From e070cc0e317f1d05de4aebff661793d1c5822d8b Mon Sep 17 00:00:00 2001 From: staticdev Date: Fri, 24 Jan 2025 22:22:08 +0100 Subject: [PATCH] Add flake.lock --- .ansible-lint | 6 + .github/workflows/constraints.txt | 1 - .github/workflows/release.yml | 2 +- .github/workflows/tests.yml | 67 ++++++++ .gitignore | 1 + .yamllint | 16 ++ CONTRIBUTING.md | 5 +- README.md | 8 +- ansible.cfg | 9 ++ default.config.yml | 170 ++++++++++++++++++++ eg/flake.nix | 2 +- flake.lock | 49 ++++++ handlers/main.yml | 1 + inventory | 2 + main.yml | 126 +++++++++++++++ molecule/default/INSTALL.md | 15 ++ molecule/default/converge.yml | 21 +++ molecule/default/molecule.yml | 23 +++ requirements.yml | 24 +++ tasks/cryptomator.yml | 11 ++ tasks/extra-packages.yml | 25 +++ tasks/git-setup.yml | 24 +++ tasks/gnome-setup.yml | 57 +++++++ tasks/keyboard.yml | 19 +++ tasks/keypass-xc.yml | 15 ++ tasks/office.yml | 25 +++ tasks/openrgb.yml | 65 ++++++++ tasks/packages.yml | 54 +++++++ tasks/site.yml | 9 ++ tasks/ssh.yml | 14 ++ tasks/sudoers.yml | 21 +++ tasks/terminal.yml | 20 +++ tasks/validate-config.yml | 5 + templates/gitconfig/.gitconfig_user.t2 | 30 ++++ templates/gitconfig/.gitconfig_workspace.t2 | 3 + 35 files changed, 936 insertions(+), 9 deletions(-) create mode 100644 .ansible-lint create mode 100644 .github/workflows/tests.yml create mode 100644 .yamllint create mode 100644 ansible.cfg create mode 100644 default.config.yml create mode 100644 flake.lock create mode 100644 handlers/main.yml create mode 100644 inventory create mode 100644 main.yml create mode 100644 molecule/default/INSTALL.md create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 requirements.yml create mode 100644 tasks/cryptomator.yml create mode 100644 tasks/extra-packages.yml create mode 100644 tasks/git-setup.yml create mode 100644 tasks/gnome-setup.yml create mode 100644 tasks/keyboard.yml create mode 100644 tasks/keypass-xc.yml create mode 100644 tasks/office.yml create mode 100644 tasks/openrgb.yml create mode 100644 tasks/packages.yml create mode 100644 tasks/site.yml create mode 100644 tasks/ssh.yml create mode 100644 tasks/sudoers.yml create mode 100644 tasks/terminal.yml create mode 100644 tasks/validate-config.yml create mode 100644 templates/gitconfig/.gitconfig_user.t2 create mode 100644 templates/gitconfig/.gitconfig_workspace.t2 diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..7746bbf --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,6 @@ +--- +exclude_paths: [~/.ansible, roles] + +skip_list: + - '306' + - '106' diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt index cd36eeb..ef6f837 100644 --- a/.github/workflows/constraints.txt +++ b/.github/workflows/constraints.txt @@ -1,4 +1,3 @@ -pip==24.0 ansible==9.2.0 ansible-lint==24.2.0 yamllint==1.35.1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d5399e..3bef7e8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.12" + python-version: "3.13" - name: Check if there is a parent commit id: check-parent-commit diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..e176f39 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,67 @@ +--- +name: Tests + +"on": + pull_request: + push: + branches: + - main + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@v4 + with: + fetch-depth: 2 + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install UV + uses: astral-sh/setup-uv@v5 + + - name: Upgrade ansible-lint + run: | + uv pip install --constraint=.github/workflows/constraints.txt ansible-lint ansible + - name: Upgrade yamllint + run: | + uv pip install --constraint=.github/workflows/constraints.txt yamllint + + - name: Lint code. + run: | + yamllint . + ansible-lint + molecule: + name: Molecule + runs-on: ubuntu-latest + + strategy: + matrix: + distro: + - debian12 + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install UV + uses: astral-sh/setup-uv@v5 + + - name: Install test dependencies + run: uv pip install --constraint=.github/workflows/constraints.txt ansible 'molecule-plugins[podman]' podman + + - name: Run Molecule tests + run: molecule -v test + env: + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/.gitignore b/.gitignore index 3774b46..d975e4d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ /docs/_build/ *.vagrant *.retry +roles* config*.yml .cache/ .python-version diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..734c2a8 --- /dev/null +++ b/.yamllint @@ -0,0 +1,16 @@ +--- +extends: default + +rules: + line-length: + max: 180 + level: warning + document-start: + level: error + truthy: + level: error + +ignore: | + .github/stale.yml + .cache + roles diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6fe6775..dd243fc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -35,15 +35,16 @@ Request features on the [Issue Tracker]. ## How to set up your development environment -You need Python 3.12+ and the following tools: +You need Python 3.13+ and the following tools: +- [Molecule] - [Podman] - [Pre-commit] - [Vagrant] (optional) The good thing is to install them you just need [Ansible] and this playbook. -[Pre-commit] is installed with `python_developer` tools, [Podman] and [Vagrant] with [Nix] packages by default. +[Pre-commit] is installed with `python_developer` tools, [Podman] and [Vagrant] with [Nix] packages by default. For [Molecule] read their docs. [molecule]: https://ansible.readthedocs.io/projects/molecule/en/latest/ [podman]: https://podman.io/ diff --git a/README.md b/README.md index 3dd9a87..f366986 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,11 @@ - Support processor architectures: x86_64 (only one for now, may be extended in the future). - Development: [Golang], [NodeJs] and [Python tools]. - - IDEs: [VSCodium] and [Pycharm] installation. -- Browsers: [Brave], [Firefox] and [Mullvad Browser]. + - IDEs: [VSCodium] installation (via Nixpkgs). +- Browsers: [Brave], [Firefox] and [Mullvad Browser] (via Nix). - Replaces [LibreOffice] with [OnlyOffice]. -- Assorted FOSS programs: [Cryptomator], [KeyPass], [OBS], [OpenRGB], [RClone], and [Signal] messenger installation. -- Configurations: dotfiles, shell/terminals, [Gnome], [Git], ssh, keyboard... +- Assorted FOSS programs: [Cryptomator], [KeyPass], [OBS], [OpenRGB], [RClone], and [Signal] (via Nixpkgs) messenger installation. +- Configurations: dotfiles, zsh (via Nix), terminals, [Gnome], [Git], ssh, keyboard... Note: this is an opinionated setup I personally use for software development on [NixOS](https://nixos.org). You can customize all the changes following instructions in [Overriding Defaults](#overriding-defaults). diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..98cf596 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,9 @@ +[defaults] +nocows = True +roles_path = ./roles:/etc/ansible/roles +timeout = 30 +interpreter_python = /usr/bin/python3 + +[ssh_connection] +pipelining = True +control_path = /tmp/ansible-ssh-%%h-%%p-%%r diff --git a/default.config.yml b/default.config.yml new file mode 100644 index 0000000..81c2f32 --- /dev/null +++ b/default.config.yml @@ -0,0 +1,170 @@ +--- +# Install packages +install_packages: true +installed_packages: + - apache2-utils + - cmake + - dconf-editor # visual gnome configs + - gir1.2-clutter-1.0 # dep gnome extension system monitor + - gir1.2-clutter-gst-3.0 # dep gnome extension system monitor + - gir1.2-gtkclutter-1.0 # dep gnome extension system monitor + - git + - locales-all + - openssl + - podman # see https://github.com/NixOS/nixpkgs/issues/138423 + - poedit + +nix_packages: + - name: kubectl + check_cmd: kubectl version --client + - name: helm + check_cmd: helm --version + - name: k9s + check_cmd: k9s version + - name: htop + check_cmd: htop --version + - name: nmap + check_cmd: nmap --version + - name: thefuck + check_cmd: thefuck --version + - name: tmux + check_cmd: tmux -V + - name: vagrant + check_cmd: vagrant --version + - name: vim + check_cmd: vim --version + - name: wget + check_cmd: wget --version + - name: xclip + check_cmd: xclip -version + +# Install packages from other package managers +install_extra_packages: true +# Note: You are responsible for adding the required package managers +# installation, eg. through nix +snap_packages: [] +# - name: postman +gem_packages: [] +# - name: bundler +# state: present # present/absent/latest, default: present +# version: "~> 1.15.1" # default: N/A +npm_packages: [] +# - name: webpack +# state: present # present/absent/latest, default: present +# version: "^2.6" # default: N/A + +# Docker +# Default is false in favor to podman installation in installed_packages +install_docker: false + +# Dotfiles (requires git on installed_packages or extra_packages) +configure_dotfiles: true +dotfiles_repo: "https://github.com/staticdev/dotfiles-eg.git" +dotfiles_repo_version: main +dotfiles_files: + - .tmux.conf + - .vimrc + - .zshrc + +# Development +## Go settings +golang_developer: true +golang_version: "1.21.5" + +## NodeJs settings +nodejs_developer: true +nodejs_version: "20.x" + +## Python settings +python_developer: true +pyenv_python_versions: + - 3.12.1 + - 3.11.7 +pyenv_global: + - 3.12.1 + - 3.11.7 +pyenv_virtualenvs: [] + +# keyboard config +configure_keyboard: false +keyboard_layout: us +keyboard_variant: intl +keyboard_c_cedilla: false + +# SSH config +configure_ssh: true +ssh_key_type: ed25519 # you can also choose between: dsa, ecdsa and ed25519 +# For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Generally, 2048 bits is considered sufficient. +# DSA keys must be exactly 1024 bits as specified by FIPS 186-2. +# For ECDSA keys, size determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. +# Attempting to use bit lengths other than these three values for ECDSA keys will cause this module to fail. +# Ed25519 keys have a fixed length and the size will be ignored. +ssh_key_size: +ssh_key_passphrase: super_secret_password + +# Sudoers config +configure_sudoers: false +sudoers_custom_config: "" +# Example: +# sudoers_custom_config: | +# # Allow users in admin group to use sudo with no password. +# %admin ALL=(ALL) NOPASSWD: ALL + +# Terminal config +## Guake config +configure_terminal: true +guake_keybinding: "F12" + +# Git config +setup_git: true +git_init_default_branch: main +git_pull_rebase: false +## create workspace folders with specific configs +git_create_workspaces: true +git_workspaces: + - folder_name: workspace + email: name@mail.com + username: gitusername +# - folder_name: workspace2 +# email: name2@mail.com +# username: gitusername2 +## used only if git_create_workspaces is false +git_email: name@mail.com +git_username: gitusername + +# Office setup +install_onlyoffice: true +## remove libreoffice in favor to onlyoffice +remove_libreoffice: false + +# Gnome config +gnome_setup: false +gnome_favorite_apps: + [ + "firefox.desktop", + "brave-browser.desktop", + "org.gnome.Nautilus.desktop", + "codium.desktop", + ] + +# enable entire screen sharing +enable_screen_sharing: false + +# extra installs +## cryptomator +install_cryptomator: false +cryptomator_version: 1.11.1 + +install_keypass_xc: false +install_obs: false +install_rclone: false + +## openrgb +install_openrgb: false +# get from https://gitlab.com/CalcProgrammer1/OpenRGB/-/tags +openrgb_git_release: release_0.9 +openrgb_deb_version: 0.9.0 +openrgb_deb_architecture: amd64 + +# glob pattern to ansible task files to run after all other tasks are finished. +post_provision_tasks: [] diff --git a/eg/flake.nix b/eg/flake.nix index 569f24f..bd868d8 100644 --- a/eg/flake.nix +++ b/eg/flake.nix @@ -1,7 +1,7 @@ { inputs = { cfg = { - url = "github:staticdev/linux-workstation-playbook/feature/install-packages-with-home-manager"; + url = "github:staticdev/linux-workstation-playbook"; }; }; diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..088e3c7 --- /dev/null +++ b/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/inventory b/inventory new file mode 100644 index 0000000..5b72010 --- /dev/null +++ b/inventory @@ -0,0 +1,2 @@ +[all] +127.0.0.1 