nix #11
|
@ -1,17 +1,12 @@
|
||||||
- name: Default
|
- name: Default
|
||||||
hosts: all
|
hosts: all
|
||||||
roles:
|
roles:
|
||||||
- role: facts
|
|
||||||
tags: facts
|
|
||||||
- role: access
|
- role: access
|
||||||
tags: access
|
tags: access
|
||||||
when: root_access
|
when: root_access
|
||||||
- role: system
|
- role: system
|
||||||
tags: system
|
tags: system
|
||||||
when: root_access
|
when: root_access
|
||||||
- role: ecryptfs_automount
|
|
||||||
tags: ecryptfs_automount
|
|
||||||
when: encrypt_home_stacked_fs
|
|
||||||
- role: dotfiles
|
- role: dotfiles
|
||||||
tags: dotfiles
|
tags: dotfiles
|
||||||
- role: vim
|
- role: vim
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
# ecryptfs_automount
|
|
||||||
|
|
||||||
Configure pam to allow auto-mounting of encrypted home directories with eCryptfs.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
You still need to run the following for an user directory to be encrypted:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
modprobe ecryptfs
|
|
||||||
ecryptfs-migrate-home -u username
|
|
||||||
```
|
|
||||||
|
|
||||||
## Source
|
|
||||||
|
|
||||||
https://wiki.archlinux.org/title/ECryptfs#Auto-mounting
|
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
- name: Setup pam_encryptfs auth
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/pam.d/system-auth
|
|
||||||
block: |
|
|
||||||
auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
|
||||||
auth required pam_ecryptfs.so unwrap
|
|
||||||
insertafter: '^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$'
|
|
||||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH"
|
|
||||||
become: yes
|
|
||||||
notify:
|
|
||||||
- etc changed
|
|
||||||
|
|
||||||
- name: Setup pam_encryptfs password
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/pam.d/system-auth
|
|
||||||
block: |
|
|
||||||
password optional pam_ecryptfs.so unwrap
|
|
||||||
insertbefore: '^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$'
|
|
||||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD"
|
|
||||||
become: yes
|
|
||||||
notify:
|
|
||||||
- etc changed
|
|
||||||
|
|
||||||
- name: Setup pam_encryptfs session
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/pam.d/system-auth
|
|
||||||
block: |
|
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
|
||||||
session optional pam_ecryptfs.so unwrap
|
|
||||||
insertafter: '^session\s+required\s+pam_unix.so$'
|
|
||||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION"
|
|
||||||
become: yes
|
|
||||||
notify:
|
|
||||||
- etc changed
|
|
|
@ -1,20 +0,0 @@
|
||||||
- name: Set facts
|
|
||||||
set_fact:
|
|
||||||
arch_based: "{{ ansible_distribution == 'Archlinux' }}"
|
|
||||||
arch: "{{ ansible_lsb.id == 'Arch' }}"
|
|
||||||
manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}"
|
|
||||||
termux: "{{ ansible_distribution == 'OtherLinux' and ansible_python.executable == '/data/data/com.termux/files/usr/bin/python' }}"
|
|
||||||
debian: "{{ ansible_distribution == 'Debian' }}"
|
|
||||||
ubuntu: "{{ ansible_distribution == 'Ubuntu' }}"
|
|
||||||
junest: "{{ ansible_distribution == 'Archlinux' and ansible_is_chroot }}" # TODO Check if /etc/junest exists
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Set composed facts
|
|
||||||
set_fact:
|
|
||||||
debian_based: "{{ debian or ubuntu }}"
|
|
||||||
can_chown: "{{ not junest }}"
|
|
||||||
has_systemd: "{{ not junest }}"
