initial commit

ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+inventory = hosts
+log_path = /var/log/ansible.log
+retry_files_enabled = False

files/sudoers_ansible

@@ -0,0 +1 @@
+ansible           ALL=NOPASSWD:/usr/bin/ansible-pull

host_vars/TUXEDO-Book-XP1511.universe.local.yml

@@ -0,0 +1,56 @@
+---
+ssh_port: 22
+ssh_users: rene
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: false
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: false
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: true
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false

host_vars/coruscant.universe.local.yml

@@ -0,0 +1,36 @@
+---
+branch: master
+
+ansible_cron_minute: "*/5"
+
+ssh_port: 22
+ssh_users: "root rene"
+
+# platform-specific
+microcode_amd_install: false
+microcode_intel_install: true
+
+#purpose selection
+database: true
+dhcpserver: true
+fileserver: true
+mailserver: true
+nameserver: true
+printspooler: true
+proxyserver: true
+webserver: true
+
+#application selection
+borgbackup: true
+broot: true
+docker: false
+pacaur: true
+paru: true
+ranger: true
+syncthing: true
+vifm: true
+yay: false
+
+#shell selection
+zsh: true
+

host_vars/endor.universe.local.yml

@@ -0,0 +1,56 @@
+---
+ssh_port: 22
+ssh_users: rene
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: true
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: true
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: false
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false

host_vars/endorvm.universe.local.yml

@@ -0,0 +1,64 @@
+---
+branch: master
+
+ansible_cron_minute: "*/5"
+
+ssh_port: 22
+ssh_users: "root rene"
+
+# platform-specific
+microcode_amd_install: false
+microcode_intel_install: true
+
+#application selection
+autofs: false
+borgbackup: true
+brave: true
+broot: true
+chromium: true
+docker: false
+firefox: true
+games: true
+gimp: false
+google_chrome: false
+joplin: true
+keepass: true
+keepassxc: true
+libreoffice: true
+midnightcommander: true
+nextcloud_client: true
+nvidia: true
+pacaur: true
+ranger: true
+syncthing: true
+thunderbird: true
+vifm: true
+virtualbox: true
+vivaldi: false
+yay: false
+yubikey: true
+
+#purpose selection
+database: false
+development: true
+dhcpserver: false
+fileserver: false
+mailserver: false
+mobile: false
+nameserver: false
+photo_editing: true
+printspooler: false
+proxyserver: false
+video_editing: true
+webserver: false
+
+#shell selection
+zsh: true
+
+#desktop environment selection
+cinnamon: false
+deepin: false
+gnome: false
+kde: true
+mate: false
+xfce: false

host_vars/mewimeet.de.yml

@@ -0,0 +1,17 @@
+---
+branch: master
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true
+web_server: true

host_vars/mewitoot.de.yml

@@ -0,0 +1,17 @@
+---
+branch: master
+
+ansible_cron_minute: "40"
+ssh_port: 22
+ssh_users: "user1 user2"
+
+# platform-specific
+linode_instance: true
+microcode_amd_install: false
+microcode_intel_install: false
+proxmox_instance: false
+raspberry_pi: false
+
+# server
+unattended_upgrades: true
+web_server: true

hosts

@@ -0,0 +1,9 @@
+[workstation]
+endor.universe.local
+endorvm.universe.local
+tuxedo-book-xp1511.universe.local
+
+[server]
+coruscant.universe.local
+mewimeet.de
+mewitoot.de

local.yml

@@ -0,0 +1,77 @@
+---
+- hosts: all
+  connection: local
+  become: true
+
+  pre_tasks:
+    - name: pre-run | update apt repository (debian, ubuntu, etc.)
+      apt: update_cache=yes
+      changed_when: False
+      when: ansible_distribution in ["Debian", "Ubuntu"]
+    - name: pre-run | update pacman repository (arch)
+      pacman: update_cache=yes
+      changed_when: False
+      when: ansible_distribution == 'Archlinux'
+    - name: pre-run |update portage repository (gentoo)
+      portage:
+        sync: yes
+      when: ansible_distribution == 'Gentoo'
+
+# run roles
+- hosts: all
+  tags: base
+  become: true
+  roles:
+    - base
+
+- hosts: workstation
+  tags: workstation
+  become: true
+  roles:
+    - workstation
+
+- hosts: server
+  tags: server
+  become: true
+  roles:
+    - server
+
+# end of roles; cleanup and reporting
+- hosts: all
+  become: true
+  tasks:
+    - name: cleanup package cache (debian and ubuntu)
+      tags: always
+      apt:
+        autoclean: yes
+      changed_when: false
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
+
+    - name: autoremove orphan packages (debian and ubuntu)
+      tags: always
+      apt:
+        autoremove: yes
+        purge: yes
+      when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
+
+    - name: cleanup package cache (arch)
+      tags: always
+      pacman:
+        autoclean: yes
+      changed_when: false
+      when: ansible_distribution == "Archlinux"
+
+    - name: send completion alert
+      include_tasks: playbooks/send_completion_alert.yml
+      tags: always
+      when:
+        - task_failed is not defined
+
+    - name: send failure alert
+      include_tasks: playbooks/send_failure_alert.yml
+      tags: always
+      when:
+        - task_failed is defined
+        - task_failed == true
+
+# vim: ts=2 sw=2 fdm=indent

tasks/basetools/main.yml

@@ -0,0 +1,3 @@
+---
+- name: install basetools
+

tasks/users/main.yml

@@ -0,0 +1,8 @@
+- name: create ansible user
+  user: name=ansible uid=900
+
+- name: copy sudoers_ansible
+  copy: src=files/sudoers_ansible dest=/etc/sudoers.d/ansible owner=root group=root mode=0440
+
+- name: create daily user
+  user: name=rene

tasks/zsh/main.yml

@@ -0,0 +1,9 @@
+zsh
+zsh-autosuggestions
+zsh-completions
+zsh-doc
+zsh-history-substring-search
+zsh-lovers
+zsh-syntax-highlighting
+zsh-theme-powerlevel9k
+zshdb

templates/wlan_auto_toggle.j2

@@ -0,0 +1,12 @@
+#! /bin/sh
+
+if [ "$1" = "{{ ansible_default_ipv4.interface }}" ]; then
+    case "$2" in
+        up)
+            nmcli radio wifi off
+            ;;
+        down)
+            nmcli radio wifi on
+            ;;
+    esac
+fi