├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── computer.yml ├── img ├── classic.png └── ide.png ├── requirements.txt ├── requirements.yml ├── roles ├── dotfiles │ ├── files │ │ ├── .tmux.conf │ │ ├── .vimrc │ │ ├── .zshrc │ │ ├── config.kdl │ │ └── starship.toml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── gitconfig.j2 ├── gnome │ ├── files │ │ └── wallpaper.jpg │ ├── tasks │ │ ├── dconf.yml │ │ ├── fonts.yml │ │ ├── main.yml │ │ └── theme.yml │ └── vars │ │ └── main.yml ├── packages │ ├── files │ │ └── firefox.desktop │ ├── tasks │ │ ├── asdf.yml │ │ ├── firefox.yml │ │ ├── main.yml │ │ ├── neovim.yml │ │ └── vagrant.yml │ └── vars │ │ └── main.yml ├── security │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── file_perm.yml │ │ ├── main.yml │ │ ├── pam.yml │ │ ├── profil.yml │ │ ├── rkhunter.yml │ │ └── sysctl.yml │ └── templates │ │ └── rkhunter.conf.j2 ├── system │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── dns.yml │ │ └── main.yml │ └── templates │ │ └── resolv.conf.j2 └── user │ └── tasks │ └── main.yml └── vars ├── packages.yml ├── system.yml └── user.yml /.gitignore: -------------------------------------------------------------------------------- 1 | ansible.retry 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | # GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 [Free Software Foundation, Inc.](http://fsf.org/) 5 | 6 | Everyone is permitted to copy and distribute verbatim copies of this license 7 | document, but changing it is not allowed. 8 | 9 | ## Preamble 10 | 11 | The GNU General Public License is a free, copyleft license for software and 12 | other kinds of works. 13 | 14 | The licenses for most software and other practical works are designed to take 15 | away your freedom to share and change the works. By contrast, the GNU General 16 | Public License is intended to guarantee your freedom to share and change all 17 | versions of a program--to make sure it remains free software for all its users. 18 | We, the Free Software Foundation, use the GNU General Public License for most 19 | of our software; it applies also to any other work released this way by its 20 | authors. You can apply it to your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not price. Our 23 | General Public Licenses are designed to make sure that you have the freedom to 24 | distribute copies of free software (and charge for them if you wish), that you 25 | receive source code or can get it if you want it, that you can change the 26 | software or use pieces of it in new free programs, and that you know you can do 27 | these things. 28 | 29 | To protect your rights, we need to prevent others from denying you these rights 30 | or asking you to surrender the rights. Therefore, you have certain 31 | responsibilities if you distribute copies of the software, or if you modify it: 32 | responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether gratis or for 35 | a fee, you must pass on to the recipients the same freedoms that you received. 36 | You must make sure that they, too, receive or can get the source code. And you 37 | must show them these terms so they know their rights. 38 | 39 | Developers that use the GNU GPL protect your rights with two steps: 40 | 41 | 1. assert copyright on the software, and 42 | 2. offer you this License giving you legal permission to copy, distribute 43 | and/or modify it. 44 | 45 | For the developers' and authors' protection, the GPL clearly explains that 46 | there is no warranty for this free software. For both users' and authors' sake, 47 | the GPL requires that modified versions be marked as changed, so that their 48 | problems will not be attributed erroneously to authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run modified 51 | versions of the software inside them, although the manufacturer can do so. This 52 | is fundamentally incompatible with the aim of protecting users' freedom to 53 | change the software. The systematic pattern of such abuse occurs in the area of 54 | products for individuals to use, which is precisely where it is most 55 | unacceptable. Therefore, we have designed this version of the GPL to prohibit 56 | the practice for those products. If such problems arise substantially in other 57 | domains, we stand ready to extend this provision to those domains in future 58 | versions of the GPL, as needed to protect the freedom of users. 59 | 60 | Finally, every program is threatened constantly by software patents. States 61 | should not allow patents to restrict development and use of software on 62 | general-purpose computers, but in those that do, we wish to avoid the special 63 | danger that patents applied to a free program could make it effectively 64 | proprietary. To prevent this, the GPL assures that patents cannot be used to 65 | render the program non-free. 66 | 67 | The precise terms and conditions for copying, distribution and modification 68 | follow. 69 | 70 | ## TERMS AND CONDITIONS 71 | 72 | ### 0. Definitions. 73 | 74 | *This License* refers to version 3 of the GNU General Public License. 75 | 76 | *Copyright* also means copyright-like laws that apply to other kinds of works, 77 | such as semiconductor masks. 78 | 79 | *The Program* refers to any copyrightable work licensed under this License. 80 | Each licensee is addressed as *you*. *Licensees* and *recipients* may be 81 | individuals or organizations. 82 | 83 | To *modify* a work means to copy from or adapt all or part of the work in a 84 | fashion requiring copyright permission, other than the making of an exact copy. 85 | The resulting work is called a *modified version* of the earlier work or a work 86 | *based on* the earlier work. 87 | 88 | A *covered work* means either the unmodified Program or a work based on the 89 | Program. 90 | 91 | To *propagate* a work means to do anything with it that, without permission, 92 | would make you directly or secondarily liable for infringement under applicable 93 | copyright law, except executing it on a computer or modifying a private copy. 94 | Propagation includes copying, distribution (with or without modification), 95 | making available to the public, and in some countries other activities as well. 96 | 97 | To *convey* a work means any kind of propagation that enables other parties to 98 | make or receive copies. Mere interaction with a user through a computer 99 | network, with no transfer of a copy, is not conveying. 100 | 101 | An interactive user interface displays *Appropriate Legal Notices* to the 102 | extent that it includes a convenient and prominently visible feature that 103 | 104 | 1. displays an appropriate copyright notice, and 105 | 2. tells the user that there is no warranty for the work (except to the 106 | extent that warranties are provided), that licensees may convey the work 107 | under this License, and how to view a copy of this License. 108 | 109 | If the interface presents a list of user commands or options, such as a menu, a 110 | prominent item in the list meets this criterion. 111 | 112 | ### 1. Source Code. 113 | 114 | The *source code* for a work means the preferred form of the work for making 115 | modifications to it. *Object code* means any non-source form of a work. 116 | 117 | A *Standard Interface* means an interface that either is an official standard 118 | defined by a recognized standards body, or, in the case of interfaces specified 119 | for a particular programming language, one that is widely used among developers 120 | working in that language. 121 | 122 | The *System Libraries* of an executable work include anything, other than the 123 | work as a whole, that (a) is included in the normal form of packaging a Major 124 | Component, but which is not part of that Major Component, and (b) serves only 125 | to enable use of the work with that Major Component, or to implement a Standard 126 | Interface for which an implementation is available to the public in source code 127 | form. A *Major Component*, in this context, means a major essential component 128 | (kernel, window system, and so on) of the specific operating system (if any) on 129 | which the executable work runs, or a compiler used to produce the work, or an 130 | object code interpreter used to run it. 131 | 132 | The *Corresponding Source* for a work in object code form means all the source 133 | code needed to generate, install, and (for an executable work) run the object 134 | code and to modify the work, including scripts to control those activities. 135 | However, it does not include the work's System Libraries, or general-purpose 136 | tools or generally available free programs which are used unmodified in 137 | performing those activities but which are not part of the work. For example, 138 | Corresponding Source includes interface definition files associated with source 139 | files for the work, and the source code for shared libraries and dynamically 140 | linked subprograms that the work is specifically designed to require, such as 141 | by intimate data communication or control flow between those subprograms and 142 | other parts of the work. 143 | 144 | The Corresponding Source need not include anything that users can regenerate 145 | automatically from other parts of the Corresponding Source. 146 | 147 | The Corresponding Source for a work in source code form is that same work. 148 | 149 | ### 2. Basic Permissions. 150 | 151 | All rights granted under this License are granted for the term of copyright on 152 | the Program, and are irrevocable provided the stated conditions are met. This 153 | License explicitly affirms your unlimited permission to run the unmodified 154 | Program. The output from running a covered work is covered by this License only 155 | if the output, given its content, constitutes a covered work. This License 156 | acknowledges your rights of fair use or other equivalent, as provided by 157 | copyright law. 158 | 159 | You may make, run and propagate covered works that you do not convey, without 160 | conditions so long as your license otherwise remains in force. You may convey 161 | covered works to others for the sole purpose of having them make modifications 162 | exclusively for you, or provide you with facilities for running those works, 163 | provided that you comply with the terms of this License in conveying all 164 | material for which you do not control copyright. Those thus making or running 165 | the covered works for you must do so exclusively on your behalf, under your 166 | direction and control, on terms that prohibit them from making any copies of 167 | your copyrighted material outside their relationship with you. 168 | 169 | Conveying under any other circumstances is permitted solely under the 170 | conditions stated below. Sublicensing is not allowed; section 10 makes it 171 | unnecessary. 172 | 173 | ### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 174 | 175 | No covered work shall be deemed part of an effective technological measure 176 | under any applicable law fulfilling obligations under article 11 of the WIPO 177 | copyright treaty adopted on 20 December 1996, or similar laws prohibiting or 178 | restricting circumvention of such measures. 179 | 180 | When you convey a covered work, you waive any legal power to forbid 181 | circumvention of technological measures to the extent such circumvention is 182 | effected by exercising rights under this License with respect to the covered 183 | work, and you disclaim any intention to limit operation or modification of the 184 | work as a means of enforcing, against the work's users, your or third parties' 185 | legal rights to forbid circumvention of technological measures. 186 | 187 | ### 4. Conveying Verbatim Copies. 188 | 189 | You may convey verbatim copies of the Program's source code as you receive it, 190 | in any medium, provided that you conspicuously and appropriately publish on 191 | each copy an appropriate copyright notice; keep intact all notices stating that 192 | this License and any non-permissive terms added in accord with section 7 apply 193 | to the code; keep intact all notices of the absence of any warranty; and give 194 | all recipients a copy of this License along with the Program. 