diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index c1ecd56..0000000
--- a/.gitattributes
+++ /dev/null
@@ -1 +0,0 @@
-**/vault diff=ansible-vault merge=binary
diff --git a/ansible.cfg b/ansible.cfg
index 0702058..b9656f8 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,4 +1,3 @@
[defaults]
inventory = ./inventory
roles_path = roles/
-vault_password_file = scripts/get_vault_pass.sh
diff --git a/defaults/main.yml b/defaults/main.yml
index 13cae0b..688651f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,34 +38,14 @@ yubikey_token_id: None
# Client IP for the ‹wg-admin› VPN
wg_admin_ip: None
-# Dictionary containing the IP addresses of the hosts on Wireguard interfaces
-# Keys represent interface name, values IP address with a mask.
-#
-# Convenience variable for easier deduplication of common values that are used
-# across all the hosts.
-wg_addresses: None
-
-# Dictionary containing the private keys for the Wireguard hosts. Keys represent
-# interface name, values private key.
-#
-# Convenience variable to maintain better idempotency and reproducibility of the
-# Ansible deployments/bootstraps.
-wg_private_keys: None
-
# Wireguard connections
# List of connections to set up, example:
#
# - ifname: ‹interface name›
-# autoconnect: "true/false" # needs to be a string
-#
-# private_key: ‹private key for the VPN connection, if not generated›
# generate_keypair: true/false
-#
-# address: ‹assigned address on the VPN›
-# gateway: ‹part of the DNS resolution setup›
-# dns: ‹IP of the DNS server on the VPN›
# domain: ‹domain, adjust DNS resolution, if set›
-#
+# gateway: ‹part of the DNS resolution setup›
+# address: ‹assigned address on the VPN›
# peers:
-# - { note, endpoint, public_key, allowed_ips, keepalive }
+# - { note, public_key, allowed_ips, endpoint, keepalive }
wg_connections: []
diff --git a/group_vars/all/vars b/group_vars/all/vars
index 2f456b3..a1add04 100644
--- a/group_vars/all/vars
+++ b/group_vars/all/vars
@@ -8,6 +8,5 @@ gpg_signingkey: "7C47D46246790496"
hashicorp_vault_address: "{{ vault_hashicorp_vault_address }}"
vaultwarden_address: "{{ vault_vaultwarden_address }}"
-wg_addresses: "{{ vault_wg_addresses }}"
-wg_private_keys: "{{ vault_wg_private_keys }}"
+wg_admin_ip: "{{ vault_wg_admin_ip }}"
wg_connections: "{{ vault_wg_connections }}"
diff --git a/group_vars/all/vault b/group_vars/all/vault
index fcff7e2..d27f9c4 100644
--- a/group_vars/all/vault
+++ b/group_vars/all/vault
@@ -1,81 +1,28 @@
$ANSIBLE_VAULT;1.1;AES256
-32646438633661393232633832623432636435386330393264326530373731633932626364656562
-3265333062393538363536393037383433663564613231340a346261336530396536613131386564
-64666433663036396331626163636163643035323830343637386532343434356132386162366361
-3938303166643334330a633065663064393833646563323133393330353634333665663332613732
-36346535653836383735313561316366633437383237663766366433643139663663623231666166
-33306332316464623733393338363065613437306433653663623564313332653136363235626336
-30643464613630363331623665623563633266336236663665613864313831356236373066626633
-36363130326233383163616161353830366139313930653330653837666535666237613237373362
-38363665393536643237393338623466353435633635653634323631353265363462333431653235
-38383730383634633861393932373662303339626433303162393533303164653830373566373936
-65303735336531656163613139353965363732646161623961663439393832356638663761396134
-32303466613265366461303137663831323036303362613464666362386363303836333239313834
-64653961383865383638343937623532616165633138303839393832356364653736313039336133
-31623263323365373064666236363163363539633931633635643539323163343335656338653535
-37623166656333373538393230613533666632363035366565666330663065396265346262383139
-66646464386263386535363930636364303338353330616538613836343238303665363939363930
-37333361633532613430396531616261343666656238373364383465343462363261613031663239
-31393930336333333364663839373231336638666533316231643834316439366431363435396132
-31396237313765316334643931346164316261656138346134616233646335646365623665646632
-61316630316565333664653532663232316432393432383233636564646432343737373161663963
-62376536336537353538633366613431646537663966306533623037363361316134393463396438
-64636566326632313333333033396334323065613962376539396633353661366235313436376132
-35353339623765393135646264356436373832633232383762343933663436386531346364336336
-61616164613265623061653933353438666632643164313839303065393438636137653632336163
-61376436616564343139356165323162383238316264646536646138396635633234323862613135
-35363838666630303666623638363137623964336663396462343266336264336635666631363563
-65396465393563616431373563663738343161393238396132313536643433346237376134313031
-37633431353437636638656661323762383333616562623364353731303137393637313135356338
-38643238393663313966323233303037623838383934663263623461363863653536303132346337
-34623535633233306133666665353339663836323336343561343537326261323633333761336631
-65623133383633616463643462336630643363346561316162346433386137313431306131656162
-34343137633239666535346431663663363634643936643132343436616266353532633434663939
-38336130343062393964366230643633656561663939653030653064623532306663363731616566
-30393361636133303231643138633766613461633665663566633862363533366233326365653430
-33633761396236663738326561616433303934663936306334323465346334666464346333376266
-39633438383064303338396337613835383039313861376363323563336333663263303465316534
-36343132393035633165623864623937636235633965326566373730303430613562376365663364
-38643665346530376430316164616538313462373633653630316330326638303466333836623730
-33643237663666383235363736313335306636346263623032356262326666666134623862653265
-32666630383134633037643138323432656633343565656461336534386566613162323736373166
-36666536303639303064373035313130636438653331613262613365643166383036623630656434
-38363431336566626238343830393561666230383464613036306236346237346132316565373932
-35346361373535373838323566313166666233623761653663376636666539393438353436306232
-61343762333939366664333366356132303738316464393030613863383434656639376136623661
-65373338356263613738626463646337343939663735623432616138373665633163373334616139
-35353833303738396666363561643537323730373031373137386361626664623936626333303337
-37636562353863336531336134636139346538383839626365356532393735333834653638383438
-65653736366437373838613330643431336632623432623264346530646535623635363834623931
-62616166373435623161313438656631323137366538386235323766633363653062373565353436
-39346236613137373662316265396536383334353636323065383730386436356635666138643264
-37626438633430353934623136633230623737326632323933646132656163343833643230336564
-64643030623932366337356666393162333732656164616235623736613036393134383535303936
-30336131323263643165623663646661306166616530623338333266303831653834653431363033
