services_rpm_ostree_applyLive | bool
+
+- name: "chrony: Restart service"
+  ansible.builtin.systemd:
+    name: chronyd
+    state: restarted
+    enabled: yes
+  become: yes
+
+- name: "snapper: Enable timers"
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  with_items:
+    - snapper-cleanup.timer
+    - snapper-timeline.timer
+  become: yes
+
+- name: "libvirtd: Enable service"
+  ansible.builtin.systemd:
+    name: libvirt.service
+    state: started
+    enabled: yes
+  become: yes
+
+- name: "flatpak: Enable timer"
+  ansible.builtin.systemd:
+    name: flatpak-automatic.timer
+    state: started
+    enabled: yes
+    daemon_reload: yes
+  become: yes

roles/services/tasks/chrony.yml

@@ -0,0 +1,8 @@
+---
+- name: "chrony: Enable NTS"
+  ansible.builtin.template:
+    src: chrony.conf.j2
+    dest: /etc/chrony.conf
+  loop: '{{ services_chrony_servers }}'
+  become: yes
+  notify: "chrony: Restart service"

roles/services/tasks/flatpak.yml

@@ -0,0 +1,48 @@
+---
+- name: "flatpak: Merge remotes with overrides"
+  set_fact:
+    services_flatpak_remotes: '{{ services_flatpak_remotes | combine(services_flatpak_remotes_overrides) }}'
+  when:
+    - services_flatpak_remotes_overrides | default()
+    - services_flatpak_setRemotes | bool
+  
+- name: "flatpak: Merge packages with overrides"
+  set_fact:
+    services_flatpak_packages: '{{ services_flatpak_packages | combine(services_flatpak_packages_overrides) }}'
+  when:
+    - services_flatpak_packages_overrides | default()
+    - services_flatpak_installFlatpaks | bool
+
+- name: "flatpak: Add/remove remotes"
+  community.general.flatpak_remote:
+    name: "{{ item.key }}"
+    state: "{{ item.value.state }}"
+    flatpakrepo_url: "{{ item.value.url }}"
+  become: true
+  loop: "{{ lookup('dict', services_flatpak_remotes, wantlist=True) }}"
+  when:
+    - services_flatpak_setRemotes | bool
+
+- name: "flatpak: Add/remove packages"
+  community.general.flatpak:
+    name: "{{ item.key }}"
+    state: "{{ item.value.state }}"
+    remote: "{{ item.value.remote }}"
+  loop: "{{ lookup('dict', services_flatpak_packages, wantlist=True) }}"
+  when:
+    - services_flatpak_installFlatpaks | bool
+
+# https://github.com/flatpak/flatpak/issues/3847#issuecomment-818532856
+- name: "flatpak: Enable autoUpdate"
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item | regex_replace('.j2', '') }}"
+    owner: root
+    group: root
+    mode: '0644'
+  become: yes
+  with_items:
+    - flatpak-automatic.service.j2
+    - flatpak-automatic.timer.j2
+  when: services_flatpak_autoUpdate | bool
+  notify: "flatpak: Enable timer"

roles/services/tasks/libvirtd.yml

@@ -0,0 +1,9 @@
+---
+- name: "libvirtd: Install packages"
+  community.general.rpm_ostree_pkg:
+    name: "{{ services_libvirtd_packages }}"
+    state: "present"
+  become: yes
+  notify:
+    - "services: Apply rpm-ostree changes live"
+    - "libvirtd: Enable service"

roles/services/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Include snapper
+  ansible.builtin.include: snapper.yml
+  when: services_snapper_enable | bool
+
+- name: Include libvirtd
+  ansible.builtin.include: libvirtd.yml
+  when: services_libvirtd_enable | bool
+
+- name: Include chrony
+  ansible.builtin.include: chrony.yml
+  when: services_chrony_enableNTS | bool
+
+- name: Include flatpak
+  ansible.builtin.include: flatpak.yml
+  when: services_flatpak_enable | bool

roles/services/tasks/snapper.yml

@@ -0,0 +1,42 @@
+---
+- name: "snapper: Install package"
+  community.general.rpm_ostree_pkg:
+    name: snapper
+    state: "present"
+  become: yes
+  notify:
+    - "services: Apply rpm-ostree changes live"
+    - "snapper: Enable timers"
+
+- name: "snapper: Create subvolumes"
+  ansible.builtin.shell:
+    cmd: "if [[ ! -d {{ item.value.subvolume }}/.snapshots ]]; then \
+     btrfs subvol create {{ item.value.subvolume }}/.snapshots; fi"
+  with_dict: "{{ services_snapper_configs }}"
+  become: yes
+  notify:
+    - "services: Apply rpm-ostree changes live"
+    - "snapper: Enable timers"
+
+- name: "snapper: Create configuration folder"
+  ansible.builtin.file:
+    path: /etc/snapper/configs
+    state: directory
+    mode: '0755'
+  become: yes
+  notify:
+    - "services: Apply rpm-ostree changes live"
+    - "snapper: Enable timers"
+
+- name: "snapper: Place configurations"
+  ansible.builtin.template:
+    src: snapper-config.j2
+    dest: "/etc/snapper/configs/{{ item.key }}"
+    owner: root
+    group: root
+    mode: '0644'
+  with_dict: "{{ services_snapper_configs }}"
+  become: yes
+  notify:
+    - "services: Apply rpm-ostree changes live"
+    - "snapper: Enable timers"

roles/services/templates/chrony.conf.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+
+{% for server in services_chrony_servers %}
+server {{ server }} iburst nts
+{% endfor %}
+
+driftfile /var/lib/chrony/drift
+makestep 1.0 3
+rtcsync
+keyfile /etc/chrony.keys
+ntsdumpdir /var/lib/chrony
+leapsectz right/UTC
+logdir /var/log/chrony

roles/services/templates/flatpak-automatic.service.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=flatpak Automatic Update
+Documentation=man:flatpak(1)
+
+[Service]
+Environment='DISPLAY={{ ansible_facts["env"]["DISPLAY"] }}'
+Environment='DBUS_SESSION_BUS_ADDRESS={{ ansible_facts["env"]["DBUS_SESSION_BUS_ADDRESS"] }}'
+Type=simple
+ExecStartPre=nm-online
+ExecStart=/usr/bin/flatpak update -y

roles/services/templates/flatpak-automatic.timer.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=flatpak Automatic Update Trigger
+Documentation=man:flatpak(1)
+
+[Timer]
+OnBootSec=3m
+OnCalendar=*-*-* *:00:00
+
+[Install]
+WantedBy=timers.target

roles/services/templates/snapper-config.j2

@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+
+ALLOW_USERS='{{ item.value.allow_users }}'
+ALLOW_GROUPS='{{ item.value.allow_groups }}'
+TIMELINE_CREATE=yes
+TIMELINE_CLEANUP=yes
+TIMELINE_LIMIT_HOURLY="{{ item.value.keep_hourly }}"
+TIMELINE_LIMIT_DAILY="{{ item.value.keep_daily }}"
+TIMELINE_LIMIT_WEEKLY="{{ item.value.keep_weekly }}"
+TIMELINE_LIMIT_MONTHLY="{{ item.value.keep_monthly }}"
+TIMELINE_LIMIT_YEARLY="{{ item.value.keep_yearly }}"
+
+FSTYPE="btrfs"
+SUBVOLUME="{{ item.value.subvolume }}"