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
# TODO Make this a real Ansible fact maybe?
|
|
|
@ -1,23 +0,0 @@
|
||||||
- name: Create and install meta package for Arch Linux
|
|
||||||
block:
|
|
||||||
- name: Generate meta package PKGBUILD
|
|
||||||
template:
|
|
||||||
src: PKGBUILD.j2
|
|
||||||
dest: "{{ ansible_user_dir }}/.cache/automatrop/PKGBUILD"
|
|
||||||
listen: "software changed"
|
|
||||||
|
|
||||||
- name: Install meta package
|
|
||||||
aur:
|
|
||||||
name: "automatrop-packages-{{ inventory_hostname_short }}"
|
|
||||||
local_pkgbuild: "{{ ansible_user_dir }}/.cache/automatrop"
|
|
||||||
use: makepkg
|
|
||||||
state: latest
|
|
||||||
listen: "software changed"
|
|
||||||
when: root_access
|
|
||||||
when: arch_based
|
|
||||||
|
|
||||||
- name: update pacman cache
|
|
||||||
pacman:
|
|
||||||
update_cache: yes
|
|
||||||
become: yes
|
|
||||||
when: arch_based
|
|
|
@ -1,14 +0,0 @@
|
||||||
# Maintainer: Geoffrey Frogeye
|
|
||||||
|
|
||||||
pkgname=automatrop-packages-{{ inventory_hostname_short }}
|
|
||||||
pkgver={{ ansible_date_time.iso8601_basic_short }}
|
|
||||||
pkgrel=1
|
|
||||||
pkgdesc='Metapackage for packages wanted by Geoffrey via automatrop for {{ inventory_hostname }}'
|
|
||||||
url='https://git.frogeye.fr/geoffrey/dotfiles/src/branch/master/config/automatrop'
|
|
||||||
arch=('any')
|
|
||||||
license=('GPL')
|
|
||||||
depends=(
|
|
||||||
{% for package in packages %}
|
|
||||||
'{{ package }}'
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
|
@ -1,17 +1,3 @@
|
||||||
- name: Create a etckeeper commit
|
|
||||||
command: "etckeeper commit 'automatrop {{ ansible_date_time.iso8601 }}'"
|
|
||||||
listen: "etc changed"
|
|
||||||
become: yes
|
|
||||||
register: etckeeper_commit
|
|
||||||
failed_when: "etckeeper_commit.rc != 0 and 'nothing to commit' not in etckeeper_commit.stdout"
|
|
||||||
changed_when: "'nothing to commit' not in etckeeper_commit.stdout"
|
|
||||||
|
|
||||||
- name: Restart chrony
|
|
||||||
systemd:
|
|
||||||
name: chronyd
|
|
||||||
state: restarted
|
|
||||||
listen: chrony reconfigured
|
|
||||||
become: yes
|
|
||||||
|
|
||||||
- name: Reload systemd daemon
|
- name: Reload systemd daemon
|
||||||
systemd:
|
systemd:
|
||||||
|
|
|
@ -1,7 +1,3 @@
|
||||||
# TODO For other distributions
|
|
||||||
|
|
||||||
# Package are installed with --asdeps because they are needed
|
|
||||||
|
|
||||||
# Xorg configuration
|
# Xorg configuration
|
||||||
|
|
||||||
- name: Check if there is Intel backlight
|
- name: Check if there is Intel backlight
|
||||||
|
@ -25,7 +21,6 @@
|
||||||
dest: "{{ item }}/20-intel_backlight.conf"
|
dest: "{{ item }}/20-intel_backlight.conf"
|
||||||
become: yes
|
become: yes
|
||||||
when: display_server == 'x11' and intel_backlight.stat.exists
|
when: display_server == 'x11' and intel_backlight.stat.exists
|
||||||
notify: etc changed
|
|
||||||
loop: "{{ xorg_common_config_dirs }}"
|
loop: "{{ xorg_common_config_dirs }}"
|
||||||
|
|
||||||
- name: Configure Xorg joystick behaviour
|
- name: Configure Xorg joystick behaviour
|
||||||
|
@ -34,7 +29,6 @@
|
||||||
dest: "{{ item }}/50-joystick.conf"
|
dest: "{{ item }}/50-joystick.conf"
|
||||||
become: yes
|
become: yes
|
||||||
when: display_server == 'x11'
|
when: display_server == 'x11'
|
||||||
notify: etc changed
|
|
||||||
loop: "{{ xorg_common_config_dirs }}"
|
loop: "{{ xorg_common_config_dirs }}"
|
||||||
|
|
||||||
- name: List modules we're using
|
- name: List modules we're using
|
||||||
|
@ -63,7 +57,6 @@
|
||||||
dest: /etc/systemd/system/getty@.service.d/override.conf
|
dest: /etc/systemd/system/getty@.service.d/override.conf
|
||||||
become: yes
|
become: yes
|
||||||
notify:
|
notify:
|
||||||
- etc changed
|
|
||||||
- systemd changed
|
- systemd changed
|
||||||
when: auto_numlock
|
when: auto_numlock
|
||||||
|
|
||||||
|
@ -73,6 +66,5 @@
|
||||||
state: absent
|
state: absent
|
||||||
become: yes
|
become: yes
|
||||||
notify:
|
notify:
|
||||||
- etc changed
|
|
||||||
- systemd changed
|
- systemd changed
|
||||||
when: not auto_numlock
|
when: not auto_numlock
|
||||||
|
|
Loading…
Reference in a new issue