Mostly complete, still needs cleanup

kudos.yml

@@ -2,10 +2,12 @@
 
 - hosts: kudos
   roles:
-  # - common
+  - { role: common, tags: [ 'common'] }
-  # - users
+  - { role: users, tags: [ 'users'] }
-  # - docker
+  - { role: streamdeck, tags: [ 'streamdeck'] }
-  # - raid
+  - { role: ssh, tags: [ 'ssh'] }
-  - network
+  - { role: docker, tags: [ 'docker'] }
-  # - vm
+  - { role: raid, tags: [ 'raid'] }
-  
+#  - { role: network, tags: [ 'network'] }
+  - { role: vm, tags: [ 'vm'] }
+  - { role: luminance, tags: [ 'luminance'] }

roles/common/tasks/main.yml

@@ -2,86 +2,120 @@
 
 - name: Install common apt packages
   apt:
-    name: 
+    name:
     - zsh
     - mdadm
     - direnv
+    - ncdu
+    - restic
+    - powertop
     - mpv
     - tmux
     - htop
-    - baobab
     - openssh-server
     - chrome-gnome-shell
-    - python3-pip
     - cheese
     - geary
-    - baobab
     - curl
     - celluloid
-    - openssh-server
     - neofetch
-    - gnome-boxes
     - virt-manager
     - vim
     - blueman
     - pavucontrol
     - gnome-shell-extension-shortcuts
-    - gnome-shell-extension-system-monitor
-    - gnome-shell-extension-top-icons-plus
-    - gnome-shell-extension-gsconnect
-    - gnome-shell-extension-gsconnect-browsers
     - gnome-nettool
     - gnome-maps
     - gnome-calendar
     - gnome-clocks
-    state: present
+    - tilix
-  become: yes
-
-- name: Install common snaps with --classic
-  snap:
-    name:
-    - microk8s
-    classic: yes
     state: present
   become: yes
 
 - name: Install common snaps
   snap:
     name:
-    - code
-    - chromium
     - canonical-livepatch
-    - dbeaver-ce
-    - discord
-    - glimpse-editor
     - qownnotes
     - remmina
     - riot-web
     - spotify
-    - vlc
-    - zoom-client
     state: present
   become: yes  
 
-- name: Uninstall default pulseaudio-module-bluetooth
+- name: Add AppImageLauncher ppa
-  apt:
+  apt_repository:
-    name: pulseaudio-module-bluetooth
+    repo: ppa:appimagelauncher-team/stable
-    state: absent
   become: yes
 
-- name: Install bluetooth audio deps
+- name: Install AppImageLauncher
   apt:
-    name:
+    name: appimagelauncher
-    - libavcodec-extra58
+    state: present
-    - libfdk-aac1
-    - bluez
-    - pulseaudio
   become: yes
 
