jonathan/ansible
jonathan/ansible
1
0
Fork 0
Code Issues Pull requests Projects Wiki Activity Actions

Checkpoint

Browse source
This commit is contained in:
Jonathan Cremin 2024-02-02 15:40:15 +00:00
parent c501435876
commit 6f5266b63d
42 changed files with 652 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -7,3 +7,8 @@
* Fix Nvidia sleep `sudo systemctl enable nvidia-{suspend,resume,hibernate}`
* Write grub kernel params if needed `sudo grub2-mkconfig -o "$(readlink -e /etc/grub2.cfg)"`
* Activate tailscale
* Zoom needs `enableAlphaBuffer=false` in `~/.config/zoomus.conf`
* fstab needs `UUID=EC77-5380 /mnt/Beta exfat defaults,uid=jonathan 0 0` and `/home/jonathan/.steam/steam/steamapps/compatdata /mnt/Beta/SteamLibrary/steamapps/compatdata none defaults,bind,x-systemd.requires-mounts-for=/mnt/Beta 0 0`
* Need to install and configure Coolero
* Configure startup apps in Gnome Tweaks
* sudo grub-reboot "$(grep -i windows /boot/grub/grub.cfg|cut -d"'" -f2)"

6
desktop.yml
View file

@ -10,8 +10,8 @@
- { role: docker, tags: [ 'docker' ] }
- { role: globalprotect, tags: [ 'globalprotect'] }
- { role: tailscale, tags: [ 'tailscale'] }
- { role: scream, tags: [ 'scream'] }
- { role: virtualhere, tags: [ 'virtualhere'] }
- { role: devdeck, tags: [ 'devdeck'] }
- { role: syncthing, tags: [ 'syncthing' ] }
- { role: xbox, tags: [ 'xbox' ] }
- { role: nvidia, tags: [ 'nvidia' ] }
- { role: howdy, tags: [ 'howdy' ] }
- { role: oversteer, tags: [ 'oversteer' ] }

1
host_vars/desktop
View file

@ -14,3 +14,4 @@ virtualhere_license: !vault |
32326539646336663235353164623461353537303533626637363838653732623333373561303466
61333534316436366263646137643864343464303932626236616462373133346538663038376565
3232
video_device: /dev/v4l/by-id/usb-046d_Logi_4K_Stream_Edition_55908139-video-index2

3
host_vars/laptop Normal file
View file

@ -0,0 +1,3 @@
---
video_device: /dev/video2

6
hosts
View file

@ -2,4 +2,8 @@ desktop ansible_connection=local
laptop ansible_connection=local
magnus ansible_host=10.0.1.6
vault ansible_host=10.0.1.123
k8s-1 ansible_host=10.0.1.54
work ansible_connection=local

10
k8s.yml Normal file
View file

@ -0,0 +1,10 @@
---
- hosts: k8s-1
roles:
- { role: base, tags: [ 'base'] }
- { role: server, tags: [ 'server'] }
- { role: users, tags: [ 'users'] }
- { role: ssh, tags: [ 'ssh'] }
- { role: kubernetes, tags: [ 'kubernetes'] }
- { role: tailscale, tags: [ 'tailscale'] }

6
laptop.yml
View file

@ -1,6 +1,6 @@
---
- hosts: desktop
- hosts: laptop
roles:
- { role: base, tags: [ 'base' ] }
- { role: desktop, tags: [ 'desktop' ] }
@ -10,9 +10,7 @@
- { role: docker, tags: [ 'docker' ] }
- { role: globalprotect, tags: [ 'globalprotect' ] }
- { role: tailscale, tags: [ 'tailscale' ] }
- { role: scream, tags: [ 'scream' ] }
- { role: virtualhere, tags: [ 'virtualhere' ] }
# - { role: howdy, tags: [ 'howdy' ] }
- { role: howdy, tags: [ 'howdy' ] }
- { role: nvidia, tags: [ 'nvidia' ] }
- { role: syncthing, tags: [ 'syncthing' ] }
- { role: openrazer, tags: [ 'openrazer' ] }

9
nano.yml Normal file
View file

@ -0,0 +1,9 @@
---
- hosts: nano
roles:
- { role: base, tags: [ 'base'] }
- { role: users, tags: [ 'users'] }
- { role: ssh, tags: [ 'ssh'] }
- { role: docker, tags: [ 'docker' ] }

