21 changed files with 524 additions and 4 deletions
-
6config/automatrop/group_vars/all
-
2config/automatrop/host_vars/curacao.geoffrey.frogeye.fr
-
1config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr
-
4config/automatrop/playbooks/default.yml
-
6config/automatrop/roles/dotfiles/tasks/main.yml
-
1config/automatrop/roles/software/tasks/main.yml
-
5config/automatrop/roles/software/templates/snippets/pm_desktop_environment.j2
-
1config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2
-
3config/automatrop/roles/software/templates/snippets/pm_local_monitoring.j2
-
7config/automatrop/roles/system/files/chrony.conf
-
5config/automatrop/roles/system/files/dhcpcd.exit-hook
-
2config/automatrop/roles/system/files/getty.service
-
3config/automatrop/roles/system/files/wpa_supplicant.service
-
5config/automatrop/roles/system/files/xorg/intel_backlight.conf
-
8config/automatrop/roles/system/files/xorg/joystick.conf
-
7config/automatrop/roles/system/files/xorg/keyboard.conf
-
6config/automatrop/roles/system/files/xorg/touchpad.conf
-
28config/automatrop/roles/system/handlers/main.yaml
-
336config/automatrop/roles/system/tasks/main.yml
-
90config/automatrop/roles/system/templates/wpa_supplicant.conf.j2
-
2config/scripts/install-arch
@ -0,0 +1,7 @@ |
|||
server 0.europe.pool.ntp.org offline |
|||
server 1.europe.pool.ntp.org offline |
|||
server 2.europe.pool.ntp.org offline |
|||
server 3.europe.pool.ntp.org offline |
|||
driftfile /etc/chrony.drift |
|||
rtconutc |
|||
rtcsync |
@ -0,0 +1,5 @@ |
|||
if $if_up; then |
|||
chronyc online |
|||
elif $if_down; then |
|||
chronyc offline |
|||
fi |
@ -0,0 +1,2 @@ |
|||
[Service] |
|||
ExecStartPre=/bin/sh -c 'setleds +num < /dev/%I' |
@ -0,0 +1,3 @@ |
|||
[Service] |
|||
ExecStart= |
|||
ExecStart=/usr/bin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -i%I |
@ -0,0 +1,5 @@ |
|||
Section "Device" |
|||
Identifier "Intel Graphics" |
|||
Driver "intel" |
|||
Option "Backlight" "intel_backlight" |
|||
EndSection |
@ -0,0 +1,8 @@ |
|||
Section "InputClass" |
|||
Identifier "joystick catchall" |
|||
MatchIsJoystick "on" |
|||
MatchDevicePath "/dev/input/event*" |
|||
Driver "joystick" |
|||
Option "StartKeysEnabled" "False" #Disable mouse |
|||
Option "StartMouseEnabled" "False" #support |
|||
EndSection |
@ -0,0 +1,7 @@ |
|||
Section "InputClass" |
|||
Identifier "system-keyboard" |
|||
MatchIsKeyboard "on" |
|||
Option "XkbLayout" "us_qwerty-fr" |
|||
#Option "XkbModel" "pc105+inet" |
|||
Option "XkbOptions" "terminate:ctrl_alt_bksp" |
|||
EndSection |
@ -0,0 +1,6 @@ |
|||
Section "InputClass" |
|||
Identifier "touchpad" |
|||
Driver "libinput" |
|||
MatchIsTouchpad "on" |
|||
Option "Tapping" "on" |
|||
EndSection |
@ -0,0 +1,28 @@ |
|||
- name: Create a etckeeper commit |
|||
command: "etckeeper commit 'automatrop {{ ansible_date_time.iso8601 }}'" |
|||
listen: "etc changed" |
|||
become: yes |
|||
|
|||
- name: Restart chrony |
|||
systemd: |
|||
name: chronyd |
|||
state: restarted |
|||
listen: chrony reconfigured |
|||