-- name: Install bluetooth audio codec debs
+- name: Fetch plex media player
-  apt: 
+  get_url:
+    url: https://knapsu.eu/data/plex/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage
+    dest: /home/jonathan/Applications/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage
+    mode: 0744
+
+- name: Install plex media player
+  command: 
+    cmd: ail-cli integrate /home/jonathan/Applications/Plex_Media_Player_2.57.0.1074-f7d709d1_x64.AppImage
+
+- name: Fetch plexamp
+  get_url:
+    url: https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-3.0.3.AppImage
+    dest: /home/jonathan/Applications/Plexamp-3.0.3.AppImage
+    mode: 0744
+
+- name: Install plexamp
+  command: 
+    cmd: ail-cli integrate /home/jonathan/Applications/Plexamp-3.0.3.AppImage
+
+- name: Install random debs
+  apt:
     deb: "{{item}}"
   with_items:
-    - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/libldac_2.0.2.3-1_amd64.deb
+    - https://go.microsoft.com/fwlink/?LinkID=760868
-    - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/pulseaudio-modules-bt_1.3-1_amd64.deb
+    - https://zoom.us/client/latest/zoom_amd64.deb
-  become: yes
+    - https://steamcdn-a.akamaihd.net/client/installer/steam.deb
+    - https://discord.com/api/download?platform=linux&format=deb
+    - https://github.com/hensm/fx_cast/releases/download/v0.0.6/fx_cast_bridge-0.0.6-x64.deb
+    - https://downloads.slack-edge.com/linux_releases/slack-desktop-4.4.2-amd64.deb
+    - https://prerelease.keybase.io/keybase_amd64.deb
+    - https://zerkc.gitlab.io/whatsdesk/whatsdesk_0.2.18_amd64.deb
+  become: yes
+
+- name: Install 1password cli binary
+  unarchive:
+    src: https://cache.agilebits.com/dist/1P/op/pkg/v0.10.0/op_linux_amd64_v0.10.0.zip
+    dest: /home/jonathan/.bin/
+    exclude: op.sig
+    remote_src: yes
+
+#- name: Uninstall default pulseaudio-module-bluetooth
+#  apt:
+#    name: pulseaudio-module-bluetooth
+#    state: absent
+#  become: yes
+#
+#- name: Install bluetooth audio deps
+#  apt:
+#    name:
+#    - libavcodec-extra58
+#    - libfdk-aac1
+#    - bluez
+#    - pulseaudio
+#  become: yes
+#
+#- name: Install bluetooth audio codec debs
+#  apt: 
+#    deb: "{{item}}"
+#  with_items:
+#    - https://go.microsoft.com/fwlink/?LinkID=760868
+#    - https://zoom.us/client/latest/zoom_amd64.deb
+#    - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/libldac_2.0.2.3-1_amd64.deb
+#    - https://f.bytefuse.net/pulseaudio-modules-bt-ppa/focal/pulseaudio-modules-bt_1.3-1_amd64.deb
+#  become: yes

roles/common/templates/plexamp.desktop.j2

@@ -0,0 +1,9 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Plexamp
+Exec=/home/jonathan/Applications/Plexamp.AppImage
+Terminal=false
+Categories=AudioVideo;Player;
+StartupWMClass=plexamp
+TryExec=/home/jonathan/Applications/Plexamp.AppImage

roles/common/templates/plexmediaplayer.desktop.j2

@@ -0,0 +1,9 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Plex Media Player
+Exec=/home/jonathan/Applications/Plex_Media_Player.AppImage
+Terminal=false
+Categories=AudioVideo;Player;
+StartupWMClass=plexmediaplayer
+TryExec=/home/jonathan/Applications/Plex_Media_Player.AppImage

roles/luminance/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Add luminance deps
+  apt:
+    name:
+    - autoconf
+    - autogen
+    - build-essential
+    - python-gi-dev
+    - libgtk-3-dev
+    - gsettings-desktop-schemas-dev
+    - libgnome-desktop-3-dev
+    - libxml2-utils
+    state: present
+  become: yes
+
+- name: pip3 install phue
+  pip:
+    name: phue
+    state: present
+    executable: /usr/bin/pip3
+  become: yes
+
+- name: clone luminance fork
+  git:
+    repo: https://github.com/jonbulica99/luminance.git
+    dest: /home/jonathan/Code/luminance
+
+- name: autogen luminance
+  command: 
+    chdir: /home/jonathan/Code/luminance
+    cmd: ./autogen.sh
+
+- name: configure luminance
+  command: 
+    chdir: /home/jonathan/Code/luminance
+    cmd: ./configure --prefix=/usr
+
+- name: make luminance
+  command: 
+    chdir: /home/jonathan/Code/luminance
+    cmd: make
+
+- name: make install luminance
+  command: 
+    chdir: /home/jonathan/Code/luminance
+    cmd: make install
+  become: yes

roles/ssh/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+  - name: reload sshd
+    service: 
+      name: sshd
+      state: reloaded
+    become: yes
+  

roles/ssh/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Disable SSH password auth
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: '0644'
+  notify: reload sshd
+  become: yes

roles/ssh/templates/sshd_config.j2

@@ -0,0 +1,123 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin no
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