1
roles/base/defaults/main.yml
View file

@ -6,3 +6,4 @@ btop_version: "1.0.22"
kind_version: "v0.11.1"
kubectl_version: "v1.23.3"
kompose_version: "v1.26.0"
minikube_version: "v1.29.0"

13
roles/base/files/boost.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Enable AMD boost
Before=basic.target
After=local-fs.target sysinit.target
DefaultDependencies=no
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo 1 > /sys/devices/system/cpu/cpufreq/boost"
[Install]
WantedBy=basic.target

8
roles/base/handlers/main.yml Normal file
View file

@ -0,0 +1,8 @@
---
- name: enable boost
systemd:
name: boost
enabled: yes
state: started
become: yes

79
roles/base/tasks/main.yml
View file

@ -1,5 +1,22 @@
---
- name: Add boost service for AMD 4800U
copy:
src: boost.service
mode: "0644"
dest: /lib/systemd/system/boost.service
when: ansible_processor[2] == "AMD Ryzen 7 4800U with Radeon Graphics"
notify: enable boost
become: yes
- name: Disable SELinux because it's a nightmare with Podman
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
become: yes
- name: Install rpmfusion-free
dnf:
name: "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm"
@ -25,6 +42,8 @@
dnf:
name:
- kernel-tools
- inotify-tools
- btop
- sysbench
- exa
- iperf3
@ -33,9 +52,9 @@
- make
- direnv
- ncdu
- restic
- powertop
- tmux
- btop
- htop
- openssh-server
- curl
@ -81,69 +100,37 @@
dest: ~/.local/bin/mkcert
mode: 0755
- name: Fetch gh-cli repo
get_url:
url: https://cli.github.com/packages/rpm/gh-cli.repo
dest: /etc/yum.repos.d/gh-cli.repo
mode: 0644
become: yes
- name: Fetch kind binary
get_url:
url: "https://kind.sigs.k8s.io/dl/{{ kind_version }}/kind-linux-amd64"
dest: ~/.local/bin/kind
mode: 0755
- name: Fetch kubectl binary
get_url:
url: "https://dl.k8s.io/release/{{ kubectl_version }}/bin/linux/amd64/kubectl"
dest: ~/.local/bin/kubectl
mode: 0755
- name: Fetch kompose binary
get_url:
url: "https://github.com/kubernetes/kompose/releases/download/{{ kompose_version }}/kompose-linux-amd64"
dest: ~/.local/bin/kompose
mode: 0755
- name: Fetch minikube binary
get_url:
url: "https://github.com/kubernetes/minikube/releases/download/{{ minikube_version }}/minikube-linux-amd64"
dest: ~/.local/bin/minikube
mode: 0755
- name: Fetch gh-cli repo
get_url:
url: https://cli.github.com/packages/rpm/gh-cli.repo
dest: /etc/yum.repos.d/gh-cli.repo
mode: 0644
become: yes
- name: Install gh-cli
dnf:
name: gh
state: present
become: yes
- name: create ~/.local/share/btop/themes
file:
path: ~/.local/share/btop/themes
state: directory
mode: '0755'
- name: Fetch btop tarball and extract to ~/.local
unarchive:
src: https://github.com/aristocratos/btop/releases/download/v{{ btop_version }}/btop-{{ btop_version }}-x86_64-linux-musl.tbz
dest: ~/.local/
remote_src: yes
exclude:
- CHANGES.md
- install.sh
- LICENSE
- Makefile
- README.md
- setuid.sh
- uninstall.sh
creates: ~/.local/bin/btop
- name: Move btop themes to correct path
copy:
src: ~/.local/themes
dest: ~/.local/share/btop/
remote_src: yes
- name: pip install yt-dlp
pip:
name: yt-dlp
state: present
- name: Enable copr project varlad/onefetch
community.general.copr:
name: varlad/onefetch

5
roles/desktop/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
zoom_version: "5.17.5.2543"
fx_cast_version: "v0.3.0"
open_audible_version: "3.9.6"

1
roles/desktop/files/100-mount-steam-proton.rules Normal file
View file

@ -0,0 +1 @@
ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55ae", RUN+="/usr/bin/setsid /home/jonathan/.bin/exfat-proton-mount"

13
roles/desktop/files/hashicorp.repo Normal file
View file

@ -0,0 +1,13 @@
[hashicorp]
name=Hashicorp Stable - $basearch
baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://rpm.releases.hashicorp.com/gpg
[hashicorp-test]
name=Hashicorp Test - $basearch
baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://rpm.releases.hashicorp.com/gpg

