183 lines
5.2 KiB
YAML
183 lines
5.2 KiB
YAML
- name: Gather facts as login user
|
|
hosts: localhost
|
|
gather_facts: true
|
|
become: false
|
|
|
|
- name: Install packages and base configuration
|
|
gather_facts: false
|
|
hosts: localhost
|
|
become: true
|
|
|
|
vars_files:
|
|
- vars/packages.yml
|
|
|
|
# Select GPU via:
|
|
# -e gpu_vendor=amd|intel|nvidia
|
|
# Default: amd
|
|
vars:
|
|
selected_gpu_vendor: "{{ gpu_vendor | default('amd') }}"
|
|
aur_builder: aurbuild
|
|
wants_dir: "/home/{{ ansible_facts['user_id'] }}/.config/systemd/user/default.target.wants"
|
|
|
|
tasks:
|
|
- name: Validate gpu_vendor (amd/intel/nvidia)
|
|
ansible.builtin.assert:
|
|
that:
|
|
- selected_gpu_vendor in gpu_driver_sets.keys()
|
|
fail_msg: "gpu_vendor must be one of: {{ gpu_driver_sets.keys() | list }}"
|
|
|
|
- name: Compute flattened package list from all categories + selected GPU set
|
|
ansible.builtin.set_fact:
|
|
pacman_packages: >-
|
|
{{
|
|
(
|
|
(
|
|
pkgsets
|
|
| dict2items
|
|
| map(attribute='value')
|
|
| list
|
|
| flatten
|
|
)
|
|
+ gpu_driver_sets[selected_gpu_vendor]
|
|
) | unique
|
|
}}
|
|
|
|
- name: Install official repo packages
|
|
community.general.pacman:
|
|
name: "{{ pacman_packages }}"
|
|
state: present
|
|
update_cache: true
|
|
|
|
# Install rustup and cargo to build paru
|
|
- name: Check if rustup default toolchain is installed
|
|
ansible.builtin.command: rustup toolchain list
|
|
register: rustup_toolchains
|
|
changed_when: false
|
|
failed_when: false
|
|
become: false
|
|
|
|
- name: Install stable Rust toolchain via rustup
|
|
ansible.builtin.command:
|
|
cmd: rustup default stable
|
|
become: false
|
|
when: "'stable' not in rustup_toolchains.stdout"
|
|
register: result
|
|
changed_when: result.rc == 0
|
|
|
|
- name: Check which AUR packages are already installed
|
|
ansible.builtin.command: >
|
|
pacman -Q {{ aur_packages | join(' ') }}
|
|
register: aur_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Determine if AUR install is needed
|
|
ansible.builtin.set_fact:
|
|
aur_install_needed: "{{ aur_check.rc != 0 }}"
|
|
|
|
- block:
|
|
- name: Create temporary AUR builder user
|
|
ansible.builtin.user:
|
|
name: "{{ aur_builder }}"
|
|
create_home: true
|
|
shell: /bin/bash
|
|
|
|
- name: Allow temporary builder to use pacman without password
|
|
ansible.builtin.copy:
|
|
dest: "/etc/sudoers.d/{{ aur_builder }}-pacman"
|
|
content: "{{ aur_builder }} ALL=(root) NOPASSWD: /usr/bin/pacman\n"
|
|
mode: "0440"
|
|
validate: "visudo -cf %s"
|
|
|
|
- name: Install AUR packages
|
|
become: true
|
|
become_user: "{{ aur_builder }}"
|
|
kewlfft.aur.aur:
|
|
name: "{{ aur_packages }}"
|
|
state: present
|
|
|
|
always:
|
|
- name: Cleanup sudoers
|
|
ansible.builtin.file:
|
|
path: "/etc/sudoers.d/{{ aur_builder }}-pacman"
|
|
state: absent
|
|
|
|
- name: Cleanup builder user
|
|
ansible.builtin.user:
|
|
name: "{{ aur_builder }}"
|
|
state: absent
|
|
remove: true
|
|
when: aur_install_needed
|
|
|
|
## Post install config
|
|
- name: Ensure groups exist
|
|
ansible.builtin.group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- video
|
|
- seat
|
|
|
|
- name: Add current user to video and seat groups
|
|
ansible.builtin.user:
|
|
name: "{{ ansible_facts['user_id'] }}"
|
|
groups: "video,seat"
|
|
append: true
|
|
|
|
- name: Set default shell to zsh
|
|
ansible.builtin.user:
|
|
name: "{{ ansible_facts['user_id'] }}"
|
|
shell: /bin/zsh
|
|
|
|
- name: Enable and start sshd
|
|
ansible.builtin.systemd:
|
|
name: sshd.service
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start seatd
|
|
ansible.builtin.systemd:
|
|
name: seatd.service
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable lemurs
|
|
ansible.builtin.systemd:
|
|
name: lemurs.service
|
|
enabled: true
|
|
|
|
- name: Enable lingering for current user (user services at boot)
|
|
ansible.builtin.command: "loginctl enable-linger {{ ansible_facts['user_id'] }}"
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Ensure systemd user wants dir exists
|
|
ansible.builtin.file:
|
|
path: "{{ wants_dir }}"
|
|
state: directory
|
|
mode: "0755"
|
|
owner: "{{ ansible_facts['user_id'] }}"
|
|
group: "{{ ansible_facts['user_id'] }}"
|
|
|
|
- name: Enable pipewire-pulse user units
|
|
ansible.builtin.file:
|
|
src: "/usr/lib/systemd/user/{{ item }}"
|
|
dest: "{{ wants_dir }}/{{ item }}"
|
|
state: link
|
|
force: true
|
|
loop:
|
|
- pipewire-pulse.service
|
|
- pipewire-pulse.socket
|
|
|
|
- name: Ensure SSH config entry for git.jika.li
|
|
ansible.builtin.blockinfile:
|
|
path: "/home/{{ ansible_facts['user_id'] }}/.ssh/config"
|
|
create: true
|
|
owner: "{{ ansible_facts['user_id'] }}"
|
|
group: "{{ ansible_facts['user_id'] }}"
|
|
mode: '0600'
|
|
marker: "# {mark} ANSIBLE "
|
|
block: |
|
|
Host git.jika.li
|
|
Port 2233
|