From ebdb2ee8b1592dab8145eb0290e28278302ad33b Mon Sep 17 00:00:00 2001 From: Gergely Polonkai Date: Wed, 7 Apr 2021 16:43:32 +0200 Subject: [PATCH] Initial version --- inventory/group_vars/machina/vars.yml | 9 ++ inventory/group_vars/machina/vault | 32 +++++ inventory/hosts | 2 + machina.yml | 10 ++ playbooks/cjdns.yml | 25 ++++ playbooks/dnf-repos.yml | 29 ++++ playbooks/npm.yml | 7 + playbooks/packages.yml | 191 ++++++++++++++++++++++++++ playbooks/python.yml | 6 + playbooks/spotify-install.yml | 13 ++ playbooks/systemd-user.yml | 18 +++ playbooks/templates/cjdroute.conf.j2 | 68 +++++++++ playbooks/user.yml | 16 +++ 13 files changed, 426 insertions(+) create mode 100644 inventory/group_vars/machina/vars.yml create mode 100644 inventory/group_vars/machina/vault create mode 100644 inventory/hosts create mode 100644 machina.yml create mode 100644 playbooks/cjdns.yml create mode 100644 playbooks/dnf-repos.yml create mode 100644 playbooks/npm.yml create mode 100644 playbooks/packages.yml create mode 100644 playbooks/python.yml create mode 100644 playbooks/spotify-install.yml create mode 100644 playbooks/systemd-user.yml create mode 100644 playbooks/templates/cjdroute.conf.j2 create mode 100644 playbooks/user.yml diff --git a/inventory/group_vars/machina/vars.yml b/inventory/group_vars/machina/vars.yml new file mode 100644 index 0000000..d2cce0a --- /dev/null +++ b/inventory/group_vars/machina/vars.yml @@ -0,0 +1,9 @@ +cjdns_private_key: "{{ vault_cjdns_private_key }}" +cjdns_public_key: "{{ vault_cjdns_public_key }}" +cjdns_ipv6: "{{ vault_cjdns_ipv6 }}" +cjdns_incoming_username: "{{ vault_cjdns_incoming_username }}" +cjdns_incoming_password: "{{ vault_cjdns_incoming_password }}" +cjdns_snoopy_username: "{{ vault_cjdns_snoopy_username }}" +cjdns_snoopy_password: "{{ vault_cjdns_snoopy_password }}" +cjdns_woodstock_username: "{{ vault_cjdns_woodstock_username }}" +cjdns_woodstock_password: "{{ vault_cjdns_woodstock_password }}" diff --git a/inventory/group_vars/machina/vault b/inventory/group_vars/machina/vault new file mode 100644 index 0000000..c403564 --- /dev/null +++ b/inventory/group_vars/machina/vault @@ -0,0 +1,32 @@ +$ANSIBLE_VAULT;1.1;AES256 +36343161633137616464616236386334623262393334336338316563663937346461326462656134 +3164373839356632313830616339613630343238303036310a323939376666393466326164333061 +37653631393664396235383937323933313832333764386234323639636364376362313764396132 +6335653536616432300a363436353930336336393061343439376233653136303836316438623461 +35656533386463613864656134663037626662383837646535656231313538613735396638353438 +37623431356162366365613436626239353064633439623665663037393064633362333333626537 +30646663396537346661646531326466666266656162616261303963383032626330383837313933 +37643031323364333061363235396361626630613338626164363736383037636565313639663864 +61616437323930326636623062663238653531393762373862616466363839386335373732363466 +61613766353261323861616462653935333734306339383531326234336139623036663434336339 +64396533346661653235323862656561643737656561366635353637303034663338633132343466 +64343632326562333465646161633536353465376436653034333036636161323861336163303532 +39616162656239616533303734313534316632623663613736306130653338333232346165613763 +33346632373131633066323563343063663664356239653831313163386363353065333539616433 +35623537333830613066616361333933613838346362656164663466373137353330306435643730 +63343866373734326437653038313533613566353338653237393761663662326539326435613866 +39626437326363636137346335356163323239303865353734666263653137626237383436613133 +37643465613430613133626466646133623166393739373935366132393834373766343831353632 +61633964353530623134356564323235343966643131663434643137386230643339363661613930 +33313531646462636662316232346231303033383032343265356632653132353233303736366261 +32393330316534383862653037333061353339353538663865333439346637393836636264313564 +34636536373434373236643562323236363137366266396363326361363434346333383833363130 +36643335363039613732363366623865343330643234666639613934386430353430343534643365 +38663133623031316161653862323135396661303931393734633735366333333464616233303335 +36663038656631656366626539623739363964303139643430363138366537336563663233333164 +66656663636439313564386134653662363030393132646435396538363462613463333163346166 +63383239646634366537663331646530313337306231323836356331343566346163343536363630 +61316361366433393334666266346664326662653864356134393435366161663162333662653530 +39333036653965666438636438366262643861313033326564613837666633386630333138386230 +39323864376663376437643764386134313563633763323639373037656639346339633761376361 +376563656336353636613061323263353933 diff --git a/inventory/hosts b/inventory/hosts new file mode 100644 index 0000000..118e56e --- /dev/null +++ b/inventory/hosts @@ -0,0 +1,2 @@ +[machina] +machina diff --git a/machina.yml b/machina.yml new file mode 100644 index 0000000..81cfb15 --- /dev/null +++ b/machina.yml @@ -0,0 +1,10 @@ +--- +- import_playbook: playbooks/dnf-repos.yml hostlist=machina +- import_playbook: playbooks/user.yml hostlist=machina +- import_playbook: playbooks/packages.yml hostlist=machina +- import_playbook: playbooks/python.yml hostlist=machina +- import_playbook: playbooks/npm.yml hostlist=machina +- import_playbook: playbooks/user.yml hostlist=machina +- import_playbook: playbooks/spotify-install.yml hostlist=machina +- import_playbook: playbooks/systemd-user.yml hostlist=machina +- import_playbook: playbooks/cjdns.yml hostlist=machina diff --git a/playbooks/cjdns.yml b/playbooks/cjdns.yml new file mode 100644 index 0000000..894e47c --- /dev/null +++ b/playbooks/cjdns.yml @@ -0,0 +1,25 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Install cjdns and its tools + become: true + dnf: + name: + - cjdns + - cjdns-tools + state: latest + - name: Create the configuration file + become: true + template: + src: cjdroute.conf.j2 + dest: /etc/cjdroute.conf + owner: root + group: root + mode: '0600' + validate: 'cjdroute --cleanconf < %s' + backup: true + - name: Enable and start the service + become: true + systemd: + name: cjdns.service + enabled: true + state: started diff --git a/playbooks/dnf-repos.yml b/playbooks/dnf-repos.yml new file mode 100644 index 0000000..aa13a32 --- /dev/null +++ b/playbooks/dnf-repos.yml @@ -0,0 +1,29 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Install the RPM Fusion Free GPG key + become: true + rpm_key: + key: "https://rpmfusion.net/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020" + fingerprint: E9A4 91A3 DE24 7814 E7E0 67EA E06F 8ECD D651 FF2E + state: present + - name: Enable the RPM Fusion Free repository + become: true + dnf: + name: "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ansible_distribution_major_version}}.noarch.rpm" + state: present + - name: Install the RPM Fusion Non-free GPG key + become: true + rpm_key: + key: "https://rpmfusion.net/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020" + fingerprint: 79BD B88F 9BBF 7391 0FD4 095B 6A2A F961 9484 3C65 + state: present + - name: Enable the RPM Fusion Non-free repository + become: true + dnf: + name: "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ansible_distribution_major_version}}.noarch.rpm" + state: present + - name: Enable the skidnik/termite repo + become: true + community.general.copr: + name: "skidnik/termite" + state: enabled diff --git a/playbooks/npm.yml b/playbooks/npm.yml new file mode 100644 index 0000000..9e05a4a --- /dev/null +++ b/playbooks/npm.yml @@ -0,0 +1,7 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Install diff-so-fancy + community.general.npm: + name: diff-so-fancy + global: yes + state: latest diff --git a/playbooks/packages.yml b/playbooks/packages.yml new file mode 100644 index 0000000..f499998 --- /dev/null +++ b/playbooks/packages.yml @@ -0,0 +1,191 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Install Ansible + become: true + dnf: + name: ansible + state: latest + - name: Install some daemons + become: true + dnf: + name: + - pcsc-lite + - avahi + - cups + - libvirt-daemon + - postgresql-server + - zeromq + - redis + - mariadb-server + - memcached + - bind + state: latest + - name: Install Emacs + become: true + dnf: + name: + - emacs + - maildir-utils + - emacs-gettext + state: latest + - name: Install my favourite command line tools + become: true + dnf: + name: + - util-linux-user + - fish + - tar + - exa + - tmux + - mc + - fzf + - zoxide + - the_silver_searcher + - pass + - vim-enhanced + - bat + - git + - git-email + - git-extras + - git-gui + - vdirsyncer + - offlineimap + - msmtp + - bpytop + - pinentry-tty + - ffmpeg + - tar + - gzip + - bzip2 + - xz + - khal + - khard + - krb5-workstation + - whois + - asciinema + - bind-utils + state: latest + - name: Install development stuff + become: true + dnf: + name: + - bats + - podman + - buildah + - gdb + - autoconf + - autoconf-archive + - automake + - bison + - byacc + - flex + - gcc + - gcc-c++ + - intltool + - libtool + - yarnpkg + - mercurial + - cvs + - subversion + - d-feet + - arduino + - arduino-builder + - fritzing + - global + - jq + state: latest + - name: Install my desktop environment + become: true + dnf: + name: + - sway + - mako + - wob + - swayidle + - termite + - waybar + - swaylock + - clipman + - wl-clipboard + - playerctl + - bemenu + - kde-connect + - pinentry-gtk + - epiphany + - chromium + - mplayer + - gajim + - youtube-dl + - wshowkeys + state: latest + - name: Install my graphical applications + become: true + dnf: + name: + - firefox-wayland + - meld + - nheko + - nextcloud-client + - calibre + - kicad + - qcad + - openscad + - libreoffice + - gimp + - gimagereader-gtk + - blender + - audacity + - virt-manager + - ImageMagick + - inkscape + - krita + state: latest + - name: Install some games + become: true + dnf: + name: + - minetest + - warsow + - widelands + state: latest + - name: Install language packs + become: true + dnf: + name: + - aspell-en + - aspell-is + - autocorr-en + - autocorr-hu + - autocorr-is + - gimp-help-en_GB + - glibc-langpack-en + - glibc-langpack-hu + - glibc-langpack-is + - hunspell-en + - hunspell-en-GB + - hunspell-en-US + - hunspell-hu + - hunspell-is + - hyphen-en + - hyphen-hu + - hyphen-is + - langpacks-core-en + - langpacks-core-en_GB + - langpacks-core-hu + - langpacks-core-is + - langpacks-core-font-en + - langpacks-core-font-hu + - langpacks-core-font-is + - langpacks-en + - langpacks-en_GB + - langpacks-hu + - langpacks-is + - libreoffice-help-en + - libreoffice-help-hu + - libreoffice-langpack-en + - libreoffice-langpack-hu + - mythes-en + - mythes-hu + - tesseract-langpack-eng + - tesseract-langpack-hun + - tesseract-langpack-isl diff --git a/playbooks/python.yml b/playbooks/python.yml new file