4
roles/desktop/files/rpm.librewolf.net.repo
View file

@ -1,4 +0,0 @@
[rpm.librewolf.net]
name=Librewolf
baseurl=https://rpm.librewolf.net
enabled=1

13
roles/desktop/handlers/main.yml
View file

@ -17,3 +17,16 @@
enabled: yes
state: started
become: yes
- name: enable systemd proton mount
systemd:
name: proton.mount
enabled: yes
state: started
become: yes
- name: reload udev
service:
name: udev
state: reloaded
become: yes

67
roles/desktop/tasks/main.yml
View file

@ -1,27 +1,10 @@
---
- name: Add boost service for AMD 4800U
copy:
src: boost.service
mode: "0644"
dest: /lib/systemd/system/boost.service
when: ansible_processor[2] == "AMD Ryzen 7 4800U with Radeon Graphics"
notify: enable boost
become: yes
- name: Disable SELinux because it's a nightmare with Podman
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
become: yes
- name: Import dnf keys
rpm_key:
state: present
key: '{{ item }}'
loop:
- https://packagecloud.io/gpg.key
- https://packages.microsoft.com/keys/microsoft.asc
- https://rpm.releases.teleport.dev/RPM-GPG-KEY-teleport
- https://downloads.1password.com/linux/keys/1password.asc
@ -34,23 +17,22 @@
mode: "0644"
dest: '/etc/yum.repos.d/{{ item }}'
loop:
- slack.repo
- vscode.repo
- teleport.repo
- 1password.repo
- rpm.librewolf.net.repo
- hashicorp.repo
become: yes
- name: Install common desktop dnf packages
dnf:
name:
- deja-dup
- liquidctl
- power-profiles-daemon # Adds power settings in gnome-settings-center
- chrome-gnome-shell
- celluloid
- cheese
- geary
- pavucontrol
- gnome-browser-connector
- gnome-shell-extension-appindicator
- gnome-shell-extension-gsconnect
- gnome-nettool
@ -58,18 +40,21 @@
- gnome-calendar
- gnome-clocks
- gnome-tweaks
- bijiben # gnome notes
- tilix
- nodejs
- mpv
- steam
- ffmpeg
- slack
- 1password
- code
- teleport
- librewolf
- mangohud
- solaar
- terraform
- adobe-source-sans-pro-fonts
- v4l-utils
- v4l2loopback
- akmod-v4l2loopback
enablerepo:
- rpmfusion-free
- rpmfusion-nonfree-steam
@ -86,45 +71,33 @@
- name: Install flatpaks from flathub
flatpak:
name:
- com.gigitux.youp
- com.discordapp.Discord
- im.riot.Riot
- org.telegram.desktop
- com.plexamp.Plexamp
- nl.g4d.Girens
- tech.feliciano.pocket-casts
- org.gnome.TextEditor
- com.mattjakeman.ExtensionManager
- md.obsidian.Obsidian
- org.pipewire.Helvum
- com.github.tchx84.Flatseal
- com.github.maoschanz.drawing
- com.belmoussaoui.Obfuscate
- de.haeckerfelix.Fragments
- org.gnome.World.PikaBackup
- org.pitivi.Pitivi
- rest.insomnia.Insomnia
- io.dbeaver.DBeaverCommunity
state: present
remote: flathub
method: user
- name: Add the knapsu flatpak repository remote to the user installation
flatpak_remote:
name: knapsu
state: present
flatpakrepo_url: https://flatpak.knapsu.eu/plex-media-player.flatpakrepo
method: user
- name: Install flatpaks from knapsu
flatpak:
name:
- tv.plex.PlexMediaPlayer
state: present
remote: knapsu
method: user
- name: Install remote rpms
dnf:
name:
- https://cdn.zoom.us/prod/v5.10.4/zoom_x86_64.rpm
- https://github.com/hensm/fx_cast/releases/download/v0.2.0/fx_cast_bridge-0.2.0-x64.rpm
- https://github.com/Kong/insomnia/releases/download/core%402021.5.3/Insomnia.Core-2021.5.3.rpm
- https://github.com/openaudible/openaudible/releases/download/v3.4.3/OpenAudible_3.4.3_x86_64.rpm
- https://github.com/Mastermindzh/tidal-hifi/releases/download/2.7.1/tidal-hifi-2.7.1.x86_64.rpm
- https://github.com/iongion/podman-desktop-companion/releases/download/4.0.3-rc.2/podman-desktop-companion-x86_64-4.0.3-rc.2.rpm
- "https://cdn.zoom.us/prod/{{ zoom_version }}/zoom_x86_64.rpm"
#- https://github.com/hensm/fx_cast/releases/download/{{ fx_cast_version }}/fx_cast_bridge-{{ fx_cast_version }}-x64.rpm
#- https://github.com/openaudible/openaudible/releases/download/v{{ open_audible_version }}/OpenAudible_{{ open_audible_version }}_x86_64.rpm
state: present
disable_gpg_check: 1
become: yes

