From ef9a1ceb26d8c26f5f384eb2147a78becf644365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Sat, 28 Oct 2023 20:53:22 +0200 Subject: [PATCH] nix: Remove already considered things in automatrop --- config/automatrop/playbooks/default.yml | 5 --- .../roles/ecryptfs_automount/README.md | 17 ---------- .../roles/ecryptfs_automount/tasks/main.yml | 34 ------------------- config/automatrop/roles/facts/tasks/main.yml | 20 ----------- .../roles/software/handlers/main.yml | 23 ------------- .../roles/software/templates/PKGBUILD.j2 | 14 -------- .../roles/system/handlers/main.yaml | 14 -------- config/automatrop/roles/system/tasks/main.yml | 8 ----- 8 files changed, 135 deletions(-) delete mode 100644 config/automatrop/roles/ecryptfs_automount/README.md delete mode 100644 config/automatrop/roles/ecryptfs_automount/tasks/main.yml delete mode 100644 config/automatrop/roles/facts/tasks/main.yml delete mode 100644 config/automatrop/roles/software/handlers/main.yml delete mode 100644 config/automatrop/roles/software/templates/PKGBUILD.j2 diff --git a/config/automatrop/playbooks/default.yml b/config/automatrop/playbooks/default.yml index 4a68ab7..61b48a9 100644 --- a/config/automatrop/playbooks/default.yml +++ b/config/automatrop/playbooks/default.yml @@ -1,17 +1,12 @@ - name: Default hosts: all roles: - - role: facts - tags: facts - role: access tags: access when: root_access - role: system tags: system when: root_access - - role: ecryptfs_automount - tags: ecryptfs_automount - when: encrypt_home_stacked_fs - role: dotfiles tags: dotfiles - role: vim diff --git a/config/automatrop/roles/ecryptfs_automount/README.md b/config/automatrop/roles/ecryptfs_automount/README.md deleted file mode 100644 index de12a3b..0000000 --- a/config/automatrop/roles/ecryptfs_automount/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# ecryptfs_automount - -Configure pam to allow auto-mounting of encrypted home directories with eCryptfs. - -## Usage - -You still need to run the following for an user directory to be encrypted: - -```bash -modprobe ecryptfs -ecryptfs-migrate-home -u username -``` - -## Source - -https://wiki.archlinux.org/title/ECryptfs#Auto-mounting - diff --git a/config/automatrop/roles/ecryptfs_automount/tasks/main.yml b/config/automatrop/roles/ecryptfs_automount/tasks/main.yml deleted file mode 100644 index 9cc3a2c..0000000 --- a/config/automatrop/roles/ecryptfs_automount/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: Setup pam_encryptfs auth - blockinfile: - path: /etc/pam.d/system-auth - block: | - auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet - auth required pam_ecryptfs.so unwrap - insertafter: '^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$' - marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH" - become: yes - notify: - - etc changed - -- name: Setup pam_encryptfs password - blockinfile: - path: /etc/pam.d/system-auth - block: | - password optional pam_ecryptfs.so unwrap - insertbefore: '^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$' - marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD" - become: yes - notify: - - etc changed - -- name: Setup pam_encryptfs session - blockinfile: - path: /etc/pam.d/system-auth - block: | - session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet - session optional pam_ecryptfs.so unwrap - insertafter: '^session\s+required\s+pam_unix.so$' - marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION" - become: yes - notify: - - etc changed diff --git a/config/automatrop/roles/facts/tasks/main.yml b/config/automatrop/roles/facts/tasks/main.yml deleted file mode 100644 index fd07ad9..0000000 --- a/config/automatrop/roles/facts/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Set facts - set_fact: - arch_based: "{{ ansible_distribution == 'Archlinux' }}" - arch: "{{ ansible_lsb.id == 'Arch' }}" - manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}" - termux: "{{ ansible_distribution == 'OtherLinux' and