shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔥 delete workstation ansible role

Browse Source
This commit is contained in:
auricom
2023-11-11 16:04:45 +01:00
parent 5fc4a86bae
commit 05af1deaa8
33 changed files with 3 additions and 907 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/inventory/group_vars/all/all.sops.yml
View File

@@ -1,9 +1,5 @@
kind: Secret
secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
secret_cluster_domain: ENC[AES256_GCM,data:o+bvKkMvPfZ9+oobxsZj,iv:iJTqLF0+3v/kMHWJIUXQK3++CoLI+fC6IOrQgpiXofw=,tag:XWEid6zEhdpxka88rW2mkw==,type:str]
secret_email_domain: ENC[AES256_GCM,data:xQwrd9Tgcgpq+I63KA8=,iv:w8fs1kXFwuRBNiswZMu5i/bOazqUPRxEwMWm0z/igxg=,tag:FaWpGtK7ldOEcHgXxZX6/A==,type:str]
secret_pushover_user_key: ENC[AES256_GCM,data:EghI75TZsXdHAp69wWFbcp8VEVNwO+moigynOEz6,iv:dtjuDfMnEH5fGFof6PakdWMFaKSm+YKbJUw1NS+BZ7Y=,tag:cYHBmWgjOHiscAhgVUI6AQ==,type:str]
secret_pushover_api_key: ENC[AES256_GCM,data:A5tYo1+zbw9ClvR2TI9HYwPJcoqtkSovtZIrGJ16,iv:7mok717cWADWKdqTnJCZ2t0c8+o2uXmvZsIoxPR0NaU=,tag:I4IvitcXqrSeoIuh2XCkzA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -19,8 +15,8 @@ sops:
c3JkOFZzYnpINjQ5QnNkaE9IYUdXL3MKsBelDv/z5nTYC6/1Zm8kmzqEoLBVPnhy
v0v/6n1GksmzslbNdKhy+xtxHYrqouhc2P4hNi0R8p8u76RXERN5fg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-17T22:24:34Z"
mac: ENC[AES256_GCM,data:2aUzQcliMtPaVp5AU5UYoUQfA6pJIWek40FjZ+wpqn81FbPo2erxFmj+m0mLU2R3s+XYv8b9tLDMS1akJT/WMH1pR3LG15HQiD/oELJ7iBhZxLApboKeWE0dc2FNTr1zueJSyUn+NxhDvTixzIcNvNVmIVTsTisjuCUTl1WnShg=,iv:gVNq8G85V0ldwzT2qScIPJB+E+XTGUt2v9XtoMU0sSI=,tag:1Yan3JSODoO7URmCbTNP/Q==,type:str]
lastmodified: "2023-11-11T15:03:36Z"
mac: ENC[AES256_GCM,data:PYjJ/WxF8UXZPnccFdjtwsS+W2N1TQmNFtTIHazFLFiSxC4b6li7TcOEpQL2HClWeXwJXkUnWGUfH9YLEPVxlAqBygaDBdghPN0uTrKaV4ZaiAQ1EhtKfGDkIGvb+aDpbRuNH77nXzDv4ws3ObSdTCsHp2LOepi4NVSuEw6MlOY=,iv:Bk+VTEsAyeRQkf9wbcBpANeXvIvGn6JzOuHRM0ilF/s=,tag:6MT3xUDX/o3e1zu8WrGm/A==,type:str]
pgp: []
unencrypted_regex: ^(kind)$
version: 3.7.3
version: 3.8.1

