diff --git a/kudos.yml b/kudos.yml index 9a1efa5..221b1bd 100644 --- a/kudos.yml +++ b/kudos.yml @@ -2,10 +2,12 @@ - hosts: kudos roles: - # - common - # - users - # - docker - # - raid - - network - # - vm - \ No newline at end of file + - { role: common, tags: [ 'common'] } + - { role: users, tags: [ 'users'] } + - { role: streamdeck, tags: [ 'streamdeck'] } + - { role: ssh, tags: [ 'ssh'] } + - { role: docker, tags: [ 'docker'] } + - { role: raid, tags: [ 'raid'] } +# - { role: network, tags: [ 'network'] } + - { role: vm, tags: [ 'vm'] } + - { role: luminance, tags: [ 'luminance'] } \ No newline at end of file diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 6fc481f..d4b8aa3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,86 +2,120 @@ - name: Install common apt packages apt: - name: + name: - zsh - mdadm - direnv + - ncdu + - restic + - powertop - mpv - tmux - htop - - baobab - openssh-server - chrome-gnome-shell - - python3-pip - cheese - geary - - baobab - curl - celluloid - - openssh-server - neofetch - - gnome-boxes - virt-manager - vim - blueman - pavucontrol - gnome-shell-extension-shortcuts - - gnome-shell-extension-system-monitor - - gnome-shell-extension-top-icons-plus - - gnome-shell-extension-gsconnect - - gnome-shell-extension-gsconnect-browsers - gnome-nettool - gnome-maps - gnome-calendar - gnome-clocks - state: present - become: yes - -- name: Install common snaps with --classic - snap: - name: - - microk8s - classic: yes + - tilix state: present become: yes - name: Install common snaps snap: name: - - code - - chromium - canonical-livepatch - - dbeaver-ce - - discord - - glimpse-editor - qownnotes - remmina - riot-web - spotify - - vlc - - zoom-client state: present become: yes -- name: Uninstall default pulseaudio-module-bluetooth - apt: - name: pulseaudio-module-bluetooth - state: absent +- name: Add AppImageLauncher ppa + apt_repository: + repo: ppa:appimagelauncher-team/stable become: yes -- name: Install bluetooth audio deps +- name: Install AppImageLauncher apt: - name: - - libavcodec-extra58 - - libfdk-aac1 - - bluez - - pulseaudio + name: appimagelauncher + state: present become: yes -- name: Install bluetooth audio codec debs - apt: +- name: Fetch plex media player + get_url: + url: https://knapsu.eu/data/plex/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage + dest: /home/jonathan/Applications/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage + mode: 0744 + +- name: Install plex media player + command: + cmd: ail-cli integrate /home/jonathan/Applications/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage + +- name: Fetch plexamp + get_url: + url: https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-3.0.3.AppImage + dest: /home/jonathan/Applications/Plexamp-3.0.3.AppImage + mode: 0744 + +- name: Install plexamp + command: + cmd: ail-cli integrate /home/jonathan/Applications/Plexamp-3.0.3.AppImage + +- name: Install random debs + apt: deb: "{{item}}" with_items: - - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/libldac_2.0.2.3-1_amd64.deb - - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/pulseaudio-modules-bt_1.3-1_amd64.deb - become: yes \ No newline at end of file + - https://go.microsoft.com/fwlink/?LinkID=760868 + - https://zoom.us/client/latest/zoom_amd64.deb + - https://steamcdn-a.akamaihd.net/client/installer/steam.deb + - https://discord.com/api/download?platform=linux&format=deb + - https://github.com/hensm/fx_cast/releases/download/v0.0.6/fx_cast_bridge-0.0.6-x64.deb + - https://downloads.slack-edge.com/linux_releases/slack-desktop-4.4.2-amd64.deb + - https://prerelease.keybase.io/keybase_amd64.deb + - https://zerkc.gitlab.io/whatsdesk/whatsdesk_0.2.18_amd64.deb + become: yes + +- name: Install 1password cli binary + unarchive: + src: https://cache.agilebits.com/dist/1P/op/pkg/v0.10.0/op_linux_amd64_v0.10.0.zip + dest: /home/jonathan/.bin/ + exclude: op.sig + remote_src: yes + +#- name: Uninstall default pulseaudio-module-bluetooth +# apt: +# name: pulseaudio-module-bluetooth +# state: absent +# become: yes +# +#- name: Install bluetooth audio deps +# apt: +# name: +# - libavcodec-extra58 +# - libfdk-aac1 +# - bluez +# - pulseaudio +# become: yes +# +#- name: Install bluetooth audio codec debs +# apt: +# deb: "{{item}}" +# with_items: +# - https://go.microsoft.com/fwlink/?LinkID=760868 +# - https://zoom.us/client/latest/zoom_amd64.deb +# - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/libldac_2.0.2.3-1_amd64.deb +# - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/pulseaudio-modules-bt_1.3-1_amd64.deb +# become: yes diff --git a/roles/common/templates/plexamp.desktop.j2 b/roles/common/templates/plexamp.desktop.j2 new file mode 100644 index 0000000..2126173 --- /dev/null +++ b/roles/common/templates/plexamp.desktop.j2 @@ -0,0 +1,9 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Name=Plexamp +Exec=/home/jonathan/Applications/Plexamp.AppImage +Terminal=false +Categories=AudioVideo;Player; +StartupWMClass=plexamp +TryExec=/home/jonathan/Applications/Plexamp.AppImage diff --git a/roles/common/templates/plexmediaplayer.desktop.j2 b/roles/common/templates/plexmediaplayer.desktop.j2 new file mode 100644 index 0000000..37d8a52 --- /dev/null +++ b/roles/common/templates/plexmediaplayer.desktop.j2 @@ -0,0 +1,9 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Name=Plex Media Player +Exec=/home/jonathan/Applications/Plex_Media_Player.AppImage +Terminal=false +Categories=AudioVideo;Player; +StartupWMClass=plexmediaplayer +TryExec=/home/jonathan/Applications/Plex_Media_Player.AppImage diff --git a/roles/luminance/tasks/main.yml b/roles/luminance/tasks/main.yml new file mode 100644 index 0000000..3c5888d --- /dev/null +++ b/roles/luminance/tasks/main.yml @@ -0,0 +1,48 @@ +--- + +- name: Add luminance deps + apt: + name: + - autoconf + - autogen + - build-essential + - python-gi-dev + - libgtk-3-dev + - gsettings-desktop-schemas-dev + - libgnome-desktop-3-dev + - libxml2-utils + state: present + become: yes + +- name: pip3 install phue + pip: + name: phue + state: present + executable: /usr/bin/pip3 + become: yes + +- name: clone luminance fork + git: + repo: https://github.com/jonbulica99/luminance.git + dest: /home/jonathan/Code/luminance + +- name: autogen luminance + command: + chdir: /home/jonathan/Code/luminance + cmd: ./autogen.sh + +- name: configure luminance + command: + chdir: /home/jonathan/Code/luminance + cmd: ./configure --prefix=/usr + +- name: make luminance + command: + chdir: /home/jonathan/Code/luminance + cmd: make + +- name: make install luminance + command: + chdir: /home/jonathan/Code/luminance + cmd: make install + become: yes \ No newline at end of file diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml new file mode 100644 index 0000000..090e1a7 --- /dev/null +++ b/roles/ssh/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: reload sshd + service: + name: sshd + state: reloaded + become: yes + \ No newline at end of file diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml new file mode 100644 index 0000000..7811708 --- /dev/null +++ b/roles/ssh/tasks/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Disable SSH password auth + template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: '0644' + notify: reload sshd + become: yes \ No newline at end of file diff --git a/roles/ssh/templates/sshd_config.j2 b/roles/ssh/templates/sshd_config.j2 new file mode 100644 index 0000000..5bc830d --- /dev/null +++ b/roles/ssh/templates/sshd_config.j2 @@ -0,0 +1,123 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/roles/streamdeck/files/99-streamdeck.rules b/roles/streamdeck/files/99-streamdeck.rules new file mode 100644 index 0000000..c855404 --- /dev/null +++ b/roles/streamdeck/files/99-streamdeck.rules @@ -0,0 +1,4 @@ +SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="0060", MODE:="666", GROUP="plugdev" +SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="0063", MODE:="666", GROUP="plugdev" +SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006c", MODE:="666", GROUP="plugdev" +SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006d", MODE:="666", GROUP="plugdev" diff --git a/roles/streamdeck/files/streamdeck.desktop b/roles/streamdeck/files/streamdeck.desktop new file mode 100644 index 0000000..538a391 --- /dev/null +++ b/roles/streamdeck/files/streamdeck.