ansible_python.executable == '/data/data/com.termux/files/usr/bin/python' }}" - debian: "{{ ansible_distribution == 'Debian' }}" - ubuntu: "{{ ansible_distribution == 'Ubuntu' }}" - junest: "{{ ansible_distribution == 'Archlinux' and ansible_is_chroot }}" # TODO Check if /etc/junest exists - tags: - - always - -- name: Set composed facts - set_fact: - debian_based: "{{ debian or ubuntu }}" - can_chown: "{{ not junest }}" - has_systemd: "{{ not junest }}" - tags: - - always -# TODO Make this a real Ansible fact maybe? diff --git a/config/automatrop/roles/software/handlers/main.yml b/config/automatrop/roles/software/handlers/main.yml deleted file mode 100644 index 2f759f8..0000000 --- a/config/automatrop/roles/software/handlers/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: Create and install meta package for Arch Linux - block: - - name: Generate meta package PKGBUILD - template: - src: PKGBUILD.j2 - dest: "{{ ansible_user_dir }}/.cache/automatrop/PKGBUILD" - listen: "software changed" - - - name: Install meta package - aur: - name: "automatrop-packages-{{ inventory_hostname_short }}" - local_pkgbuild: "{{ ansible_user_dir }}/.cache/automatrop" - use: makepkg - state: latest - listen: "software changed" - when: root_access - when: arch_based - -- name: update pacman cache - pacman: - update_cache: yes - become: yes - when: arch_based diff --git a/config/automatrop/roles/software/templates/PKGBUILD.j2 b/config/automatrop/roles/software/templates/PKGBUILD.j2 deleted file mode 100644 index 8f424c6..0000000 --- a/config/automatrop/roles/software/templates/PKGBUILD.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Maintainer: Geoffrey Frogeye - -pkgname=automatrop-packages-{{ inventory_hostname_short }} -pkgver={{ ansible_date_time.iso8601_basic_short }} -pkgrel=1 -pkgdesc='Metapackage for packages wanted by Geoffrey via automatrop for {{ inventory_hostname }}' -url='https://git.frogeye.fr/geoffrey/dotfiles/src/branch/master/config/automatrop' -arch=('any') -license=('GPL') -depends=( -{% for package in packages %} - '{{ package }}' -{% endfor %} -) diff --git a/config/automatrop/roles/system/handlers/main.yaml b/config/automatrop/roles/system/handlers/main.yaml index 307a93b..789dcca 100644 --- a/config/automatrop/roles/system/handlers/main.yaml +++ b/config/automatrop/roles/system/handlers/main.yaml @@ -1,17 +1,3 @@ -- name: Create a etckeeper commit - command: "etckeeper commit 'automatrop {{ ansible_date_time.iso8601 }}'" - listen: "etc changed" - become: yes - register: etckeeper_commit - failed_when: "etckeeper_commit.rc != 0 and 'nothing to commit' not in etckeeper_commit.stdout" - changed_when: "'nothing to commit' not in etckeeper_commit.stdout" - -- name: Restart chrony - systemd: - name: chronyd - state: restarted - listen: chrony reconfigured - become: yes - name: Reload systemd daemon systemd: diff --git a/config/automatrop/roles/system/tasks/main.yml b/config/automatrop/roles/system/tasks/main.yml index 77a75fc..f7a3e0d 100644 --- a/config/automatrop/roles/system/tasks/main.yml +++ b/config/automatrop/roles/system/tasks/main.yml @@ -1,7 +1,3 @@ -# TODO For other distributions - -# Package are installed with --asdeps because they are needed - # Xorg configuration - name: Check if there is Intel backlight @@ -25,7 +21,6 @@ dest: "{{ item }}/20-intel_backlight.conf" become: yes when: display_server == 'x11' and intel_backlight.stat.exists - notify: etc changed loop: "{{ xorg_common_config_dirs }}" - name: Configure Xorg joystick behaviour @@ -34,7 +29,6 @@ dest: "{{ item }}/50-joystick.conf" become: yes when: display_server == 'x11' - notify: etc changed loop: "{{ xorg_common_config_dirs }}" - name: List modules we're using @@ -63,7 +57,6 @@ dest: /etc/systemd/system/getty@.service.d/override.conf become: yes notify: - - etc changed - systemd changed when: auto_numlock @@ -73,6 +66,5 @@ state: absent become: yes notify: - - etc changed - systemd changed when: not auto_numlock