ansible_connection=local diff --git a/main.yml b/main.yml new file mode 100644 index 0000000..08f276c --- /dev/null +++ b/main.yml @@ -0,0 +1,126 @@ +--- +- name: Define hosts + hosts: all + + vars_files: + - default.config.yml + + pre_tasks: + - name: SSH and become checks + ansible.builtin.include_tasks: tasks/site.yml + + - name: Load config + ansible.builtin.include_vars: "{{ item }}" + with_fileglob: + - "{{ playbook_dir }}/config.yml" + + - name: Validate config + ansible.builtin.include_tasks: tasks/validate-config.yml + + - name: Install packages + ansible.builtin.include_tasks: tasks/packages.yml + when: install_packages + + - name: Install zsh + ansible.builtin.include_tasks: tasks/zsh.yml + when: install_zsh + + handlers: + - name: Restart gnome + ansible.builtin.command: killall -SIGQUIT gnome-shell + changed_when: true + + - name: Delete openrgb repo + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/OpenRGB" + state: absent + + - name: Delete openrgb generated files + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/{{ item }}" + state: absent + with_items: + - "openrgb_{{ openrgb_deb_version }}_{{ openrgb_deb_architecture }}.buildinfo" + - "openrgb_{{ openrgb_deb_version }}_{{ openrgb_deb_architecture }}.changes" + - "openrgb_{{ openrgb_deb_version }}_{{ openrgb_deb_architecture }}.deb" + - "openrgb-dbgsym_{{ openrgb_deb_version }}_{{ openrgb_deb_architecture }}.deb" + - "OpenRGB/debian/changelog" + + roles: + - role: geerlingguy.docker + when: install_docker + become: true + - role: robertdebock.obsproject + when: install_obs + become: true + - role: gantsign.golang + when: golang_developer + - role: geerlingguy.nodejs + when: nodejs_developer + become: true + - role: staticdev.pyenv + when: python_developer + - role: staticdev.python_developer + when: python_developer + - role: geerlingguy.dotfiles + when: configure_dotfiles + - role: stefangweichinger.ansible_rclone + when: install_rclone + + tasks: + - name: Office setup + ansible.builtin.include_tasks: tasks/office.yml + when: install_onlyoffice or remove_libreoffice + + - name: Extra packages + ansible.builtin.include_tasks: tasks/extra-packages.yml + when: install_extra_packages + - name: Create SSH key + ansible.builtin.include_tasks: tasks/ssh.yml + when: configure_ssh + + - name: Configure sudoers + ansible.builtin.include_tasks: tasks/sudoers.yml + when: configure_sudoers + + - name: Setup Git + ansible.builtin.include_tasks: tasks/git-setup.yml + when: setup_git + + - name: Cryptomator + ansible.builtin.include_tasks: tasks/cryptomator.yml + when: install_cryptomator + + - name: Install Keypass XC + ansible.builtin.import_tasks: tasks/keypass-xc.yml + when: install_keypass_xc + + - name: OpenRGB + ansible.builtin.include_tasks: tasks/openrgb.yml + when: install_openrgb + + - name: Enable entire screen sharing + ansible.builtin.lineinfile: + dest: /etc/gdm3/daemon.conf + regexp: '^#\s*WaylandEnable=false.*$' + line: "WaylandEnable=false" + become: true + when: enable_screen_sharing + + - name: Gnome Setup + ansible.builtin.import_tasks: tasks/gnome-setup.yml + when: gnome_setup + + - name: Configure keyboard + ansible.builtin.import_tasks: tasks/keyboard.yml + when: configure_keyboard + + - name: Configure terminal + ansible.builtin.include_tasks: tasks/terminal.yml + when: configure_terminal + + - name: Run configured post-provision ansible task files. + ansible.builtin.include_tasks: "{{ outer_item }}" + loop_control: + loop_var: outer_item + with_fileglob: "{{ post_provision_tasks | default(omit) }}" diff --git a/molecule/default/INSTALL.md b/molecule/default/INSTALL.md new file mode 100644 index 0000000..1552d9c --- /dev/null +++ b/molecule/default/INSTALL.md @@ -0,0 +1,15 @@ +# Podman driver installation guide + +## Requirements + +- Podman + +## Install + +Please refer to the [Virtual environment](https://virtualenv.pypa.io/en/latest/) documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended ['--user' flag](https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site) when invoking `pip`. + +```sh +python3 -m pip install 'molecule-plugins[podman]' podman +``` diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..f616430 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +- name: Converge + hosts: all + + tasks: + - name: Update apt cache + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + become: true + + - name: Install required packages + ansible.builtin.apt: + name: + - gpg + - python3-bcrypt + - python3-requests + become: true + +- name: Import playbook + import_playbook: ../../main.