195 | 196 | You may charge any price or no price for each copy that you convey, and you may 197 | offer support or warranty protection for a fee. 198 | 199 | ### 5. Conveying Modified Source Versions. 200 | 201 | You may convey a work based on the Program, or the modifications to produce it 202 | from the Program, in the form of source code under the terms of section 4, 203 | provided that you also meet all of these conditions: 204 | 205 | - a) The work must carry prominent notices stating that you modified it, and 206 | giving a relevant date. 207 | - b) The work must carry prominent notices stating that it is released under 208 | this License and any conditions added under section 7. This requirement 209 | modifies the requirement in section 4 to *keep intact all notices*. 210 | - c) You must license the entire work, as a whole, under this License to 211 | anyone who comes into possession of a copy. This License will therefore 212 | apply, along with any applicable section 7 additional terms, to the whole 213 | of the work, and all its parts, regardless of how they are packaged. This 214 | License gives no permission to license the work in any other way, but it 215 | does not invalidate such permission if you have separately received it. 216 | - d) If the work has interactive user interfaces, each must display 217 | Appropriate Legal Notices; however, if the Program has interactive 218 | interfaces that do not display Appropriate Legal Notices, your work need 219 | not make them do so. 220 | 221 | A compilation of a covered work with other separate and independent works, 222 | which are not by their nature extensions of the covered work, and which are not 223 | combined with it such as to form a larger program, in or on a volume of a 224 | storage or distribution medium, is called an *aggregate* if the compilation and 225 | its resulting copyright are not used to limit the access or legal rights of the 226 | compilation's users beyond what the individual works permit. Inclusion of a 227 | covered work in an aggregate does not cause this License to apply to the other 228 | parts of the aggregate. 229 | 230 | ### 6. Conveying Non-Source Forms. 231 | 232 | You may convey a covered work in object code form under the terms of sections 4 233 | and 5, provided that you also convey the machine-readable Corresponding Source 234 | under the terms of this License, in one of these ways: 235 | 236 | - a) Convey the object code in, or embodied in, a physical product (including 237 | a physical distribution medium), accompanied by the Corresponding Source 238 | fixed on a durable physical medium customarily used for software 239 | interchange. 240 | - b) Convey the object code in, or embodied in, a physical product (including 241 | a physical distribution medium), accompanied by a written offer, valid for 242 | at least three years and valid for as long as you offer spare parts or 243 | customer support for that product model, to give anyone who possesses the 244 | object code either 245 | 1. a copy of the Corresponding Source for all the software in the product 246 | that is covered by this License, on a durable physical medium 247 | customarily used for software interchange, for a price no more than your 248 | reasonable cost of physically performing this conveying of source, or 249 | 2. access to copy the Corresponding Source from a network server at no 250 | charge. 251 | - c) Convey individual copies of the object code with a copy of the written 252 | offer to provide the Corresponding Source. This alternative is allowed only 253 | occasionally and noncommercially, and only if you received the object code 254 | with such an offer, in accord with subsection 6b. 255 | - d) Convey the object code by offering access from a designated place 256 | (gratis or for a charge), and offer equivalent access to the Corresponding 257 | Source in the same way through the same place at no further charge. You 258 | need not require recipients to copy the Corresponding Source along with the 259 | object code. If the place to copy the object code is a network server, the 260 | Corresponding Source may be on a different server operated by you or a 261 | third party) that supports equivalent copying facilities, provided you 262 | maintain clear directions next to the object code saying where to find the 263 | Corresponding Source. Regardless of what server hosts the Corresponding 264 | Source, you remain obligated to ensure that it is available for as long as 265 | needed to satisfy these requirements. 266 | - e) Convey the object code using peer-to-peer transmission, provided you 267 | inform other peers where the object code and Corresponding Source of the 268 | work are being offered to the general public at no charge under subsection 269 | 6d. 270 | 271 | A separable portion of the object code, whose source code is excluded from the 272 | Corresponding Source as a System Library, need not be included in conveying the 273 | object code work. 274 | 275 | A *User Product* is either 276 | 277 | 1. a *consumer product*, which means any tangible personal property which is 278 | normally used for personal, family, or household purposes, or 279 | 2. anything designed or sold for incorporation into a dwelling. 280 | 281 | In determining whether a product is a consumer product, doubtful cases shall be 282 | resolved in favor of coverage. For a particular product received by a 283 | particular user, *normally used* refers to a typical or common use of that 284 | class of product, regardless of the status of the particular user or of the way 285 | in which the particular user actually uses, or expects or is expected to use, 286 | the product. A product is a consumer product regardless of whether the product 287 | has substantial commercial, industrial or non-consumer uses, unless such uses 288 | represent the only significant mode of use of the product. 289 | 290 | *Installation Information* for a User Product means any methods, procedures, 291 | authorization keys, or other information required to install and execute 292 | modified versions of a covered work in that User Product from a modified 293 | version of its Corresponding Source. The information must suffice to ensure 294 | that the continued functioning of the modified object code is in no case 295 | prevented or interfered with solely because modification has been made. 296 | 297 | If you convey an object code work under this section in, or with, or 298 | specifically for use in, a User Product, and the conveying occurs as part of a 299 | transaction in which the right of possession and use of the User Product is 300 | transferred to the recipient in perpetuity or for a fixed term (regardless of 301 | how the transaction is characterized), the Corresponding Source conveyed under 302 | this section must be accompanied by the Installation Information. But this 303 | requirement does not apply if neither you nor any third party retains the 304 | ability to install modified object code on the User Product (for example, the 305 | work has been installed in ROM). 306 | 307 | The requirement to provide Installation Information does not include a 308 | requirement to continue to provide support service, warranty, or updates for a 309 | work that has been modified or installed by the recipient, or for the User 310 | Product in which it has been modified or installed. Access to a network may be 311 | denied when the modification itself materially and adversely affects the 312 | operation of the network or violates the rules and protocols for communication 313 | across the network. 314 | 315 | Corresponding Source conveyed, and Installation Information provided, in accord 316 | with this section must be in a format that is publicly documented (and with an 317 | implementation available to the public in source code form), and must require 318 | no special password or key for unpacking, reading or copying. 319 | 320 | ### 7. Additional Terms. 321 | 322 | *Additional permissions* are terms that supplement the terms of this License by 323 | making exceptions from one or more of its conditions. Additional permissions 324 | that are applicable to the entire Program shall be treated as though they were 325 | included in this License, to the extent that they are valid under applicable 326 | law. If additional permissions apply only to part of the Program, that part may 327 | be used separately under those permissions, but the entire Program remains 328 | governed by this License without regard to the additional permissions. 329 | 330 | When you convey a copy of a covered work, you may at your option remove any 331 | additional permissions from that copy, or from any part of it. (Additional 332 | permissions may be written to require their own removal in certain cases when 333 | you modify the work.) You may place additional permissions on material, added 334 | by you to a covered work, for which you have or can give appropriate copyright 335 | permission. 336 | 337 | Notwithstanding any other provision of this License, for material you add to a 338 | covered work, you may (if authorized by the copyright holders of that material) 339 | supplement the terms of this License with terms: 340 | 341 | - a) Disclaiming warranty or limiting liability differently from the terms of 342 | sections 15 and 16 of this License; or 343 | - b) Requiring preservation of specified reasonable legal notices or author 344 | attributions in that material or in the Appropriate Legal Notices displayed 345 | by works containing it; or 346 | - c) Prohibiting misrepresentation of the origin of that material, or 347 | requiring that modified versions of such material be marked in reasonable 348 | ways as different from the original version; or 349 | - d) Limiting the use for publicity purposes of names of licensors or authors 350 | of the material; or 351 | - e) Declining to grant rights under trademark law for use of some trade 352 | names, trademarks, or service marks; or 353 | - f) Requiring indemnification of licensors and authors of that material by 354 | anyone who conveys the material (or modified versions of it) with 355 | contractual assumptions of liability to the recipient, for any liability 356 | that these contractual assumptions directly impose on those licensors and 357 | authors. 358 | 359 | All other non-permissive additional terms are considered *further restrictions* 360 | within the meaning of section 10. If the Program as you received it, or any 361 | part of it, contains a notice stating that it is governed by this License along 362 | with a term that is a further restriction, you may remove that term. If a 363 | license document contains a further restriction but permits relicensing or 364 | conveying under this License, you may add to a covered work material governed 365 | by the terms of that license document, provided that the further restriction 366 | does not survive such relicensing or conveying. 367 | 368 | If you add terms to a covered work in accord with this section, you must place, 369 | in the relevant source files, a statement of the additional terms that apply to 370 | those files, or a notice indicating where to find the applicable terms. 371 | 372 | Additional terms, permissive or non-permissive, may be stated in the form of a 373 | separately written license, or stated as exceptions; the above requirements 374 | apply either way. 375 | 376 | ### 8. Termination. 377 | 378 | You may not propagate or modify a covered work except as expressly provided 379 | under this License. Any attempt otherwise to propagate or modify it is void, 380 | and will automatically terminate your rights under this License (including any 381 | patent licenses granted under the third paragraph of section 11). 382 | 383 | However, if you cease all violation of this License, then your license from a 384 | particular copyright holder is reinstated 385 | 386 | - a) provisionally, unless and until the copyright holder explicitly and 387 | finally terminates your license, and 388 | - b) permanently, if the copyright holder fails to notify you of the 389 | violation by some reasonable means prior to 60 days after the cessation. 