22
ansible/inventory/group_vars/all/wireguard.sops.yml
View File

@@ -1,22 +0,0 @@
kind: Secret
wireguard_private_key: ENC[AES256_GCM,data:hYbQA+dbFFfpypardaZmuY3+Zrv9tAppyHWsc5dPU+apO3dC2G+rS9udQLU=,iv:9soPytiJyjZWzOI76aRgv6zgHIpCkqiXbwWD9hBDIlA=,tag:2H7YMEgloF7lP9S9xwgWAA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNWlaV1YvWUw0NEJOR2Rz
aHd5eU9SdjFuTDgyZDhzUjVIMmFMczg5MmlZCm5vT1VTdjh4WkhCNWsrOG9SaWFM
L0FpSGVuR3hPN04zNHRCd3JMQXVLZVEKLS0tIFFhY1plTzdScmJrWW8xMXpIUXBP
RHR1bnp1VXZJNUI5dmVXcXRvU2NFem8KFdpVMZL4By87eR2mFB5P2ViZxA04p2uI
oe1Wg5bmqLNsfr+Z/Ai6Xc8D9ojuPvNXUkrzdLq5i6M+mi1ultazxQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-13T20:31:26Z"
mac: ENC[AES256_GCM,data:kj+KwGFaLhWTdLwQtlbM8cBdaWmky/yaz9pm/wifTPOtZmBbEBtZaQ/wF9hw34bIN6PfZvtX/4RiFg/zgA5moGLmj4O5pYDhz/4txkDG0zhv7752kxXpBZMIZtSHasqc1c/u8ifHQFZhAK0kPquR1JH9iTf/j13N6uB5PqQ8nH8=,iv:zI0QSGnWQ5xe+ON/7+dD4JScDq47l9dgyz+XX+yPmXc=,tag:u8sFto0rV7FieXDXeLUWNA==,type:str]
pgp: []
unencrypted_regex: ^(kind)$
version: 3.7.3

24
ansible/inventory/hosts.yml
View File

@@ -16,27 +16,3 @@ all:
ansible_port: 35875
vars:
ansible_user: homelab
kubernetes:
children:
master:
hosts:
k3s-master:
ansible_host: 192.168.9.100
ansible_user: fedora
ansible_ssh_port: 22
worker:
hosts:
k3s-worker1:
ansible_host: 192.168.9.105
rook_devices:
- /dev/nvme0n1
k3s-worker2:
ansible_host: 192.168.9.106
rook_devices:
- /dev/nvme0n1
k3s-worker3:
ansible_host: 192.168.9.107
rook_devices:
- /dev/nvme0n1
vars:
ansible_user: fedora

115
ansible/playbooks/workstation-work.yaml
View File

@@ -1,115 +0,0 @@
---
- hosts: localhost
become: false
gather_facts: true
any_errors_fatal: true
vars:
alacritty:
font_size: 11.0
window_columns: 150
window_lines: 40
tasks:
- name: system | disable password sudo
ansible.builtin.lineinfile:
dest: /etc/sudoers
state: present
regexp: "^%admin"
line: "%admin ALL=(ALL) NOPASSWD: ALL"
validate: visudo -cf %s
become: true
- name: chezmoi | create chezmoi directory
ansible.builtin.file:
state: directory
path: ~/.config/chezmoi
mode: 0700
- name: chezmoi | templating chezmoi.toml
ansible.builtin.blockinfile:
path: ~/.config/chezmoi/chezmoi.toml
create: true
mode: 0700
block: |
[data]
alacritty_font_size = 11.0
alaritty_window_columns = 150
alacritty_window_lines = 40
- name: gnome | create directories
ansible.builtin.file:
state: directory
path: ~/.local/share/fonts
mode: 0700
- name: gnome | download nerd fonts
ansible.builtin.get_url:
url: "{{ item }}"
dest: ~/.local/share/fonts
mode: 0700
loop:
- https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/FiraCode/Retina/complete/Fira%20Code%20Retina%20Nerd%20Font%20Complete.ttf
- https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/FiraCode/Retina/complete/Fira%20Code%20Retina%20Nerd%20Font%20Complete%20Mono.ttf
- name: brew | clone homebrew GitHub repo
ansible.builtin.git:
repo: "https://github.com/Homebrew/brew"
dest: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/Homebrew"
version: "master"
mode: 0775
- name: brew | create bin directory for homebrew
ansible.builtin.file:
path: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/bin"
state: directory
mode: 0775
- name: brew | create a symbolic link for brew
ansible.builtin.file:
src: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/Homebrew/bin/brew"
dest: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/bin/brew"
state: link
- name: shell | make Fish default shell
ansible.builtin.user:
name: "{{ lookup('env', 'USER') }}"
shell: /usr/bin/fish
become: true
- name: vscodium | apt key
ansible.builtin.apt_key:
url: https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg
keyring: /usr/share/keyrings/vscodium-archive-keyring.gpg
- name: vscodium | apt repository
ansible.builtin.apt_repository:
repo: "deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main"
filename: vscodium
- name: alacritty | apt repository
ansible.builtin.apt_repository:
repo: "{{ item }}"
loop:
- "ppa:mmstick76/alacritty"
- "ppa:fish-shell/release-3"
- name: packages | apt
ansible.builtin.apt:
name:
- python3-pip
- neovim
- tmux
- fd-find
- bat
- fzf
- jq
- npm
- fish
- codium
- alacritty
update_cache: true
become: true
- name: packages | brew
community.general.homebrew:
name:
- lsd
- age
- starship
- shellcheck
- kubectl
- helm
- kustomize
- sops
- gh
- chezmoi
- k9s
- awscli
- kubetcx
- kubens