-39646365333065306536316161366635363361386366393834333261363437656266306132333230
-30303836396136373963643131383565383239643561363665306336393536643039623736323333
-37643835376437616563316363636166356466396165366238306334386466353630366462366463
-39356366346561366661323131343331363935653064373137366233316633313833623662383366
-30313561356164613038386130303031623534636163613863356438333766633835326331373934
-61633136393466666238396264366464363632616532336332376265383761363936396635633961
-65393235326364326164626563626163643265633235656330616437643865356636376432613936
-66303065373665623536653562393933633564303634376435373135393235353065366661666137
-61373864383437376131363634333237656162313739363134323039323935623632343338613061
-38633161616262393138356130386266643261313539646137326237643262363061326633646664
-30643931373061323864656534626563653735636335616631626134663838663261383064336465
-62313762313362326634353334376632643536643161326262653637623232353534336465366639
-66656532643236336235306566343761376131633639346332623266313139333235326464333334
-30633961616531343535646632663665653365333961343038636439366664323463653335333363
-38333135343363323631373533316561383732643231383862653132383531323266303534663665
-31633038353065373865306333346437643265623262323036656439663664653337653131373865
-39353635613333643933656636643166346539373838353738373864313839636138333763613033
-30383937613463616434626561346436393734653039373563613361333835396361333663366534
-31376166643263633437353435646536363034316165653334613430393037656136393532306137
-31343165353661383835306664623064633333666639306334336464333836376535336237623232
-61666530663162373934326465383865613936323739323739383966353631623433643231343535
-62333065333036393330353230323265653264333762326431363937643131326131613663306532
-61363430316464663762633336313265373064343731386261376133663463616135646432373062
-37633861316332616639633234313938353230646237343934393735396232613662306131666438
-39613139643132633564633431636365656165313531373262393030366236343836653436656338
-34646533656164313836343930383535633038643437616165303432323865653836343064343261
-36636262613338366530
+63376231613461376465633862633737343864636662306262303530303165623730613833323961
+6233383266366236326435656134656437356539326533390a636631613339373366346338666436
+38633938316237626662666363343230663533633565643838323137306434376539353439306339
+3435623631323865630a333834343066363837643061313063666632383962396435326530633239
+30396561643634396632386433633263323830646463643835626639313139663332653638353862
+33616434363635396462343533656234393662373533666662623763633363636233626436663931
+33633439323531663634613834396330653636353733366336303836646230373165663833363134
+39623339353436373862333736353133353331623239663961313835666166323233643964646138
+34656332663534626636323531333563653263366330346665663739373335356631386562353531
+32613765316661303034616366656462376561363432396663646565353230316238366336376466
+32663264313531393136363832393364616538646131653561653762366430396437396361376132
+66633035663334323762396361326538343032356432333766346538653864313530653162653131
+66383461383036306137343638373831633265303638643366393837373332623538326364643739
+32316464376535643933363935383336663438373132643233346133383232653363373337323634
+36356531623838306262333733306639336538323630656438383836323437373938373139396131
+33643361326362643638306162336132626135393362373431306137383261643335626534353730
+32626630633135656432313737326238343264333465313434633961383166313162656666626639
+34336438353838376530306630326635633262616631653436313739393438663162313265626431
+35333033396265356166356162646462376532616431663530653664323838343833663464653035
+31336436316631616135326233363235303032346161393366323930623430376333636661623737
+39613464653165366230383539366464336639383666636437323337666566613836376537656466
+32346161386163363665373633663961333435613636376165386634366331393835306537323033
+39353963633061616466323636396536643338356361353865313139396135663836636162343165
+65386162343539336437643630323631353230396566616563613865613261383835353862313134
+37336236393862656636376665646466623862633732663833616535373737613538626437303935
+65633539663834333564386638626432316166616630653333326431643231626331666634383236
+393965363664366531313766383735323335
diff --git a/group_vars/desktops/vars b/group_vars/desktops/vars
index 1d44153..673bf4e 100644
--- a/group_vars/desktops/vars
+++ b/group_vars/desktops/vars
@@ -3,7 +3,6 @@ ssh_server_sign_host_keys: false
ssh_server_auth_password_authentication: "yes"
flatpak_apps:
- - com.brave.Browser
- "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
- com.discordapp.Discord
- com.spotify.Client
@@ -14,102 +13,3 @@ flatpak_apps:
- org.telegram.desktop
# - org.x.Warpinator
- org.flameshot.Flameshot
-
-editor_vscode_extensions:
- # C/C++
- - bazelbuild.vscode-bazel
- - ms-vscode.cmake-tools
- - ms-vscode.cpptools
- - ms-vscode.cpptools-extension-pack
- - ms-vscode.cpptools-themes
- - twxs.cmake
-
- # C#
- - ms-dotnettools.csdevkit
- - ms-dotnettools.csharp
- - ms-dotnettools.vscode-dotnet-runtime
- - ms-dotnettools.vscodeintellicode-csharp
-
- # Deno
- - denoland.vscode-deno
-
- # Go
- - golang.go
-
- # Hare
- - adotinthevoid.hare-highlighting
-
- # Java
- - redhat.java
- - vscjava.vscode-gradle
- - vscjava.vscode-java-debug
- - vscjava.vscode-java-dependency
- - vscjava.vscode-java-pack
- - vscjava.vscode-java-test
- - vscjava.vscode-maven
-
- # Kotlin
- - mathiasfrohlich.kotlin
-
- # Python
- - charliermarsh.ruff
- - ms-python.debugpy
- - ms-python.python
- - ms-python.vscode-pylance
- - ms-toolsai.jupyter
- - ms-toolsai.jupyter-keymap
- - ms-toolsai.jupyter-renderers
- - ms-toolsai.vscode-jupyter-cell-tags
- - ms-toolsai.vscode-jupyter-slideshow
-
- # Rust
- - rust-lang.rust-analyzer
-
- # Swift
- - sswg.swift-lang
- - vadimcn.vscode-lldb
-
- # Zig
- - ziglang.vscode-zig
-
- # Git
- - eamodio.gitlens
-
- # Themes
- - akamud.vscode-theme-onedark
- - akamud.vscode-theme-onelight
- - alexandernanberg.horizon-theme-vscode
- - atomiks.moonlight
- - avidworks.vampiro
- - catppuccin.catppuccin-vsc
- - ddiu8081.moegi-theme
- - dracula-theme.theme-dracula
- - enkia.tokyo-night
- - fabiospampinato.vscode-monokai-night
- - github.github-vscode-theme
- - gnhuy91.theme-oceanicnext-sublime
- - ibmlover.oxocarbon
- - keifererikson.nightfox
- - liviuschera.noctis
- - mcagampan.dark-horizon
- - ms-vscode.theme-tomorrowkit
- - mvllow.rose-pine
- - sdras.night-owl
- - teabyii.ayu
- - tomphilbin.gruvbox-themes
- - vincentfiestada.cold-horizon-vscode
- - zhuangtongfa.material-theme
-
- # Misc
- - asciidoctor.asciidoctor-vscode
- - cs50.vscode-presentation-mode
- - danielgjackson.auto-dark-mode-windows
- - editorconfig.editorconfig
- - ms-vscode-remote.remote-containers
- - tamasfe.even-better-toml
- - unifiedjs.vscode-mdx
- - vscodevim.vim
-
- # Where does this come from?