1
roles/docker/tasks/main.yml
View file

@ -11,6 +11,7 @@
systemd:
name: docker
state: started
enabled: true
become: yes
- name: Install docker-compose

24
roles/gnome/defaults/main.yml Normal file
View file

@ -0,0 +1,24 @@
---
keyboard_shortcuts:
- id: 0
command: "'/home/jonathan/.bin/audio-switch Audioengine'"
shortcut: "'<Shift><Control><Alt>1'"
name: "'Audioengine Speakers'"
- id: 1
command: "'/home/jonathan/.bin/audio-switch \"USB Audio Speakers\"'"
shortcut: "'<Shift><Control><Alt>2'"
name: "'Sonos Port'"
- id: 2
command: "'/home/jonathan/.bin/audio-switch arctis'"
shortcut: "'<Shift><Control><Alt>3'"
name: "'Arctis Nova Pro'"
- id: 3
command: "'/home/jonathan/.bin/audio-switch \"USB Audio Front Headphones\"'"
shortcut: "'<Shift><Control><Alt>4'"
name: "'Front Headphones'"
- id: 4
command: "'/home/jonathan/.bin/audio-switch xm5'"
shortcut: "'<Shift><Control><Alt>5'"
name: "'XM5s'"

5
roles/gnome/tasks/main.yml
View file

@ -1,8 +1,5 @@
---
# Run gsettings set org.gnome.shell.extensions.dash-to-dock click-action 'minimize'
# Run gsettings set org.gnome.shell app-picker-layout "[]"
- name: Install gnome-extensions-cli
pip:
name: gnome-extensions-cli
@ -15,9 +12,9 @@
with_items:
- hue-lights@chlumskyvaclav.gmail.com
- espresso@coadmunkee.github.com
- sound-output-device-chooser@kgshank.net
- logomenu@aryan_k
- expandable-notifications@kaan.g.inam.org
- gsconnect@andyholmes.github.io
- bluetooth-quick-connect@bjarosze.gmail.com
- appindicatorsupport@rgcjonas.gmail.com
- gTile@vibou

3
roles/howdy/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
video_device: /dev/video4

34
roles/howdy/tasks/main.yml
View file

@ -1,12 +1,5 @@
---
- name: Install rpmsphere-release
dnf:
name: https://github.com/rpmsphere/noarch/raw/master/r/rpmsphere-release-{{ ansible_distribution_major_version }}.noarch.rpm
state: present
disable_gpg_check: 1
become: yes
- name: Install dlib
dnf:
name:
@ -15,10 +8,10 @@
state: present
become: yes
- name: Enable copr project howdy
- name: Enable copr principis/howdy
community.general.copr:
name: luya/howdy
state: disabled
name: principis/howdy
state: enabled
become: yes
- name: Install howdy
@ -26,3 +19,24 @@
name: howdy
state: present
become: yes
- name: Configure video device for Howdy
replace:
path: /lib64/security/howdy/config.ini
regexp: '(^device_path\s=\s)(.*)$'
replace: '\1{{ video_device }}'
backup: yes
become: yes
- name: Configure Howdy for sudo
ansible.builtin.lineinfile:
path: /etc/pam.d/sudo
line: "auth sufficient pam_python.so /lib64/security/howdy/pam.py"
become: yes
- name: Configure Howdy for Gnome login
ansible.builtin.lineinfile:
path: /etc/pam.d/gdm-password
insertafter: 'pam_selinux_permit.so'
line: "auth sufficient pam_python.so /lib64/security/howdy/pam.py"
become: yes