7
ansible/playbooks/workstation.yml
View File

@@ -1,7 +0,0 @@
---
- hosts: localhost
become: false
gather_facts: true
any_errors_fatal: true
roles:
- role: workstation

2
ansible/requirements.yml
View File

@@ -4,7 +4,5 @@ collections:
version: 1.5.4
- name: community.general
version: 8.0.1
- name: kubernetes.core
version: 2.4.0
- name: community.sops
version: 1.6.7

42
ansible/roles/workstation/defaults/main.yml
View File

@@ -1,42 +0,0 @@
fonts_dir: ~/.local/share/fonts
icons_dir: ~/.local/share/icons
newaita_iconset_url: "https://github.com/cbrnix/Newaita/archive/1.09.20a.tar.gz"
nas_hostname: truenas.{{ secret_domain }}
mnt_dir: /mnt
nas_dir: ~/NAS
nfs_shares:
- {
src: "{{ nas_hostname }}:/mnt/storage/downloads",
path: "{{ mnt_dir }}/downloads",
link: "{{ nas_dir }}/downloads",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/shared-documents",
path: "{{ mnt_dir }}/shared-documents",
link: "{{ nas_dir }}/shared-documents",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/home/claude",
path: "{{ mnt_dir }}/home-claude",
link: "{{ nas_dir }}/home-claude",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/home/helene",
path: "{{ mnt_dir }}/home-helene",
link: "{{ nas_dir }}/home-helene",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/photo",
path: "{{ mnt_dir }}/photo",
link: "{{ nas_dir }}/photo",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/music",
path: "{{ mnt_dir }}/music",
link: "/home/claude/Music",
}
- {
src: "{{ nas_hostname }}:/mnt/storage/video",
path: "{{ mnt_dir }}/video",
link: "/home/claude/Videos",
}

11
ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
View File

@@ -1,11 +0,0 @@
#!/bin/bash
mkdir -p /run/media/claude/local-backups/{backups,documents,downloads,photo,piracy,jails}
# Disk one (4TB)
sudo rsync -avhP /mnt/backups/ /run/media/claude/local-backups/backups/ --delete
sudo rsync -avhP /mnt/documents/ /run/media/claude/local-backups/documents/ --delete
sudo rsync -avhP /mnt/downloads/ /run/media/claude/local-backups/downloads/ --delete
sudo rsync -avhP /mnt/photo/ /run/media/claude/local-backups/photo/ --delete
sudo rsync -avhP /mnt/piracy/ /run/media/claude/local-backups/piracy/ --delete
sudo rsync -avhP /mnt/iocage/jails/ /run/media/claude/local-backups/jails/ --delete

9
ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
View File

@@ -1,9 +0,0 @@
#!/bin/bash
# Disk two (2.5TB)
mkdir -p /run/media/claude/local-backups/music
mkdir -p /run/media/claude/local-backups/home/{claude,helene}
sudo rsync -avhP /mnt/home-claude/ /run/media/claude/local-backups/home/claude/ --delete
sudo rsync -avhP /mnt/home-helene/ /run/media/claude/local-backups/home/helene/ --delete
sudo rsync -avhP /mnt/music/ /run/media/claude/local-backups/music/ --delete