- - visualstudioexptteam.intellicode-api-usage-examples
- - visualstudioexptteam.vscodeintellicode
diff --git a/group_vars/servers/vars b/group_vars/servers/vars
index 036ff6c..e238648 100644
--- a/group_vars/servers/vars
+++ b/group_vars/servers/vars
@@ -1,8 +1,5 @@
certbot_email: "{{ vault_certbot_email }}"
-cockpit_2fa: true
-cockpit_has_reverse_proxy: true
-
host_fqdn: "{{ vault_host_fqdn }}"
porkbun_apikey: "{{ vault_porkbun_apikey }}"
diff --git a/host_vars/ampere/vault b/host_vars/ampere/vault
index 32bf0fb..4b95343 100644
--- a/host_vars/ampere/vault
+++ b/host_vars/ampere/vault
@@ -1,20 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
-37313763643432623939616435323639326235653062376332346163653338366638393531313864
-6362383739393765383762323437326337643534356339380a396436306566393638666362383037
-32336462646362363066626230303433386137353263623535376233306634366530373439376464
-3363303734363266620a623861373831616338303662613862643361356339303466346664363330
-37313961373535393339386539356638383239656465636135613338646132353264373737623362
-33323334656564306136656564653261646230613232633161623234636362643363633235363032
-38633461373230326536393734383162656161366533373135353162313334313833666637313134
-38366332383666623036366439343265353232633032666436363164613464623534613264346531
-31663366663430313637306135353930386330333932383864333264313265616337333530396562
-32636136333261366231653933383131306161393033623666396234633363613766643562393366
-61613130353465356334313637353231366535363339623631306535383634643731303363613461
-66363738646464333038633961623363386533626363336536653330626266646431633531373033
-64636162326465326632666235356437636338303030353839316231356165616166393963333761
-64393630666635306632633530363738656139623939313533316336636139626434346139373262
-39306331346434643639626232366536666234653830386533373035353762313437363932636439
-33346639363733623761326239616236383763393235343130633964373330373736386533663537
-38396133376132633934656362653563613333323735386137393162373238366464333966663862
-65613937363863323264376662326434343966366161316134653138653066646331336637303839
-653336356139313536663533636632383766
+37346330376565653933653934653564643163356637666632393964366632363336353463323432
+3765303739303338326463396635653834396361316331340a326239666464363739363562613233
+30353039313564353866663838626366663064633332313662656238323262393131626462373064
+6566376239356530300a303362633534636565386636393764396362653263323362306264383461
+31363065383436313062336338303762316164663036393533376130643138646237
diff --git a/host_vars/hertz/vault b/host_vars/hertz/vault
index fb8d025..5c42073 100644
--- a/host_vars/hertz/vault
+++ b/host_vars/hertz/vault
@@ -1,20 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
-62313235373263656238613263613564626638333563616630373638316163653734363431663333
-3134616263323961613261653131653662343333666334370a373465623863313538376236336562
-61666661613332363732336466383238623635323534393461306433343635343165633130333832
-6265366230353732390a373236666238386638333365316137623461626664623830626438353538
-61373163663138303336316231343461376538326261653631306434373566393939353862393561
-30353064356533646361386330313738323233373466636234646463363035353565306263353361
-30646661383561343630353733663163313937386332333133613566376334636561653062666464
-64623465303930376433346565343364373565373530336133653537623766326264336165303833
-38633362373231636266316461336461663735386632386537666431353232616331323362333831
-66303633353830353330333033383562613863346661393566663965616530623432316134306664
-62666132666234653363636535663163643631316431373265343939376263393739313831316463
-34633334303938643939313266306565343765666239393638623333353931613831336239353533
-39633635356134613035633866363764366135626166376364623938313066636335623233633639
-32656538626662626532323530656665376633353535353835643637313661613235616237386637
-36333531666232323431333264616161333038393239303239393038333234366235353335383365
-30646233666661336435656463663966353433323864633265636536616431333536666265666566
-35373937666132313134323436633334343834363732393732356636666136653263616538396132
-64383830356563333836383234323763313236346561353835383931653565333636613561303564
-613333623536616635323431613638343730
+61353931363939383464363938643136373433643736333361646566393863663136336162643962
+3038666635616462623231656565663764643666663536390a316232623638396239636234376330
+64663638363766343536373236366434356135366435336661393935396161393161626361313662
+6664343835393263310a623439323739666362356335653538646331316331613165393263343039
+34363335393961363265646263653138346563633339653039613831366565326638
diff --git a/host_vars/mountainside/vault b/host_vars/mountainside/vault
index 856846b..d3268fc 100644
--- a/host_vars/mountainside/vault
+++ b/host_vars/mountainside/vault
@@ -1,31 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256
-35303332646531393361626335626138653663373131323539393865333336366139343631623465
-3464386461316466376636663339346266656363323435340a343262393062646336616361396463
-64306161616432363638646133376333316462353361623331383532326135383838383861653662
-3062343730383336300a306461333039663937303335653032656362653863613333326239323834
-38356639313239353432366165363231646439343939303063616532316565383935646163643865
-31323264383731653737613930383539323263373866366266386630393339323765303338383661
