117 lines
3.0 KiB
YAML
117 lines
3.0 KiB
YAML
---
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
### UPSTREAM BEGIN ⇒ ###
|
|
- name: pull prerequisites from upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|
vars:
|
|
msg: 'Post-install'
|
|
### ⇐ UPSTREAM BEGIN ###
|
|
|
|
- name: remove unneeded software
|
|
package:
|
|
name: '{{item}}'
|
|
state: absent
|
|
with_items: "{{software_to_del}}"
|
|
|
|
- name: install sudo
|
|
package:
|
|
name: sudo
|
|
|
|
- name: install wanted software
|
|
package:
|
|
name: '{{item}}'
|
|
with_items: "{{software_to_add}}"
|
|
|
|
- name: allow AUR user to install software
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "^{{aur_user}}.*/usr/bin/pacman"
|
|
line: >
|
|
{{aur_user}} ALL=(ALL) NOPASSWD:
|
|
/usr/bin/pacman *-S* , /usr/bin/pacman *-U*
|
|
insertafter: EOF
|
|
|
|
### UPSTREAM END ⇒ ###
|
|
- name: merge upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|
vars:
|
|
msg: 'Post-install'
|
|
### ⇐ UPSTREAM END ###
|
|
|
|
# Pacman mirrors (after updates)
|
|
- name: enable the chosen Pacman mirrors
|
|
replace:
|
|
path: "{{chroot}}/etc/pacman.d/mirrorlist"
|
|
regexp: "^#(.*//(?:{{software_mirrors | regex_escape() | replace('\\ ', '|')}})/.*)$"
|
|
replace: '\1'
|
|
|
|
- name: disable other Pacman mirrors
|
|
replace:
|
|
path: "{{chroot}}/etc/pacman.d/mirrorlist"
|
|
regexp: "^([^#](?:(?!//(?:{{software_mirrors | regex_escape() | replace('\\ ', '|')}})/).)*)$"
|
|
replace: '#\1'
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
- name: commit local changes
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
vars:
|
|
msg: pacman mirrors (after updates)
|
|
### ⇐ LOCAL COMMIT ###
|
|
|
|
- name: create systemd override-directories
|
|
file:
|
|
path: "/etc/systemd/{{item}}.d"
|
|
state: directory
|
|
mode: 0755
|
|
with_items:
|
|
- coredump.conf
|
|
- logind.conf
|
|
- system.conf
|
|
- user.conf
|
|
- system/tmp.mount
|
|
|
|
- name: secure systemd settings
|
|
copy:
|
|
content: "{{item.content}}"
|
|
dest: "/etc/systemd/{{item.path}}.d/secure-{{nickname}}.conf"
|
|
mode: 0644
|
|
with_items:
|
|
- path: coredump.conf
|
|
content: |
|
|
[Coredump]
|
|
Storage=none
|
|
- path: logind.conf
|
|
content: |
|
|
[Login]
|
|
NAutoVTs=2
|
|
KillUserProcesses=yes
|
|
HandlePowerKey=reboot
|
|
PowerKeyIgnoreInhibited=yes
|
|
- path: system.conf
|
|
content: |
|
|
[Manager]
|
|
DumpCore=no
|
|
DefaultMemoryAccounting=yes
|
|
DefaultLimitCORE=0
|
|
- path: user.conf
|
|
content: |
|
|
[Manager]
|
|
DumpCore=no
|
|
DefaultMemoryAccounting=yes
|
|
DefaultLimitCORE=0
|
|
- path: system/tmp.mount
|
|
content: |
|
|
[Mount]
|
|
Options=
|
|
Options=mode=1777,strictatime,nosuid,nodev,noexec
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
- name: commit local changes
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
vars:
|
|
msg: 'Post-install'
|
|
### ⇐ LOCAL COMMIT ###
|