become: yes |
|||
|
|||
- name: Reload systemd daemon |
|||
systemd: |
|||
daemon_reload: yes |
|||
listen: systemd changed |
|||
become: yes |
|||
|
|||
- name: Restart wpa_supplicant |
|||
systemd: |
|||
name: "wpa_supplicant@{{ item }}" |
|||
state: restarted |
|||
become: yes |
|||
loop: "{{ ansible_interfaces }}" |
|||
when: "item.startswith('wl')" |
|||
listen: wpa_supplicant changed |
|||
# Could probably use something better like |
|||
# listing /sys/class/ieee80211/*/device/net/ |
@ -0,0 +1,336 @@ |
|||
# TODO For other distributions |
|||
|
|||
- name: Set variables |
|||
set_fact: |
|||
arch_based: "{{ ansible_distribution == 'Archlinux' }}" |
|||
# arch: "{{ ansible_lsb.id == 'Arch' }}" |
|||
# manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}" |
|||
# termux: "{{ ansible_distribution == 'OtherLinux' and ansible_python.executable == '/data/data/com.termux/files/usr/bin/python' }}" |
|||
# debian_based: "{{ ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' }}" |
|||
# debian: "{{ ansible_distribution == 'Debian' }}" |
|||
# ubuntu: "{{ ansible_distribution == 'Ubuntu' }}" |
|||
|
|||
# Etckeeper |
|||
|
|||
- name: Install etckeeper (Arch based) |
|||
pacman: |
|||
name: etckeeper |
|||
state: present |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
- name: Check if etckeeper is initialized |
|||
stat: |
|||
path: /etc/.git |
|||
register: etckeeper |
|||
become: yes |
|||
|
|||
- name: Initialize etckeeper |
|||
command: "etckeeper init" |
|||
become: yes |
|||
when: not etckeeper.stat.exists |
|||
changed_when: yes |
|||
|
|||
- name: Configure git user.name for etckeeper |
|||
git_config: |
|||
scope: local |
|||
repo: /etc |
|||
name: "{{ item.name }}" |
|||
value: "{{ item.value }}" |
|||
loop: |
|||
- name: "user.name" |
|||
value: "etckeeper on {{ inventory_hostname_short }}" |
|||
- name: "user.email" |
|||
value: "etckeeper@{{ inventory_hostname }}" |
|||
become: yes |
|||
|
|||
# Arch configuration |
|||
|
|||
- name: Install ccache |
|||
pacman: |
|||
name: ccache |
|||
state: present |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
- name: Enable makepkg ccache |
|||
replace: |
|||
path: /etc/makepkg.conf |
|||
regexp: '^BUILDENV=(.+)!ccache(.+)$' |
|||
replace: 'BUILDENV=\1ccache\2' |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
- name: Set makepkg MAKEFLAGS |
|||
replace: |
|||
path: /etc/makepkg.conf |
|||
regexp: '^#? *MAKEFLAGS=(.+)-j[0-9]+(.+)$' |
|||
replace: "MAKEFLAGS=\\1-j{{ j }}\\2" |
|||
become: yes |
|||
vars: |
|||
j: "{{ [ansible_processor_nproc - 1, 1] | max | int }}" |
|||
when: arch_based |
|||
|
|||
- name: Enable makepkg color |
|||
replace: |
|||
path: /etc/makepkg.conf |
|||
regexp: '^BUILDENV=(.+)!color(.+)$' |
|||
replace: 'BUILDENV=\1color\2' |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
- name: Enable pacman colors |
|||
lineinfile: |
|||
path: /etc/pacman.conf |
|||
regexp: "^#?Color" |
|||
line: "Color" |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
- name: Enable pacman pacman |