-34373964663936613133326363623461333564303837636462613035353166326639666132366638
-36306331383663633266383162333962363431303566356630356430386337633363373764633661
-37343430343264336331376261306633383765393236383435656431656439313163626339303232
-36303530653139646531633663383434343063623964623461323731313932373238363139653565
-37303431306135656635323733323734666164303931343832376439646333396364313134613262
-31333439366539366631323439366435633835383965373064653335336265313064613663623530
-35343361353965373733636337626139636631626663353032636433343235363532316266373138
-32363630613036613833353937656534656466613634363838643735613034356334346436626534
-33623734656439373234636235343338306563336637396662613830626363343232356666383366
-37633332336366636162646163663130326435356138663135653737336336646232626131326337
-66656163616434323237643362313263346366393865356361323532623634386163386636306165
-35323334626163623161646337626436373634653265353337343536653363373433643566316136
-37383039386130663836356263323564363436353433643464323164666639383561346563346430
-33636534333431383866333034353838333265316261643434386332333461313965366663366634
-65663336306664643337373233643333386638663762393437653861353634346239363333343239
-38383135393863393436613739393537396639646332343264333036376333353263363361313234
-65366261633139346566626231303765356535366565623533333865306435313763333061356536
-63303131666465633632666632383334326436663530363634316231313736616135623964626166
-65303032323562363136623266623136643039316231613633616539373234316439653663633835
-64333661333763313337663265623062316338643666613034613236396335663366326635623134
-30653762663436363332333436633534666136643165623364366331376337303830373438626366
-35343962626538666135393061333233313863643363396561363431383035316439353265306637
-37666637646564393762383364333966373663343539363932656434366530663830316236643739
-3531393539613265343135363838633661373633663430376133
+36636438356436373332646664346661373963643733333236363633643064623636663239383965
+3635646338663966303232306532393934336261646537300a363838643037656339393937366633
+66303139376663626136353838353961626533623031316565393639363538636666633633656532
+6533643435663638380a663565313230326166343431666266663737393032326334633537653763
+39323464636231333931646430313539613332623435323833643763333637643438633431303166
+38386434323565343266663331313664316333373032613238326139333038383134336134316666
+62633364613830323935653839373235376566393863363565376463346263653837643534376333
+32666233613036616366363263353030633966343066623731343763313537373433663266393362
+32376636313465373932633435306363313262613161353234313063396362333732343864373964
+37323333356235336530343761316335623366646536623233353062396439613834663963326230
+33376235626165346530623931663832633363373139323237353664663562336235366538623538
+39636230326639613637653431666564343831663438623738323635343237656463333637306563
+36346131363737613633383763333032373635393730626435343565353065653265653563646562
+38366630373166373266633030323066653866363238323738666137656435653133643336316463
+63666236343534303636643630613838336466623530613436356362333732303666636239663665
+38396166333837393737303138636133323933613932313030386664303865626130626661663337
+35613532613062346435343330633232393038303862326632303033623031306433
diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
index 0264031..be32fb8 100644
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@@ -10,11 +10,7 @@
- role: os_el
become: true
- when: ansible_distribution in [ "AlmaLinux", "CentOS", "Rocky" ]
-
- - role: os_deb
- become: true
- when: ansible_distribution in [ "Debian", "Ubuntu" ]
+ when: ansible_distribution in [ "AlmaLinux", "CentOS" ]
# Upgrade all packages and install the basic-bitch ones
- role: base_system
@@ -112,10 +108,7 @@
with_items: "{{ wg_connections }}"
vars:
wg_ifname: "{{ item.ifname }}"
- wg_autoconnect: "{{ item.autoconnect }}"
wg_generate_keypair: "{{ item.generate_keypair }}"
- wg_private_key: "{{ item.private_key }}"
- wg_dns: "{{ item.dns }}"
wg_domain: "{{ item.domain }}"
wg_gateway: "{{ item.gateway }}"
wg_address: "{{ item.address }}"
diff --git a/roles/base_system/tasks/upgrade.yml b/roles/base_system/tasks/upgrade.yml
index eac6d50..ca5e602 100644
--- a/roles/base_system/tasks/upgrade.yml
+++ b/roles/base_system/tasks/upgrade.yml
@@ -4,16 +4,16 @@
name: "*"
state: latest
update_cache: true
- when: ansible_facts.pkg_mgr == "apt"
+ when: ansible_distribution in [ "Debian", "Ubuntu" ]
- name: Upgrade all packages with ‹dnf›
ansible.builtin.dnf:
name: "*"
state: latest
- when: ansible_facts.pkg_mgr.startswith("dnf")
+ when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
- name: Upgrade all packages with ‹zypper›
community.general.zypper:
name: "*"
state: latest
- when: ansible_facts.pkg_mgr == "zypper"
+ when: "'openSUSE' in ansible_distribution"
diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
index 4f4c341..7acd7c3 100644
--- a/roles/cockpit/defaults/main.yml
+++ b/roles/cockpit/defaults/main.yml
@@ -3,9 +3,3 @@
# reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
# and checks for SSL/TLS connections)
cockpit_has_reverse_proxy: false
-
-# Boolean variable that denotes whether to install dependencies for 2FA auth
-# to Cockpit (Google Authenticator and QR encoding utilities for enrolling the
-# OTP), also installs the rule to the ‹pam.d› so that the 2FA is required for
-# logging in to the Cockpit.