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..e7286d5 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy +driver: + name: podman +lint: | + set -e + yamllint . +platforms: + - name: instance + image: "docker.io/staticdev/docker-${MOLECULE_DISTRO:-debian12}-ansible:latest" + cgroupns_mode: host + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + pre_build_image: true +provisioner: + name: ansible + config_options: + defaults: + remote_user: molecule +verifier: + name: ansible diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..a4d9e56 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,24 @@ +--- +roles: + - name: gantsign.golang + version: 3.2.5 + - name: geerlingguy.docker + version: 7.0.2 + - name: geerlingguy.dotfiles + version: 1.2.1 + - name: geerlingguy.nodejs + version: 6.1.1 + - name: robertdebock.obsproject + version: 2.0.8 + - name: staticdev.pyenv + version: 2.11.0 + - name: staticdev.python_developer + version: 3.1.0 + - name: stefangweichinger.ansible_rclone + version: 0.1.3 + +collections: + - name: community.general + version: 8.3.0 + - name: community.crypto + version: 2.17.1 diff --git a/tasks/cryptomator.yml b/tasks/cryptomator.yml new file mode 100644 index 0000000..5b65a36 --- /dev/null +++ b/tasks/cryptomator.yml @@ -0,0 +1,11 @@ +--- +- name: Download Cryptomator. + ansible.builtin.get_url: + url: "https://github.com/cryptomator/cryptomator/releases/download/{{ cryptomator_version }}/cryptomator-{{ cryptomator_version }}-x86_64.AppImage" + dest: "{{ ansible_env.HOME }}/.local/bin/cryptomator" + mode: 0700 + timeout: 20 + # will always download version fisrt to see if it changed + # improvement: usa a CLI command to check - still does not exist + # see: https://github.com/cryptomator/cryptomator/issues/1996 + force: true diff --git a/tasks/extra-packages.yml b/tasks/extra-packages.yml new file mode 100644 index 0000000..9845e92 --- /dev/null +++ b/tasks/extra-packages.yml @@ -0,0 +1,25 @@ +--- +- name: Install snap packages. + community.general.snap: + name: "{{ item.name | default(item) }}" + classic: "{{ item.classic | default('false') }}" + loop: "{{ snap_packages | flatten(1) }}" + become: true + +- name: Install global NPM packages. + community.general.npm: + name: "{{ item.name | default(item) }}" + state: "{{ item.state | default('present') }}" + version: "{{ item.version | default(omit) }}" + global: true + executable: "{{ item.executable | default(omit) }}" + with_items: "{{ npm_packages }}" + +- name: Install global Ruby gems. + community.general.gem: + name: "{{ item.name | default(item) }}" + state: "{{ item.state | default('present') }}" + version: "{{ item.version | default(omit) }}" + user_install: false + executable: "{{ item.executable | default(omit) }}" + with_items: "{{ gem_packages }}" diff --git a/tasks/git-setup.yml b/tasks/git-setup.yml new file mode 100644 index 0000000..831e70f --- /dev/null +++ b/tasks/git-setup.yml @@ -0,0 +1,24 @@ +--- +- name: Create user file for Git config + ansible.builtin.template: + src: gitconfig/.gitconfig_user.t2 + dest: "{{ ansible_env.HOME }}/.gitconfig" + mode: 0644 + when: configure_dotfiles + +- name: Configure Git workspaces + when: git_create_workspaces + block: + - name: Create workspace directories + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/{{ item.folder_name }}" + state: directory + mode: 0755 + loop: "{{ git_workspaces | flatten(levels=1) }}" + - name: Create