commit 6f96a5b92057f50924d51b6dfe90235a635486c6
Author: Rene <rene@tantooine.myfirewall.org>
Date:   Tue Feb 23 14:56:56 2021 +0100

    initial commit

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..8b6394a
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,4 @@
+[defaults]
+inventory = hosts
+log_path = /var/log/ansible.log
+retry_files_enabled = False
diff --git a/files/sudoers_ansible b/files/sudoers_ansible
new file mode 100644
index 0000000..bc35fcf
--- /dev/null
+++ b/files/sudoers_ansible
@@ -0,0 +1 @@
+ansible           ALL=NOPASSWD:/usr/bin/ansible-pull
diff --git a/host_vars/TUXEDO-Book-XP1511.universe.local.yml b/host_vars/TUXEDO-Book-XP1511.universe.local.yml
new file mode 100644
index 0000000..104fb3f
--- /dev/null
+++ b/host_vars/TUXEDO-Book-XP1511.universe.local.yml
@@ -0,0 +1,56 @@
+---
+ssh_port: 22
+ssh_users: rene
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: false
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: false
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: true
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false
diff --git a/host_vars/coruscant.universe.local.yml b/host_vars/coruscant.universe.local.yml
new file mode 100644
index 0000000..110972e
--- /dev/null
+++ b/host_vars/coruscant.universe.local.yml
@@ -0,0 +1,36 @@
+---
+branch: master
+
+ansible_cron_minute: "*/5"
+
+ssh_port: 22
+ssh_users: "root rene"
+
+# platform-specific
+microcode_amd_install: false
+microcode_intel_install: true
+
+#purpose selection
+database: true
+dhcpserver: true
+fileserver: true
+mailserver: true
+nameserver: true
+printspooler: true
+proxyserver: true
+webserver: true
+
+#application selection
+borgbackup: true
+broot: true
+docker: false
+pacaur: true
+paru: true
+ranger: true
+syncthing: true
+vifm: true
+yay: false
+
+#shell selection
+zsh: true
+
diff --git a/host_vars/endor.universe.local.yml b/host_vars/endor.universe.local.yml
new file mode 100644
index 0000000..5c05077
--- /dev/null
+++ b/host_vars/endor.universe.local.yml
@@ -0,0 +1,56 @@
+---
+ssh_port: 22
+ssh_users: rene
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: true
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: true
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: false
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false
diff --git a/host_vars/endorvm.universe.local.yml b/host_vars/endorvm.universe.local.yml
new file mode 100644
index 0000000..0549d58
--- /dev/null
+++ b/host_vars/endorvm.universe.local.yml
@@ -0,0 +1,64 @@
+---
+branch: master
+
+ansible_cron_minute: "*/5"
+
+ssh_port: 22
+ssh_users: "root rene"
+
+# platform-specific
+microcode_amd_install: false
+microcode_intel_install: true
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: true
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: true
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: false
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false
diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml
new file mode 100644
index 0000000..358d293
--- /dev/null
+++ b/host_vars/mewimeet.de.yml
@@ -0,0 +1,17 @@
+---
+branch: master
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true
+web_server: true
diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml
new file mode 100644
index 0000000..358d293
--- /dev/null
+++ b/host_vars/mewitoot.de.yml
@@ -0,0 +1,17 @@
+---
+branch: master
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true
+web_server: true
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..9c81349
--- /dev/null
+++ b/hosts
@@ -0,0 +1,9 @@
+[workstation]
+endor.universe.local
+endorvm.universe.local
+tuxedo-book-xp1511.universe.local
+
+[server]
+coruscant.universe.local
+mewimeet.de
+mewitoot.de
diff --git a/local.yml b/local.yml
new file mode 100644
index 0000000..cb07ec6
--- /dev/null
+++ b/local.yml
@@ -0,0 +1,77 @@
+---
+- hosts: all
+  connection: local
+  become: true
+
+  pre_tasks:
+    - name: pre-run | update apt repository (debian, ubuntu, etc.)