-cockpit_2fa: false
diff --git a/roles/cockpit/tasks/install.yml b/roles/cockpit/tasks/install.yml
index e1ba3e7..50e675e 100644
--- a/roles/cockpit/tasks/install.yml
+++ b/roles/cockpit/tasks/install.yml
@@ -3,11 +3,3 @@
ansible.builtin.package:
name: cockpit
state: present
-
-- name: Install deps for 2FA in Cockpit
- ansible.builtin.package:
- name:
- - google-authenticator
- - qrencode-libs
- state: present
- when: cockpit_2fa
diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
index 86bea32..12022dc 100644
--- a/roles/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@@ -12,16 +12,6 @@
group: root
when: cockpit_has_reverse_proxy
-- name: Require 2FA for logging into the Cockpit
- ansible.builtin.lineinfile:
- line: auth required pam_google_authenticator.so nullok
- path: /etc/pam.d/cockpit
- create: true
- mode: 0644
- owner: root
- group: root
- when: cockpit_2fa
-
- name: Enable cockpit
ansible.builtin.service:
name: "cockpit.socket"
diff --git a/roles/editor_helix/tasks/install_Rocky.yml b/roles/editor_helix/tasks/install_Rocky.yml
deleted file mode 120000
index 5819c74..0000000
--- a/roles/editor_helix/tasks/install_Rocky.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_fedora-family.yml
\ No newline at end of file
diff --git a/roles/editor_helix/tasks/install_Ubuntu.yml b/roles/editor_helix/tasks/install_Ubuntu.yml
deleted file mode 120000
index a346047..0000000
--- a/roles/editor_helix/tasks/install_Ubuntu.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_Debian.yml
\ No newline at end of file
diff --git a/roles/editor_helix/tasks/install_Ubuntu.yml b/roles/editor_helix/tasks/install_Ubuntu.yml
new file mode 100644
index 0000000..c921dda
--- /dev/null
+++ b/roles/editor_helix/tasks/install_Ubuntu.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable the PPA for Helix
+ ansible.builtin.apt_repository:
+ repo: ppa:maveonair/helix-editor
+ state: present
+ become: true
+
+- name: Install the Helix
+ ansible.builtin.package:
+ name: helix
+ state: present
+ become: true
diff --git a/roles/editor_helix/tasks/install_fedora-family.yml b/roles/editor_helix/tasks/install_fedora-family.yml
index 30e655c..82ac82a 100644
--- a/roles/editor_helix/tasks/install_fedora-family.yml
+++ b/roles/editor_helix/tasks/install_fedora-family.yml
@@ -1,4 +1,11 @@
---
+- name: Enable the Copr
+ community.general.copr:
+ name: varlad/helix
+ state: enabled
+ when: ansible_distribution not in ("AlmaLinux")
+ become: true
+
- name: Install the Helix
ansible.builtin.package:
name: helix
diff --git a/roles/editor_vscode/defaults/main.yml b/roles/editor_vscode/defaults/main.yml
deleted file mode 100644
index 8d0b477..0000000
--- a/roles/editor_vscode/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-# List of VSCode extensions to be installed with the VSCode
-editor_vscode_extensions: []
diff --git a/roles/editor_vscode/files/code-url-handler.desktop b/roles/editor_vscode/files/code-url-handler.desktop
new file mode 100644
index 0000000..c750536
--- /dev/null
+++ b/roles/editor_vscode/files/code-url-handler.desktop
@@ -0,0 +1,12 @@
+[Desktop Entry]
+Name=Visual Studio Code - URL Handler
+Comment=Code Editing. Redefined.
+GenericName=Text Editor
+Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --open-url %U
+Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
+Type=Application
+NoDisplay=true
+StartupNotify=true
+Categories=Utility;TextEditor;Development;IDE;
+MimeType=x-scheme-handler/vscode-insiders;
+Keywords=vscode;
diff --git a/roles/editor_vscode/files/code.desktop b/roles/editor_vscode/files/code.desktop
new file mode 100644
index 0000000..d4cf29e
--- /dev/null
+++ b/roles/editor_vscode/files/code.desktop
@@ -0,0 +1,18 @@
+[Desktop Entry]
+Name=Visual Studio Code Insiders
+Comment=Code Editing. Refined.
+GenericName=Text Editor
+Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --unity-launch %F
+Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
+Type=Application
+StartupNotify=false
+StartupWMClass=code - insiders
+Categories=Utility;TextEditor;Development;IDE;
+MimeType=text/plain;inode/directory;
+Actions=new-empty-window;
+Keywords=vscode;
+
+[Desktop Action new-empty-window]
+Name=New Empty Window
+Exec=/opt/VSCode-linux-x64/bin/code-insiders --no-sandbox --new-window %F
+Icon=/opt/VSCode-linux-x64/resources/app/resources/linux/code.png
diff --git a/roles/editor_vscode/files/update.sh b/roles/editor_vscode/files/update.sh
new file mode 100644
index 0000000..dba9dee
--- /dev/null
+++ b/roles/editor_vscode/files/update.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# for upstream
+URL='https://code.visualstudio.com/sha/download?build=insider&os=linux-x64'
+
+# for local
+# URL='https://maxwell.mfocko.xyz/code-insiders.tar.gz'
+
+# for local over VPN (also use --no-check-certificate)
+# URL='https://172.16.0.2/code-insiders.tar.gz'
+
+echo ">>> Downloading";
+wget $URL -O /tmp/code.tar.gz
+
+echo ">>> Removing and extracting";
+rm -rf /opt/VSCode-linux-x64
+tar xvaf /tmp/code.tar.gz -C /opt/
+
+# Check for binaries
+if ! [ -x /usr/local/bin/code-insiders ]; then
+ echo ">>> Linking binaries";
+ ln -s /opt/VSCode-linux-x64/bin/code-insiders /usr/local/bin/
+ ln -s /opt/VSCode-linux-x64/bin/code-insiders /usr/local/bin/code
+fi
+
+# Check for *.desktop
+if ! ls /usr/share/applications | grep visual-studio-code; then
+ echo ">>> Installing desktop files";
+ PATH_TO_APPS=/home/mfocko/.local/share/visual-studio-code-insiders
+ sudo cp $PATH_TO_APPS{,-url-handler}.desktop /usr/share/applications/;
+fi
diff --git a/roles/editor_vscode/tasks/install_apt.yml b/roles/editor_vscode/tasks/install_apt.yml
deleted file mode 100644
index 31e054f..0000000
--- a/roles/editor_vscode/tasks/install_apt.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Resolve URL to the VSCode deb package
- ansible.builtin.uri:
