nix: Make nix the root

Which means now I'll have to think about real prefixes in commit names.
2023-11-26 23:58:22 +01:00 · 2023-11-26 23:58:22 +01:00 · ee178b7d57
commit ee178b7d57
parent 550eed06e0
190 changed files with 5 additions and 6 deletions
--- a/unprocessed/config/automatrop/.gitignore
+++ b/unprocessed/config/automatrop/.gitignore
@ -0,0 +1 @@
+self_name
--- a/unprocessed/config/automatrop/README.md
+++ b/unprocessed/config/automatrop/README.md
@ -0,0 +1,10 @@
+# Automatrop
+
+Because I'm getting tired of too many bash scripts and yet using Ansible seems
+overkill at the same time.
+
+## Dependencies
+
+```bash
+ansible-galaxy install mnussbaum.base16-builder-ansible
+```
--- a/unprocessed/config/automatrop/ansible.cfg
+++ b/unprocessed/config/automatrop/ansible.cfg
@ -0,0 +1,9 @@
+[defaults]
+inventory=hosts
+roles_path=roles
+interpreter_python=auto
+library=plugins/modules
+
+[ssh_connection]
+pipelining = True # does not work with requiretty in /etc/sudoers
+ssh_args=-o ForwardAgent=yes # no need for installing/configuring/unlocking SSH/GPG keys on the host to be able to git clone extensions
--- a/unprocessed/config/automatrop/group_vars/all
+++ b/unprocessed/config/automatrop/group_vars/all
@ -0,0 +1,34 @@
+# Default values
+
+# If you have root access on the machine (via sudo)
+root_access: no
+
+# Display server (no, "x11", "wayland")
+display_server: no
+
+# What development work will I do on this machine
+dev_stuffs: []
+
+# Install software that is rarely used
+software_full: no
+
+# Which additional software to install
+software_snippets: []
+
+# If the computer has a battery and we want to use it
+has_battery: no
+
+# Activate numlock by default
+auto_numlock: no
+
+# Machine has SSH key to access git.frogeye.fr
+has_forge_access: no
+
+# Wether to permit /home/$USER to be encrypted
+# with stacked filesystem encryption
+encrypt_home_stacked_fs: no
+
+# Which extensions to load
+extensions: []
+
+# TODO Make role/playbook defaults instead
--- a/unprocessed/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr
+++ b/unprocessed/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr
@ -0,0 +1,30 @@
+root_access: yes
+display_server: "x11"
+dev_stuffs:
+  - ansible
+  - docker
+  - network
+  - nix
+  - perl
+  - php
+  - python
+  - shell
+  - sql
+software_full: yes
+has_battery: yes
+auto_numlock: yes
+has_forge_access: yes
+extensions:
+  - g
+  - gh
+x11_screens:
+# nvidia-xrun
+  # - HDMI-0
+  # - eDP-1-1
+# mesa + nouveau
+  # - HDMI-1-3
+  # - eDP1
+# mesa + nvidia
+  - HDMI-1-0
+  - eDP1
+max_video_height: 1440
--- a/unprocessed/config/automatrop/host_vars/gho.geoffrey.frogeye.fr
+++ b/unprocessed/config/automatrop/host_vars/gho.geoffrey.frogeye.fr
@ -0,0 +1,14 @@
+root_access: no
+display_server: "x11"
+dev_stuffs:
+  - shell
+  - network
+  - ansible
+  - perl
+  - python
+extensions:
+  - gh
+x11_screens:
+  - HDMI-1
+  - HDMI-2
+base16_scheme: solarized-light
--- a/unprocessed/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr
+++ b/unprocessed/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr
@ -0,0 +1,16 @@
+root_access: yes
+display_server: "x11"
+dev_stuffs:
+  - shell
+  - network
+  - ansible
+  - python
+has_battery: yes
+encrypt_home_stacked_fs: yes
+extensions:
+  - g
+  - gh
+x11_screens:
+  - DP-1
+  - eDP-1
+max_video_height: 720
--- a/unprocessed/config/automatrop/hosts
+++ b/unprocessed/config/automatrop/hosts
@ -0,0 +1,4 @@
+curacao.geoffrey.frogeye.fr
+# triffle.geoffrey.frogeye.fr
+pindakaas.geoffrey.frogeye.fr
+gho.geoffrey.frogeye.fr ansible_host=localhost ansible_port=2222
--- a/unprocessed/config/automatrop/playbooks/default.yml
+++ b/unprocessed/config/automatrop/playbooks/default.yml