3
ansible/roles/workstation/files/scripts/update-pip.bash
View File

@@ -1,3 +0,0 @@
#!/bin/bash
pip3 list --outdated --user --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip3 install -U --user

53
ansible/roles/workstation/files/throttled/throttled.conf
View File

@@ -1,53 +0,0 @@
[GENERAL]
# Enable or disable the script execution
Enabled: True
# SYSFS path for checking if the system is running on AC power
Sysfs_Power_Path: /sys/class/power_supply/AC*/online
## Settings to apply while connected to Battery power
[BATTERY]
# Update the registers every this many seconds
Update_Rate_s: 30
# Max package power for time window #1
PL1_Tdp_W: 29
# Time window #1 duration
PL1_Duration_s: 28
# Max package power for time window #2
PL2_Tdp_W: 44
# Time window #2 duration
PL2_Duration_S: 0.002
# Max allowed temperature before throttling
Trip_Temp_C: 85
# Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL)
cTDP: 0
## Settings to apply while connected to AC power
[AC]
# Update the registers every this many seconds
Update_Rate_s: 5
# Max package power for time window #1
PL1_Tdp_W: 44
# Time window #1 duration
PL1_Duration_s: 28
# Max package power for time window #2
PL2_Tdp_W: 44
# Time window #2 duration
PL2_Duration_S: 0.002
# Max allowed temperature before throttling
Trip_Temp_C: 95
# Set HWP energy performance hints to 'performance' on high load (EXPERIMENTAL)
HWP_Mode: False
# Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL)
cTDP: 0
[UNDERVOLT]
# CPU core voltage offset (mV)
CORE: -105
# Integrated GPU voltage offset (mV)
GPU: -85
# CPU cache voltage offset (mV)
CACHE: -105
# System Agent voltage offset (mV)
UNCORE: -85
# Analog I/O voltage offset (mV)
ANALOGIO: 0

7
ansible/roles/workstation/files/yum/vscodium.repo
View File

@@ -1,7 +0,0 @@
[gitlab.com_paulcarroty_vscodium_repo]
name=gitlab.com_paulcarroty_vscodium_repo
baseurl=https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/rpms/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/-/raw/master/pub.gpg

2
ansible/roles/workstation/files/yum/yum.conf
View File

@@ -1,2 +0,0 @@
#https://www.2daygeek.com/remove-delete-old-unused-kernels-centos-fedora-rhel/
installonly_limit=3

16
ansible/roles/workstation/tasks/chezmoi.yml
View File

@@ -1,16 +0,0 @@
---
- name: configuration | include vars
ansible.builtin.include_vars:
file: vars/{{ ansible_facts['nodename'] }}.yml
- name: configuration | create chezmoi directory
ansible.builtin.file:
state: directory
path: ~/.config/chezmoi
mode: 0700
- name: configuration | templating chezmoi.toml
ansible.builtin.template:
src: chezmoi.toml.j2
dest: ~/.config/chezmoi/chezmoi.toml
mode: 0600

18
ansible/roles/workstation/tasks/gnome.yml
View File

@@ -1,18 +0,0 @@
---
- name: gnome | create directories
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: 0700
loop:
- "{{ fonts_dir }}"
- "{{ icons_dir }}"
- name: gnome | download nerd fonts
ansible.builtin.get_url:
url: "{{ item }}"
dest: "{{ fonts_dir }}"
mode: 0700
loop:
- https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/FiraCode/Retina/complete/Fira%20Code%20Retina%20Nerd%20Font%20Complete.ttf
- https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/FiraCode/Retina/complete/Fira%20Code%20Retina%20Nerd%20Font%20Complete%20Mono.ttf

13
ansible/roles/workstation/tasks/gpg.yml
View File

@@ -1,13 +0,0 @@
---
- name: gpg | create directory
ansible.builtin.file:
state: directory
path: ~/.gnupg
mode: 0700
# https://github.com/drduh/YubiKey-Guide#using-keys
- name: gpg | get gpg configuration
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
dest: ~/.gnupg/gpg.conf
mode: 0600