|||
lineinfile: |
|||
path: /etc/pacman.conf |
|||
regexp: "^#?ILoveCandy" |
|||
line: "ILoveCandy" |
|||
insertafter: "^#?Color" |
|||
become: yes |
|||
when: arch_based |
|||
|
|||
# Manjaro configuration |
|||
|
|||
- name: Remove Manjaro's pamac |
|||
pacman: |
|||
name: pamac |
|||
state: absent |
|||
become: yes |
|||
when: arch_based and False # I'm trying to remember why I usually delete this thing |
|||
|
|||
# Xorg configuration |
|||
|
|||
- name: Check if there is nvidia-xrun is installed |
|||
stat: |
|||
path: /etc/X11/nvidia-xorg.conf |
|||
register: nvidia_xrun |
|||
when: display_manager == 'x11' |
|||
|
|||
- name: Add nvidia-xrun xorg config directory |
|||
set_fact: |
|||
xorg_common_config_dirs: "{{ xorg_default_config_dirs + xorg_nvidia_config_dirs }}" |
|||
vars: |
|||
xorg_default_config_dirs: |
|||
- /etc/X11/xorg.conf.d |
|||
xorg_nvidia_config_dirs: "{{ ['/etc/X11/nvidia-xorg.conf.d'] if nvidia_xrun.stat.exists else [] }}" |
|||
when: display_manager == 'x11' |
|||
|
|||
- name: Configure Xorg keyboard layout |
|||
copy: |
|||
src: xorg/keyboard.conf |
|||
dest: "{{ item }}/00-keyboard.conf" |
|||
become: yes |
|||
when: display_manager == 'x11' |
|||
notify: etc changed |
|||
loop: "{{ xorg_common_config_dirs }}" |
|||
|
|||
- name: Check if there is Intel backlight |
|||
stat: |
|||
path: /sys/class/backlight/intel_backlight |
|||
register: intel_backlight |
|||
when: display_manager == 'x11' |
|||
|
|||
- name: Install Intel video drivers (Arch based) |
|||
pacman: |
|||
name: xf86-video-intel |
|||
# state: "{{ intel_backlight.stat.exists }}" |
|||
state: present |
|||
become: yes |
|||
when: display_manager == 'x11' and intel_backlight.stat.exists and arch_based |
|||
|
|||
- name: Configure Xorg Intel backlight |
|||
copy: |
|||
src: xorg/intel_backlight.conf |
|||
dest: "{{ item }}/20-intel_backlight.conf" |
|||
become: yes |
|||
when: display_manager == 'x11' and intel_backlight.stat.exists |
|||
notify: etc changed |
|||
loop: "{{ xorg_common_config_dirs }}" |
|||
|
|||
- name: Configure Xorg touchpad behaviour |
|||
copy: |
|||
src: xorg/touchpad.conf |
|||
dest: "{{ item }}/30-touchpad.conf" |
|||
become: yes |
|||
when: display_manager == 'x11' |
|||
notify: etc changed |
|||
loop: "{{ xorg_common_config_dirs }}" |
|||
|
|||
- name: Configure Xorg joystick behaviour |
|||
copy: |
|||
src: xorg/joystick.conf |
|||
dest: "{{ item }}/50-joystick.conf" |
|||
become: yes |
|||
when: display_manager == 'x11' |
|||
notify: etc changed |
|||
loop: "{{ xorg_common_config_dirs }}" |
|||
|
|||
# Numlock on boot |
|||
|
|||
- name: set numlock on boot |
|||
copy: |
|||
src: getty.service |
|||
dest: /etc/systemd/system/getty@.service.d/override.conf |
|||
become: yes |
|||
notify: |
|||
- etc changed |
|||
- systemd changed |
|||
when: auto_numlock |
|||
|
|||
- name: Unset numlock on boot |
|||
file: |
|||
path: /etc/systemd/system/getty@.service.d/override.conf |
|||
state: absent |
|||
become: yes |
|||
notify: |
|||
- etc changed |
|||
- systemd changed |