@ -0,0 +1,15 @@
+---
+- name: Default
+  hosts: all
+  roles:
+    - role: system
+      tags: system
+      when: root_access
+    - role: dotfiles
+      tags: dotfiles
+    - role: termux
+      tags: termux
+      when: termux
+    - role: extensions
+      tags: extensions
+# TODO Dependencies
--- a/unprocessed/config/automatrop/roles/dotfiles/handlers/main.yml
+++ b/unprocessed/config/automatrop/roles/dotfiles/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: Install dotfiles
+  ansible.builtin.command: "{{ ansible_user_dir }}/.dotfiles/config/scripts/dotfiles install"
--- a/unprocessed/config/automatrop/roles/dotfiles/tasks/main.yml
+++ b/unprocessed/config/automatrop/roles/dotfiles/tasks/main.yml
@ -0,0 +1,9 @@
+---
+- name: Install dotfiles repository
+  ansible.builtin.git:
+    repo: "{% if has_forge_access %}git@git.frogeye.fr:{% else %}https://git.frogeye.fr/{% endif %}geoffrey/dotfiles.git"
+    dest: "{{ ansible_user_dir }}/.dotfiles"
+    update: true
+  notify: install dotfiles
+  tags: dotfiles_repo
+# TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
--- a/unprocessed/config/automatrop/roles/extensions/tasks/main.yml
+++ b/unprocessed/config/automatrop/roles/extensions/tasks/main.yml
@ -0,0 +1,14 @@
+---
+- name: Load extensions
+  ansible.builtin.include_role:
+    name: geoffreyfrogeye.{{ extension }}automatrop.entry
+  loop: "{{ extensions }}"
+  loop_control:
+    loop_var: extension
+  tags: always
+
+- name: Configure extensions rc sourcing
+  ansible.builtin.template:
+    src: extrc.sh.j2
+    dest: "{{ ansible_user_dir }}/.config/shell/extrc"
+    mode: u=rw,g=r,o=r
--- a/unprocessed/config/automatrop/roles/extensions/templates/extrc.sh.j2
+++ b/unprocessed/config/automatrop/roles/extensions/templates/extrc.sh.j2
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+{% for extension in extensions %}
+trysource ~/.config/{{ extension }}scripts/{{ extension }}profile
+{% endfor %}
+{# TODO Rename profile as rc, and add env #}
+{# TODO Put in non-linked path #}
--- a/unprocessed/config/automatrop/roles/system/files/getty.service
+++ b/unprocessed/config/automatrop/roles/system/files/getty.service
@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/bin/sh -c 'setleds +num < /dev/%I'
--- a/unprocessed/config/automatrop/roles/system/files/xorg/intel_backlight.conf
+++ b/unprocessed/config/automatrop/roles/system/files/xorg/intel_backlight.conf
@ -0,0 +1,5 @@
+Section "Device"
+    Identifier  "Intel Graphics"
+    Driver      "intel"
+    Option      "Backlight"  "intel_backlight"
+EndSection
--- a/unprocessed/config/automatrop/roles/system/files/xorg/joystick.conf
+++ b/unprocessed/config/automatrop/roles/system/files/xorg/joystick.conf
@ -0,0 +1,15 @@
+Section "InputClass"
+        Identifier "joystick catchall"
+        MatchIsJoystick "on"
+        MatchDevicePath "/dev/input/event*"
+        Driver "joystick"
+        Option "StartKeysEnabled" "False"       #Disable mouse
+        Option "StartMouseEnabled" "False"      #support
+EndSection
+# Same thing for DualShock 4 touchpad
+Section "InputClass"
+       Identifier   "ds4-touchpad"
+       Driver       "libinput"
+       MatchProduct "Wireless Controller Touchpad"
+       Option       "Ignore" "True"
+EndSection
--- a/unprocessed/config/automatrop/roles/system/handlers/main.yaml
+++ b/unprocessed/config/automatrop/roles/system/handlers/main.yaml
@ -0,0 +1,10 @@
+- name: Reload systemd daemon
+  ansible.builtin.systemd:
+    daemon_reload: true
+  listen: systemd changed
+  become: true
+
+- name: Warn about changed Panfrost config
+  ansible.builtin.debug:
+    msg: The Panfrost display driver configuration was changed, but needs a reboot to be applied.