56
ansible/roles/workstation/tasks/main.yml
View File

@@ -1,56 +0,0 @@
---
- ansible.builtin.include_tasks: system.yml
tags:
- system
- ansible.builtin.include_tasks: repositories.yml
tags:
- packages
- ansible.builtin.include_tasks: packages-prerequisites.yml
tags:
- packages
- ansible.builtin.include_tasks: packages-common.yml
tags:
- packages
- ansible.builtin.include_tasks: packages-claude-fixe-fedora.yml
tags:
- packages
when: ansible_facts['nodename'] == "claude-fixe-fedora"
- ansible.builtin.include_tasks: packages-claude-thinkpad-fedora.yml
tags:
- packages
when: ansible_facts['nodename'] == "claude-thinkpad-fedora"
- ansible.builtin.include_tasks: packages-post.yml
tags:
- packages
- ansible.builtin.include_tasks: chezmoi.yml
tags:
- chezmoi
- ansible.builtin.include_tasks: gpg.yml
tags:
- gpg
- ansible.builtin.include_tasks: shell.yml
tags:
- shell
- ansible.builtin.include_tasks: gnome.yml
tags:
- gnome
- ansible.builtin.include_tasks: nfs.yml
tags:
- nfs
when: ansible_facts['nodename'] == "claude-fixe-fedora"
- ansible.builtin.include_tasks: wireguard.yml
tags:
- wireguard
when: ansible_facts['nodename'] == "claude-thinkpad-fedora"

65
ansible/roles/workstation/tasks/nfs.yml
View File

@@ -1,65 +0,0 @@
---
- name: nfs | create root directory
ansible.builtin.file:
state: directory
path: "{{ mnt_dir }}"
mode: 0777
become: true
- name: nfs | create directories
ansible.builtin.file:
state: directory
path: "{{ item.path }}"
mode: 0775
loop: "{{ nfs_shares }}"
become: true
- name: nfs | mount shares
ansible.builtin.mount:
state: present
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: nfs4
opts: _netdev
with_items: "{{ nfs_shares }}"
become: true
- name: nfs | create links dir
ansible.builtin.file:
state: directory
path: "{{ nas_dir }}"
mode: 0700
- name: nfs | stat music folder
ansible.builtin.stat:
path: ~/Music
register: music
- name: nfs | remove music folder
ansible.builtin.file:
path: ~/Music
state: absent
when: music.stat.isdir is defined and music.stat.isdir
- name: nfs | stat videos folder
ansible.builtin.stat:
path: ~/Videos
register: videos
- name: nfs | remove videos folder
ansible.builtin.file:
path: ~/Videos
state: absent
when: videos.stat.isdir is defined and videos.stat.isdir
- name: nfs | stat music folder
ansible.builtin.stat:
path: ~/Music
register: music
- name: nfs | create links
ansible.builtin.file:
state: link
src: "{{ item.path }}"
dest: "{{ item.link }}"
with_items: "{{ nfs_shares }}"

19
ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml
View File

@@ -1,19 +0,0 @@
---
- name: packages-claude-fixe-fedora | dnf
ansible.builtin.dnf:
name:
- akmod-nvidia
- libva-utils
- libva-vdpau-driver
- handbrake
- vdpauinfo
- mkvtoolnix-gui
become: true
- name: packages-claude-fixe-fedora | brew
community.general.homebrew:
name:
- jpeg-archive
- parallel
path: /home/{{ lookup('env', 'USER') }}/.linuxbrew/bin
state: present

14
ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml
View File

@@ -1,14 +0,0 @@
---
- name: packages-claude-thinkpad-fedora | dnf
ansible.builtin.dnf:
name:
- tlp
- wireguard-tools
become: true
- name: packages-claude-thinkpad-fedora | tlp-ui
ansible.builtin.pip:
name:
- git+https://github.com/d4nj1/TLPUI.git
state: present
become: true