- url: https://code.visualstudio.com/sha/download?build=insider&os=linux-deb-x64
- register: _vscode_deb_response
-
-- name: Install VSCode via deb package
- ansible.builtin.apt:
- deb: "{{ _vscode_deb_response.url }}"
- state: present
- become: true
diff --git a/roles/editor_vscode/tasks/install_dnf.yml b/roles/editor_vscode/tasks/install_dnf.yml
deleted file mode 120000
index 463b6d3..0000000
--- a/roles/editor_vscode/tasks/install_dnf.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_rpm.yml
\ No newline at end of file
diff --git a/roles/editor_vscode/tasks/install_dnf5.yml b/roles/editor_vscode/tasks/install_dnf5.yml
deleted file mode 120000
index 463b6d3..0000000
--- a/roles/editor_vscode/tasks/install_dnf5.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_rpm.yml
\ No newline at end of file
diff --git a/roles/editor_vscode/tasks/install_rpm.yml b/roles/editor_vscode/tasks/install_rpm.yml
deleted file mode 100644
index 113447d..0000000
--- a/roles/editor_vscode/tasks/install_rpm.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: Resolve URL to the VSCode RPM
- ansible.builtin.uri:
- url: https://code.visualstudio.com/sha/download?build=insider&os=linux-rpm-x64
- register: _vscode_rpm_response
-
-- name: Install VSCode via dnf
- ansible.builtin.dnf:
- name: "{{ _vscode_rpm_response.url }}"
- disable_gpg_check: true
- state: present
- become: true
- when: ansible_facts.pkg_mgr.startswith("dnf")
-
-- name: Install VSCode via zypper
- community.general.zypper:
- name: "{{ _vscode_rpm_response.url }}"
- disable_gpg_check: true
- state: present
- become: true
- when: ansible_facts.pkg_mgr == "zypper"
diff --git a/roles/editor_vscode/tasks/install_zypper.yml b/roles/editor_vscode/tasks/install_zypper.yml
deleted file mode 120000
index 463b6d3..0000000
--- a/roles/editor_vscode/tasks/install_zypper.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_rpm.yml
\ No newline at end of file
diff --git a/roles/editor_vscode/tasks/main.yml b/roles/editor_vscode/tasks/main.yml
index 607f083..a2a50d1 100644
--- a/roles/editor_vscode/tasks/main.yml
+++ b/roles/editor_vscode/tasks/main.yml
@@ -1,13 +1,28 @@
---
-- name: Install VSCode
- ansible.builtin.include_tasks: "install_{{ ansible_facts.pkg_mgr }}.yml"
- tags: install
-
- name: Create directories for VSCode
ansible.builtin.file:
- path: "$HOME/.config/Code - Insiders/User"
+ path: "{{ item }}"
state: directory
mode: 0740
+ loop:
+ - ~/.local/bin
+ - ~/.local/share
+ - "$HOME/.config/Code - Insiders/User"
+
+- name: Install VSCode script
+ ansible.builtin.copy:
+ src: files/update.sh
+ dest: ~/.local/bin/code-update.sh
+ mode: 0640
+
+- name: Create app info for VSCode
+ ansible.builtin.copy:
+ src: files/code{{ item }}.desktop
+ dest: ~/.local/share/applications/visual-studio-code-insiders{{ item }}.desktop
+ mode: 0640
+ loop:
+ - ""
+ - "-url-handler"
- name: Install VSCode configuration
ansible.builtin.copy:
@@ -18,10 +33,10 @@
- settings
- keybindings
-- name: Install extensions
+- name: Install VSCode
ansible.builtin.command:
- cmd: code-insiders --install-extension {{ item }}
- register: _editor_vscode_installation_result
- changed_when: '"was successfully installed." in _editor_vscode_installation_result.stdout'
- failed_when: '"Error while installing extensions" in _editor_vscode_installation_result.stderr'
- loop: "{{ editor_vscode_extensions }}"
+ cmd: bash /home/{{ target_user }}/.local/bin/code-update.sh
+ creates: /opt/VSCode-linux-x64
+ become: true
+ when: false
+ tags: install
diff --git a/roles/forgejo/defaults/main.yml b/roles/forgejo/defaults/main.yml
index b1d9909..40285e9 100644
--- a/roles/forgejo/defaults/main.yml
+++ b/roles/forgejo/defaults/main.yml
@@ -11,6 +11,3 @@ forgejo_http_port: 3000
# SSH port that's exposed from the container
forgejo_ssh_port: 2222
-
-# Version of the Forgejo to be pulled; for available see image tags
-forgejo_version: 11
diff --git a/roles/forgejo/templates/forgejo.container b/roles/forgejo/templates/forgejo.container
index 6632983..08a08e8 100644
--- a/roles/forgejo/templates/forgejo.container
+++ b/roles/forgejo/templates/forgejo.container
@@ -4,11 +4,10 @@
Description=Forgejo
After=postgresql.service
Requires=postgresql.service
-PartOf=postgresql.service
[Container]
ContainerName=forgejo
-Image=codeberg.org/forgejo/forgejo:{{ forgejo_version }}
+Image=codeberg.org/forgejo/forgejo:9
AutoUpdate=registry
Environment=USER_UID=1000
diff --git a/roles/git/templates/gitconfig b/roles/git/templates/gitconfig
index 585d9bf..807b0e8 100644
--- a/roles/git/templates/gitconfig
+++ b/roles/git/templates/gitconfig
@@ -1,7 +1,6 @@
[alias]
scommit = commit --signoff
graph = log --oneline --decorate --graph --all
- lg = log --color=always --date=format:'%Y-%m-%d' --format='%C(red)%ad %C(green)%h %C(blue)(%aL): %Creset%s%C(Yellow)%d'
[commit]
gpgsign = true
@@ -33,9 +32,6 @@
[difftool "vscode-difftool"]
cmd = code --wait --diff $LOCAL $REMOTE
-[diff "ansible-vault"]
- textconv = ansible-vault view
-
[gpg]
# format = ssh
program = gpg2
diff --git a/roles/os_deb/tasks/main.yml b/roles/os_deb/tasks/main.yml
deleted file mode 100644
index 60dd0af..0000000
--- a/roles/os_deb/tasks/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- name: Enable all Debian repos
- ansible.builtin.include_tasks: repositories.yml
- when: ansible_facts.distribution == "Debian"
diff --git a/roles/os_deb/tasks/repositories.yml b/roles/os_deb/tasks/repositories.yml
deleted file mode 100644
index b554b64..0000000
--- a/roles/os_deb/tasks/repositories.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-- name: Disable installation DVD as a source
- ansible.builtin.lineinfile:
- path: /etc/apt/sources.list
- regexp: "^deb cdrom:"
- state: absent
-
-- name: Enable additional Debian repos
- ansible.builtin.deb822_repository:
- name: "{{ item.name }}"
- types:
- - deb
