diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd index 6436a21..294c60b 100644 --- a/ansible/environments/laptop/host_vars/odofreebsd +++ b/ansible/environments/laptop/host_vars/odofreebsd @@ -26,9 +26,12 @@ users: groups: - name: wheel - name: video + - name: u2f authorized_keys: - yubikey - main_fido - backup_fido - homeassistant gitconfig: "gitconfig_home" +# devfs_rules: "odo_devfs.rules" +# devfs_system_ruleset: "localrules" diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index cad6058..9010cc8 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -21,3 +21,4 @@ - sway - emacs - firefox + - devfs diff --git a/ansible/roles/devfs/files/odo_devfs.rules b/ansible/roles/devfs/files/odo_devfs.rules new file mode 100644 index 0000000..273e8a1 --- /dev/null +++ b/ansible/roles/devfs/files/odo_devfs.rules @@ -0,0 +1,3 @@ +[localrules=10] +add path 'input/*' mode 0660 group video +add path 'usb/*' mode 0660 group usb diff --git a/ansible/roles/devfs/tasks/common.yaml b/ansible/roles/devfs/tasks/common.yaml new file mode 100644 index 0000000..d7c1735 --- /dev/null +++ b/ansible/roles/devfs/tasks/common.yaml @@ -0,0 +1,14 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/devfs/tasks/freebsd.yaml b/ansible/roles/devfs/tasks/freebsd.yaml new file mode 100644 index 0000000..b3f54f7 --- /dev/null +++ b/ansible/roles/devfs/tasks/freebsd.yaml @@ -0,0 +1,14 @@ +- name: Install /etc/devfs.rules + copy: + src: "files/{{ devfs_rules }}" + dest: /etc/devfs.rules + mode: 0644 + owner: root + group: wheel + +- name: Set devfs_system_ruleset + when: devfs_system_ruleset is defined + community.general.sysrc: + name: "devfs_system_ruleset" + value: "{{ devfs_system_ruleset }}" + path: /etc/rc.conf.d/devfs diff --git a/ansible/roles/devfs/tasks/linux.yaml b/ansible/roles/devfs/tasks/linux.yaml new file mode 100644 index 0000000..e1835f0 --- /dev/null +++ b/ansible/roles/devfs/tasks/linux.yaml @@ -0,0 +1,6 @@ +# - name: Install packages +# pacman: +# name: +# - foo +# state: present +# update_cache: true diff --git a/ansible/roles/devfs/tasks/main.yaml b/ansible/roles/devfs/tasks/main.yaml new file mode 100644 index 0000000..7a0694b --- /dev/null +++ b/ansible/roles/devfs/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + when: devfs_rules is defined diff --git a/ansible/roles/devfs/tasks/peruser.yaml b/ansible/roles/devfs/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/devfs/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/devfs/tasks/peruser_freebsd.yaml b/ansible/roles/devfs/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/devfs/tasks/peruser_linux.yaml b/ansible/roles/devfs/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/gpg/files/gpg-agent.conf b/ansible/roles/gpg/files/gpg-agent.conf deleted file mode 100644 index 1679e6d..0000000 --- a/ansible/roles/gpg/files/gpg-agent.conf +++ /dev/null @@ -1,6 +0,0 @@ -enable-ssh-support -write-env-file -use-standard-socket -default-cache-ttl 600 -max-cache-ttl 7200 -display :0 diff --git a/ansible/roles/gpg/meta/main.yaml b/ansible/roles/gpg/meta/main.yaml index 655446a..76b1d0b 100644 --- a/ansible/roles/gpg/meta/main.yaml +++ b/ansible/roles/gpg/meta/main.yaml @@ -1,2 +1,3 @@ dependencies: - users + - devfs # For access to usb devices like yubikeys diff --git a/ansible/roles/gpg/tasks/peruser.yaml b/ansible/roles/gpg/tasks/peruser.yaml index 3855611..eb738e5 100644 --- a/ansible/roles/gpg/tasks/peruser.yaml +++ b/ansible/roles/gpg/tasks/peruser.yaml @@ -19,11 +19,20 @@ loop: - src: gpg.conf dest: .gnupg/gpg.conf - - src: gpg-agent.conf - dest: .gnupg/gpg-agent.conf - src: scdaemon.conf dest: .gnupg/scdaemon.conf +- name: Copy templates + template: + src: "templates/{{ item.src }}.j2" + dest: "{{ account_homedir.stdout }}/{{ item.dest }}" + mode: 0600 + owner: "{{ account_name.stdout }}" + group: "{{ group_name.stdout }}" + loop: + - src: gpg-agent.conf + dest: .gnupg/gpg-agent.conf + - name: Check trusted gpg keys command: gpg --list-public-keys --keyid-format LONG register: gpgkeys diff --git a/ansible/roles/gpg/templates/gpg-agent.conf.j2 b/ansible/roles/gpg/templates/gpg-agent.conf.j2 new file mode 100644 index 0000000..2c1159e --- /dev/null +++ b/ansible/roles/gpg/templates/gpg-agent.conf.j2 @@ -0,0 +1,11 @@ +enable-ssh-support +write-env-file +use-standard-socket +default-cache-ttl 600 +max-cache-ttl 7200 +display :0 +{% if os_flavor == "linux" %} +pinentry-program /usr/bin/pinentry-qt5 +{% elif os_flavor == "freebsd" %} +pinentry-program /usr/local/bin/pinentry-qt5 +{% endif %}