workspace files for Git config + ansible.builtin.template: + src: gitconfig/.gitconfig_workspace.t2 + dest: "{{ ansible_env.HOME }}/{{ item.folder_name }}/.gitconfig" + mode: 0644 + loop: "{{ git_workspaces | flatten(levels=1) }}" + when: configure_dotfiles diff --git a/tasks/gnome-setup.yml b/tasks/gnome-setup.yml new file mode 100644 index 0000000..fffb217 --- /dev/null +++ b/tasks/gnome-setup.yml @@ -0,0 +1,57 @@ +--- +- name: Install python-psutil package + ansible.builtin.apt: + name: python3-psutil + become: true + +- name: Install System Monitor extension + ansible.builtin.package: + name: gnome-shell-extension-system-monitor + state: present + become: true + +- name: Enable System Monitor extension + community.general.dconf: + key: /org/gnome/shell/enabled-extensions + value: ["system-monitor@paradoxxx.zero.gmail.com"] + notify: + - Restart gnome + +- name: Setup night-light + community.general.dconf: + key: "{{ item.key }}" + value: "{{ item.value }}" + state: present + with_items: + # values from gsettings list-recursively org.gnome.settings-daemon.plugins.color + - key: "/org/gnome/settings-daemon/plugins/color/night-light-temperature" + value: uint32 2700 + - key: "/org/gnome/settings-daemon/plugins/color/night-light-enabled" + value: "true" + - key: "/org/gnome/settings-daemon/plugins/color/night-light-schedule-automatic" + value: "false" + - key: "/org/gnome/settings-daemon/plugins/color/night-light-schedule-to" + value: 6.0 + - key: "/org/gnome/settings-daemon/plugins/color/night-light-last-coordinates" + value: (91.0, 181.0) + - key: "/org/gnome/settings-daemon/plugins/color/active" + value: "true" + - key: "/org/gnome/settings-daemon/plugins/color/priority" + value: 0 + - key: "/org/gnome/settings-daemon/plugins/color/night-light-schedule-from" + value: 16.0 + +- name: Setup favorite-apps + community.general.dconf: + key: /org/gnome/shell/favorite-apps + value: "{{ gnome_favorite_apps }}" + +- name: Disable activities overview hot corner + community.general.dconf: + key: /org/gnome/desktop/interface/enable-hot-corners + value: "false" + +- name: Disable lock-screen notifications + community.general.dconf: + key: /org/gnome/desktop/notifications/show-in-lock-screen + value: "false" diff --git a/tasks/keyboard.yml b/tasks/keyboard.yml new file mode 100644 index 0000000..ddd68ec --- /dev/null +++ b/tasks/keyboard.yml @@ -0,0 +1,19 @@ +--- +- name: Change keyboard settings + community.general.dconf: + key: /org/gnome/desktop/input-sources/sources + value: "[('xkb', '{{ keyboard_layout | string }}{% if keyboard_variant %}+{{ keyboard_variant | string }}{% endif %}')]" + when: keyboard_layout + +- name: Configure c-cedilla + ansible.builtin.lineinfile: + path: /etc/environment + line: "{{ item.line }}" + regexp: "{{ item.regexp }}" + with_items: + - line: GTK_IM_MODULE=cedilla + regexp: ^GTK_IM_MODULE= + - line: QT_IM_MODULE=cedilla + regexp: ^QT_IM_MODULE= + become: true + when: keyboard_c_cedilla diff --git a/tasks/keypass-xc.yml b/tasks/keypass-xc.yml new file mode 100644 index 0000000..ec0ceba --- /dev/null +++ b/tasks/keypass-xc.yml @@ -0,0 +1,15 @@ +--- +- name: Check installation of Keepass XC + ansible.builtin.command: keepassxc --version + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + register: keepass_xc_cmd + changed_when: false + ignore_errors: true +- name: Install Keepass XC + when: keepass_xc_cmd is failed + ansible.builtin.command: + cmd: nix profile install nixpkgs#keepassxc + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + changed_when: true diff --git a/tasks/office.yml b/tasks/office.yml new file mode 100644 index 0000000..d30a70f --- /dev/null +++ b/tasks/office.yml @@ -0,0 +1,25 @@ +--- +- name: OnlyOffice + when: install_onlyoffice + block: + - name: Check installation of OnlyOffice + ansible.builtin.command: onlyoffice-desktopeditors --version + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + register: onlyoffice_version_cmd + changed_when: false + ignore_errors: true + - name: Install OnlyOffice + when: onlyoffice_version_cmd is failed + ansible.builtin.command: + cmd: nix profile install nixpkgs#onlyoffice-bin + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + changed_when: true + +- name: Remove LibreOffice + ansible.builtin.package: + name: "libreoffice*" + state: absent + become: true + when: remove_libreoffice diff --git a/tasks/openrgb.yml b/tasks/openrgb.yml new file mode 100644 index 0000000..45fe1e0 --- /dev/null +++ b/tasks/openrgb.yml @@ -0,0 +1,65 @@ +--- +- name: Check if openrbg is installed + ansible.builtin.command: openrgb --version + register: openrgb_version_cmd + changed_when: false + ignore_errors: true + +- name: Ensure packages are installed + ansible.builtin.package: + name: "{{ item }}" + state: present + become: true + # ref: https://gitlab.com/OpenRGBDevelopers/openrgb-linux-ci-deb-builder/-/blob/bookworm/Dockerfile.bookworm-64?ref_type=heads + with_items: + - build-essential + - debhelper + - qt5-qmake + - qtbase5-dev + - qtchooser + - qtcreator + - qttools5-dev-tools + - libusb-1.0-0-dev + - libhidapi-dev + - libmbedtls-dev + - pkgconf + when: openrgb_version_cmd is failed + +- name: Load i2c-dev module + community.general.modprobe: + name: i2c-dev + state: present + become: true + when: openrgb_version_cmd is failed + +- name: Download repo + ansible.builtin.git: + repo: https://gitlab.com/CalcProgrammer1/OpenRGB + dest: ~/OpenRGB + version: "{{ openrgb_git_release }}" + when: openrgb_version_cmd is failed + notify: Delete openrgb repo + +- name: Generate changelog + ansible.builtin.command: + cmd: ./scripts/build-package-files.sh debian/changelog + chdir: ~/OpenRGB + when: openrgb_version_cmd is failed + register: package_result + changed_when: "package_result.rc == 0" + notify: Delete openrgb generated files + +- name: Generate package + ansible.builtin.command: + cmd: dpkg-buildpackage -us -B + chdir: ~/OpenRGB + when: openrgb_version_cmd is failed + register: package_result + changed_when: "package_result.rc == 0" + notify: Delete openrgb generated files + +- name: Install OpenRGB + ansible.builtin.apt: + deb: "{{ lookup('env', 'HOME') }}/openrgb_{{ openrgb_deb_version }}_{{ openrgb_deb_architecture }}.deb" + become: true + when: openrgb_version_cmd is failed diff --git a/tasks/packages.yml b/tasks/packages.yml new file mode 100644 index 0000000..645926f --- /dev/null +++ b/tasks/packages.yml @@ -0,0 +1,54 @@ +--- +- name: Python - basic install + become: true + ansible.builtin.package: + name: python3 + state: present + +- name: Only run update cache if the last one is more than 3600 seconds ago + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + become: true + +- name: Ensure packages are installed + ansible.builtin.package: + name: "{{ item }}" + state: present + become: true + with_items: + - "{{ installed_packages }}" + +- name: Install Nix package manager + ansible.builtin.import_role: + name: ableton.nix + vars: + nix_flakes: true + +- name: Add Nix to bash PATH + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/.bashrc" + line: 'export PATH="{{ ansible_env.HOME }}/.nix-profile/bin:$PATH"' + insertafter: EOF + state: present + +- name: "Check installation of Nix packages" + ansible.builtin.command: "{{ item.check_cmd }}" + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + register: package_check_cmd + changed_when: false + ignore_errors: true + loop: "{{ nix_packages }}" + loop_control: + index_var: package_index + +- name: "Install Nix packages" + ansible.builtin.command: "nix profile install nixpkgs#{{ item.name }}" + environment: + PATH: "{{ ansible_env.HOME + '/.nix-profile/bin:$PATH' }}" + when: package_check_cmd.results[package_index].failed + changed_when: true + loop: "{{ nix_packages }}" + loop_control: + index_var: package_index diff --git a/tasks/site.yml b/tasks/site.yml new file mode 100644 index 0000000..2eaf225 --- /dev/null +++ b/tasks/site.yml @@ -0,0 +1,9 @@ +--- +- name: Check ssh password first + ansible.builtin.command: echo "ssh