390 | 391 | Moreover, your license from a particular copyright holder is reinstated 392 | permanently if the copyright holder notifies you of the violation by some 393 | reasonable means, this is the first time you have received notice of violation 394 | of this License (for any work) from that copyright holder, and you cure the 395 | violation prior to 30 days after your receipt of the notice. 396 | 397 | Termination of your rights under this section does not terminate the licenses 398 | of parties who have received copies or rights from you under this License. If 399 | your rights have been terminated and not permanently reinstated, you do not 400 | qualify to receive new licenses for the same material under section 10. 401 | 402 | ### 9. Acceptance Not Required for Having Copies. 403 | 404 | You are not required to accept this License in order to receive or run a copy 405 | of the Program. Ancillary propagation of a covered work occurring solely as a 406 | consequence of using peer-to-peer transmission to receive a copy likewise does 407 | not require acceptance. However, nothing other than this License grants you 408 | permission to propagate or modify any covered work. These actions infringe 409 | copyright if you do not accept this License. Therefore, by modifying or 410 | propagating a covered work, you indicate your acceptance of this License to do 411 | so. 412 | 413 | ### 10. Automatic Licensing of Downstream Recipients. 414 | 415 | Each time you convey a covered work, the recipient automatically receives a 416 | license from the original licensors, to run, modify and propagate that work, 417 | subject to this License. You are not responsible for enforcing compliance by 418 | third parties with this License. 419 | 420 | An *entity transaction* is a transaction transferring control of an 421 | organization, or substantially all assets of one, or subdividing an 422 | organization, or merging organizations. If propagation of a covered work 423 | results from an entity transaction, each party to that transaction who receives 424 | a copy of the work also receives whatever licenses to the work the party's 425 | predecessor in interest had or could give under the previous paragraph, plus a 426 | right to possession of the Corresponding Source of the work from the 427 | predecessor in interest, if the predecessor has it or can get it with 428 | reasonable efforts. 429 | 430 | You may not impose any further restrictions on the exercise of the rights 431 | granted or affirmed under this License. For example, you may not impose a 432 | license fee, royalty, or other charge for exercise of rights granted under this 433 | License, and you may not initiate litigation (including a cross-claim or 434 | counterclaim in a lawsuit) alleging that any patent claim is infringed by 435 | making, using, selling, offering for sale, or importing the Program or any 436 | portion of it. 437 | 438 | ### 11. Patents. 439 | 440 | A *contributor* is a copyright holder who authorizes use under this License of 441 | the Program or a work on which the Program is based. The work thus licensed is 442 | called the contributor's *contributor version*. 443 | 444 | A contributor's *essential patent claims* are all patent claims owned or 445 | controlled by the contributor, whether already acquired or hereafter acquired, 446 | that would be infringed by some manner, permitted by this License, of making, 447 | using, or selling its contributor version, but do not include claims that would 448 | be infringed only as a consequence of further modification of the contributor 449 | version. For purposes of this definition, *control* includes the right to grant 450 | patent sublicenses in a manner consistent with the requirements of this 451 | License. 452 | 453 | Each contributor grants you a non-exclusive, worldwide, royalty-free patent 454 | license under the contributor's essential patent claims, to make, use, sell, 455 | offer for sale, import and otherwise run, modify and propagate the contents of 456 | its contributor version. 457 | 458 | In the following three paragraphs, a *patent license* is any express agreement 459 | or commitment, however denominated, not to enforce a patent (such as an express 460 | permission to practice a patent or covenant not to sue for patent 461 | infringement). To *grant* such a patent license to a party means to make such 462 | an agreement or commitment not to enforce a patent against the party. 463 | 464 | If you convey a covered work, knowingly relying on a patent license, and the 465 | Corresponding Source of the work is not available for anyone to copy, free of 466 | charge and under the terms of this License, through a publicly available 467 | network server or other readily accessible means, then you must either 468 | 469 | 1. cause the Corresponding Source to be so available, or 470 | 2. arrange to deprive yourself of the benefit of the patent license for this 471 | particular work, or 472 | 3. arrange, in a manner consistent with the requirements of this License, to 473 | extend the patent license to downstream recipients. 474 | 475 | *Knowingly relying* means you have actual knowledge that, but for the patent 476 | license, your conveying the covered work in a country, or your recipient's use 477 | of the covered work in a country, would infringe one or more identifiable 478 | patents in that country that you have reason to believe are valid. 479 | 480 | If, pursuant to or in connection with a single transaction or arrangement, you 481 | convey, or propagate by procuring conveyance of, a covered work, and grant a 482 | patent license to some of the parties receiving the covered work authorizing 483 | them to use, propagate, modify or convey a specific copy of the covered work, 484 | then the patent license you grant is automatically extended to all recipients 485 | of the covered work and works based on it. 486 | 487 | A patent license is *discriminatory* if it does not include within the scope of 488 | its coverage, prohibits the exercise of, or is conditioned on the non-exercise 489 | of one or more of the rights that are specifically granted under this License. 490 | You may not convey a covered work if you are a party to an arrangement with a 491 | third party that is in the business of distributing software, under which you 492 | make payment to the third party based on the extent of your activity of 493 | conveying the work, and under which the third party grants, to any of the 494 | parties who would receive the covered work from you, a discriminatory patent 495 | license 496 | 497 | - a) in connection with copies of the covered work conveyed by you (or copies 498 | made from those copies), or 499 | - b) primarily for and in connection with specific products or compilations 500 | that contain the covered work, unless you entered into that arrangement, or 501 | that patent license was granted, prior to 28 March 2007. 502 | 503 | Nothing in this License shall be construed as excluding or limiting any implied 504 | license or other defenses to infringement that may otherwise be available to 505 | you under applicable patent law. 506 | 507 | ### 12. No Surrender of Others' Freedom. 508 | 509 | If conditions are imposed on you (whether by court order, agreement or 510 | otherwise) that contradict the conditions of this License, they do not excuse 511 | you from the conditions of this License. If you cannot convey a covered work so 512 | as to satisfy simultaneously your obligations under this License and any other 513 | pertinent obligations, then as a consequence you may not convey it at all. For 514 | example, if you agree to terms that obligate you to collect a royalty for 515 | further conveying from those to whom you convey the Program, the only way you 516 | could satisfy both those terms and this License would be to refrain entirely 517 | from conveying the Program. 518 | 519 | ### 13. Use with the GNU Affero General Public License. 520 | 521 | Notwithstanding any other provision of this License, you have permission to 522 | link or combine any covered work with a work licensed under version 3 of the 523 | GNU Affero General Public License into a single combined work, and to convey 524 | the resulting work. The terms of this License will continue to apply to the 525 | part which is the covered work, but the special requirements of the GNU Affero 526 | General Public License, section 13, concerning interaction through a network 527 | will apply to the combination as such. 528 | 529 | ### 14. Revised Versions of this License. 530 | 531 | The Free Software Foundation may publish revised and/or new versions of the GNU 532 | General Public License from time to time. Such new versions will be similar in 533 | spirit to the present version, but may differ in detail to address new problems 534 | or concerns. 535 | 536 | Each version is given a distinguishing version number. If the Program specifies 537 | that a certain numbered version of the GNU General Public License *or any later 538 | version* applies to it, you have the option of following the terms and 539 | conditions either of that numbered version or of any later version published by 540 | the Free Software Foundation. If the Program does not specify a version number 541 | of the GNU General Public License, you may choose any version ever published by 542 | the Free Software Foundation. 543 | 544 | If the Program specifies that a proxy can decide which future versions of the 545 | GNU General Public License can be used, that proxy's public statement of 546 | acceptance of a version permanently authorizes you to choose that version for 547 | the Program. 548 | 549 | Later license versions may give you additional or different permissions. 550 | However, no additional obligations are imposed on any author or copyright 551 | holder as a result of your choosing to follow a later version. 552 | 553 | ### 15. Disclaimer of Warranty. 554 | 555 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE 556 | LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER 557 | PARTIES PROVIDE THE PROGRAM *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER 558 | EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 559 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE 560 | QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE 561 | DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR 562 | CORRECTION. 563 | 564 | ### 16. Limitation of Liability. 565 | 566 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY 567 | COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS 568 | PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, 569 | INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE 570 | THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED 571 | INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE 572 | PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY 573 | HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 574 | 575 | ### 17. Interpretation of Sections 15 and 16. 576 | 577 | If the disclaimer of warranty and limitation of liability provided above cannot 578 | be given local legal effect according to their terms, reviewing courts shall 579 | apply local law that most closely approximates an absolute waiver of all civil 580 | liability in connection with the Program, unless a warranty or assumption of 581 | liability accompanies a copy of the Program in return for a fee. 582 | 583 | ## END OF TERMS AND CONDITIONS ### 584 | 585 | ### How to Apply These Terms to Your New Programs 586 | 587 | If you develop a new program, and you want it to be of the greatest possible 588 | use to the public, the best way to achieve this is to make it free software 589 | which everyone can redistribute and change under these terms. 590 | 591 | To do so, attach the following notices to the program. It is safest to attach 592 | them to the start of each source file to most effectively state the exclusion 593 | of warranty; and each file should have at least the *copyright* line and a 594 | pointer to where the full notice is found. 595 | 596 | 597 | Copyright (C) 598 | 599 | This program is free software: you can redistribute it and/or modify 600 | it under the terms of the GNU General Public License as published by 601 | the Free Software Foundation, either version 3 of the License, or 602 | (at your option) any later version. 603 | 604 | This program is distributed in the hope that it will be useful, 605 | but WITHOUT ANY WARRANTY; without even the implied warranty of 606 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 607 | GNU General Public License for more details. 608 | 609 | You should have received a copy of the GNU General Public License 610 | along with this program. If not, see . 611 | 612 | Also add information on how to contact you by electronic and paper mail. 613 | 614 | If the program does terminal interaction, make it output a short notice like 615 | this when it starts in an interactive mode: 616 | 617 | Copyright (C) 618 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 619 | This is free software, and you are welcome to redistribute it 620 | under certain conditions; type `show c' for details. 621 | 622 | The hypothetical commands `show w` and `show c` should show the appropriate 623 | parts of the General Public License. Of course, your program's commands might 624 | be different; for a GUI interface, you would use an *about box*. 625 | 626 | You should also get your employer (if you work as a programmer) or school, if 627 | any, to sign a *copyright disclaimer* for the program, if necessary. For more 628 | information on this, and how to apply and follow the GNU GPL, see 629 | [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/). 630 | 631 | The GNU General Public License does not permit incorporating your program into 632 | proprietary programs. If your program is a subroutine library, you may consider 633 | it more useful to permit linking proprietary applications with the library. If 634 | this is what you want to do, use the GNU Lesser General Public License instead 635 | of this License. But first, please read 636 | [http://www.gnu.org/philosophy/why-not-lgpl.html](http://www.gnu.org/philosophy/why-not-lgpl.html). 637 | 638 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | firstrun: 2 | init full 3 | 4 | init: 5 | apt update && apt install python3 python3-pip3 6 | pip3 install -r requirements.txt 7 | ansible-galaxy install -r requirements.yml 8 | 9 | gnome-theme: 10 | mkdir -p ~/Projets/Github/ 11 | git clone git@github.com:imarkoff/Marble-shell-theme.git ~/Projets/Github/ 12 | python ~/Projets/Github/Marble-shell-theme/install.py -a --filled 13 | 14 | pass: 15 | curl -sSL https://codeberg.org/PassFF/passff-host/releases/download/latest/install_host_app.sh | bash -s -- firefox 16 | 17 | dry-run-full: 18 | ansible-playbook computer.yml --check --tags all 19 | 20 | debug: 21 | ansible-playbook -vvv computer.yml --tags all 22 | 23 | full: 24 | ansible-playbook computer.yml --tags all 25 | 26 | firefox: 27 | ansible-playbook computer.yml --tags firefox 28 | 29 | upgrade: 30 | ansible-playbook computer.yml --tags "firefox,upgrade,neovim" 31 | 32 | neovim: 33 | ansible-playbook computer.yml --tags "neovim" 34 | 35 | asdf: 36 | ansible-playbook computer.yml --tags "asdf" 37 | 38 | dotfiles: 39 | ansible-playbook computer.yml --tags dotfiles 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # My system configuration 2 | 3 | This repository contains my personal desktop and laptop configurations, showcasing a clean and efficient setup for development and daily use. 4 | 5 | ## 📸 Screenshots 6 | 7 | ![View from classic desktop](./img/classic.png) 8 | ![View from IDE desktop](./img/ide.png) 9 | 10 | ## 🛠️ Setup Details 11 | 12 | - **Operating System**: Debian Testing 🍥 13 | - **Desktop Environment**: GNOME 14 | - **Theme**: Light theme [Marble](https://github.com/imarkoff/Marble-shell-theme) 15 | 16 | ## 🧰 Development Tools 17 | 18 | - **Text Editor**: [Neovim](https://www.damyr.fr/posts/neovim/) 19 | - **Terminal Multiplexer**: [Zellij](https://www.damyr.fr/posts/zellij/) 20 | - **Web Browser**: Firefox (not ESR) 21 | - **Secret manager**: [Pass](https://www.damyr.fr/posts/passwordmanager/) 22 | 23 | ## 📁 Repository Structure 24 | 25 | All my configuration is split on 6 Ansible roles, and somes pre steps on Makefile. 26 | 27 | ``` 28 | ├── computer.yml # main Ansible playbook 29 | ├── LICENSE 30 | ├── Makefile # Makefile with first steps and shortcut for Ansible Tags 31 | ├── README.md # <--- You are here 32 | ├── requirements.txt 33 | ├── requirements.yml 34 | ├── roles 35 | │   ├── dotfiles # Managing all dotfiles conf (Neovim is clone from another Github project) 36 | │   ├── gnome # Setup all my Gnome, theme and stuff 37 | │   ├── packages # Install all my tools with apt and asdf 38 | │   ├── security # some specific parameters 39 | │   ├── system # Global settings 40 | │   └── user # Manage user and stuff 41 | └── vars 42 | ├── packages.yml 43 | ├── system.yml 44 | └── user.yml 45 | ``` 46 | 47 | ## 🚀 My process 48 | 49 | 1. Install base: 50 | ``` 51 | apt update && apt -y install git 52 | ``` 53 | 1. Clone this repository: 54 | ``` 55 | git clone git@github.com:DamyrFr/ansible-personal-computer.git 56 | ``` 57 | 3. Run all 58 | ``` 59 | make firstrun 60 | ``` 61 | 62 | ## 🔗 Related Projects 63 | 64 | - [My Neovim Configuration](https://github.com/yourusername/neovim-config): A separate repository containing all my Neovim configuration files and plugins. 65 | - [My NixOS configuration](https://github.com/DamyrFr/MyNixOSConfig) : I have a NixOS system, and I have start to migrate this on Nix so you will find a part of all this on it. 66 | 67 | ## 📄 License 68 | 69 | Big thanks to [Kelly Sikkema](https://unsplash.com/fr/@kellysikkema) for the [wallpaper](https://unsplash.com/fr/photos/boutons-floraux-roses-dans-une-lentille-a-bascule-Gxzgc6OJjlo). 70 | 71 | This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. Feel free to use it, not all is perfect, but work pretty well. 72 | -------------------------------------------------------------------------------- /computer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | 5 | vars_files: 6 | - vars/user.yml 7 | - vars/packages.yml 8 | - vars/system.yml 9 | 10 | roles: 11 | - system 12 | - user 13 | - packages 14 | - dotfiles 15 | - security 16 | - include_role: 17 | name: gnome 18 | when: gui == true 19 | -------------------------------------------------------------------------------- /img/classic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DamyrFr/ansible-personal-computer/6123a6a45cfd44caf23ba9928b47c1ea16c1ca24/img/classic.png -------------------------------------------------------------------------------- /img/ide.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DamyrFr/ansible-personal-computer/6123a6a45cfd44caf23ba9928b47c1ea16c1ca24/img/ide.png -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible>=6.0.0 2 | ansible-core>=2.13.1 3 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - ansible.posix 4 | -------------------------------------------------------------------------------- /roles/dotfiles/files/.tmux.conf: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------ 2 | # DEFAULT CONFIGURATION 3 | #------------------------------------------------------------------------------ 4 | # default colors configuration (needed for vim) 5 | set -g default-terminal "screen-256color" 6 | set -g @colors-solarized 'dark' 7 | #set -g default-command /bin/zsh 8 | set -g default-shell /bin/zsh 9 | #set history-limit 10 | set -g history-limit 10000 11 | # more time to view numbers 12 | set -g display-panes-time 5000 13 | # windows starts at 1 14 | set -g base-index 1 15 | # display messages for a second 16 | set -g display-time 2000 17 | # prevent tmux to rename windows 18 | # Set window notifications 19 | set-window-option -g monitor-activity off 20 | set -g visual-activity off 21 | #------------------------------------------------------------------------------ 22 | # SHORTCUTS 23 | #------------------------------------------------------------------------------ 24 | # changing default prefix to CTRL+a 25 | set -g mouse on 26 | set -g prefix C-a 27 | unbind C-b 28 | bind C-a send-prefix 29 | #changing default binds for splitting 30 | unbind % 31 | unbind '"' 32 | #rebind copy-mode 33 | unbind [ 34 | # ctrl+arrows passthrough 35 | set-window-option -g xterm-keys on 36 | # F-keys binds BECAUSE I FUCKING CAN 37 | bind-key -n F1 copy-mode 38 | bind-key -n F2 new-window 39 | bind-key -n F3 prev 40 | bind-key -n F4 next 41 | bind-key -n F5 set-window-option synchronize-panes\; display-message "synchronize-panes is now #{?pane_synchronized,on,off}" 42 | bind-key -n F6 detach 43 | bind-key -n F7 kill-window 44 | bind-key -n F8 command-prompt 'rename-window %%' 45 | bind-key -n F9 split-window -v 46 | bind-key -n F10 split-window -h 47 | bind-key -n F11 choose-window 48 | # alt+arrows navigates through panes 49 | bind-key -n M-left select-pane -L 50 | bind-key -n M-right select-pane -R 51 | bind-key -n M-up select-pane -U 52 | bind-key -n M-down select-pane -D 53 | # broadcast bind 54 | bind b set-window-option synchronize-panes 55 | #mouse scroll 56 | set -g terminal-overrides 'xterm*:smcup@:rmcup@' 57 | # Status update interval 58 | set -g status-interval 1 59 | # Basic status bar colors 60 | set -g status-bg black 61 | set -g status-fg cyan 62 | set -g status-left-length 40 63 | set -g status-left "#S #[fg=white]» #[fg=yellow]#I #[fg=cyan]#P" 64 | # Right side of status bar 65 | set -g status-right-length 40 66 | set -g status-right "#H #[fg=white]« #[fg=yellow]%H:%M:%S #[fg=green]%d-%b-%y" 67 | # Window status 68 | set -g window-status-format " #I:#W#F " 69 | set -g window-status-current-format " #I:#W#F " 70 | # Window separator 71 | set -g window-status-separator "" 72 | # Window status alignment 73 | set -g status-justify centre 74 | # Pane number indicator 75 | set -g display-panes-colour default 76 | set -g display-panes-active-colour default 77 | # Clock mode 78 | set -g clock-mode-colour red 79 | set -g clock-mode-style 24 80 | setw -g mode-keys vi 81 | # vim selection mod 82 | set -g mode-keys vi 83 | set -g status-keys vi 84 | # vim style copy paste 85 | bind-key -T copy-mode-vi v send-keys -X begin-selection 86 | bind-key -T copy-mode-vi y send-keys -X copy-selection 87 | bind-key -T copy-mode-vi r send-keys -X rectangle-toggle 88 | -------------------------------------------------------------------------------- /roles/dotfiles/files/.vimrc: -------------------------------------------------------------------------------- 1 | runtime! debian.vim 2 | "set compatible 3 | filetype plugin indent on 4 | syntax on 5 | set encoding=UTF-8 6 | set ignorecase " Do case insensitive matching 7 | set smartcase " Do smart case matching 8 | set autowrite " Automatically save before commands like :next and :make 9 | set mouse=a " Enable mouse usage (all modes) 10 | set autoindent 11 | set ruler 12 | set hlsearch 13 | set number 14 | set cursorline 15 | set laststatus=2 16 | set guifont=DroidSansMono\ Nerd\ Font\ 11 17 | set term=screen-256color 18 | colorscheme elflord 19 | set tabstop=2 20 | set softtabstop=2 21 | set shiftwidth=2 22 | set clipboard=unnamedplus 23 | " sync open file with NERDTree 24 | " " " Check if NERDTree is open or active 25 | function! IsNERDTreeOpen() 26 | return exists("t:NERDTreeBufName") && (bufwinnr(t:NERDTreeBufName) != -1) 27 | endfunction 28 | 29 | if has("autocmd") 30 | autocmd! bufwritepost .vimrc source ~/.vimrc 31 | endif 32 | 33 | " Source a global configuration file if available 34 | if filereadable("/etc/vim/vimrc.local") 35 | source /etc/vim/vimrc.local 36 | endif 37 | 38 | call plug#begin('~/.vim/plugged') 39 | Plug 'junegunn/fzf', { 'dir': '~/.fzf', 'do': './install --all' } 40 | Plug 'prabirshrestha/async.vim' 41 | Plug 'prabirshrestha/vim-lsp' 42 | Plug 'prabirshrestha/asyncomplete.vim' 43 | Plug 'prabirshrestha/asyncomplete-lsp.vim' 44 | Plug 'Xuyuanp/nerdtree-git-plugin' 45 | Plug 'vim-airline/vim-airline' 46 | Plug 'vim-airline/vim-airline-themes' 47 | Plug 'preservim/tagbar' 48 | Plug 'Shougo/vimproc.vim', {'do' : 'make'} 49 | Plug 'hashivim/vim-terraform' 50 | Plug 'ctrlpvim/ctrlp.vim' 51 | Plug 'airblade/vim-gitgutter' 52 | Plug 'tiagofumo/vim-nerdtree-syntax-highlight' 53 | Plug 'ryanoasis/vim-devicons' 54 | Plug 'scrooloose/nerdtree' 55 | Plug 'andymass/vim-matchup' 56 | call plug#end() 57 | 58 | let g:airline_powerline_fonts = 1 59 | let g:airline#extensions#tabline#enabled = 1 60 | let g:coc_disable_startup_warning = 1 61 | let g:ctrlp_max_height = 20 62 | let g:ctrlp_custom_ignore = 'node_modules\|^\.DS_Store\|^\.git\|^\.coffee' 63 | 64 | inoremap coc#refresh() 65 | 66 | map :FZF 67 | map :NERDTreeToggle 68 | map :tabnew 69 | map :tabclose 70 | map :tabnext 71 | -------------------------------------------------------------------------------- /roles/dotfiles/files/.zshrc: -------------------------------------------------------------------------------- 1 | # _________ _ _ ____ ____ 2 | # |__ / ___|| | | | _ \ / ___| 3 | # / /\___ \| |_| | |_) | | 4 | # _ / /_ ___) | _ | _ <| |___ 5 | #(_)____|____/|_| |_|_| \_\\____| 6 | # 7 | #===================={  Setopt }==================== 8 | autoload -Uz vcs_info #Git status for prompt 9 | autoload -U colors && colors #load colors 10 | autoload compinit && compinit -i #tab complementation 11 | autoload -U select-word-style && select-word-style bash #https://stackoverflow.com/questions/444951/zsh-stop-backward-kill-word-on-directory-delimiter 12 | autoload colors; colors; 13 | autoload -U add-zsh-hook #ZSH hook system for update the prompt dynamicly 14 | autoload -U url-quote-magic #URL completion 15 | autoload bashcompinit && bashcompinit #For AWS Complet 16 | zle -N self-insert url-quote-magic 17 | zle -N edit-command-line 18 | bindkey "^[m" copy-prev-shell-word 19 | compinit 20 | bindkey -e #For shortcuts 21 | #===================={  Setopt }==================== 22 | setopt multios #implicit tees or cats when multiple redirections are attempted 23 | setopt cdablevarS #if the argument to cd is the name of a parameter whose value is a valid directory, it will become the current directory. 24 | setopt prompt_subst #turns on command substitution in the prompt 25 | setopt long_list_jobs #Print job notifications in the long format by default. 26 | unsetopt menu_complete # do not autoselect the first completion entry 27 | unsetopt flowcontrol #output flow control via start/stop characters (usually assigned to ^S/^Q) is disabled in the shell’s editor. 28 | setopt auto_menu # show completion menu on succesive tab press 29 | setopt complete_in_word #If unset, the cursor is set to the end of the word if completion is started. Otherwise it stays there and completion is done from both ends. 30 | setopt always_to_end #If a completion is performed with the cursor within a word, and a full completion is inserted, the cursor is moved to the end of the word 31 | setopt AUTO_CD #If a command is issued that can’t be executed as a normal command, and the command is the name of a directory, perform the cd command to that directory 32 | setopt NO_BEEP #No system BEEP 33 | #===================={ plugin }==================== 34 | source /usr/share/zplug/init.zsh 35 | zplug "nnao45/zsh-kubectl-completion" 36 | zplug "zsh-users/zsh-autosuggestions" 37 | zplug "mattberther/zsh-pyenv" 38 | zplug "wfxr/forgit" 39 | if ! zplug check --verbose; then 40 | printf "Install? [y/N]: " 41 | if read -q; then 42 | echo; zplug install 43 | fi 44 | fi 45 | zplug load 46 | #===================={ export }==================== 47 | export EDITOR="nvim" 48 | export LC_ALL=en_US.UTF-8 49 | export LANG=en_US.UTF-8 50 | export LANGUAGE=en_US.UTF-8 51 | export EDITOR=/usr/bin/vim 52 | export GREP_COLORS='mt=31' 53 | export PASSWORD_STORE_GENERATED_LENGTH=32 54 | export AWS_VAULT_BACKEND=pass 55 | export AWS_SDK_LOAD_CONFIG=true 56 | export GOPATH="$HOME/go" 57 | export PATH="/opt/nvim-linux64/bin:$HOME/.tfenv/bin:$HOME/.asdf/bin/:$HOME/.local/bin:$PATH" 58 | #===================={ ASDF }==================== 59 | . $HOME/.asdf/asdf.sh 60 | #===================={ Functions }==================== 61 | extract () { 62 | if [ -f $1 ] 63 | then 64 | case $1 in 65 | (*.7z) 7z x $1 ;; 66 | (*.lzma) unlzma $1 ;; 67 | (*.rar) unrar x $1 ;; 68 | (*.tar) tar xvf $1 ;; 69 | (*.tar.bz2) tar xvjf $1 ;; 70 | (*.bz2) bunzip2 $1 ;; 71 | (*.tar.gz) tar xvzf $1 ;; 72 | (*.gz) gunzip $1 ;; 73 | (*.tar.xz) tar Jxvf $1 ;; 74 | (*.xz) xz -d $1 ;; 75 | (*.tbz2) tar xvjf $1 ;; 76 | (*.tgz) tar xvzf $1 ;; 77 | (*.zip) unzip $1 ;; 78 | (*.Z) uncompress ;; 79 | (*) echo "don't know how to extract '$1'..." ;; 80 | esac 81 | else 82 | echo "Error: '$1' is not a valid file!" 83 | exit 0 84 | fi 85 | } 86 | 87 | function commit { 88 | git commit -m "`echo "$*" | sed -e 's/^./\U&\E/g'`" 89 | } 90 | 91 | function checksec { 92 | sudo rkhunter --checkall --cronjob 93 | sudo chkrootkit > /tmp/chkrootkit.log 94 | } 95 | #===================={ alias }==================== 96 | alias co='git commit' 97 | alias fuck='sudo !!' 98 | alias psg='ps aux | grep' 99 | alias t='tmux -u' 100 | alias p='ping -c 3' 101 | alias s='ssh' 102 | alias d='docker' 103 | alias l='ls -lra --color=auto' 104 | alias v='nvim' 105 | alias c='curl' 106 | alias ex='extract' 107 | alias hs='history | grep' 108 | alias ls='ls --color=auto' 109 | alias ll='ls --color=auto -lh' 110 | alias lll='ls --color=auto -lh | less' 111 | alias weather='curl http://wttr.in/' 112 | alias wth='curl http://wttr.in/' 113 | alias getip='wget -qO- ifconfig.co' 114 | alias pubip='wget -qO- ifconfig.co' 115 | alias python="python3" 116 | alias py="python3" 117 | alias pip="pip3" 118 | alias sw="sudo su" 119 | alias aptu='sudo apt update && sudo apt -y upgrade && sudo apt clean' 120 | alias apti='apt install' 121 | alias pgps="gpg2 --clearsign" 122 | alias pgpe="gpg2 --encrypt" 123 | alias pgpd="gpg2 --output tmp_clear --decrypt" 124 | alias apu="apt update && apt -y upgrade & apt clean" 125 | alias api="apt -y install" 126 | alias ip="ip --color" 127 | alias i="ip --color --brief a" 128 | alias gc="git commit -m" 129 | alias ga="git add" 130 | alias gpo="git push origin" 131 | alias gs="git status" 132 | alias gac="git add . && git commit -a -m " 133 | alias dtrash="docker run -it --rm -v /tmp:/tmp debian:latest /bin/bash" 134 | alias ks='ls' 135 | alias xs='cd' 136 | alias av='aws-vault' 137 | alias sl='ls' 138 | alias mplayerfb='mplayer -vo fbdev -vf scale=1024:768' 139 | alias grep='grep --color=auto' 140 | alias pr='pass generate -i' 141 | alias k='kubecolor --light-background' 142 | alias docker='podman' 143 | alias awsd="source _awsd" 144 | alias tf="tofu" 145 | alias k9ss="k9s --insecure-skip-tls-verify" 146 | alias kb="kubectl kustomize --load-restrictor LoadRestrictionsNone ./" 147 | alias fs="flux get all -A --status-selector ready=false" 148 | #===================={ completion }==================== 149 | # Kube 150 | source <(kubectl completion zsh) 151 | # Scaleway CLI autocomplete initialization. 152 | eval "$(scw autocomplete script shell=zsh)" 153 | #======================{ direnv }===================== 154 | eval "$(direnv hook zsh)" 155 | eval "$(starship init zsh)" 156 | -------------------------------------------------------------------------------- /roles/dotfiles/files/config.kdl: -------------------------------------------------------------------------------- 1 | keybinds { 2 | normal { 3 | // uncomment this and adjust key if using copy_on_select=false 4 | // bind "Alt c" { Copy; } 5 | } 6 | locked { 7 | bind "Ctrl g" { SwitchToMode "Normal"; } 8 | } 9 | resize { 10 | bind "Ctrl n" { SwitchToMode "Normal"; } 11 | bind "h" "Left" { Resize "Increase Left"; } 12 | bind "j" "Down" { Resize "Increase Down"; } 13 | bind "k" "Up" { Resize "Increase Up"; } 14 | bind "l" "Right" { Resize "Increase Right"; } 15 | bind "H" { Resize "Decrease Left"; } 16 | bind "J" { Resize "Decrease Down"; } 17 | bind "K" { Resize "Decrease Up"; } 18 | bind "L" { Resize "Decrease Right"; } 19 | bind "=" "+" { Resize "Increase"; } 20 | bind "-" { Resize "Decrease"; } 21 | } 22 | pane { 23 | bind "Ctrl p" { SwitchToMode "Normal"; } 24 | bind "h" "Left" { MoveFocus "Left"; } 25 | bind "l" "Right" { MoveFocus "Right"; } 26 | bind "j" "Down" { MoveFocus "Down"; } 27 | bind "k" "Up" { MoveFocus "Up"; } 28 | bind "p" { SwitchFocus; } 29 | bind "n" { NewPane; SwitchToMode "Normal"; } 30 | bind "d" { NewPane "Down"; SwitchToMode "Normal"; } 31 | bind "r" { NewPane "Right"; SwitchToMode "Normal"; } 32 | bind "x" { CloseFocus; SwitchToMode "Normal"; } 33 | bind "f" { ToggleFocusFullscreen; SwitchToMode "Normal"; } 34 | bind "z" { TogglePaneFrames; SwitchToMode "Normal"; } 35 | bind "w" { ToggleFloatingPanes; SwitchToMode "Normal"; } 36 | bind "e" { TogglePaneEmbedOrFloating; SwitchToMode "Normal"; } 37 | bind "c" { SwitchToMode "RenamePane"; PaneNameInput 0;} 38 | } 39 | move { 40 | bind "Ctrl h" { SwitchToMode "Normal"; } 41 | bind "n" "Tab" { MovePane; } 42 | bind "h" "Left" { MovePane "Left"; } 43 | bind "j" "Down" { MovePane "Down"; } 44 | bind "k" "Up" { MovePane "Up"; } 45 | bind "l" "Right" { MovePane "Right"; } 46 | } 47 | tab { 48 | bind "Ctrl t" { SwitchToMode "Normal"; } 49 | bind "r" { SwitchToMode "RenameTab"; TabNameInput 0; } 50 | bind "h" "Left" "Up" "k" { GoToPreviousTab; } 51 | bind "l" "Right" "Down" "j" { GoToNextTab; } 52 | bind "n" { NewTab; SwitchToMode "Normal"; } 53 | bind "x" { CloseTab; SwitchToMode "Normal"; } 54 | bind "s" { ToggleActiveSyncTab; SwitchToMode "Normal"; } 55 | bind "1" { GoToTab 1; SwitchToMode "Normal"; } 56 | bind "2" { GoToTab 2; SwitchToMode "Normal"; } 57 | bind "3" { GoToTab 3; SwitchToMode "Normal"; } 58 | bind "4" { GoToTab 4; SwitchToMode "Normal"; } 59 | bind "5" { GoToTab 5; SwitchToMode "Normal"; } 60 | bind "6" { GoToTab 6; SwitchToMode "Normal"; } 61 | bind "7" { GoToTab 7; SwitchToMode "Normal"; } 62 | bind "8" { GoToTab 8; SwitchToMode "Normal"; } 63 | bind "9" { GoToTab 9; SwitchToMode "Normal"; } 64 | bind "Tab" { ToggleTab; } 65 | } 66 | scroll { 67 | bind "Ctrl s" { SwitchToMode "Normal"; } 68 | bind "e" { EditScrollback; SwitchToMode "Normal"; } 69 | bind "s" { SwitchToMode "EnterSearch"; SearchInput 0; } 70 | bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; } 71 | bind "j" "Down" { ScrollDown; } 72 | bind "k" "Up" { ScrollUp; } 73 | bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; } 74 | bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; } 75 | bind "d" { HalfPageScrollDown; } 76 | bind "u" { HalfPageScrollUp; } 77 | // uncomment this and adjust key if using copy_on_select=false 78 | // bind "Alt c" { Copy; } 79 | } 80 | search { 81 | bind "Ctrl s" { SwitchToMode "Normal"; } 82 | bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; } 83 | bind "j" "Down" { ScrollDown; } 84 | bind "k" "Up" { ScrollUp; } 85 | bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; } 86 | bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; } 87 | bind "d" { HalfPageScrollDown; } 88 | bind "u" { HalfPageScrollUp; } 89 | bind "n" { Search "down"; } 90 | bind "p" { Search "up"; } 91 | bind "c" { SearchToggleOption "CaseSensitivity"; } 92 | bind "w" { SearchToggleOption "Wrap"; } 93 | bind "o" { SearchToggleOption "WholeWord"; } 94 | } 95 | entersearch { 96 | bind "Ctrl c" "Esc" { SwitchToMode "Scroll"; } 97 | bind "Enter" { SwitchToMode "Search"; } 98 | } 99 | renametab { 100 | bind "Ctrl c" { SwitchToMode "Normal"; } 101 | bind "Esc" { UndoRenameTab; SwitchToMode "Tab"; } 102 | } 103 | renamepane { 104 | bind "Ctrl c" { SwitchToMode "Normal"; } 105 | bind "Esc" { UndoRenamePane; SwitchToMode "Pane"; } 106 | } 107 | session { 108 | bind "Ctrl o" { SwitchToMode "Normal"; } 109 | bind "Ctrl s" { SwitchToMode "Scroll"; } 110 | bind "d" { Detach; } 111 | } 112 | tmux { 113 | bind "[" { SwitchToMode "Scroll"; } 114 | bind "Ctrl b" { Write 2; SwitchToMode "Normal"; } 115 | bind "\"" { NewPane "Down"; SwitchToMode "Normal"; } 116 | bind "%" { NewPane "Right"; SwitchToMode "Normal"; } 117 | bind "z" { ToggleFocusFullscreen; SwitchToMode "Normal"; } 118 | bind "c" { NewTab; SwitchToMode "Normal"; } 119 | bind "," { SwitchToMode "RenameTab"; } 120 | bind "p" { GoToPreviousTab; SwitchToMode "Normal"; } 121 | bind "n" { GoToNextTab; SwitchToMode "Normal"; } 122 | bind "Left" { MoveFocus "Left"; SwitchToMode "Normal"; } 123 | bind "Right" { MoveFocus "Right"; SwitchToMode "Normal"; } 124 | bind "Down" { MoveFocus "Down"; SwitchToMode "Normal"; } 125 | bind "Up" { MoveFocus "Up"; SwitchToMode "Normal"; } 126 | bind "h" { MoveFocus "Left"; SwitchToMode "Normal"; } 127 | bind "l" { MoveFocus "Right"; SwitchToMode "Normal"; } 128 | bind "j" { MoveFocus "Down"; SwitchToMode "Normal"; } 129 | bind "k" { MoveFocus "Up"; SwitchToMode "Normal"; } 130 | bind "o" { FocusNextPane; } 131 | bind "d" { Detach; } 132 | } 133 | shared_except "locked" { 134 | bind "Ctrl g" { SwitchToMode "Locked"; } 135 | bind "Ctrl q" { Quit; } 136 | bind "Alt n" { NewPane; } 137 | bind "Alt h" "Alt Left" { MoveFocusOrTab "Left"; } 138 | bind "Alt l" "Alt Right" { MoveFocusOrTab "Right"; } 139 | bind "Alt j" "Alt Down" { MoveFocus "Down"; } 140 | bind "Alt k" "Alt Up" { MoveFocus "Up"; } 141 | bind "Alt =" "Alt +" { Resize "Increase"; } 142 | bind "Alt -" { Resize "Decrease"; } 143 | } 144 | shared_except "normal" "locked" { 145 | bind "Enter" "Esc" { SwitchToMode "Normal"; } 146 | } 147 | shared_except "pane" "locked" { 148 | bind "Ctrl p" { SwitchToMode "Pane"; } 149 | } 150 | shared_except "resize" "locked" { 151 | bind "Ctrl n" { SwitchToMode "Resize"; } 152 | } 153 | shared_except "scroll" "locked" { 154 | bind "Ctrl s" { SwitchToMode "Scroll"; } 155 | } 156 | shared_except "session" "locked" { 157 | bind "Ctrl o" { SwitchToMode "Session"; } 158 | } 159 | shared_except "tab" "locked" { 160 | bind "Ctrl t" { SwitchToMode "Tab"; } 161 | } 162 | shared_except "move" "locked" { 163 | bind "Ctrl h" { SwitchToMode "Move"; } 164 | } 165 | shared_except "tmux" "locked" { 166 | bind "Ctrl b" { SwitchToMode "Tmux"; } 167 | } 168 | } 169 | 170 | plugins { 171 | tab-bar { path "tab-bar"; } 172 | status-bar { path "status-bar"; } 173 | strider { path "strider"; } 174 | compact-bar { path "compact-bar"; } 175 | } 176 | 177 | themes { 178 | default { 179 | bg "#acb0be" // Surface2 180 | fg "#4c4f69" // Text 181 | red "#d20f39" 182 | green "#40a02b" 183 | blue "#1e66f5" 184 | yellow "#df8e1d" 185 | magenta "#ea76cb" // Pink 186 | orange "#fe640b" // Peach 187 | cyan "#04a5e5" // Sky 188 | black "#e6e9ef" // Mantle 189 | white "#4c4f69" // Text 190 | } 191 | } 192 | 193 | theme default 194 | default_layout "compact" 195 | pane_frames false 196 | copy_command "xclip -selection clipboard" // x11 197 | // copy_command "wl-copy" // wayland 198 | -------------------------------------------------------------------------------- /roles/dotfiles/files/starship.toml: -------------------------------------------------------------------------------- 1 | add_newline = false 2 | 3 | [aws] 4 | format = 'on [$symbol($profile )(\($region\) )]($style)' 5 | 6 | [cmd_duration] 7 | min_time = 1_000 8 | 9 | [directory] 10 | truncation_length = 3 11 | truncation_symbol = '…/' 12 | 13 | [package] 14 | disabled = true 15 | -------------------------------------------------------------------------------- /roles/dotfiles/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Add configuration files" 3 | become: true 4 | copy: 5 | src: ../files/{{item}} 6 | dest: "/home/{{ user }}" 7 | owner: "{{ user }}" 8 | group: "{{ user }}" 9 | mode: 0644 10 | with_items: 11 | ['.zshrc','.vimrc', '.tmux.conf'] 12 | tags: dotfiles 13 | 14 | - name: "Configure Gitfile" 15 | template: src=gitconfig.j2 dest="/home/{{ user }}/.gitconfig" 16 | become: true 17 | become_user: "{{ user }}" 18 | tags: dotfiles 19 | 20 | - name: "Vim plug" 21 | become: true 22 | file: 23 | path: "/home/{{ user }}/.vim/autoload" 24 | state: directory 25 | mode: '0755' 26 | owner: "{{ user }}" 27 | group: "{{ user }}" 28 | tags: dotfiles 29 | 30 | - name: "Download vim module Plug" 31 | become: true 32 | get_url: 33 | url: https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim 34 | dest: "/home/{{ user }}/.vim/autoload/plug.vim" 35 | mode: '0644' 36 | owner: "{{ user }}" 37 | group: "{{ user }}" 38 | 39 | - name: "Install vim plugins" 40 | shell: "vim +'PlugInstall --sync' +qall &> /dev/null < /dev/tty" 41 | 42 | - name: "Install vim coc plugin" 43 | shell: "vim +'CocInstall coc-pyright coc-json coc-yaml' +qall &> /dev/null < /dev/tty" 44 | 45 | # Neovim Config is manage on package part 46 | - name: "Init Neovim repo" 47 | become: true 48 | file: 49 | path: "/home/{{ user }}/.config/nvim/" 50 | state: directory 51 | mode: '0755' 52 | owner: "{{ user }}" 53 | group: "{{ user }}" 54 | tags: dotfiles 55 | 56 | - name: "Add configuration for Starship prompt" 57 | become: true 58 | copy: 59 | src: ../files/starship.toml 60 | dest: "/home/{{ user }}/.config/" 61 | owner: "{{ user }}" 62 | group: "{{ user }}" 63 | mode: 0644 64 | tags: dotfiles 65 | 66 | - name: "Init Zellij repo" 67 | become: true 68 | file: 69 | path: "/home/{{ user }}/.config/nvim/" 70 | state: directory 71 | mode: '0755' 72 | owner: "{{ user }}" 73 | group: "{{ user }}" 74 | tags: dotfiles 75 | 76 | - name: "Add configuration file for Zellij" 77 | become: true 78 | copy: 79 | src: ../files/config.kdl 80 | dest: "/home/{{ user }}/.config/zellij/" 81 | owner: "{{ user }}" 82 | group: "{{ user }}" 83 | mode: 0644 84 | tags: dotfiles 85 | -------------------------------------------------------------------------------- /roles/dotfiles/templates/gitconfig.j2: -------------------------------------------------------------------------------- 1 | [gpg] 2 | format = ssh 3 | [user] 4 | name = {{ git_name }} 5 | email = {{ git_email }} 6 | username = {{ git_username }} 7 | signingkey = {{ git_sign_key }} 8 | [protocol] 9 | version = 2 10 | [core] 11 | editor = nvim 12 | whitespace = fix,-indent-with-non-tab,trailing-space,cr-at-eol 13 | excludesfile = ~/.gitignore 14 | [commit] 15 | gpgsign = true 16 | [tag] 17 | gpgsign = true 18 | [web] 19 | browser = firefox 20 | [color] 21 | ui = auto 22 | [color "branch"] 23 | current = yellow bold 24 | local = green bold 25 | remote = cyan bold 26 | [color "diff"] 27 | meta = yellow bold 28 | frag = magenta bold 29 | old = red bold 30 | new = green bold 31 | whitespace = red reverse 32 | [color "status"] 33 | added = green bold 34 | changed = yellow bold 35 | untracked = red bold 36 | [diff] 37 | tool = vimdiff 38 | colorMoved = zebra 39 | [sequence] 40 | editor = interactive-rebase-tool 41 | [alias] 42 | lg = log --all --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit 43 | am = commit --amend --no-edit 44 | [pull] 45 | rebase = true 46 | [fetch] 47 | prune = true 48 | # If overload configuration is needed on some repository 49 | #[includeIf "gitdir:~/Work/"] 50 | # path = ~/Work/.gitconfig 51 | -------------------------------------------------------------------------------- /roles/gnome/files/wallpaper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DamyrFr/ansible-personal-computer/6123a6a45cfd44caf23ba9928b47c1ea16c1ca24/roles/gnome/files/wallpaper.jpg -------------------------------------------------------------------------------- /roles/gnome/tasks/dconf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set GNOME Wallpaper" 3 | become: true 4 | become_user: "{{ user }}" 5 | dconf: 6 | key: "/org/gnome/desktop/background/picture-uri" 7 | value: "'file:///home/{{ user }}/.wallpaper.jpg'" 8 | 9 | - name: "Gnome show date" 10 | become: true 11 | become_user: "{{ user }}" 12 | dconf: 13 | key: "/org/gnome/desktop/interface/clock-show-date" 14 | value: "true" 15 | state: present 16 | 17 | - name: "Gnome date use 24h format" 18 | become: true 19 | become_user: "{{ user }}" 20 | dconf: 21 | key: "/org/gnome/desktop/interface/clock-format" 22 | value: "'24h'" 23 | state: present 24 | 25 | - name: "Gnome show seconds" 26 | become: true 27 | become_user: "{{ user }}" 28 | dconf: 29 | key: "/org/gnome/desktop/interface/clock-show-seconds" 30 | value: "true" 31 | state: present 32 | 33 | - name: "Gnome show battery percentage" 34 | become: true 35 | become_user: "{{ user }}" 36 | dconf: 37 | key: "/org/gnome/desktop/interface/show-battery-percentage" 38 | value: "true" 39 | state: present 40 | 41 | - name: "Gnome set plugins" 42 | become: true 43 | become_user: "{{ user }}" 44 | dconf: 45 | key: "/org/gnome/shell/enabled-extensions" 46 | value: "['horizontal-workspaces@gnome-shell-extensions.gcampax.github.com', 'user-theme@gnome-shell-extensions.gcampax.github.com', 'Vitals@CoreCoding.com']" 47 | state: present 48 | 49 | - name: "Gnome set favApp" 50 | become: true 51 | become_user: "{{ user }}" 52 | dconf: 53 | key: "/org/gnome/shell/favorite-apps" 54 | value: "['com.raggesilver.BlackBox.desktop', 'firefox.desktop', 'org.gnome.Nautilus.desktop']" 55 | state: present 56 | 57 | - name: "Gnome set user theme" 58 | become: true 59 | become_user: "{{ user }}" 60 | dconf: 61 | key: "/org/gnome/shell/extensions/user-theme/name" 62 | value: "''" 63 | state: present 64 | 65 | - name: "Gnome set GTK theme" 66 | become: true 67 | become_user: "{{ user }}" 68 | dconf: 69 | key: "/org/gnome/desktop/interface/gtk-theme" 70 | value: "'Adwaita-dark'" 71 | state: present 72 | 73 | - name: "Gnome set WM theme" 74 | become: true 75 | become_user: "{{ user }}" 76 | dconf: 77 | key: "/org/gnome/desktop/wm/preferences/theme" 78 | value: "'Adwaita-dark'" 79 | state: present 80 | 81 | - name: "Gnome set dark" 82 | become: true 83 | become_user: "{{ user }}" 84 | dconf: 85 | key: "/org/gnome/desktop/wm/interface/color-scheme" 86 | value: "'prefer-dark'" 87 | state: present 88 | 89 | - name: "Gnome disable F10 menu on term" 90 | become: true 91 | become_user: "{{ user }}" 92 | dconf: 93 | key: "/org/gnome/terminal/legacy/menu-accelerator-enabled" 94 | value: "true" 95 | state: present 96 | 97 | - name: "Nautilus set default filter" 98 | become: true 99 | become_user: "{{ user }}" 100 | dconf: 101 | key: "/org/gnome/nautilus/preferences/search-filter-time-type" 102 | value: "'last_modified'" 103 | state: present 104 | 105 | - name: "Nautilus set default view" 106 | become: true 107 | become_user: "{{ user }}" 108 | dconf: 109 | key: "/org/gnome/nautilus/preferences/default-folder-viewer" 110 | value: "'icon-view'" 111 | state: present 112 | 113 | - name: "Set favorite Apps" 114 | become: true 115 | become_user: "{{ user }}" 116 | dconf: 117 | key: "/org/gnome/shell/favorite-apps" 118 | value: "{{ fav_apps }}" 119 | state: present 120 | -------------------------------------------------------------------------------- /roles/gnome/tasks/fonts.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure fonts directory 2 | file: 3 | path: "{{ item }}" 4 | state: directory 5 | with_items: 6 | - "/home/{{ user }}/.fonts" 7 | - "/home/{{ user }}/.local/share/fonts" 8 | become: true 9 | 10 | - name: Check if Nerd font Hack is present 11 | shell: "ls /home/{{ user }}/.local/share/fonts/Hack*Nerd*Font*Complete*" 12 | register: hack_exists 13 | ignore_errors: true 14 | become: true 15 | 16 | - name: Download Nerd font Hack 17 | when: hack_exists is failed 18 | unarchive: 19 | src: https://github.com/ryanoasis/nerd-fonts/releases/download/v2.3.3/Hack.zip 20 | dest: "/home/{{ user }}/.local/share/fonts/" 21 | remote_src: true 22 | become: true 23 | 24 | - name: Check if Nerd font symbols is present 25 | shell: "ls /home/{{ user }}/.local/share/fonts/*NerdFonts*" 26 | register: nerdfonts_exists 27 | ignore_errors: true 28 | become: true 29 | 30 | - name: Download Nerd font 31 | when: nerdfonts_exists is failed 32 | unarchive: 33 | src: https://github.com/ryanoasis/nerd-fonts/releases/download/v2.3.3/NerdFontsSymbolsOnly.zip 34 | dest: "/home/{{ user }}/.local/share/fonts/" 35 | remote_src: true 36 | become: true 37 | 38 | - name: Check if jetbrains font is present 39 | shell: "ls /home/{{ user }}/.local/share/fonts/*JetBrainsMono*" 40 | register: jetbrains_exists 41 | ignore_errors: true 42 | become: true 43 | 44 | - name: Download jetbrains font 45 | when: jetbrains_exists is failed 46 | unarchive: 47 | src: https://download.jetbrains.com/fonts/JetBrainsMono-2.242.zip 48 | dest: "/home/{{ user }}/.local/share/fonts/" 49 | remote_src: true 50 | become: true 51 | -------------------------------------------------------------------------------- /roles/gnome/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install tools and stuff" 3 | become: true 4 | apt: 5 | name: "{{ packages }}" 6 | state: latest 7 | autoclean: yes 8 | 9 | - name: "Remove tools (not needed, games etc.)" 10 | become: true 11 | apt: 12 | name: "{{ to_remove }}" 13 | state: absent 14 | 15 | - name: "Copy wallpaper file" 16 | become: true 17 | become_user: "{{ user }}" 18 | copy: 19 | src: "files/wallpaper.jpg" 20 | dest: "/home/{{ user }}/.wallpaper.jpg" 21 | owner: "{{ user }}" 22 | group: "{{ user }}" 23 | 24 | - name: Parameter PC by using dconf 25 | include_tasks: dconf.yml 26 | 27 | - name: Install fonts 28 | include_tasks: fonts.yml 29 | 30 | - name: set theme (Gnome and icons) 31 | include_tasks: theme.yml 32 | -------------------------------------------------------------------------------- /roles/gnome/tasks/theme.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Check current icon pack" 3 | ansible.builtin.command: 4 | cmd: dconf read {{ dconf_path_icon }} 5 | register: dconf_icon_value 6 | changed_when: false 7 | 8 | - name: "Download and set the icons" 9 | block: 10 | - name: "Download icons (Paper)" 11 | get_url: 12 | url: "{{ url_deb_icons }}" 13 | dest: "{{ tmp_dir }}/paper_icon.deb" 14 | 15 | - name: "Install icons (Paper)" 16 | become: true 17 | apt: 18 | deb: "{{ tmp_dir }}/paper_icon.deb" 19 | 20 | - name: "Remove package archive" 21 | become: true 22 | file: 23 | path: "{{ tmp_dir }}/paper_icon.deb" 24 | state: absent 25 | 26 | - name: "Gnome set icons" 27 | become: true 28 | become_user: "{{ user }}" 29 | dconf: 30 | key: "{{ dconf_path_icon }}" 31 | value: "'Paper'" 32 | state: present 33 | when: dconf_icon_value != 'Paper' 34 | 35 | - name: "Check current theme" 36 | ansible.builtin.command: 37 | cmd: dconf read {{ dconf_path_theme }} 38 | register: dconf_theme_value 39 | changed_when: false 40 | 41 | - name: "Download and set the theme" 42 | block: 43 | - name: "Ensure the Github projects directory exists" 44 | ansible.builtin.file: 45 | path: "~/Projects/Github" 46 | state: directory 47 | mode: '0755' 48 | 49 | - name: "Clone the Marble-shell-theme repository" 50 | ansible.builtin.git: 51 | repo: 'https://github.com/imarkoff/Marble-shell-theme.git' 52 | dest: "~/Projects/Github/Marble-shell-theme" 53 | version: main 54 | 55 | - name: "Run the install script" 56 | ansible.builtin.command: 57 | chdir: "~/Projects/Github/Marble-shell-theme/" 58 | cmd: python3 install.py -a --filled 59 | 60 | - name: "Set Gnome theme" 61 | become: true 62 | become_user: "{{ user }}" 63 | dconf: 64 | key: "{{ dconf_path_theme }}" 65 | value: "'Marble-blue-light'" 66 | state: present 67 | when: dconf_theme_value != 'Marble-blue-light' 68 | -------------------------------------------------------------------------------- /roles/gnome/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | url_deb_icons: "https://launchpadlibrarian.net/468844787/paper-icon-theme_1.5.728-202003121505~daily~ubuntu18.04.1_all.deb" 3 | packages: 4 | - virt-manager 5 | - network-manager-openvpn-gnome 6 | - gnome-tweaks 7 | - lm-sensors 8 | - gnome-todo 9 | - chromium # just in case :) 10 | - gnome-boxes 11 | - wl-clipboard 12 | - yarnpkg 13 | - silversearcher-ag 14 | - vim-gtk3 # To have the clipboard feature enable 15 | - gnome-pass-search-provider # https://github.com/jle64/gnome-pass-search-provider 16 | - python3-psutil # used by Ansible 17 | to_remove: 18 | - gnome-robots 19 | - gnome-music 20 | - gnome-mahjongg 21 | - gnome-logs 22 | - gnome-mines 23 | - gnome-nibbles 24 | - gnome-taquin 25 | - gnome-tetravex 26 | - evolution 27 | - firefox-esr 28 | - vim 29 | fav_apps: "['org.gnome.Terminal.desktop', 'firefox.desktop', 'org.gnome.Nautilus.desktop']" 30 | dconf_path_theme: "/org/gnome/shell/extensions/user-theme/name" 31 | dconf_path_icon: "/org/gnome/desktop/interface/icon-theme" 32 | -------------------------------------------------------------------------------- /roles/packages/files/firefox.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=Firefox 3 | Comment=Navigue sur Internet 4 | GenericName=Navigateur Web 5 | X-GNOME-FullName=Navigateur Web Firefox 6 | Exec=/opt/firefox/firefox %u 7 | Terminal=false 8 | X-MultipleArgs=false 9 | Type=Application 10 | Icon=/opt/firefox/browser/chrome/icons/default/default128.png 11 | Categories=Network;WebBrowser; 12 | MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https; 13 | StartupWMClass=Firefox 14 | StartupNotify=true 15 | -------------------------------------------------------------------------------- /roles/packages/tasks/asdf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "ASDF set home var" 3 | set_fact: 4 | "asdf_user_home": "/home/{{ user }}" 5 | tags: 6 | - upgrade 7 | - asdf 8 | - name: Install asdf plugins and versions 9 | block: 10 | - name: Add asdf plugins 11 | command: "asdf plugin add {{ item.name }}" 12 | register: plugin_add 13 | failed_when: 14 | - plugin_add.rc != 0 15 | - "'already added' not in plugin_add.stderr" 16 | changed_when: plugin_add.rc == 0 17 | with_items: "{{ asdf_plugins }}" 18 | 19 | - name: Install latest version for each plugin 20 | command: "asdf install {{ item.name }} latest" 21 | register: version_install 22 | failed_when: 23 | - version_install.rc != 0 24 | - "'is already installed' not in version_install.stderr" 25 | changed_when: version_install.rc == 0 26 | with_items: "{{ asdf_plugins }}" 27 | 28 | - name: Set global version for each plugin 29 | command: "asdf global {{ item.name }} latest" 30 | register: global_set 31 | changed_when: global_set.rc == 0 32 | with_items: "{{ asdf_plugins }}" 33 | 34 | - name: Reshim all plugins 35 | command: "asdf reshim" 36 | changed_when: false 37 | tags: 38 | - upgrade 39 | - asdf 40 | -------------------------------------------------------------------------------- /roles/packages/tasks/firefox.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # All my config are sync by firefox, we just do an classic installation 3 | - name: "Download latest stable Firefox release (not ESR)" 4 | get_url: 5 | url: "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64&lang=fr" 6 | dest: "{{ tmp_dir }}/Firefox.tar.bz2" 7 | mode: '0440' 8 | tags: firefox 9 | 10 | - name: "Extract Firefox install" 11 | become: true 12 | unarchive: 13 | src: "{{ tmp_dir }}/Firefox.tar.bz2" 14 | dest: "/opt/" 15 | tags: firefox 16 | 17 | - name: "Create symlink for exec Firefox" 18 | become: true 19 | file: 20 | src: "/opt/firefox/firefox" 21 | dest: "/usr/local/bin/firefox" 22 | state: link 23 | tags: firefox 24 | 25 | - name: "Copy Application file" 26 | become: true 27 | copy: 28 | src: "files/firefox.desktop" 29 | dest: "/usr/share/applications/firefox.desktop" 30 | owner: "{{ user }}" 31 | group: "{{ user }}" 32 | tags: firefox 33 | 34 | - name: "Remove archive" 35 | file: 36 | path: "{{ tmp_dir }}/Firefox.tar.bz2" 37 | state: absent 38 | tags: firefox 39 | -------------------------------------------------------------------------------- /roles/packages/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # GCP repo 3 | - name: "Add Google gcloud (gcp) repository key" 4 | become: true 5 | ansible.builtin.get_url: 6 | url: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" 7 | dest: "{{ path_apt_gpg }}gcp.asc" 8 | mode: '0644' 9 | force: true 10 | 11 | - name: "Add Google gcloud (gcp) repository" 12 | apt_repository: 13 | repo: "deb https://packages.cloud.google.com/apt cloud-sdk main" 14 | state: present 15 | become: true 16 | 17 | # Spotify repo 18 | - name: "Add Spotify repository key" 19 | become: true 20 | ansible.builtin.get_url: 21 | url: "https://download.spotify.com/debian/pubkey_C85668DF69375001.gpg" 22 | dest: "{{ path_apt_gpg }}spotify.asc" 23 | mode: '0644' 24 | force: true 25 | 26 | - name: "Add Spotify repository" 27 | apt_repository: 28 | repo: "deb http://repository.spotify.com stable non-free" 29 | state: present 30 | become: true 31 | 32 | # Hashicorp 33 | - name: "Add Hashicorp repository key" 34 | become: true 35 | ansible.builtin.get_url: 36 | url: "https://apt.releases.hashicorp.com/gpg" 37 | dest: "{{ path_apt_gpg }}hashicorp.asc" 38 | mode: '0644' 39 | force: true 40 | 41 | - name: "Add Hashicorp repository" 42 | apt_repository: 43 | repo: "deb https://apt.releases.hashicorp.com {{ stable_debian_codename }} main" 44 | state: present 45 | become: true 46 | 47 | - name: "Upgrade all packages to the latest version" 48 | become: true 49 | apt: 50 | name: "*" 51 | state: latest 52 | update_cache: yes 53 | tags: upgrade 54 | 55 | - name: "Install tools and stuff" 56 | become: true 57 | apt: 58 | name: "{{ packages }}" 59 | state: latest 60 | autoclean: yes 61 | force: yes 62 | tags: upgrade 63 | 64 | - name: "Install Scaleway cli" 65 | become: true 66 | get_url: 67 | url: "https://github.com/scaleway/scaleway-cli/releases/download/v{{ scw_version }}/scaleway-cli_{{ scw_version }}_linux_amd64" 68 | dest: "/usr/local/bin/scw" 69 | mode: '0755' 70 | tags: upgrade 71 | 72 | - name: "Install Starship cli" 73 | become: true 74 | unarchive: 75 | remote_src: yes 76 | src: "https://github.com/starship/starship/releases/download/v{{ starship_version }}/starship-x86_64-unknown-linux-gnu.tar.gz" 77 | dest: "/usr/local/bin/" 78 | mode: '0755' 79 | tags: upgrade 80 | 81 | - name: "install Packer (Nvim)" 82 | git: 83 | repo: "https://github.com/wbthomason/packer.nvim" 84 | dest: "/home/{{ user }}/.local/share/nvim/site/pack/packer/start/packer.nvim" 85 | become: True 86 | become_user: "{{ user }}" 87 | tags: upgrade 88 | 89 | - name: Install Packer stack 90 | include_tasks: vagrant.yml 91 | tags: upgrade 92 | 93 | - name: Install asdf suff 94 | include_tasks: asdf.yml 95 | tags: 96 | - upgrade 97 | - asdf 98 | 99 | - name: Install Firefox 100 | include_tasks: firefox.yml 101 | tags: firefox 102 | 103 | - name: Install NeoVim 104 | include_tasks: neovim.yml 105 | tags: neovim 106 | -------------------------------------------------------------------------------- /roles/packages/tasks/neovim.yml: -------------------------------------------------------------------------------- 1 | - name: "Clone neovim release from repo" 2 | ansible.builtin.get_url: 3 | url: "https://github.com/neovim/neovim/releases/download/{{ neovim_version }}/nvim-linux64.tar.gz" #v0.9.4 4 | dest: "{{ tmp_dir }}" 5 | tags: neovim 6 | 7 | - name: "Extract Neovim install files" 8 | become: true 9 | unarchive: 10 | src: "{{ tmp_dir }}/nvim-linux64.tar.gz" 11 | dest: "/opt/" 12 | tags: neovim 13 | 14 | - name: "Clone neovim configuration" 15 | ansible.builtin.git: 16 | repo: "git@github.com:DamyrFr/neovim-config" #v0.9.4 17 | dest: "/home/{{ user }}/.config/nvim/" 18 | force: yes 19 | accept_hostkey: true 20 | update: yes 21 | tags: neovim 22 | 23 | - name: "Remove Neovim archive" 24 | file: 25 | path: "{{ tmp_dir }}/nvim-linux64.tar.gz" 26 | state: absent 27 | tags: neovim 28 | -------------------------------------------------------------------------------- /roles/packages/tasks/vagrant.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install nokogiri (for Vagrant)" 3 | become: true 4 | gem: 5 | name: rake 6 | norc: true 7 | state: latest 8 | tags: upgrade 9 | -------------------------------------------------------------------------------- /roles/packages/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | node_version_major: "12" 3 | node_version: "{{ node_version_major }}.20.2-1nodesource1" 4 | neovim_version: "v0.9.4" 5 | path_apt_gpg: "/etc/apt/trusted.gpg.d/" 6 | packages: 7 | - vim 8 | - ripgrep 9 | - systemd-resolved 10 | - ipcalc 11 | - tcpdump 12 | - dnsutils 13 | - make 14 | - curl 15 | - sudo 16 | - traceroute 17 | - strace 18 | - ack 19 | - nmap 20 | - net-tools 21 | - gcc 22 | - automake 23 | - autoconf 24 | - htop 25 | - git 26 | - ncdu 27 | - tmux 28 | - zplug 29 | - direnv 30 | - zsh 31 | - gpg 32 | - jq 33 | - pass 34 | - python3 35 | - python3-pip 36 | - iptables-persistent 37 | - virt-manager 38 | - ruby-full 39 | - libvirt-dev 40 | - rsync 41 | - tlp 42 | - fzf 43 | - scdaemon 44 | - pcscd 45 | - dirmngr 46 | - fping 47 | - firmware-linux 48 | - apparmor 49 | - apparmor-profiles 50 | - apparmor-utils 51 | - clamav 52 | - clamtk 53 | - rkhunter 54 | - chkrootkit 55 | - libpam-passwdqc 56 | - libpam-tmpdir 57 | - apt-listbugs 58 | - debsecan 59 | - debsums 60 | - needrestart 61 | - cups 62 | - kubectl 63 | - openvpn 64 | - spotify-client 65 | - google-cloud-sdk 66 | - vlc 67 | - terraform-ls 68 | - texlive-latex-extra 69 | - latexmk 70 | - podman 71 | - podman-compose 72 | - buildah 73 | - virtualenv 74 | - taskwarrior 75 | - npm 76 | - golang 77 | - vagrant 78 | - pre-commit 79 | - python3-openstackclient 80 | - testssl.sh 81 | - systemd-boot 82 | - kubecolor 83 | - neofetch 84 | -------------------------------------------------------------------------------- /roles/security/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart netfilter-persistent 3 | service: name=netfilter-persistent state=restarted -------------------------------------------------------------------------------- /roles/security/tasks/file_perm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Change file permissions : CUPS" 3 | become: true 4 | file: 5 | path: /etc/cups/cupsd.conf 6 | owner: root 7 | group: root 8 | mode: '0700' 9 | 10 | - name: "Change file permissions : Kernel configuration" 11 | become: true 12 | file: 13 | path: /etc/sysctl.conf 14 | owner: root 15 | group: root 16 | mode: '0600' 17 | 18 | - name: "Change file permissions : Sudo" 19 | become: true 20 | file: 21 | path: /etc/sudoers 22 | owner: root 23 | group: root 24 | mode: '0440' 25 | -------------------------------------------------------------------------------- /roles/security/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: rkhunter setup 3 | include_tasks: rkhunter.yml 4 | 5 | - name: sysctl network hardening 6 | include_tasks: sysctl.yml 7 | 8 | - name: files permissions hardening 9 | include_tasks: file_perm.yml 10 | 11 | - name: PAM hardening 12 | include_tasks: pam.yml 13 | 14 | - name: Add log on profil by default 15 | include_tasks: profil.yml 16 | -------------------------------------------------------------------------------- /roles/security/tasks/pam.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #- name: "PAM password configuration" 3 | # become: 'yes' 4 | # lineinfile: 5 | # path: /etc/pam.d/common-password 6 | # line: "{{ item }}" 7 | # with_items: 8 | # - "password requisite pam_passwdqc.so min=disabled,disabled,8,8,8" 9 | # - "Format is min=N0,N1,N2,N3,N4 [min=disabled,24,11,8,7] where" 10 | # 11 | #- name: "PAM desactivate SU usage by default" 12 | # become: true 13 | # lineinfile: 14 | # dest: /etc/pam.d/su 15 | # regexp: "^auth required pam_wheel.so" 16 | # line: "auth required pam_wheel.so" 17 | # 18 | #- name: "PAM others" 19 | # become: 'yes' 20 | # lineinfile: 21 | # path: /etc/pam.d/other 22 | # line: "{{ item }}" 23 | # with_items: 24 | # - "auth required pam_securetty.so" 25 | # - "auth required pam_unix_auth.so" 26 | # - "auth required pam_warn.so" 27 | # - "auth required pam_deny.so" 28 | # - "account required pam_unix_acct.so" 29 | # - "account required pam_warn.so" 30 | # - "account required pam_deny.so" 31 | # - "password required pam_unix_passwd.so" 32 | # - "password required pam_warn.so" 33 | # - "password required pam_deny.so" 34 | # - "session required pam_unix_session.so" 35 | # - "session required pam_warn.so" 36 | # - "session required pam_deny.so" 37 | -------------------------------------------------------------------------------- /roles/security/tasks/profil.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Update login.defs for upgrade security logs level" 3 | become: 'yes' 4 | lineinfile: 5 | path: /etc/login.defs 6 | line: "{{ item }}" 7 | with_items: 8 | - "FAILLOG_ENAB yes" 9 | - "LOG_UNKFAIL_ENAB no" 10 | - "SYSLOG_SU_ENAB yes" 11 | - "SYSLOG_SG_ENAB yes" 12 | - "ENCRYPT_METHOD SHA512" 13 | -------------------------------------------------------------------------------- /roles/security/tasks/rkhunter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy rkhunter.conf on system 3 | template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf 4 | become: true 5 | 6 | #- name: Update rkhunter 7 | # shell: "rkhunter --propupd" 8 | # become: true 9 | -------------------------------------------------------------------------------- /roles/security/tasks/sysctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set some kernel parameters" 3 | become: true 4 | lineinfile: 5 | dest: /etc/sysctl.conf 6 | regexp: "{{ item.regexp }}" 7 | line: "{{ item.line }}" 8 | with_items: 9 | - { regexp: '^net.ipv4.conf.all.rp_filter', line: 'net.ipv4.conf.all.rp_filter = 1' } 10 | - { regexp: '^net.ipv4.conf.default.rp_filter', line: 'net.ipv4.conf.default.rp_filter = 1' } 11 | - { regexp: '^net.ipv4.icmp_echo_ignore_broadcasts', line: 'net.ipv4.icmp_echo_ignore_broadcasts = 1' } 12 | - { regexp: '^net.ipv4.conf.all.accept_source_route', line: 'net.ipv4.conf.all.accept_source_route = 0' } 13 | - { regexp: '^net.ipv6.conf.all.accept_source_route', line: 'net.ipv6.conf.all.accept_source_route = 0' } 14 | - { regexp: '^net.ipv4.conf.default.accept_source_route', line: 'net.ipv4.conf.default.accept_source_route = 0' } 15 | - { regexp: '^net.ipv6.conf.default.accept_source_route', line: 'net.ipv6.conf.default.accept_source_route = 0' } 16 | - { regexp: '^net.ipv4.conf.all.send_redirects', line: 'net.ipv4.conf.all.send_redirects = 0' } 17 | - { regexp: '^net.ipv4.conf.default.send_redirects', line: 'net.ipv4.conf.default.send_redirects = 0' } 18 | - { regexp: '^net.ipv4.tcp_syncookies', line: 'net.ipv4.tcp_syncookies = 1' } 19 | - { regexp: '^net.ipv4.tcp_max_syn_backlog', line: 'net.ipv4.tcp_max_syn_backlog = 2048' } 20 | - { regexp: '^net.ipv4.tcp_synack_retries', line: 'net.ipv4.tcp_synack_retries = 2' } 21 | - { regexp: '^net.ipv4.tcp_syn_retries', line: 'net.ipv4.tcp_syn_retries = 5' } 22 | - { regexp: '^net.ipv4.conf.all.log_martians', line: 'net.ipv4.conf.all.log_martians = 1' } 23 | - { regexp: '^net.ipv4.icmp_ignore_bogus_error_responses', line: 'net.ipv4.icmp_ignore_bogus_error_responses = 1' } 24 | - { regexp: '^net.ipv4.conf.all.accept_redirects', line: 'net.ipv4.conf.all.accept_redirects = 0' } 25 | - { regexp: '^net.ipv6.conf.all.accept_redirects', line: 'net.ipv6.conf.all.accept_redirects = 0' } 26 | - { regexp: '^net.ipv4.conf.default.accept_redirects', line: 'net.ipv4.conf.default.accept_redirects = 0' } 27 | - { regexp: '^net.ipv6.conf.default.accept_redirects', line: 'net.ipv6.conf.default.accept_redirects = 0' } 28 | - { regexp: '^net.ipv4.icmp_echo_ignore_all', line: 'net.ipv4.icmp_echo_ignore_all = 1' } 29 | - { regexp: '^kernel.core_uses_pid', line: 'kernel.core_uses_pid = 1' } 30 | - { regexp: '^net.ipv4.conf.default.log_martians', line: 'net.ipv4.conf.default.log_martians = 1' } 31 | 32 | - name: "Reload sysctl" 33 | shell: sysctl -p 34 | become: true 35 | -------------------------------------------------------------------------------- /roles/security/templates/rkhunter.conf.j2: -------------------------------------------------------------------------------- 1 | UPDATE_MIRRORS=0 2 | APT_AUTOGEN="true" 3 | ALLOWHIDDENDIR="/dev/.udev" 4 | ALLOWHIDDENDIR="/dev/.static" 5 | ALLOWDEVFILE="/dev/.udev/rules.d/root.rules" 6 | PKGMGR=DPKG 7 | MIRRORS_MODE=1 8 | TMPDIR=/var/lib/rkhunter/tmp 9 | DBDIR=/var/lib/rkhunter/db 10 | SCRIPTDIR=/usr/share/rkhunter/scripts 11 | UPDATE_LANG="en" 12 | LOGFILE=/var/log/rkhunter.log 13 | USE_SYSLOG=authpriv.warning 14 | AUTO_X_DETECT=1 15 | ALLOW_SSH_PROT_V1=2 16 | ENABLE_TESTS=ALL 17 | DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps 18 | SCRIPTWHITELIST=/bin/egrep 19 | SCRIPTWHITELIST=/bin/fgrep 20 | SCRIPTWHITELIST=/bin/which 21 | SCRIPTWHITELIST=/usr/bin/ldd 22 | SCRIPTWHITELIST=/usr/sbin/adduser 23 | WEB_CMD="/bin/false" 24 | INSTALLDIR=/usr 25 | -------------------------------------------------------------------------------- /roles/system/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload NetworkManager 3 | service: 4 | name: NetworkManager 5 | state: reloaded 6 | -------------------------------------------------------------------------------- /roles/system/tasks/dns.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Disable NetworkManager DNS" 3 | become: true 4 | ini_file: 5 | path: /etc/NetworkManager/NetworkManager.conf 6 | state: present 7 | no_extra_spaces: yes 8 | section: main 9 | option: dns 10 | value: none 11 | owner: root 12 | group: root 13 | mode: 0644 14 | notify: 15 | - reload NetworkManager 16 | 17 | - name: "Deploy resolv.conf template" 18 | become: true 19 | template: 20 | src: resolv.conf.j2 21 | dest: /etc/resolv.conf 22 | owner: root 23 | group: root 24 | mode: 0644 25 | notify: 26 | - reload NetworkManager 27 | -------------------------------------------------------------------------------- /roles/system/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Update Hostname" 3 | hostname: 4 | name: "{{ custom_hostname }}" 5 | become: true 6 | 7 | - name: "Set timezone" 8 | timezone: 9 | name: "{{ timezone }}" 10 | become: true 11 | 12 | - name: "DNS setup" 13 | include_tasks: dns.yml 14 | -------------------------------------------------------------------------------- /roles/system/templates/resolv.conf.j2: -------------------------------------------------------------------------------- 1 | # Generated by Ansible 2 | search home 3 | {% for server in dns_servers %} 4 | nameserver {{ server }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /roles/user/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create group wheel (for security)" 3 | become: 'yes' 4 | group: 5 | name: wheel 6 | state: present 7 | 8 | - name: Create user {{ user }} 9 | become: 'yes' 10 | user: 11 | name: "{{ user }}" 12 | comment: "{{ user }}" 13 | groups: "{{ user }},wheel,cdrom,floppy,audio,dip,video,plugdev,netdev,bluetooth,scanner" 14 | shell: "/bin/zsh" 15 | 16 | - name: Create sudo rules for user {{ user }} 17 | become: 'yes' 18 | lineinfile: 19 | dest: /etc/sudoers 20 | state: present 21 | regexp: '^%{{ user }}' 22 | line: '%{{ user }} ALL=(ALL) NOPASSWD: ALL' 23 | validate: 'visudo -cf %s' 24 | 25 | - name: Create ssh directory 26 | become: 'yes' 27 | file: 28 | path: "/home/{{ user }}/.ssh" 29 | state: directory 30 | mode: '0755' 31 | owner: "{{ user }}" 32 | group: "{{ user }}" 33 | 34 | - name: Generate sshkey 35 | become: 'yes' 36 | openssh_keypair: 37 | path: "/home/{{ user }}/.ssh/id_{{ user }}_{{ custom_hostname }}" 38 | type: ed25519 39 | mode: '0400' 40 | owner: "{{ user }}" 41 | group: "{{ user }}" 42 | -------------------------------------------------------------------------------- /vars/packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | asdf_version: "v0.13.1" 3 | asdf_plugins: 4 | - name: "tfenv" 5 | version: "latest" 6 | - name: "tfsec" 7 | version: "latest" 8 | - name: "kubectl" 9 | version: "latest" 10 | - name: "terraform-docs" 11 | version: "latest" 12 | - name: "terragrunt" 13 | version: "latest" 14 | - name: "helm" 15 | version: "latest" 16 | - name: "packer" 17 | version: "latest" 18 | - name: "zellij" 19 | version: "latest" 20 | - name: "opentofu" 21 | version: "latest" 22 | # Version are tag on Github without the v 23 | scw_version: "2.32.1" 24 | starship_version: "1.20.1" 25 | -------------------------------------------------------------------------------- /vars/system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gui: true 3 | forward: true 4 | custom_hostname: ghost 5 | stable_debian_codename: "bullseye" 6 | timezone: 'Europe/Paris' 7 | tmp_dir: "/tmp" 8 | architecture: "x86_64" 9 | latestff: false 10 | dns_servers: 11 | - "9.9.9.11" 12 | - "1.1.1.1" -------------------------------------------------------------------------------- /vars/user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | user: damyr 3 | git_username: Thomas 4 | git_name: DamyrFr 5 | git_email: thomas@anvir.fr 6 | git_sign_key: "~/.ssh/id_ed25519.pub" 7 | --------------------------------------------------------------------------------