157
ansible/roles/workstation/tasks/packages-common.yml
View File

@@ -1,157 +0,0 @@
---
- name: packages-common | dnf
ansible.builtin.dnf:
name:
- codium
- mpv
- resilio-sync
- gnome-tweak-tool
- la-capitaine-cursor-theme
- git
- fish
- alacritty
- redhat-rpm-config
- python3-devel
- python3-virtualenv
- ffmpeg-libs
- nano
- nfs-utils
- libgtop2-devel
- fuse-exfat
- exfat-utils
- openssl
- openssl-devel
- libacl-devel
- libicu-devel
- gcc-c++
- picard
- pinta
- calibre
- mediawriter
- hugo
- stress
- vlc
- p7zip
- p7zip-plugins
- lsd
- bat
- fzf
- fd-find
- remmina
- yp-tools
- ffmpeg
- deadbeef
- nmap
- jq
- gnupg
- steam
- npm
- ShellCheck
- gnome-extensions-app
- neovim
- brave-browser
- tmux
- cawbird
- age
- mediainfo
- discord
- librewolf
- go-task
- git-credential-libsecret
- kopia
- kopia-ui
state: present
update_cache: true
become: true
- name: packages-common | python
ansible.builtin.pip:
name:
- ansible-lint
- yt-dlp
- s-tui
- pylint
- pre-commit
- comictagger
- virtualfish
state: present
extra_args: --user
- name: packages-common | flatpak
community.general.flatpak:
name: "{{ item }}"
state: present
loop:
- https://dl.flathub.org/repo/appstream/com.bitwarden.desktop.flatpakref
- https://dl.flathub.org/repo/appstream/net.cozic.joplin_desktop.flatpakref
become: true
- name: packages-common | brew
community.general.homebrew:
name:
- minio/stable/mc
- kubectl
- helm
- kustomize
- fluxcd/tap/flux
- weaveworks/tap/gitops
- sops
- gh
- derailed/popeye/popeye
- chezmoi
- starship
path: /home/{{ lookup('env', 'USER') }}/.linuxbrew/bin
state: present
update_homebrew: true
- name: packages-common | AppImage | Directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
loop:
- "/home/{{ lookup('env', 'USER') }}/Apps"
- name: packages-common | AppImage | OpenLens | Check directory
ansible.builtin.stat:
path: /home/{{ lookup('env', 'USER') }}/Apps/OpenLens
register: openlens
- block:
- name: packages-common | AppImage | OpenLens | Create directory
ansible.builtin.file:
path: /home/{{ lookup('env', 'USER') }}/Apps/OpenLens
state: directory
- name: packages-common | AppImage | OpenLens | Get latest version
ansible.builtin.shell:
cmd: VERSION=$(curl -sX GET "https://api.github.com/repos/MuhammedKalkan/OpenLens/releases/latest" | jq --raw-output '.tag_name'); printf "%s" "${VERSION#*v}"
register: openlens_version
changed_when: false
- name: packages-common | AppImage | OpenLens | Download Binary
ansible.builtin.get_url:
url: https://github.com/MuhammedKalkan/OpenLens/releases/download/v{{ openlens_version.stdout }}/OpenLens-{{ openlens_version.stdout }}.AppImage
dest: /home/{{ lookup('env', 'USER') }}/Apps/OpenLens/OpenLens-{{ openlens_version.stdout }}.AppImage
mode: 0755
- name: packages-common | AppImage | OpenLens | Symlink
ansible.builtin.file:
src: /home/{{ lookup('env', 'USER') }}/Apps/OpenLens/OpenLens-{{ openlens_version.stdout }}.AppImage
dest: /home/{{ lookup('env', 'USER') }}/Apps/OpenLens/OpenLens.AppImage
state: link
mode: 0755
- name: packages-common | AppImage | OpenLens | Gnome Desktop
ansible.builtin.template:
src: application.desktop
dest: /home/{{ lookup('env', 'USER') }}/.local/share/applications/{{ item.name }}
mode: 0644
loop:
- {
name: "OpenLens",
comment: "The Kubernetes IDE",
path: "/home/{{ lookup('env', 'USER') }}/Apps/OpenLens",
command: "OpenLens.AppImage",
categories: "Programming;",
}
when: not openlens.stat.exists