0
roles/kubernetes/defaults/main.yml Normal file
View file

16
roles/kubernetes/files/containerd-config.toml Normal file
View file

@ -0,0 +1,16 @@
version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".containerd]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/usr/libexec/cni/"
conf_dir = "/etc/cni/net.d"
[plugins."io.containerd.internal.v1.opt"]
path = "/var/lib/containerd/opt"

7
roles/kubernetes/files/kubernetes.repo Normal file
View file

@ -0,0 +1,7 @@
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl

2
roles/kubernetes/files/modules-load-d-k8s.conf Normal file
View file

@ -0,0 +1,2 @@
overlay
br_netfilter

3
roles/kubernetes/files/sysctl-d-k8s.conf Normal file
View file

@ -0,0 +1,3 @@
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1

2
roles/kubernetes/handlers/main.yml Normal file
View file

@ -0,0 +1,2 @@
---

39
roles/kubernetes/tasks/main.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Add dnf repo for kubernetes
copy:
src: kubernetes.repo
mode: "0644"
dest: /etc/yum.repos.d/kubernetes.repo
become: yes
- name: Configure containerd for k8s
copy:
src: containerd-config.toml
mode: "0644"
dest: /etc/containerd/config.toml
become: yes
- name: Install kubernetes dnf packages
dnf:
name:
- kubeadm
- kubelet
- kubectl
- containerd
disable_excludes: kubernetes
become: yes
- name: Enable kernel mods for k8s
copy:
src: modules-load-d-k8s.conf
mode: "0644"
dest: /etc/modules-load.d/k8s.conf
become: yes
- name: Set kernel params for k8s
copy:
src: sysctl-d-k8s.conf
mode: "0644"
dest: /etc/sysctl.d/k8s.conf
become: yes

40
roles/nvidia/tasks/main.yml
View file

@ -5,3 +5,43 @@
name:
- xorg-x11-drv-nvidia-cuda
become: yes
- name: Install nvtop dependencies
dnf:
name:
- libdrm-devel
- ncurses-devel
- cmake
- gcc-c++
become: yes
- name: Clone syllo/nvtop
git:
repo: 'https://github.com/syllo/nvtop.git'
version: master
dest: ~/.cache/syllo-nvtop
- name: Create nvtop build dir
file:
dest: ~/.cache/syllo-nvtop/build
mode: '0755'
state: directory
- name: Cmake the nvtop Makefiles
command:
chdir: ~/.cache/syllo-nvtop/build
cmd: cmake .. -DNVIDIA_SUPPORT=ON
creates: ~/.cache/syllo-nvtop/build/Makefile
- name: Make all the nvtop things
command:
chdir: ~/.cache/syllo-nvtop/build
cmd: make
creates: ~/.cache/syllo-nvtop/build/src/nvtop
- name: make install nvtop
command:
chdir: /home/jonathan/.cache/syllo-nvtop/build
cmd: make install
creates: /usr/local/bin/nvtop
become: yes

38
roles/oversteer/tasks/main.yml Normal file
View file

@ -0,0 +1,38 @@
---
- name: Install dependencies
dnf:
name:
- python3
- python3-distutils-extra
- python3-gobject
- python3-pyudev
- python3-pyxdg
- python3-evdev
- gettext
- meson
- appstream
- desktop-file-utils
- python3-matplotlib-gtk3
- python3-scipy
state: present
become: yes
- name: Clone berarma/oversteer
git:
repo: 'https://github.com/berarma/oversteer.git'
version: master
dest: ~/.cache/berarma-oversteer
- name: meson build
command:
chdir: ~/.cache/berarma-oversteer/
cmd: meson build
creates: ~/.cache/berarma-oversteer/build
- name: ninja install
command:
chdir: /home/jonathan/.cache/berarma-oversteer/build
cmd: ninja install
creates: /usr/local/bin/oversteer
become: yes

46
roles/server/files/smb.conf Normal file
View file

@ -0,0 +1,46 @@
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
# Install samba-usershares package for support
include = /etc/samba/usershares.conf
include = registry
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775

28
roles/server/handlers/main.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: enable nfs-server
service:
name: nfs-server
state: started
enabled: true
become: yes
- name: enable libvirtd
service:
name: libvirtd
state: started
enabled: true
become: yes
- name: enable pmlogger
service:
name: pmlogger
state: started
enabled: true
become: yes
- name: restart smb
service:
name: smb
state: restart
enabled: true
become: yes

