118 lines
2.5 KiB
YAML
118 lines
2.5 KiB
YAML
---
|
|
- name: Bootstrap fresh installation
|
|
hosts: all
|
|
gather_facts: true
|
|
roles:
|
|
# Handle distribution-specific changes before the generic ones
|
|
- role: os/fedora
|
|
become: true
|
|
when: ansible_distribution == "Fedora"
|
|
|
|
- role: os/el
|
|
become: true
|
|
when: ansible_distribution in [ "AlmaLinux", "CentOS" ]
|
|
|
|
# Upgrade all packages and install the basic-bitch ones
|
|
- role: base/system
|
|
become: true
|
|
|
|
# Enable Cockpit
|
|
- role: cockpit
|
|
become: true
|
|
tags: cockpit
|
|
|
|
# Enable Flathub repository and install configured flatpaks
|
|
- role: flatpak
|
|
when: ansible_distribution != "Ubuntu"
|
|
tags: flatpak
|
|
|
|
# Install Podman and configure UIDs/GIDs for rootless usage
|
|
- role: podman
|
|
become: true
|
|
tags: podman
|
|
|
|
# Install and configure SSH server
|
|
- role: sshd
|
|
become: true
|
|
tags: sshd
|
|
|
|
# Handle basic user configuration
|
|
- base/desktop
|
|
|
|
# Shell utilities
|
|
- role: shell/zsh
|
|
tags: zsh
|
|
- role: shell/tmux
|
|
tags: tmux
|
|
- role: editors/neovim
|
|
tags: neovim
|
|
|
|
# Directory for temporary files
|
|
- role: tmpfiles
|
|
become: true
|
|
tags: tmpfiles
|
|
|
|
# Configure git
|
|
- role: git
|
|
tags: git
|
|
|
|
# Configure ssh
|
|
- role: ssh
|
|
tags: ssh
|
|
|
|
# Set up GPG
|
|
- role: gpg
|
|
tags: gpg
|
|
|
|
# Configure Alacritty terminal
|
|
- role: terminals/alacritty
|
|
tags: alacritty
|
|
|
|
# Configure Kitty terminal
|
|
- role: terminals/kitty
|
|
tags: kitty
|
|
|
|
# Install fonts
|
|
- role: fonts
|
|
tags: fonts
|
|
|
|
# Install Bitwarden CLI
|
|
- role: secrets/bw
|
|
tags: bw
|
|
|
|
# Install HashiCorp Vault
|
|
- role: secrets/hcv
|
|
tags: hcv
|
|
|
|
# Install and configure Emacs
|
|
- role: editors/emacs
|
|
tags: emacs
|
|
|
|
# Install and configure VSCode
|
|
- role: editors/vscode
|
|
tags: vscode
|
|
|
|
# Install and configure Helix
|
|
- role: editors/helix
|
|
tags: helix
|
|
|
|
tasks:
|
|
# Install the Wireguard VPNs
|
|
- name: Wireguard
|
|
ansible.builtin.include_role:
|
|
name: wg
|
|
apply:
|
|
become: true
|
|
with_items: "{{ wg_connections }}"
|
|
vars:
|
|
wg_ifname: "{{ item.ifname }}"
|
|
wg_generate_keypair: "{{ item.generate_keypair }}"
|
|
wg_domain: "{{ item.domain }}"
|
|
wg_gateway: "{{ item.gateway }}"
|
|
wg_address: "{{ item.address }}"
|
|
wg_peers: "{{ item.peers }}"
|
|
tags: wireguard
|
|
|
|
handlers:
|
|
- name: Import common handlers
|
|
ansible.builtin.import_tasks: ../handlers/main.yml
|