14
ansible/roles/workstation/tasks/packages-post.yml
View File

@@ -1,14 +0,0 @@
---
- name: packages-post | modify resilio-sync service file
ansible.builtin.replace:
path: /usr/lib/systemd/user/resilio-sync.service
regexp: "multi-user"
replace: "default"
become: true
- name: packages-post | activate resilio-sync service
ansible.builtin.systemd:
name: resilio-sync
scope: user
state: started
enabled: true

18
ansible/roles/workstation/tasks/packages-prerequisites.yml
View File

@@ -1,18 +0,0 @@
---
- name: packages-prerequisites | clone homebrew GitHub repo
ansible.builtin.git:
repo: "https://github.com/Homebrew/brew"
dest: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/Homebrew"
version: "master"
- name: packages-prerequisites | create bin directory for homebrew
ansible.builtin.file:
path: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/bin"
state: directory
mode: 0775
- name: packages-prerequisites | create a symbolic link for brew
ansible.builtin.file:
src: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/Homebrew/bin/brew"
dest: "/home/{{ lookup('env', 'USER') }}/.linuxbrew/bin/brew"
state: link

114
ansible/roles/workstation/tasks/repositories.yml
View File

@@ -1,114 +0,0 @@
---
- name: repositories | enable the RPM Fusion repository
ansible.builtin.dnf:
name: "{{ item }}"
state: present
disable_gpg_check: true
loop:
- https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm
- https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm
become: true
- name: repositories | enable copr repositories
ansible.builtin.command:
cmd: dnf copr enable -y {{ item.repo }}
creates: "{{ item.file }}"
loop:
- {
repo: "tomaszgasior/mushrooms",
file: "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:tomaszgasior:mushrooms.repo",
}
- {
repo: "taw/joplin",
file: "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:taw:joplin.repo",
}
become: true
when: ansible_facts['nodename'] == "claude-fixe-fedora"
- name: repositories | copy yum repo files
ansible.builtin.copy:
src: "yum/{{ item }}"
dest: "/etc/yum.repos.d/{{ item }}"
mode: 0644
loop:
- vscodium.repo
become: true
- name: repositories | resilio sync - import repository GPG key
ansible.builtin.rpm_key:
state: present
key: https://linux-packages.resilio.com/resilio-sync/key.asc
become: true
- name: repositories | resilio sync - add repository
ansible.builtin.yum_repository:
name: rslsync
description: Resilio Sync Repository
baseurl: https://linux-packages.resilio.com/resilio-sync/rpm/$basearch
gpgcheck: true
become: true
- name: repositories | brave - check presence
ansible.builtin.stat:
path: /etc/yum.repos.d/brave-browser-rpm-release.s3.brave.com_x86_64_.repo
register: brave
- name: repositories | brave - add repository
ansible.builtin.command:
cmd: dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/
warn: false
args:
creates: /etc/yum.repos.d/brave-browser-rpm-release.s3.brave.com_x86_64_.repo
become: true
when: not brave.stat.exists
- name: repositories | brave - import asc
ansible.builtin.command:
cmd: rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
warn: false
become: true
when: not brave.stat.exists
- name: repositories | librewolf - check presence
ansible.builtin.stat:
path: /etc/yum.repos.d/rpm.librewolf.net.repo
register: librewolf
- name: repositories | librewolf - add repository
ansible.builtin.command:
cmd: dnf config-manager --add-repo https://rpm.librewolf.net
warn: false
args:
creates: /etc/yum.repos.d/rpm.librewolf.net.repo
become: true
when: not librewolf.stat.exists
- name: repositories | librewolf - import asc
ansible.builtin.command:
cmd: rpm --import https://keys.openpgp.org/vks/v1/by-fingerprint/034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
become: true
when: not librewolf.stat.exists
- name: repositories | kopia - check presence
ansible.builtin.stat:
path: /etc/yum.repos.d/kopia.repo
register: kopia
- name: repositories | kopia - import asc
ansible.builtin.command:
cmd: rpm --import https://kopia.io/signing-key
become: true
when: not kopia.stat.exists
- name: repositories | kopia - add repository
ansible.builtin.blockinfile:
path: /etc/yum.repos.d/kopia.repo
block: |
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://kopia.io/signing-key
create: true
become: true