|||
when: not auto_numlock |
|||
|
|||
# TLP configuration |
|||
|
|||
- name: Install TLP (Arch based) |
|||
pacman: |
|||
name: tlp |
|||
state: present |
|||
when: arch_based |
|||
become: yes |
|||
|
|||
- name: Start/enable TLP |
|||
systemd: |
|||
name: tlp |
|||
state: started |
|||
enabled: yes |
|||
become: yes |
|||
notify: etc changed |
|||
|
|||
# Network configuration |
|||
|
|||
- name: Uninstall networkmanager |
|||
pacman: |
|||
name: networkmanager |
|||
state: absent |
|||
when: arch_based |
|||
become: yes |
|||
|
|||
- name: Install dhcpcd (Arch based) |
|||
pacman: |
|||
name: dhcpcd |
|||
state: present |
|||
when: arch_based |
|||
become: yes |
|||
|
|||
- name: Start/enable dhcpcd |
|||
systemd: |
|||
name: dhcpcd |
|||
state: started |
|||
enabled: yes |
|||
become: yes |
|||
notify: etc changed |
|||
|
|||
- name: Install wpa_supplicant (Arch based) |
|||
pacman: |
|||
name: wpa_supplicant |
|||
state: present |
|||
when: arch_based |
|||
become: yes |
|||
|
|||
- name: Configure wpa_supplicant |
|||
template: |
|||
src: wpa_supplicant.conf.j2 |
|||
dest: /etc/wpa_supplicant/wpa_supplicant.conf |
|||
notify: |
|||
- etc changed |
|||
- wpa_supplicant changed |
|||
become: yes |
|||
tags: |
|||
- wificonf |
|||
|
|||
- name: Prepare directory for wpa_supplicant service override |
|||
file: |
|||
path: /etc/systemd/system/wpa_supplicant@.service.d |
|||
state: directory |
|||
mode: "u=rwx,g=rx,o=rx" |
|||
become: yes |
|||
|
|||
- name: Make wpa_supplicant use a common configuration file |
|||
copy: |
|||
src: wpa_supplicant.service |
|||
dest: /etc/systemd/system/wpa_supplicant@.service.d/override.conf |
|||
register: wpa_supplicant_systemd |
|||
become: yes |
|||
notify: |
|||
- etc changed |
|||
|
|||
- name: Start/enable wpa_supplicant |
|||
systemd: |
|||
name: "wpa_supplicant@{{ item }}" |
|||
state: started |
|||
enabled: yes |
|||
# Can't wait for handlers reload systemd daemon, |
|||
# but flushing is a bit much, so: |
|||
daemon_reload: "{{ wpa_supplicant_systemd.changed }}" |
|||
become: yes |
|||
notify: etc changed |
|||
loop: "{{ ansible_interfaces }}" |
|||
when: "item.startswith('wl')" |
|||
# Could probably use something better like |
|||
# listing /sys/class/ieee80211/*/device/net/ |
|||
|
|||
|
|||
# Time synchronisation |
|||
|
|||
- name: Mask systemd-timesyncd |
|||
systemd: |
|||
name: systemd-timesyncd |
|||
state: stopped |
|||
enabled: no |
|||
masked: yes |
|||
become: yes |
|||
notify: etc changed |
|||
when: arch_based |
|||
|
|||
- name: Install chrony |
|||
pacman: |
|||
name: chrony |
|||
state: present |
|||
when: arch_based |
|||
become: yes |
|||
|
|||
- name: Configure chrony |
|||
copy: |
|||
src: chrony.conf |
|||
dest: /etc/chrony.conf |
|||
become: yes |
|||
notify: |
|||
- etc changed |
|||
- "chrony reconfigured" |
|||
|
|||
- name: Enable chronyd |
|||
systemd: |
|||
name: chronyd |
|||
enabled: yes |
|||
become: yes |
|||
notify: |
|||
- etc changed |
|||
- "chrony reconfigured" |
|||
|
|||