60
roles/server/tasks/main.yml Normal file
View file

@ -0,0 +1,60 @@
---
- name: Add gpu packages for intel
dnf:
name:
- intel-media-driver
- libva-utils
- libvdpau-va-gl
- intel-gpu-tools
enablerepo: rpmfusion-free
state: present
when: ansible_processor[2] == "Intel(R) Celeron(R) N5105 @ 2.00GHz"
become: yes
- name: Add server-only packages
dnf:
name:
- sqlite
- cockpit-machines
- cockpit-podman
- cockpit-file-sharing
- nfs-utils
- borgbackup
notify: enable nfs-server
become: yes
- name: Add pcp metric-collection packages
dnf:
name:
- pcp
- pcp-conf
- pcp-libs
- pcp-selinux
notify: enable pmlogger
become: yes
- name: Add libvirt
dnf:
name:
- libvirt
notify: enable libvirtd
become: yes
- name: Update smb.conf for registry
copy:
src: smb.conf
mode: "0644"
dest: /etc/samba/smb.conf
notify: restart smb
become: yes
- name: Increase max user watches
sysctl:
name: fs.inotify.max_user_watches
value: '524288'
sysctl_file: /etc/sysctl.d/max_user_watches.conf
sysctl_set: yes
state: present
reload: yes
become: yes

133
roles/ssh/templates/sshd_config.j2.new Normal file
View file

@ -0,0 +1,133 @@
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# To modify the system-wide sshd configuration, create a *.conf file under
# /etc/ssh/sshd_config.d/ which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

7
roles/steam/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Link proton directories
file:
src: /home/jonathan/.local/share/Steam
dest: ~/.local/bin/firefox-dev
state: link

16
roles/syncthing/tasks/main.yml
View file

@ -27,6 +27,7 @@
- /home/jonathan/Sync
- /home/jonathan/Code
- /home/jonathan/Udemy
- /home/jonathan/Photos
- name: Create and start Syncthing container
@ -38,13 +39,14 @@
PUID: "0"
PGID: "0"
volume:
- /home/jonathan/.config/podman/etc/syncthing:/var/syncthing/config:Z
- /home/jonathan/.config/podman/syncthing/:/var/syncthing:Z
- /home/jonathan/Sync:/home/jonathan/Sync:Z
- /home/jonathan/Code:/home/jonathan/Code:Z
- /home/jonathan/Udemy:/home/jonathan/Udemy:Z
- /home/jonathan/Pictures:/home/jonathan/Pictures:Z
- /home/jonathan/Documents:/home/jonathan/Documents:Z
- /home/jonathan/.config/podman/etc/syncthing:/var/syncthing/config
- /home/jonathan/.config/podman/syncthing/:/var/syncthing
- /home/jonathan/Sync:/home/jonathan/Sync
- /home/jonathan/Code:/home/jonathan/Code
- /home/jonathan/Udemy:/home/jonathan/Udemy
- /home/jonathan/Pictures:/home/jonathan/Pictures
- /home/jonathan/Photos:/home/jonathan/Photos
- /home/jonathan/Documents:/home/jonathan/Documents
network: host
restart_policy: on-failure:5

1
roles/tailscale/tasks/main.yml
View file

@ -4,7 +4,6 @@
command:
cmd: dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/tailscale.repo
creates: /etc/yum.repos.d/tailscale.repo
warn: false
become: yes
- name: Install tailscale

1
roles/xbox/tasks/main.yml
View file

@ -20,3 +20,4 @@
# fi
# do the things in https://github.com/medusalix/xone/blob/master/install.sh

3
server.yml
View file

@ -1,8 +1,9 @@
---
- hosts: magnus
- hosts: vault
roles:
- { role: base, tags: [ 'base'] }
- { role: server, tags: [ 'server'] }
- { role: users, tags: [ 'users'] }
- { role: ssh, tags: [ 'ssh'] }
- { role: docker, tags: [ 'docker'] }

13
work.yml Normal file
View file

@ -0,0 +1,13 @@
---
- hosts: work
roles:
- { role: base, tags: [ 'base'] }
- { role: desktop, tags: [ 'desktop'] }
- { role: gnome, tags: [ 'gnome' ] }
- { role: users, tags: [ 'users'] }
- { role: ssh, tags: [ 'ssh'] }
- { role: docker, tags: [ 'docker' ] }
- { role: globalprotect, tags: [ 'globalprotect'] }
- { role: tailscale, tags: [ 'tailscale'] }
- { role: syncthing, tags: [ 'syncthing' ] }