15
ansible/roles/workstation/tasks/scripts.yml
View File

@@ -1,15 +0,0 @@
---
- name: scripts | create directory
ansible.builtin.file:
state: directory
path: "~/.local/scripts"
mode: 0700
- name: scripts | copy scripts
ansible.builtin.copy:
src: "scripts/{{ item }}"
dest: "~/.local/scripts"
mode: 0755
with_items:
- backup-local-usb-disk-one.bash
- backup-local-usb-disk-two.bash

6
ansible/roles/workstation/tasks/shell.yml
View File

@@ -1,6 +0,0 @@
---
- name: shell | make Fish default shell
ansible.builtin.user:
name: "{{ lookup('env', 'USER') }}"
shell: /usr/bin/fish
become: true

28
ansible/roles/workstation/tasks/system.yml
View File

@@ -1,28 +0,0 @@
---
- name: system | disable password sudo
ansible.builtin.lineinfile:
dest: /etc/sudoers
state: present
regexp: "^%wheel"
line: "%wheel ALL=(ALL) NOPASSWD: ALL"
validate: visudo -cf %s
become: true
- name: system | remove old unused kernels
ansible.builtin.lineinfile:
dest: /etc/yum.conf
state: present
line: "installonly_limit=3"
create: true
mode: 0644
become: true
- name: system | get better download speed with DNF
ansible.builtin.blockinfile:
path: /etc/dnf/dnf.conf
block: |
defaultyes=True
deltarpm=True
install_weak_deps=False
max_parallel_downloads={{ ansible_processor_vcpus | default('8') }}
become: true

6
ansible/roles/workstation/tasks/wireguard.yml
View File

@@ -1,6 +0,0 @@
---
- name: wireguard | copy wireguard configuration
ansible.builtin.template:
src: wireguard/{{ ansible_facts['nodename'] }}.conf
dest: ~/wireguard.conf
mode: 0600

9
ansible/roles/workstation/templates/application.desktop
View File

@@ -1,9 +0,0 @@
[Desktop Entry]
Name={{ item.name }}
StartupWMClass={{ item.name }}
Comment={{ item.comment }}
Exec={{ item.path }}/{{ item.command }}
Type=Application
Categories={{ item.categories }}
Path={{ item.path }}
X-Desktop-File-Install-Version=0.26

11
ansible/roles/workstation/templates/chezmoi.toml.j2
View File

@@ -1,11 +0,0 @@
encryption = "age"
[age]
identity = "/home/claude/.config/sops/age/keys.txt"
recipient = "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg"
[data]
alacritty_font_size = {{ alacritty.font_size }}
alacritty_window_columns = {{ alacritty.window_columns }}
alacritty_window_lines = {{ alacritty.window_lines }}
remmina_font_size = {{ remmina.font_size }}

10
ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf
View File

@@ -1,10 +0,0 @@
[Interface]
Address = 10.10.0.4/32
ListenPort = 51820
PrivateKey = {{ wireguard_private_key }}
DNS = 192.168.8.1,{{ secret_domain }}
[Peer]
PublicKey = K7kgSuPwH2NA7FeLHwvGMX02kvhD8DxHgL/wflsgx34=
AllowedIPs = 0.0.0.0/0
Endpoint = services.{{ secret_domain }}:51820

7
ansible/roles/workstation/vars/claude-fixe-fedora.yml
View File

@@ -1,7 +0,0 @@
---
alacritty:
font_size: 11.0
window_columns: 150
window_lines: 40
remmina:
font_size: 11

7
ansible/roles/workstation/vars/claude-thinkpad-fedora.yml
View File

@@ -1,7 +0,0 @@
---
alacritty:
font_size: 9.0
window_columns: 100
window_lines: 28
remmina:
font_size: 9