mode 100644 index 0000000..30b1e44 --- /dev/null +++ b/playbooks/python.yml @@ -0,0 +1,6 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Install the xdg Python module + pip: + name: xdg + extra_args: --user diff --git a/playbooks/spotify-install.yml b/playbooks/spotify-install.yml new file mode 100644 index 0000000..6b77cf0 --- /dev/null +++ b/playbooks/spotify-install.yml @@ -0,0 +1,13 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Pre-install Spotify requirements + become: true + dnf: + name: lpf-spotify-client + state: latest + - name: Approve the Spotify LPF module + command: sh -c 'echo y | env PAGER=/bin/cat lpf approve spotify-client' + - name: Build the Spotify LPF module + command: sh -c 'echo y | lpf build spotify-client' + - name: Install the Spotify LPF module + command: sh -c 'echo y | lpf install spotify-client' diff --git a/playbooks/systemd-user.yml b/playbooks/systemd-user.yml new file mode 100644 index 0000000..27e5058 --- /dev/null +++ b/playbooks/systemd-user.yml @@ -0,0 +1,18 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Enable Pipewire service + systemd: + name: pipewire.service + enabled: true + - name: Enable Pipewire-Pulse service + systemd: + name: pipewire-pulse.service + enabled: true + - name: Enable Pipewire socket + systemd: + name: pipewire.socket + enabled: true + - name: Enable Pipewire-Pulse socket + systemd: + name: pipewire-pulse.socket + enabled: true diff --git a/playbooks/templates/cjdroute.conf.j2 b/playbooks/templates/cjdroute.conf.j2 new file mode 100644 index 0000000..ed55e4f --- /dev/null +++ b/playbooks/templates/cjdroute.conf.j2 @@ -0,0 +1,68 @@ +{ + "privateKey": "{{ cjdns_private_key }}", + "publicKey": "{{ cjdns_public_key }}", + "ipv6": "{{ cjdns_ipv6 }}", + "authorizedPasswords": [ + {"password": "{{ cjdns_incoming_username }}", "user": "{{ cjdns_incoming_password }}"} + + ], + "admin": { + "bind": "127.0.0.1:11234", + "password": "NONE" + }, + "interfaces": { + "UDPInterface": [ + { + "bind": "0.0.0.0:40183", + "connectTo": { + "198.211.126.112:44970": { + "login": "{{ cjdns_snoopy_username }}", + "password": "{{ cjdns_snoopy_password }}", + "publicKey": "2vvjxl91bnk2z3h33ys6ulm3rblxr4d427cg846ycgjhccvs1wf0.k", + "peerName": "snoopy" + }, + "165.227.155.27:47266": { + "login": "{{ cjdns_woodstock_username }}", + "password": "{{ cjdns_woodstock_password }}", + "publicKey": "m6q1ks6pm72k4wur3knt77yukkku1c1vwzus1ympwvkkk7746sc0.k", + "peerName": "woodstock" + } + } + }, + { + "bind": "[::]:40183", + "connectTo": {} + } + ], + "ETHInterface": [ + { + "bind": "all", + "beacon": 2, + "connectTo": {} + } + ] + }, + "router": { + "supernodes": [], + "interface": { + "type": "TUNInterface", + "tunDevice": "cjdns" + }, + "ipTunnel": { + "allowedConnections": [], + "outgoingConnections": [] + } + }, + "security": [ + { "setuser": "cjdns", "keepNetAdmin": 1 }, + { "chroot": "/var/empty/cjdns" }, + { "nofiles": 0 }, + { "noforks": 1 }, + { "seccomp": 1 }, + { "setupComplete": 1 } + ], + "logging": {}, + "noBackground": 0, + "pipe": "cjdroute.sock", + "version": 2 +} diff --git a/playbooks/user.yml b/playbooks/user.yml new file mode 100644 index 0000000..88a6711 --- /dev/null +++ b/playbooks/user.yml @@ -0,0 +1,16 @@ +- hosts: "{{ hostlist }}" + tasks: + - name: Add the user polesz + become: true + user: + name: polesz + comment: POLONKAI Gergely + uid: 1000 + shell: /usr/bin/fish + state: present + - name: Add user polesz to some extra groups + become: true + user: + name: polesz + groups: cdrom,dialout,games,kvm,libvirt,pkg-build,printadmin,video,wheel + append: true