roles/streamdeck/files/99-streamdeck.rules

@@ -0,0 +1,4 @@
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="0060", MODE:="666", GROUP="plugdev"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="0063", MODE:="666", GROUP="plugdev"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006c", MODE:="666", GROUP="plugdev"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006d", MODE:="666", GROUP="plugdev"

roles/streamdeck/files/streamdeck.desktop

@@ -0,0 +1,9 @@
+[Desktop Entry]
+Type=Application
+Encoding=UTF-8
+Name=Streamdeck
+Comment=A controller for Streamdeck devices
+Icon=/usr/local/lib/python3.8/dist-packages/streamdeck_ui/logo.png
+Exec=streamdeck_ui
+Terminal=false
+Categories=GTK;GNOME

roles/streamdeck/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+  - name: reload udev
+    service: 
+      name: udev
+      state: reloaded
+    become: yes
+  

roles/streamdeck/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+- name: Add streamdeck-ui deps
+  apt:
+    name:
+    - libhidapi-hidraw0
+    - libudev-dev
+    - libusb-1.0-0-dev
+    state: present
+  become: yes
+
+- name: create udev rules file for streamdeck
+  copy:
+    src: 99-streamdeck.rules
+    dest: /etc/udev/rules.d/99-streamdeck.rules
+  notify: reload udev
+  become: yes
+
+- name: pip3 install streamdeck_ui
+  pip:
+    name: streamdeck_ui
+    state: present
+    executable: /usr/bin/pip3
+  become: yes
+
+- name: replace crappy panel icon
+  copy:
+    src: streamdeck.png
+    dest: /usr/local/lib/python3.8/dist-packages/streamdeck_ui/logo.png
+  become: yes
+
+- name: create streamdeck_ui .desktop
+  copy:
+    src: streamdeck.desktop
+    dest: /home/jonathan/.local/share/applications/streamdeck.desktop

roles/vm/templates/bind_vfio.sh.j2

@@ -11,3 +11,5 @@ modprobe vfio_pci
 ## Unbind gpu from nvidia and bind to vfio
 virsh nodedev-detach $VIRSH_GPU_VIDEO
 virsh nodedev-detach $VIRSH_GPU_AUDIO
+virsh nodedev-detach $VIRSH_GPU_USB
+virsh nodedev-detach $VIRSH_GPU_SSD

roles/vm/templates/kvm.conf.j2

@@ -1,3 +1,5 @@
 ## Virsh devices
 VIRSH_GPU_VIDEO=pci_0000_0c_00_0
 VIRSH_GPU_AUDIO=pci_0000_0c_00_1
+VIRSH_GPU_USB=pci_0000_43_00_3
+VIRSH_GPU_SSD=pci_0000_41_00_0

roles/vm/templates/unbind_vfio.sh.j2

@@ -6,8 +6,13 @@ source "/etc/libvirt/hooks/kvm.conf"
 ## Unbind gpu from vfio and bind to nvidia
 virsh nodedev-reattach $VIRSH_GPU_VIDEO
 virsh nodedev-reattach $VIRSH_GPU_AUDIO
+virsh nodedev-reattach $VIRSH_GPU_USB
+virsh nodedev-detach $VIRSH_GPU_SSD
 
 ## Unload vfio
 modprobe -r vfio_pci
 modprobe -r vfio_iommu_type1
-modprobe -r vfio
+modprobe -r vfio
+
+## unload audio input/output mix
+pacmd unload-module module-loopback

tasks.sh

@@ -27,4 +27,7 @@ https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-3.0.1.AppImage
 alsamixer for low steelseries audio volume
 
 # Add key to keychain
-SSH_ASKPASS=/usr/libexec/seahorse/ssh-askpass ssh-add id_rsa </dev/null
+SSH_ASKPASS=/usr/libexec/seahorse/ssh-askpass ssh-add id_rsa </dev/null
+
+# fix white corners on firefox
+# This can make videos transparent. It's better to turn on hardware acceleration with gfx.webrender.all or layers.acceleration.force-enabled to make the white corners transparent.