- name: Configure dhcpcd chrony hook |
|||
copy: |
|||
src: dhcpcd.exit-hook |
|||
dest: /etc/dhcpcd.exit-hook |
|||
become: yes |
|||
notify: etc changed |
|||
|
|||
# TODO Hibernation, if that's relevant |
|||
# $ sudo blkid | grep 'TYPE="swap"' |
|||
# $ sudoedit /etc/default/grub |
|||
# Add resume=UUID=<UUID-of-swap-partition> to GRUB_CMDLINE_LINUX_DEFAULT |
|||
# $ sudo grub-mkconfig -o /boot/grub/grub.cfg |
@ -0,0 +1,90 @@ |
|||
# Giving configuration update rights to wpa_cli |
|||
ctrl_interface=/run/wpa_supplicant |
|||
ctrl_interface_group=wheel |
|||
update_config=1 |
|||
|
|||
# AP scanning |
|||
ap_scan=1 |
|||
|
|||
# ISO/IEC alpha2 country code in which the device is operating |
|||
country=NL |
|||
|
|||
{% set password_store_path = lookup('env', 'PASSWORD_STORE_DIR') or ansible_user_dir + '/.password-store/' %} |
|||
{% set wifi_pass_paths = query('fileglob', password_store_path + 'wifi/*.gpg') %} |
|||
{% set names = wifi_pass_paths | map('regex_replace', '^.+/wifi/(.+).gpg$', '\\1') | sort%} |
|||
{% for name in names %} |
|||
{# |
|||
community.general.passwordstore doesn't support path with spaces in it, |
|||
so we're using a `ssid` attribute, which default to the names for SSIDs without space. |
|||
#} |
|||
{% set suffixes = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=suffixes') or [''] %} |
|||
{% set ssid = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ssid') or name %} |
|||
{% set type = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=type') or 'wpa' %} |
|||
{% set pass = lookup('community.general.passwordstore', 'wifi/' + name) %} |
|||
# {{ name }} |
|||
{% for suffix in suffixes %} |
|||
network={ |
|||
ssid="{{ ssid }}{{ suffix }}" |
|||
{% if type == 'wpa' %} |
|||
psk="{{ pass }}" |
|||
{% elif type == 'wep' %} |
|||
key_mgmt=NONE |
|||
wep_key0={{ pass }} |
|||
{% elif type == 'open' %} |
|||
key_mgmt=NONE |
|||
{% else %} |
|||
# Error, unknown type: {{ type }} |
|||
{% endif %} |
|||
} |
|||
{% endfor %} |
|||
|
|||
{% endfor %} |
|||
{# REFERENCES |
|||
|
|||
# WPA |
|||
network={ |
|||
ssid="WPA_SSID" |
|||
psk="XXXXXXXXXXXXXXXXXXXXXXXXXX" |
|||
} |
|||
|
|||
# WEP |
|||
network={ |
|||
ssid="WEP_SSID" |
|||
key_mgmt=NONE |
|||
wep_key0=FFFFFFFFFFFFFFFFFFFFFFFFFF |
|||
} |
|||
|
|||
# Open |
|||
network={ |
|||
ssid="OPEN_SSID" |
|||
key_mgmt=NONE |
|||
} |
|||
|
|||
# eduroam password |
|||
network={ |
|||
ssid="eduroam" |
|||
key_mgmt=WPA-EAP |
|||
eap=PEAP |
|||
identity="id@univ.tld" |
|||
password="hunter2" |
|||
} |
|||
|
|||
# eduroam certificate |
|||
network={ |
|||
ssid="eduroam" |
|||
key_mgmt=WPA-EAP |
|||
# pairwise=CCMP |
|||
pairwise=CCMP TKIP |
|||
group=CCMP TKIP |
|||
eap=TLS |
|||
ca_cert="/path/to/ca.pem" |
|||
identity="id@univ.tld" |
|||
domain_suffix_match="wifi.univ.tld" |
|||
client_cert="/path/to/cert.pem" |
|||
private_key="/path/to/key.pem" |
|||
private_key_passwd="hunter2" |
|||
phase2="auth=" |
|||
#anonymous_identity="" |
|||
} |
|||
|
|||
#} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue