bryan/deploy
SHA256
1
0
Fork 0
Code Actions Wiki Activity

Migrate to new apps role

Browse Source
This commit is contained in:
Bryan Roessler
2026-02-02 01:33:38 -05:00
parent 10e0d7ad9c
commit 6aefc82163
41 changed files with 616 additions and 905 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
roles/apps/README.md Normal file
View File

13
roles/apps/aichat.yml
View File

@@ -1,13 +0,0 @@
cargo:
- aichat
configs:
- path: "{{ ansible_facts['env']['HOME'] }}/.config/aichat/config.yaml"
template: |
# see https://github.com/sigoden/aichat/blob/main/config.example.yaml
model: claude:claude-haiku-4-5-20251001
clients:
- type: claude
api_key: {{ ANTHROPIC_API_KEY }}

124
roles/apps/btrbk.yml
View File

@@ -1,124 +0,0 @@
system_services:
- btrbk.timer
configs:
- path: /etc/btrbk/btrbk.conf
template: |
#
# Example btrbk configuration file
#
#
# Please refer to the btrbk.conf(5) man-page for a complete
# description of all configuration options.
# For more examples, see README.md included with this package.
#
# btrbk.conf(5): <https://digint.ch/btrbk/doc/btrbk.conf.5.html>
# README.md: <https://digint.ch/btrbk/doc/readme.html>
#
# Note that the options can be overridden per volume/subvolume/target
# in the corresponding sections.
#
# Enable transaction log
transaction_log /var/log/btrbk.log
# Specify SSH private key for remote connections
ssh_identity {{ btrbk_ssh_identity | default('/root/.ssh/id_ed25519') }}
ssh_user {{ btrbk_ssh_user | default('root') }}
# Use sudo if btrbk or lsbtr is run by regular user
backend_local_user btrfs-progs-sudo
# Enable stream buffer. Adding a buffer between the sending and
# receiving side is generally a good idea.
# NOTE: If enabled, make sure to install the "mbuffer" package!
stream_buffer 256m
# Directory in which the btrfs snapshots are created. Relative to
# <volume-directory> of the volume section.
# If not set, the snapshots are created in <volume-directory>.
#
# If you want to set a custom name for the snapshot (and backups),
# use the "snapshot_name" option within the subvolume section.
#
# NOTE: btrbk does not autmatically create this directory, and the
# snapshot creation will fail if it is not present.
#
snapshot_dir .snapshots
# Always create snapshots. Set this to "ondemand" to only create
# snapshots if the target volume is reachable. Set this to "no" if
# snapshot creation is done by another instance of btrbk.
snapshot_create onchange
# Perform incremental backups (set to "strict" if you want to prevent
# creation of non-incremental backups if no parent is found).
#incremental yes
# Specify after what time (in full hours after midnight) backups/
# snapshots are considered as a daily backup/snapshot
#preserve_hour_of_day 0
# Specify on which day of week weekly/monthly backups are to be
# preserved.
#preserve_day_of_week sunday
# Preserve all snapshots for a minimum period of time.
#snapshot_preserve_min 1d
# Retention policy for the source snapshots.
#snapshot_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Preserve all backup targets for a minimum period of time.
#target_preserve_min no
# Retention policy for backup targets:
#target_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Retention policy for archives ("btrbk archive" command):
#archive_preserve_min no
#archive_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Enable compression for remote btrfs send/receive operations:
#stream_compress no
#stream_compress_level default
#stream_compress_threads default
# Enable lock file support: Ensures that only one instance of btrbk
# can be run at a time.
lockfile /var/lock/btrbk.lock
# Don't wait for transaction commit on deletion. Set this to "after"
# or "each" to make sure the deletion of subvolumes is committed to
# disk when btrbk terminates.
#btrfs_commit_delete no
#
# Volume section (optional): "volume <volume-directory>"
#
# <volume-directory> Base path within a btrfs filesystem
# containing the subvolumes to be backuped
# (usually the mount-point of a btrfs filesystem
# mounted with subvolid=5 option).
#
# Subvolume section: "subvolume <subvolume-name>"
#
# <subvolume-name> Subvolume to be backuped, relative to
# <volume-directory> in volume section.
#
# Target section: "target <type> <volume-directory>"
#
# <type> (optional) type, defaults to "send-receive".
# <volume-directory> Directory within a btrfs filesystem
# receiving the backups.
#
# NOTE: The parser does not care about indentation, this is only for
# human readability. All options apply to the last section
# encountered, overriding the corresponding option of the upper
# section. This means that the global options must be set on top,
# before any "volume", "subvolume" or "target section.
#
{{ btrbk_config }}

162
roles/apps/btrfsmaintenance.yml
View File

@@ -1,162 +0,0 @@
system_services:
- btrfs-balance.timer
- btrfs-scrub.timer
- btrfs-trim.timer
configs:
- path: /etc/sysconfig/btrfsmaintenance
template: |
## Path: System/File systems/btrfs
## Type: string(none,stdout,journal,syslog)
## Default: "stdout"
#
# Output target for messages. Journal and syslog messages are tagged by the task name like
# 'btrfs-scrub' etc.
BTRFS_LOG_OUTPUT="journal"
## Path: System/File systems/btrfs
## Type: string
## Default: ""
#
# Run periodic defrag on selected paths. The files from a given path do not
# cross mount points or other subvolumes/snapshots. If you want to defragment
# nested subvolumes, all have to be listed in this variable.
# (Colon separated paths)
BTRFS_DEFRAG_PATHS=""
## Path: System/File systems/btrfs
## Type: string(none,daily,weekly,monthly)
## Default: "none"
## ServiceRestart: btrfsmaintenance-refresh
#
# Frequency of defrag.
BTRFS_DEFRAG_PERIOD="none"
## Path: System/File systems/btrfs
## Type: string
## Default: "+1M"
#
# Minimal file size to consider for defragmentation
BTRFS_DEFRAG_MIN_SIZE="+1M"
## Path: System/File systems/btrfs
## Type: string
## Default: "/"
#
# Which mountpoints/filesystems to balance periodically. This may reclaim unused
# portions of the filesystem and make the rest more compact.
# (Colon separated paths)
# The special word/mountpoint "auto" will evaluate all mounted btrfs
# filesystems
BTRFS_BALANCE_MOUNTPOINTS="auto"
## Path: System/File systems/btrfs
## Type: string(none,daily,weekly,monthly)
## Default: "weekly"
## ServiceRestart: btrfsmaintenance-refresh
#
# Frequency of periodic balance.
#
# The frequency may be specified using one of the listed values or
# in the format documented in the "Calendar Events" section of systemd.time(7),
# if available.
BTRFS_BALANCE_PERIOD="weekly"
## Path: System/File systems/btrfs
## Type: string
## Default: "5 10"
#
# The usage percent for balancing data block groups.
#
# Note: default values should not disturb normal work but may not reclaim
# enough block groups. If you observe that, add higher values but beware that
# this will increase IO load on the system.
BTRFS_BALANCE_DUSAGE="0 20 50 80"
## Path: System/File systems/btrfs
## Type: string
## Default: "5"
#
# The usage percent for balancing metadata block groups. The values are also
# used in case the filesystem has mixed blockgroups.
#
# Note: default values should not disturb normal work but may not reclaim
# enough block groups. If you observe that, add higher values but beware that
# this will increase IO load on the system.
BTRFS_BALANCE_MUSAGE="80"
## Path: System/File systems/btrfs
## Type: string
## Default: "/"
#
# Which mountpoints/filesystems to scrub periodically.
# (Colon separated paths)
# The special word/mountpoint "auto" will evaluate all mounted btrfs
# filesystems
BTRFS_SCRUB_MOUNTPOINTS="auto"
## Path: System/File systems/btrfs
## Type: string(none,weekly,monthly)
## Default: "monthly"
## ServiceRestart: btrfsmaintenance-refresh
#
# Frequency of periodic scrub.
#
# The frequency may be specified using one of the listed values or
# in the format documented in the "Calendar Events" section of systemd.time(7),
# if available.
BTRFS_SCRUB_PERIOD="quarterly"
## Path: System/File systems/btrfs
## Type: string(idle,normal)
## Default: "idle"
#
# Priority of IO at which the scrub process will run. Idle should not degrade
# performance but may take longer to finish.
BTRFS_SCRUB_PRIORITY="idle"
## Path: System/File systems/btrfs
## Type: boolean
## Default: "false"
#
# Do read-only scrub and don't try to repair anything.
BTRFS_SCRUB_READ_ONLY="false"
## Path: System/File systems/btrfs
## Description: Configuration for periodic fstrim
## Type: string(none,daily,weekly,monthly)
## Default: "none"
## ServiceRestart: btrfsmaintenance-refresh
#
# Frequency of periodic trim. Off by default so it does not collide with
# fstrim.timer . If you do not use the timer, turn it on here. The recommended
# period is 'weekly'.
#
# The frequency may be specified using one of the listed values or
# in the format documented in the "Calendar Events" section of systemd.time(7),
# if available.
BTRFS_TRIM_PERIOD="weekly"
## Path: System/File systems/btrfs
## Description: Configuration for periodic fstrim - mountpoints
## Type: string
## Default: "/"
#
# Which mountpoints/filesystems to trim periodically.
# (Colon separated paths)
# The special word/mountpoint "auto" will evaluate all mounted btrfs
# filesystems
BTRFS_TRIM_MOUNTPOINTS="auto"
## Path: System/File systems/btrfs
## Description: Configuration to allow concurrent jobs
## Type: boolean
## Default: "false"
#
# These maintenance tasks may compete for resources with each other, blocking
# out other tasks from using the file systems. This option will force
# these jobs to run in FIFO order when scheduled at overlapping times. This
# may include tasks scheduled to run when a system resumes or boots when
# the timer for these tasks(s) elapsed while the system was suspended
# or powered off.
BTRFS_ALLOW_CONCURRENCY="false"

5
roles/apps/code.yml
View File

@@ -1,5 +0,0 @@
repos:
- name: code
description: Visual Studio Code
baseurl: https://packages.microsoft.com/yumrepos/vscode
gpgkey: https://packages.microsoft.com/keys/microsoft.asc

2
roles/apps/dnf-automatic.yml
View File

@@ -1,2 +0,0 @@
system_services:
- dnf-automatic.timer

11
roles/apps/dnf.yml
View File

@@ -1,11 +0,0 @@
configs:
path: /etc/dnf/dnf.conf
template: |
# see `man dnf.conf` for defaults and possible options
[main]
# installonly_limit=3
# best=False
skip_if_unavailable=True
deltarpm=True
fastestmirror=True

14
roles/apps/keyd.yml
View File

@@ -1,14 +0,0 @@
copr:
- alternateved/keyd
system_services:
- keyd
configs:
path: /etc/keyd/default.conf
template: |
[ids]
0001:0001:09b4e68d
[main]
leftmeta+leftshift+f23 = rightcontrol

5
roles/apps/mediacenter35.yml
View File

@@ -1,5 +0,0 @@
repos:
- name: jriver
description: JRiver Media Center by BryanC
baseurl: https://repos.bryanroessler.com/jriver
gpgcheck: false

3
roles/apps/mullvad-vpn.yml
View File

@@ -1,3 +0,0 @@
repofiles:
- name: Mullvad VPN
url: https://repository.mullvad.net/rpm/stable/mullvad.repo

2
roles/apps/profile-sync-daemon.yml
View File

@@ -1,2 +0,0 @@
user_services:
- psd.service

140
roles/apps/pwrstatd.yml
View File

@@ -1,140 +0,0 @@
packages:
- "https://dl4jz3rbrsfum.cloudfront.net/software/PPL_64bit_v1.4.1.rpm"
system_services:
- pwrstatd.service
configs:
path: /etc/pwrstatd.conf
template: |
#
# pwrstatd configuration file
#
# You must restart pwrstatd after changing this file in order for changes to take effect.
# Ex:/etc/init.d/pwrstatd restart
#
# Action setting for event of Power Failure
#
# A delay time in seconds since event of Power Failure occur then to run shell
# script and shutdown system. Allowed range is 0 ~ 3600. Default is 60 sec.
powerfail-delay = 60
# Enable to run shell script when the event of Power Failure occur.
# The allowed options are yes and no. Default is yes.
powerfail-active = no
# Assign a path of script file for event of Power Failure.
# The default is /etc/pwrstatd-powerfail.sh
powerfail-cmd-path = /etc/pwrstatd-powerfail.sh
# How much time in seconds to take script running for event of Power Failure.
# The allowed range is 0 ~ 3600. Default is 0 sec.
powerfail-duration = 0
# Allow Daemon to shutdown system for event of Power Failure.
# The allowed options are yes and no. Default is yes.
powerfail-shutdown = no
#
# Action setting for event of Battery Low
#
# A threshold of Battery Capacity, If the battery capacity is lower than this
# value and a event of Battery Low will be identified. The unit is percentage.
# The allowed range is 0 ~ 90. Default is 35 %.
lowbatt-threshold = 10
# A threshold of Remaining Runtime, If the Remaining Runtime is lower than this
# value and a event of Battery Low will be identified. The unit is second.
# The allowed range is 0 ~ 3600. Default is 300 sec.
# Note: When meet this condition the below 'shutdown-sustain' property
# will be ignored.
runtime-threshold = 180
# Enable to run shell script when the event of Battery Low occur.
# The allowed options are yes and no. Default is yes.
lowbatt-active = no
# Assign a path of script file for event of Battery Low.
# The default is /etc/pwrstatd-lowbatt.sh
lowbatt-cmd-path = /etc/pwrstatd-lowbatt.sh
# How much time in seconds to take script running for event of Battery Low.
# The allowed range is 0 ~ 60. Default is 0 sec.
lowbatt-duration = 0
# Allow Daemon to shutdown system for event of Battery Low.
# The allowed options are yes and no. Default is yes.
lowbatt-shutdown = yes
# Turn UPS alarm on or off.
# The allowed options are yes and no. Default is yes.
enable-alarm = yes
# The necessary time in seconds for system shutdown.
# The UPS will turn power off when this time is expired.
# The allowed range is 0 ~ 3600. Default is 600 sec.(10 min.)
# If the computer shutdown is cause by low runtime condition, the UPS will
# turn power off when the time is expired that time is assigned on
# 'runtime-threshold' property and it is no longer to refer the
# 'shutdown-sustain' property.
shutdown-sustain = 0
# Daemon will turn UPS power off once it ask system shutdown cause by a power
# event. Allowed options are yes and no. Default is yes.
turn-ups-off = no
# The period of polling UPS in seconds.
# The allowed range is 1 ~ 60. Default is 3 sec.
ups-polling-rate = 5
# the period of re-try to find available UPS in seconds since find nothing at
# last time. The allowed range is 1 ~ 300. Default is 10 sec.
ups-retry-rate = 10
# Prohibiting daemon to provide communication mechanism for client, such as
# pwrstat command. normally, it should be 'no'. It can be 'yes' if any security
# consideration. Allowed options are yes and no. Default is no.
prohibit-client-access = no
# The pwrstatd accepts four types of device node which includes the 'ttyS',
# 'ttyUSB', 'hiddev', and 'libusb' for communication with UPS. The pwrstatd
# defaults to enumerate all acceptable device nodes and pick up to use an
# available device node automatically. But this may cause a disturbance to the
# device node which is occupied by other software. Therefore, you can restrict
# this enumerate behave by using allowed-device-nodes option. You can assign
# the single device node path or multiple device node paths divided by a
# semicolon at this option. All groups of 'ttyS', 'ttyUSB', 'hiddev', or
# 'libusb' device node are enumerated without a suffix number assignment.
# Note, the 'libusb' does not support suffix number only.
#
# For example: restrict to use ttyS1, ttyS2 and hiddev1 device nodes at /dev
# path only.
# allowed-device-nodes = /dev/ttyS1;/dev/ttyS2;/dev/hiddev1
#
# For example: restrict to use ttyS and ttyUSB two groups of device node at
# /dev,/dev/usb, and /dev/usb/hid paths(includes ttyS0 to ttySN and ttyUSB0 to
# ttyUSBN, N is number).
# allowed-device-nodes = ttyS;ttyUSB
#
# For example: restrict to use hiddev group of device node at /dev,/dev/usb,
# and /dev/usb/hid paths(includes hiddev0 to hiddevN, N is number).
# allowed-device-nodes = hiddev
#
# For example: restrict to use libusb device.
# allowed-device-nodes = libusb
allowed-device-nodes =
# Daemon will hibernate system to instead of system shutdown when power
# event occur. Allowed options are yes and no. Default is no.
hibernate = no
# Enable cloud solution.
# The allowed options are yes and no. Default is no.
cloud-active = no
# Account for cloud server login.
cloud-account =

2
roles/apps/tailscale.yml
View File

@@ -1,2 +0,0 @@
system_services:
- tailscaled.service

5
roles/apps/tasks/cargo.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: Install cargo packages
community.general.cargo:
name: "{{ item }}"
state: present
loop: "{{ apps_cargo | default([]) + (cargo_install | default([])) }}"

31
roles/apps/tasks/configs.yml Normal file
View File

@@ -0,0 +1,31 @@
- name: Create app directories
ansible.builtin.file:
path: "{{ item.dest }}"
state: directory
mode: "0755"
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
loop: "{{ apps_directories }}"
become: "{{ item.owner is defined and item.owner == 'root' }}"
when: apps_directories is defined and apps_directories | length > 0
- name: Create parent directories for config files
ansible.builtin.file:
path: "{{ item.dest | dirname }}"
state: directory
mode: '0755'
loop: "{{ apps_configs }}"
become: "{{ item.owner is defined and item.owner == 'root' }}"
when: apps_configs is defined and apps_configs | length > 0
- name: Deploy configuration templates
ansible.builtin.copy:
content: "{{ item.content }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode | default('0644') }}"
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
backup: "{{ item.backup | default(false) }}"
loop: "{{ apps_configs }}"
become: "{{ item.owner is defined and item.owner == 'root' }}"
when: apps_configs is defined and apps_configs | length > 0

69
roles/apps/tasks/dnf.yml Normal file
View File

@@ -0,0 +1,69 @@
---
- name: Enable COPR repositories
community.general.copr:
name: "{{ item.repo | default(item) }}"
state: enabled
loop: "{{ (copr_install | default([])) + (apps_copr | default([])) }}"
become: true
- name: Add DNF repositories
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
baseurl: "{{ item.baseurl | default(omit) }}"
metalink: "{{ item.metalink | default(omit) }}"
enabled: "{{ item.enabled | default(true) }}"
metadata_expire: "{{ item.metadata_expire | default(omit) }}"
gpgcheck: "{{ item.gpgcheck | default(true) }}"
repo_gpgcheck: "{{ item.repo_gpgcheck | default(omit) }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
loop: "{{ (dnf_repos_add | default([])) + (apps_dnf_repos_add | default([])) }}"
become: true
- name: Add DNF repository files
ansible.builtin.get_url:
url: "{{ item.url | default(item) }}"
dest: "/etc/yum.repos.d/{{ (item.url | default(item)) | basename }}"
owner: root
group: root
mode: '0644'
loop: "{{ (dnf_repofiles_add | default([])) + (apps_dnf_repofiles_add | default([])) }}"
become: true
- name: Remove DNF repositories
ansible.builtin.yum_repository:
name: "{{ item }}"
state: absent
loop: "{{ dnf_repos_remove | default([]) }}"
become: true
- name: Install remote RPM packages (from URLs)
ansible.builtin.dnf:
name: "{{ (dnf_install_remote | default([])) + (apps_dnf_install_remote | default([])) + (apps_packages_remote | default([])) }}"
state: present
disable_gpg_check: true
become: true
when: ((dnf_install_remote | default([])) + (apps_dnf_install_remote | default([])) + (apps_packages_remote | default([]))) | length > 0
- name: Remove unwanted packages
ansible.builtin.dnf:
name: "{{ item }}"
state: absent
autoremove: true
loop: "{{ dnf_remove | default([]) }}"
failed_when: false
become: true
- name: Install packages
ansible.builtin.dnf:
name: "{{ apps_all_packages }}"
state: present
skip_broken: true
become: true
- name: Update all packages
ansible.builtin.dnf:
name: "*"
state: latest # noqa package-latest
skip_broken: true
become: true

10
roles/apps/tasks/git.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: Clone git repositories
ansible.builtin.git:
repo: "{{ item.repo }}"
dest: "{{ item.dest }}"
version: "{{ item.version }}"
update: true
depth: 1
accept_hostkey: true
loop: "{{ (git | default([])) + (apps_git | default([])) }}"
when: ((git | default([])) + (apps_git | default([]))) | length > 0

158
roles/apps/tasks/main.yml
View File

@@ -1,137 +1,39 @@
---
- name: Load per-app configuration files
ansible.builtin.include_vars:
file: "{{ role_path }}/{{ item }}.yml"
name: "app_{{ item }}"
loop: "{{ ((apps | default([])) + (apps_group | default([]))) | select | list }}"
failed_when: false
- name: Merge app configuration
# Merge all apps dicts (apps + apps_group)
- name: Merge apps configurations
ansible.builtin.set_fact:
apps_copr: "{{ apps_copr | default([]) + (lookup('vars', 'app_' + item, default={}).copr | default([])) }}"
apps_repos: "{{ apps_repos | default([]) + (lookup('vars', 'app_' + item, default={}).repos | default([])) }}"
apps_repofiles: "{{ apps_repofiles | default([]) + (lookup('vars', 'app_' + item, default={}).repofiles | default([])) }}"
apps_packages: "{{ apps_packages | default([]) + (lookup('vars', 'app_' + item, default={}).packages | default([])) }}"
apps_cargo: "{{ apps_cargo | default([]) + (lookup('vars', 'app_' + item, default={}).cargo | default([])) }}"
apps_system_services: "{{ apps_system_services | default([]) + (lookup('vars', 'app_' + item, default={}).system_services | default([])) }}"
apps_user_services: "{{ apps_user_services | default([]) + (lookup('vars', 'app_' + item, default={}).user_services | default([])) }}"
loop: "{{ ((apps | default([])) + (apps_group | default([]))) | select | list }}"
apps_all_apps: "{{ apps | default({}) | combine(apps_group | default({}), recursive=True) }}"
- name: Enable COPR repositories
community.general.copr:
name: "{{ item.repo | default(item) }}"
state: enabled
loop: "{{ apps_copr | default([]) }}"
become: true
# Extract various lists from merged apps
- name: Build package and config lists
ansible.builtin.set_fact:
apps_packages: "{{ apps_all_apps | dict2items | selectattr('value.packages', 'defined') | map(attribute='value.packages') | flatten }}"
apps_packages_remote: "{{ apps_all_apps | dict2items | selectattr('value.packages_remote', 'defined') | map(attribute='value.packages_remote') | flatten }}"
apps_cargo: "{{ apps_all_apps | dict2items | selectattr('value.cargo', 'defined') | map(attribute='value.cargo') | flatten }}"
apps_copr: "{{ apps_all_apps | dict2items | selectattr('value.copr', 'defined') | map(attribute='value.copr') | flatten }}"
apps_git: "{{ apps_all_apps | dict2items | selectattr('value.git', 'defined') | map(attribute='value.git') | flatten }}"
apps_configs: "{{ apps_all_apps | dict2items | selectattr('value.configs', 'defined') | map(attribute='value.configs') | flatten }}"
apps_directories: "{{ apps_all_apps | dict2items | selectattr('value.directories', 'defined') | map(attribute='value.directories') | flatten }}"
apps_dnf_repos_add: "{{ apps_all_apps | dict2items | selectattr('value.dnf_repos_add', 'defined') | map(attribute='value.dnf_repos_add') | flatten }}"
apps_dnf_repofiles_add: "{{ apps_all_apps | dict2items | selectattr('value.dnf_repofiles_add', 'defined') | map(attribute='value.dnf_repofiles_add') | flatten }}"
apps_dnf_install_remote: "{{ apps_all_apps | dict2items | selectattr('value.dnf_install_remote', 'defined') | map(attribute='value.dnf_install_remote') | flatten }}"
apps_services_system_enabled: "{{ apps_all_apps | dict2items | selectattr('value.services_system_enabled', 'defined') | map(attribute='value.services_system_enabled') | flatten }}"
apps_services_system_disabled: "{{ apps_all_apps | dict2items | selectattr('value.services_system_disabled', 'defined') | map(attribute='value.services_system_disabled') | flatten }}"
apps_services_user_enabled: "{{ apps_all_apps | dict2items | selectattr('value.services_user_enabled', 'defined') | map(attribute='value.services_user_enabled') | flatten }}"
apps_services_user_disabled: "{{ apps_all_apps | dict2items | selectattr('value.services_user_disabled', 'defined') | map(attribute='value.services_user_disabled') | flatten }}"
apps_all_packages: "{{ (apps_packages | default([])) + (dnf_install | default([])) }}"
- name: Add DNF repositories
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
baseurl: "{{ item.baseurl | default(omit) }}"
metalink: "{{ item.metalink | default(omit) }}"
enabled: "{{ item.enabled | default(true) }}"
metadata_expire: "{{ item.metadata_expire | default(omit) }}"
gpgcheck: "{{ item.gpgcheck | default(true) }}"
repo_gpgcheck: "{{ item.repo_gpgcheck | default(omit) }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
loop: "{{ (dnf_add_repos | default([])) + (apps_repos | default([])) }}"
become: true
- name: Add DNF repository files
ansible.builtin.get_url:
url: "{{ item.url }}"
dest: "/etc/yum.repos.d/{{ item.url | basename }}"
owner: root
group: root
mode: '0644'
loop: "{{ apps_repofiles | default([]) }}"
become: true
- name: Remove DNF repositories
ansible.builtin.yum_repository:
name: "{{ item }}"
state: absent
loop: "{{ (dnf_remove_repos | default([])) + (dnf_remove_repos_group | default([])) }}"
become: true
- name: Remove unwanted packages
ansible.builtin.dnf:
name: "{{ item }}"
state: absent
autoremove: true
loop: "{{ (dnf_remove | default([])) + (dnf_remove_group | default([])) }}"
become: true
failed_when: false
- name: Install remote RPM packages (from URLs)
ansible.builtin.dnf:
name: "{{ apps_packages | default([]) | select('match', '^https?://') | list }}"
state: present
disable_gpg_check: true
become: true
when: (apps_packages | default([]) | select('match', '^https?://') | list) | length > 0
- name: Install DNF packages
ansible.builtin.dnf:
name: "{{ ((apps | default([])) + (apps_group | default([])) + (apps_packages | default([]) | reject('match', '^https?://') | list)) | select | list }}"
state: present
skip_broken: true
become: true
- name: Update all DNF packages
ansible.builtin.dnf:
name: "*"
state: latest # noqa package-latest
skip_broken: true
become: true
- name: Install cargo packages
ansible.builtin.command:
cmd: "cargo install {{ item }}"
loop: "{{ apps_cargo | default([]) }}"
register: apps_cargo_install_result
changed_when: "'Installing' in apps_cargo_install_result.stderr or 'Compiling' in apps_cargo_install_result.stderr"
failed_when: apps_cargo_install_result.rc != 0 and 'already exists' not in apps_cargo_install_result.stderr
- name: Deploy repositorioes and packages
ansible.builtin.include_tasks: dnf.yml
- name: Clone git repositories
ansible.builtin.git:
repo: "{{ item.repo }}"
dest: "{{ item.dest }}"
version: "{{ item.version }}"
update: true
loop: "{{ (git_add_repos | default([])) + (git_add_repos_group | default([])) }}"
ansible.builtin.include_tasks: git.yml
- name: Enable and start system services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
state: started
scope: system
loop: "{{ (services_system_enabled | default([])) + (services_system_enabled_group | default([])) + (apps_system_services | default([])) }}"
become: true
- name: Install cargo packages
ansible.builtin.include_tasks: cargo.yml
- name: Disable and stop system services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: false
state: stopped
scope: system
loop: "{{ (services_system_disabled | default([])) + (services_system_disabled_group | default([])) }}"
become: true
- name: Deploy app configs
ansible.builtin.include_tasks: configs.yml
- name: Enable and start user services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
state: started
scope: user
loop: "{{ (services_user_enabled | default([])) + (services_user_enabled_group | default([])) + (apps_user_services | default([])) }}"
- name: Disable and stop user services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: false
state: stopped
scope: user
loop: "{{ (services_user_disabled | default([])) + (services_user_disabled_group | default([])) }}"
- name: Enable and start/stop system and user services
ansible.builtin.include_tasks: services.yml

37
roles/apps/tasks/services.yml Normal file
View File

@@ -0,0 +1,37 @@
- name: Enable and start system services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
state: started
scope: system
loop: "{{ ((services_system_enabled | default([])) + (apps_services_system_enabled | default([]))) | unique }}"
become: true
failed_when: false
- name: Disable and stop system services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: false
state: stopped
scope: system
loop: "{{ ((services_system_disabled | default([])) + (apps_services_system_disabled | default([]))) | unique }}"
become: true
failed_when: false
- name: Enable and start user services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
state: started
scope: user
loop: "{{ ((services_user_enabled | default([])) + (apps_services_user_enabled | default([]))) | unique }}"
failed_when: false
- name: Disable and stop user services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: false
state: stopped
scope: user
loop: "{{ ((services_user_disabled | default([])) + (apps_services_user_disabled | default([]))) | unique }}"
failed_when: false

5
roles/apps/zsh-completions.yml
View File

@@ -1,5 +0,0 @@
repos:
- name: zsh-completions
description: zsh-completions from openSUSE
baseurl: https://download.opensuse.org/repositories/shells:zsh-users:zsh-completions/Fedora_Rawhide/
gpgkey: https://download.opensuse.org/repositories/shells:zsh-users:zsh-completions/Fedora_Rawhide/repodata/repomd.xml.key