- - deb-src
- uris: "{{ item.uris }}"
- suites: "{{ item.suites }}"
- components:
- - contrib
- - non-free
- state: present
- loop:
- - name: contrib-non_free
- uris: http://ftp.sk.debian.org/debian/
- suites: "{{ ansible_facts.distribution_release }}"
- - name: security-contrib-non_free
- uris: http://security.debian.org/debian-security
- suites: "{{ ansible_facts.distribution_release }}-security"
- - name: updates-contrib-non_free
- uris: http://ftp.sk.debian.org/debian/
- suites: "{{ ansible_facts.distribution_release }}-updates"
- register: _deb_repo
-
-- name: Refresh the cache, if any of the repos has changed
- ansible.builtin.apt:
- update_cache: true
- when: _deb_repo.changed
diff --git a/roles/secrets_hcv/tasks/install_Debian.yml b/roles/secrets_hcv/tasks/install_Debian.yml
deleted file mode 120000
index 38e6c00..0000000
--- a/roles/secrets_hcv/tasks/install_Debian.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_deb.yml
\ No newline at end of file
diff --git a/roles/secrets_hcv/tasks/install_Rocky.yml b/roles/secrets_hcv/tasks/install_Rocky.yml
deleted file mode 120000
index bbd6a23..0000000
--- a/roles/secrets_hcv/tasks/install_Rocky.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_el.yml
\ No newline at end of file
diff --git a/roles/secrets_hcv/tasks/install_Ubuntu.yml b/roles/secrets_hcv/tasks/install_Ubuntu.yml
deleted file mode 120000
index 38e6c00..0000000
--- a/roles/secrets_hcv/tasks/install_Ubuntu.yml
+++ /dev/null
@@ -1 +0,0 @@
-install_deb.yml
\ No newline at end of file
diff --git a/roles/secrets_hcv/tasks/install_Ubuntu.yml b/roles/secrets_hcv/tasks/install_Ubuntu.yml
new file mode 100644
index 0000000..951d4f0
--- /dev/null
+++ b/roles/secrets_hcv/tasks/install_Ubuntu.yml
@@ -0,0 +1,13 @@
+---
+- name: Add HashiCorp GPG Key
+ ansible.builtin.get_url:
+ url: https://apt.releases.hashicorp.com/gpg
+ dest: /etc/apt/keyrings/hashicorp.asc
+ mode: 0640
+ become: true
+
+- name: Add HashiCorp repository
+ ansible.builtin.apt_repository:
+ repo: "deb [signed-by=/etc/apt/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
+ state: present
+ become: true
diff --git a/roles/secrets_hcv/tasks/install_deb.yml b/roles/secrets_hcv/tasks/install_deb.yml
deleted file mode 100644
index 8d3388a..0000000
--- a/roles/secrets_hcv/tasks/install_deb.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Add HashiCorp repository
- ansible.builtin.deb822_repository:
- name: hashicorp
- types: deb
- uris: https://apt.releases.hashicorp.com
- suites: "{{ ansible_distribution_release }}"
- components:
- - main
- signed_by: https://apt.releases.hashicorp.com/gpg
- state: present
- become: true
- register: _deb_repo
-
-- name: Refresh the cache if HashiCorp repo has been changed
- ansible.builtin.apt:
- update_cache: true
- become: true
- when: _deb_repo.changed
diff --git a/roles/secrets_hcv/tasks/main.yml b/roles/secrets_hcv/tasks/main.yml
index 9250c7d..4d6ed32 100644
--- a/roles/secrets_hcv/tasks/main.yml
+++ b/roles/secrets_hcv/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Install HC Vault via package manager
- when: ansible_distribution in [ "AlmaLinux", "CentOS", "Debian", "Fedora", "Rocky", "Ubuntu" ]
+ when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
tags: install
block:
- name: Enable repository
@@ -14,7 +14,7 @@
- name: Install HC Vault to userspace
ansible.builtin.include_tasks: install_user.yml
- when: ansible_distribution not in [ "AlmaLinux", "CentOS", "Debian", "Fedora", "Rocky", "Ubuntu" ]
+ when: ansible_distribution not in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
tags: install
- name: Install ‹vssh› script
diff --git a/roles/shell_zsh/tasks/install.yml b/roles/shell_zsh/tasks/install.yml
index 617d357..6635a8b 100644
--- a/roles/shell_zsh/tasks/install.yml
+++ b/roles/shell_zsh/tasks/install.yml
@@ -7,28 +7,6 @@
state: present
become: true
-- name: Enable ‹eza› apt repository
- block:
- - name: Enable the repository
- ansible.builtin.deb822_repository:
- name: eza
- types: deb
- uris: http://deb.gierens.de
- suites: stable
- components:
- - main
- signed_by: https://raw.githubusercontent.com/eza-community/eza/main/deb.asc
- state: present
- become: true
- register: _deb_repo
-
- - name: Refresh the cache after adding the repo
- ansible.builtin.apt:
- update_cache: true
- become: true
- when: _deb_repo.changed
- when: ansible_distribution in [ "Debian", "Ubuntu" ]
-
- name: Install eza and bat
ansible.builtin.package:
name:
@@ -56,4 +34,4 @@
name: yad
state: present
become: true
- when: 'ansible_distribution not in [ "AlmaLinux", "Rocky" ] and "openSUSE" not in ansible_distribution'
+ when: 'ansible_distribution not in [ "AlmaLinux" ] and "openSUSE" not in ansible_distribution'
diff --git a/roles/shell_zsh/templates/zshrc b/roles/shell_zsh/templates/zshrc
index 245cc03..2b8dbe9 100644
--- a/roles/shell_zsh/templates/zshrc
+++ b/roles/shell_zsh/templates/zshrc
@@ -29,7 +29,6 @@ alias kittyconf="$EDITOR ~/.config/kitty/kitty.conf"
export GIT_EDITOR=$EDITOR
alias gcs="git commit --gpg-sign --signoff --verbose"
alias gcsp="git commit --gpg-sign --signoff --verbose --patch"
-alias glgf="git lg | fzf --ansi"
### tokens ###
source ~/.tokens
diff --git a/roles/ssh_server/tasks/main.yml b/roles/ssh_server/tasks/main.yml
index 78cc507..19b7b73 100644
--- a/roles/ssh_server/tasks/main.yml
+++ b/roles/ssh_server/tasks/main.yml
@@ -55,4 +55,4 @@
- name: Set trusted CA
ansible.builtin.include_tasks: trusted_ca.yml
- when: ssh_server_auth_trusted_ca
+ when: sshd_auth_trusted_ca
diff --git a/roles/vaultwarden/templates/vaultwarden.container b/roles/vaultwarden/templates/vaultwarden.container
index aa604d5..0b7bd17 100644
--- a/roles/vaultwarden/templates/vaultwarden.container
+++ b/roles/vaultwarden/templates/vaultwarden.container
@@ -4,7 +4,6 @@
Description=Vaultwarden
After=postgresql.service