+  listen: panfrost config changed
--- a/unprocessed/config/automatrop/roles/system/tasks/main.yml
+++ b/unprocessed/config/automatrop/roles/system/tasks/main.yml
@ -0,0 +1,70 @@
+# Xorg configuration
+
+- name: Check if there is Intel backlight
+  ansible.builtin.stat:
+    path: /sys/class/backlight/intel_backlight
+  register: intel_backlight
+  when: display_server == 'x11'
+
+- name: Install Intel video drivers (Arch based)
+  community.general.pacman:
+    name: xf86-video-intel
+    # state: "{{ intel_backlight.stat.exists }}"
+    state: present
+  become: true
+  when: display_server == 'x11' and intel_backlight.stat.exists and arch_based
+  # TODO With software role? Would permit other distributions
+
+- name: Configure Xorg Intel backlight
+  ansible.builtin.copy:
+    src: xorg/intel_backlight.conf
+    dest: "{{ item }}/20-intel_backlight.conf"
+  become: true
+  when: display_server == 'x11' and intel_backlight.stat.exists
+  loop: "{{ xorg_common_config_dirs }}"
+
+- name: Configure Xorg joystick behaviour
+  ansible.builtin.copy:
+    src: xorg/joystick.conf
+    dest: "{{ item }}/50-joystick.conf"
+  become: true
+  when: display_server == 'x11'
+  loop: "{{ xorg_common_config_dirs }}"
+
+- name: List modules we're using
+  ansible.builtin.slurp:
+    src: /proc/modules
+  register: modules
+  when: display_server
+# Not sure the module will be loaded in early setup stages though
+
+- name: Make panfrost use OpenGL 3.3
+  ansible.builtin.lineinfile:
+    path: /etc/environment
+    line: PAN_MESA_DEBUG="gl3"
+    regexp: ^#? ?PAN_MESA_DEBUG=
+  become: true
+  when: display_server and using_panfrost
+  vars:
+    using_panfrost: "{{ 'panfrost' in (modules.content | b64decode) }}"
+  notify: panfrost config changed
+
+# Numlock on boot
+
+- name: Set numlock on boot
+  ansible.builtin.copy:
+    src: getty.service
+    dest: /etc/systemd/system/getty@.service.d/override.conf
+  become: true
+  notify:
+    - systemd changed
+  when: auto_numlock
+
+- name: Unset numlock on boot
+  ansible.builtin.file:
+    path: /etc/systemd/system/getty@.service.d/override.conf
+    state: absent
+  become: true
+  notify:
+    - systemd changed
+  when: not auto_numlock
--- a/unprocessed/config/automatrop/roles/termux/tasks/main.yml
+++ b/unprocessed/config/automatrop/roles/termux/tasks/main.yml
@ -0,0 +1,29 @@
+---
+- name: Create Termux directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ ansible_user_dir }}/.termux"
+    mode: u=rwx,g=rx,o=rx
+# TODO This is a dotfiles directory.
+# Make it not install unless it's Termux
+
+- name: Silence Termux login message
+  ansible.builtin.file:
+    state: file
+    path: "{{ ansible_user_dir }}/.hushlogin"
+    mode: u=rw,g=r,o=r
+
+# https://github.com/kdrag0n/base16-termux/blob/master/templates/default.mustache
+- name: Download base16 theme for Termux
+  ansible.builtin.copy:
+    content: "{{ base16_schemes['schemes'][base16_scheme]['termux']['colors']['base16-' + base16_scheme + '.properties'] }}"
+    dest: "{{ ansible_env.HOME }}/.termux/colors.properties"
+    mode: u=rw,g=r,o=r
+  tags:
+    - color
+
+# TODO
+# Upgrade
+# If root:
+# $ apt install tsu
+# $ echo '/system/bin/mount -o remount,rw /; ln -s /data/data/com.termux/files/usr /usr; /system/bin/mount -o remount,ro /' | tsu
--- a/unprocessed/config/automatrop/roles/vdirsyncer/templates/config.j2
+++ b/unprocessed/config/automatrop/roles/vdirsyncer/templates/config.j2
@ -0,0 +1,44 @@
+[general]
+status_path = "~/.cache/vdirsyncer/status/"
+
+{% for config in configs %}
+
+# CarDAV
+
+[pair geoffrey_contacts]
+a = "geoffrey_contacts_local"
+b = "geoffrey_contacts_remote"
+collections = ["from a", "from b"]
+metadata = ["displayname"]
+
+[storage geoffrey_contacts_local]
+type = "filesystem"
+path = "~/.cache/vdirsyncer/contacts/"
+fileext = ".vcf"
+
+[storage geoffrey_contacts_remote]
+type = "carddav"
+url = "https://cloud.frogeye.fr/remote.php/dav"
+username = "geoffrey"
+password.fetch = ["command", "sh", "-c", "cat ~/.config/vdirsyncer/pass"]
+
+# CalDAV
+
+[pair geoffrey_calendar]
+a = "geoffrey_calendar_local"
+b = "geoffrey_calendar_remote"
+collections = ["from a", "from b"]
+metadata = ["displayname", "color"]
+
+[storage geoffrey_calendar_local]
+type = "filesystem"
+path = "~/.cache/vdirsyncer/calendars/"
+fileext = ".ics"
+
+[storage geoffrey_calendar_remote]
+type = "caldav"
+url = "https://cloud.frogeye.fr/remote.php/dav"
+username = "geoffrey"
+password.fetch = ["command", "sh", "-c", "cat ~/.config/vdirsyncer/pass"]
+
+{% endfor %}