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Type=Application +Encoding=UTF-8 +Name=Streamdeck +Comment=A controller for Streamdeck devices +Icon=/usr/local/lib/python3.8/dist-packages/streamdeck_ui/logo.png +Exec=streamdeck_ui +Terminal=false +Categories=GTK;GNOME \ No newline at end of file diff --git a/roles/streamdeck/files/streamdeck.png b/roles/streamdeck/files/streamdeck.png new file mode 100644 index 0000000..75448d2 Binary files /dev/null and b/roles/streamdeck/files/streamdeck.png differ diff --git a/roles/streamdeck/files/streamdeck.xcf b/roles/streamdeck/files/streamdeck.xcf new file mode 100644 index 0000000..e18f3fe Binary files /dev/null and b/roles/streamdeck/files/streamdeck.xcf differ diff --git a/roles/streamdeck/handlers/main.yml b/roles/streamdeck/handlers/main.yml new file mode 100644 index 0000000..aae9049 --- /dev/null +++ b/roles/streamdeck/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: reload udev + service: + name: udev + state: reloaded + become: yes + \ No newline at end of file diff --git a/roles/streamdeck/tasks/main.yml b/roles/streamdeck/tasks/main.yml new file mode 100644 index 0000000..15500dc --- /dev/null +++ b/roles/streamdeck/tasks/main.yml @@ -0,0 +1,35 @@ +--- + +- name: Add streamdeck-ui deps + apt: + name: + - libhidapi-hidraw0 + - libudev-dev + - libusb-1.0-0-dev + state: present + become: yes + +- name: create udev rules file for streamdeck + copy: + src: 99-streamdeck.rules + dest: /etc/udev/rules.d/99-streamdeck.rules + notify: reload udev + become: yes + +- name: pip3 install streamdeck_ui + pip: + name: streamdeck_ui + state: present + executable: /usr/bin/pip3 + become: yes + +- name: replace crappy panel icon + copy: + src: streamdeck.png + dest: /usr/local/lib/python3.8/dist-packages/streamdeck_ui/logo.png + become: yes + +- name: create streamdeck_ui .desktop + copy: + src: streamdeck.desktop + dest: /home/jonathan/.local/share/applications/streamdeck.desktop \ No newline at end of file diff --git a/roles/vm/templates/bind_vfio.sh.j2 b/roles/vm/templates/bind_vfio.sh.j2 index 7635c36..0816935 100644 --- a/roles/vm/templates/bind_vfio.sh.j2 +++ b/roles/vm/templates/bind_vfio.sh.j2 @@ -11,3 +11,5 @@ modprobe vfio_pci ## Unbind gpu from nvidia and bind to vfio virsh nodedev-detach $VIRSH_GPU_VIDEO virsh nodedev-detach $VIRSH_GPU_AUDIO +virsh nodedev-detach $VIRSH_GPU_USB +virsh nodedev-detach $VIRSH_GPU_SSD diff --git a/roles/vm/templates/kvm.conf.j2 b/roles/vm/templates/kvm.conf.j2 index 12bbc65..07af887 100644 --- a/roles/vm/templates/kvm.conf.j2 +++ b/roles/vm/templates/kvm.conf.j2 @@ -1,3 +1,5 @@ ## Virsh devices VIRSH_GPU_VIDEO=pci_0000_0c_00_0 VIRSH_GPU_AUDIO=pci_0000_0c_00_1 +VIRSH_GPU_USB=pci_0000_43_00_3 +VIRSH_GPU_SSD=pci_0000_41_00_0 \ No newline at end of file diff --git a/roles/vm/templates/unbind_vfio.sh.j2 b/roles/vm/templates/unbind_vfio.sh.j2 index 00a7896..ff5063a 100644 --- a/roles/vm/templates/unbind_vfio.sh.j2 +++ b/roles/vm/templates/unbind_vfio.sh.j2 @@ -6,8 +6,13 @@ source "/etc/libvirt/hooks/kvm.conf" ## Unbind gpu from vfio and bind to nvidia virsh nodedev-reattach $VIRSH_GPU_VIDEO virsh nodedev-reattach $VIRSH_GPU_AUDIO +virsh nodedev-reattach $VIRSH_GPU_USB +virsh nodedev-detach $VIRSH_GPU_SSD ## Unload vfio modprobe -r vfio_pci modprobe -r vfio_iommu_type1 -modprobe -r vfio \ No newline at end of file +modprobe -r vfio + +## unload audio input/output mix +pacmd unload-module module-loopback \ No newline at end of file diff --git a/tasks.sh b/tasks.sh index 183bbf4..19c7834 100644 --- a/tasks.sh +++ b/tasks.sh @@ -27,4 +27,7 @@ https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-3.0.1.AppImage alsamixer for low steelseries audio volume # Add key to keychain -SSH_ASKPASS=/usr/libexec/seahorse/ssh-askpass ssh-add id_rsa