+      apt: update_cache=yes
+      changed_when: False
+      when: ansible_distribution in ["Debian", "Ubuntu"]
+    - name: pre-run | update pacman repository (arch)
+      pacman: update_cache=yes
+      changed_when: False
+      when: ansible_distribution == 'Archlinux'
+    - name: pre-run |update portage repository (gentoo)
+      portage:
+        sync: yes
+      when: ansible_distribution == 'Gentoo'
+
+# run roles
+- hosts: all
+  tags: base
+  become: true
+  roles:
+    - base
+
+- hosts: workstation
+  tags: workstation
+  become: true
+  roles:
+    - workstation
+
+- hosts: server
+  tags: server
+  become: true
+  roles:
+    - server
+
+# end of roles; cleanup and reporting
+- hosts: all
+  become: true
+  tasks:
+    - name: cleanup package cache (debian and ubuntu)
+      tags: always
+      apt:
+        autoclean: yes
+      changed_when: false
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
+
+    - name: autoremove orphan packages (debian and ubuntu)
+      tags: always
+      apt:
+        autoremove: yes
+        purge: yes
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
+
+    - name: cleanup package cache (arch)
+      tags: always
+      pacman:
+        autoclean: yes
+      changed_when: false
+      when: ansible_distribution == "Archlinux"
+
+    - name: send completion alert
+      include_tasks: playbooks/send_completion_alert.yml
+      tags: always
+      when:
+        - task_failed is not defined
+
+    - name: send failure alert
+      include_tasks: playbooks/send_failure_alert.yml
+      tags: always
+      when:
+        - task_failed is defined
+        - task_failed == true
+
+# vim: ts=2 sw=2 fdm=indent
diff --git a/os_vars/arch.yml b/os_vars/arch.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/centos.yml b/os_vars/centos.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/debian.yml b/os_vars/debian.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/fedore.yml b/os_vars/fedore.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/gentoo.yml b/os_vars/gentoo.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/leap.yml b/os_vars/leap.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/opensuse.yml b/os_vars/opensuse.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/redhat.yml b/os_vars/redhat.yml
new file mode 100644
index 0000000..e69de29
diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/database/main.yml b/roles/database/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/development/main.yml b/roles/development/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/dhcpserver/main.yml b/roles/dhcpserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/fileserver/main.yml b/roles/fileserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/mailserver/main.yml b/roles/mailserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/mobile/main.yml b/roles/mobile/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/nameserver/main.yml b/roles/nameserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/photo_editing/main.yml b/roles/photo_editing/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/printspooler/main.yml b/roles/printspooler/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/proxyserver/main.yml b/roles/proxyserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/video_editing/main.yml b/roles/video_editing/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/webserver/main.yml b/roles/webserver/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/basetools/main.yml b/tasks/basetools/main.yml
new file mode 100644
index 0000000..4dc9baf
--- /dev/null
+++ b/tasks/basetools/main.yml
@@ -0,0 +1,3 @@
+---
+- name: install basetools
+
diff --git a/tasks/cinnamon/main.yml b/tasks/cinnamon/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/deepin/main.yml b/tasks/deepin/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/gnome/main.yml b/tasks/gnome/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/kde/main.yml b/tasks/kde/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/mate/main.yml b/tasks/mate/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/users/main.yml b/tasks/users/main.yml
new file mode 100644
index 0000000..cfe6754
--- /dev/null
+++ b/tasks/users/main.yml
@@ -0,0 +1,8 @@
+- name: create ansible user
+  user: name=ansible uid=900
+
+- name: copy sudoers_ansible
+  copy: src=files/sudoers_ansible dest=/etc/sudoers.d/ansible owner=root group=root mode=0440
+
+- name: create daily user
+  user: name=rene
diff --git a/tasks/xfce/main.yml b/tasks/xfce/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/zsh/main.yml b/tasks/zsh/main.yml
new file mode 100644
index 0000000..706e459
--- /dev/null
+++ b/tasks/zsh/main.yml
@@ -0,0 +1,9 @@
+zsh
+zsh-autosuggestions
+zsh-completions
+zsh-doc
+zsh-history-substring-search
+zsh-lovers
+zsh-syntax-highlighting
+zsh-theme-powerlevel9k
+zshdb
diff --git a/templates/wlan_auto_toggle.j2 b/templates/wlan_auto_toggle.j2
new file mode 100755
index 0000000..c38835e
--- /dev/null
+++ b/templates/wlan_auto_toggle.j2
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+if [ "$1" = "{{ ansible_default_ipv4.interface }}" ]; then
+    case "$2" in
+        up)
+            nmcli radio wifi off
+            ;;
+        down)
+            nmcli radio wifi on
+            ;;
+    esac
+fi