Requires=postgresql.service
-PartOf=postgresql.service
[Container]
ContainerName=vaultwarden
diff --git a/roles/wg/defaults/main.yml b/roles/wg/defaults/main.yml
index 02cecdf..86df952 100644
--- a/roles/wg/defaults/main.yml
+++ b/roles/wg/defaults/main.yml
@@ -2,9 +2,6 @@
# IP address assigned to the wireguard peer
wg_address: "192.168.0.2/32"
-# IP address of the DNS server on the VPN
-wg_dns: "192.168.0.1"
-
# Domain that is used with local DNS on the VPN
wg_domain: "localdomain"
@@ -17,19 +14,12 @@ wg_ifname: "wg-something"
# Peers of the VPN, list of objects with the following format:
#
# - note: ‹comment that gets put above the peer›
-# endpoint: localhost:51820
# public_key: ‹public key of the peer›
# allowed_ips: 192.168.0.0/24
+# endpoint: localhost:51820
# # if bool(keepalive) → gets included in the config
# keepalive: 20
wg_peers: []
-# Whether to autoconnect; needs to be string to be properly templated for the
-# NetworkManager connection file
-wg_autoconnect: "true"
-
# By default don't generate the keypair and reuse the existing one
wg_generate_keypair: false
-
-# Private key, in case it is not to be generated during the runtime
-wg_private_key: ""
diff --git a/roles/wg/tasks/generate_keypair.yml b/roles/wg/tasks/generate_keypair.yml
index ef409f2..8103f16 100644
--- a/roles/wg/tasks/generate_keypair.yml
+++ b/roles/wg/tasks/generate_keypair.yml
@@ -16,5 +16,5 @@
- name: Set key/pair facts
ansible.builtin.set_fact:
- wg_private_key: "{{ _generated_private_key.stdout }}"
- wg_public_key: "{{ _derived_public_key.stdout }}"
+ wg_private_key: _generated_private_key.stdout
+ wg_public_key: _derived_public_key.stdout
diff --git a/roles/wg/tasks/main.yml b/roles/wg/tasks/main.yml
index 5cc33e6..1443325 100644
--- a/roles/wg/tasks/main.yml
+++ b/roles/wg/tasks/main.yml
@@ -3,36 +3,67 @@
ansible.builtin.include_tasks: install.yml
tags: install
-# [TODO] Handle autogeneration of the keys
+- name: Check for existence of private key
+ ansible.builtin.stat:
+ path: /etc/wireguard/private.key
+ register: _private_key_stat
+
+- name: Generate keypair
+ ansible.builtin.include_tasks: tasks/generate_keypair.yml
+ when: not _private_key_stat.exists
+
+- name: Save private key
+ ansible.builtin.template:
+ src: templates/keyfile.j2
+ dest: /etc/wireguard/private.key
+ owner: root
+ group: root
+ mode: 0700
+ vars:
+ key: "{{ wg_private_key }}"
+ when: not _private_key_stat.exists
+
+- name: Save public key
+ ansible.builtin.template:
+ src: templates/keyfile.j2
+ dest: /etc/wireguard/public.key
+ owner: root
+ group: root
+ mode: 0700
+ vars:
+ key: "{{ wg_public_key }}"
+ when: not _private_key_stat.exists
+
+- name: Set dns_command for co-openSUSE
+ ansible.builtin.set_fact:
+ wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}"
+ when: '"openSUSE" not in ansible_distribution'
+
+- name: Set dns_command for openSUSE
+ ansible.builtin.set_fact:
+ wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}"
+ when: '"openSUSE" in ansible_distribution'
- name: Create the config
vars:
- ifname: "{{ wg_ifname }}"
- autoconnect: "{{ wg_autoconnect }}"
-
address: "{{ wg_address }}"
- dns: "{{ wg_dns }}"
+ dns_command: "{{ wg_dns_command }}"
domain: "{{ wg_domain }}"
-
- private_key: "{{ wg_private_key }}"
-
+ gateway: "{{ wg_gateway }}"
peers: "{{ wg_peers }}"
ansible.builtin.template:
- src: "templates/wireguard-config.nmconnection"
- dest: "/etc/NetworkManager/system-connections/{{ wg_ifname }}.nmconnection"
+ src: "templates/wg.conf"
+ dest: "/etc/wireguard/{{ wg_ifname }}.conf"
owner: root
group: root
mode: "0600"
-- name: Load the added connection
- ansible.builtin.command:
- cmd: nmcli connection load /etc/NetworkManager/system-connections/{{ wg_ifname }}.nmconnection
- changed_when: false
- become: true
+- name: Set up the DNS on AlmaLinux
+ ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
+ when: wg_domain and ansible_distribution == "AlmaLinux"
-- name: Up the connection
- community.general.nmcli:
- conn_name: "{{ wg_ifname }}"
- state: up
- become: true
- when: wg_autoconnect | bool
+- name: Enable and start the wireguard connection
+ ansible.builtin.service:
+ name: "wg-quick@{{ wg_ifname }}"
+ enabled: yes
+ state: started
diff --git a/roles/wg/templates/wireguard-config.nmconnection b/roles/wg/templates/wireguard-config.nmconnection
deleted file mode 100644
index 78cead3..0000000
--- a/roles/wg/templates/wireguard-config.nmconnection
+++ /dev/null
@@ -1,32 +0,0 @@
-# {{ ansible_managed }}
-
-[connection]
-id={{ ifname }}
-uuid={{ ansible_facts.hostname | to_uuid(namespace=ifname | to_uuid) }}
-type=wireguard
-autoconnect={{ autoconnect }}
-interface-name={{ ifname }}
-
-[ipv4]
-method=manual
-never-default=true
-address1={{ address }}
-dns={{ dns }}
-dns-search={{ domain }}
-
-[ipv6]
-method=ignore
-addr-gen-mode=stable-privacy
-
-[wireguard]
-private-key={{ private_key }}
-{% for peer in peers %}
-
-# {{ peer.note }}
-[wireguard-peer.{{ peer.public_key }}]
-endpoint={{ peer.endpoint }}
-allowed-ips={{ peer.allowed_ips }}
-{% if peer.keepalive %}
-persistent-keepalive={{ peer.keepalive }}
-{% endif %}
-{% endfor %}
diff --git a/roles/yubikey_pam/tasks/install.yml b/roles/yubikey_pam/tasks/install.yml
index e7dfcea..fc7923b 100644
--- a/roles/yubikey_pam/tasks/install.yml
+++ b/roles/yubikey_pam/tasks/install.yml
@@ -3,7 +3,7 @@
ansible.builtin.package:
name: pam_yubico
state: present
- when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Rocky" ]
+ when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
- name: Enable PPA on Ubuntu
ansible.builtin.apt_repository:
diff --git a/scripts/get_vault_pass.sh b/scripts/get_vault_pass.sh
deleted file mode 100755
index 2f40c57..0000000
--- a/scripts/get_vault_pass.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-bw get password "git.mfocko.xyz:mfocko/dotfiles.git"