password correct" + changed_when: false + +- name: Check sudo password first + ansible.builtin.command: echo "sudo password correct" + become: true + changed_when: false diff --git a/tasks/ssh.yml b/tasks/ssh.yml new file mode 100644 index 0000000..7eb6b65 --- /dev/null +++ b/tasks/ssh.yml @@ -0,0 +1,14 @@ +--- +- name: Create .ssh directory if it does not exist + ansible.builtin.file: + path: ~/.ssh + state: directory + mode: 0700 + +- name: Generate an OpenSSH keypair + community.crypto.openssh_keypair: + path: "~/.ssh/id_{{ ssh_key_type }}" + type: "{{ ssh_key_type }}" + size: "{{ ssh_key_size }}" + passphrase: "{{ ssh_key_passphrase }}" + become: false diff --git a/tasks/sudoers.yml b/tasks/sudoers.yml new file mode 100644 index 0000000..18fca5f --- /dev/null +++ b/tasks/sudoers.yml @@ -0,0 +1,21 @@ +--- +# If the user installs GNU sed through homebrew the path is different. +- name: Register path to sed. + ansible.builtin.command: which sed + register: sed_which_result + changed_when: false + when: sed_path is undefined + +- name: Define sed_path variable. + ansible.builtin.set_fact: + sed_path: "{{ sed_which_result.stdout }}" + when: sed_path is undefined + +# Sudoers configuration. +- name: Copy sudoers configuration into place. + ansible.builtin.copy: + content: "{{ sudoers_custom_config }}" + dest: /private/etc/sudoers.d/custom + mode: 0440 + validate: "visudo -cf %s" + become: true diff --git a/tasks/terminal.yml b/tasks/terminal.yml new file mode 100644 index 0000000..870f2cf --- /dev/null +++ b/tasks/terminal.yml @@ -0,0 +1,20 @@ +--- +- name: Add keybinding for Guake in Wayland + community.general.dconf: + key: "{{ item.key }}" + value: "{{ item.value }}" + state: present + with_items: + # values from gsettings list-recursively /org/gnome/settings-daemon/plugins/media-keys/custom-keybindings + - key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings" + value: + [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/guake/", + ] + - key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/guake/binding" + value: "'{{ guake_keybinding }}'" + - key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/guake/command" + value: "'/usr/bin/guake-toggle'" + - key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/guake/name" + value: "'Guake'" + when: "'guake' in installed_packages" diff --git a/tasks/validate-config.yml b/tasks/validate-config.yml new file mode 100644 index 0000000..9f3bd94 --- /dev/null +++ b/tasks/validate-config.yml @@ -0,0 +1,5 @@ +--- +- name: Validate PyCharm flavor + ansible.builtin.fail: + msg: "Unsupported PyCharm flavor '{{ pycharm_flavor }}'. Allowed values are 'community' and 'professional'." + when: install_pycharm and pycharm_flavor not in ['community', 'professional'] diff --git a/templates/gitconfig/.gitconfig_user.t2 b/templates/gitconfig/.gitconfig_user.t2 new file mode 100644 index 0000000..f0f0c0f --- /dev/null +++ b/templates/gitconfig/.gitconfig_user.t2 @@ -0,0 +1,30 @@ +{% if git_create_workspaces %} +{% for workspace in git_workspaces -%} +[includeIf "gitdir:~/{{ workspace.folder_name }}/"] + path = ~/{{ workspace.folder_name }}/.gitconfig +{% endfor %} +{% else %} +[user] + email = {{ git_email }} + name = {{ git_username }} +{% endif %} +[credential] + helper = cache --timeout=36000 +[core] + editor = vi + autocrlf = input +[color] + ui = always +[init] + defaultBranch = {{ git_init_default_branch }} +[alias] + c = commit + ca = commit -a + cm = commit -m + cam = commit -am + d = diff + dc = diff --cached + graph = log --graph --all --oneline + l = log --graph --pretty=format:"%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset" --abbrev-commit +[pull] + rebase = {{ git_pull_rebase }} diff --git a/templates/gitconfig/.gitconfig_workspace.t2 b/templates/gitconfig/.gitconfig_workspace.t2 new file mode 100644 index 0000000..de23235 --- /dev/null +++ b/templates/gitconfig/.gitconfig_workspace.t2 @@ -0,0 +1,3 @@ +[user] + email = {{ item.email }} + name = {{ item.username }}