Merge branch 'devfs'
This commit is contained in:
Tom Alexander
commit
eb2ebb6cd6
GPG Key ID:
D3A179C9A53C0EDE
@ -26,9 +26,12 @@ users:
|
|||||||
groups:
|
groups:
|
||||||
- name: wheel
|
- name: wheel
|
||||||
- name: video
|
- name: video
|
||||||
|
- name: u2f
|
||||||
authorized_keys:
|
authorized_keys:
|
||||||
- yubikey
|
- yubikey
|
||||||
- main_fido
|
- main_fido
|
||||||
- backup_fido
|
- backup_fido
|
||||||
- homeassistant
|
- homeassistant
|
||||||
gitconfig: "gitconfig_home"
|
gitconfig: "gitconfig_home"
|
||||||
|
# devfs_rules: "odo_devfs.rules"
|
||||||
|
# devfs_system_ruleset: "localrules"
|
||||||
|
|||||||
@ -21,3 +21,4 @@
|
|||||||
- sway
|
- sway
|
||||||
- emacs
|
- emacs
|
||||||
- firefox
|
- firefox
|
||||||
|
- devfs
|
||||||
|
|||||||
3
ansible/roles/devfs/files/odo_devfs.rules
Normal file
3
ansible/roles/devfs/files/odo_devfs.rules
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[localrules=10]
|
||||||
|
add path 'input/*' mode 0660 group video
|
||||||
|
add path 'usb/*' mode 0660 group usb
|
||||||
14
ansible/roles/devfs/tasks/common.yaml
Normal file
14
ansible/roles/devfs/tasks/common.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
- import_tasks: tasks/freebsd.yaml
|
||||||
|
when: 'os_flavor == "freebsd"'
|
||||||
|
|
||||||
|
- import_tasks: tasks/linux.yaml
|
||||||
|
when: 'os_flavor == "linux"'
|
||||||
|
|
||||||
|
- include_tasks:
|
||||||
|
file: tasks/peruser.yaml
|
||||||
|
apply:
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ initialize_user }}"
|
||||||
|
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: initialize_user
|
||||||
14
ansible/roles/devfs/tasks/freebsd.yaml
Normal file
14
ansible/roles/devfs/tasks/freebsd.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
- name: Install /etc/devfs.rules
|
||||||
|
copy:
|
||||||
|
src: "files/{{ devfs_rules }}"
|
||||||
|
dest: /etc/devfs.rules
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
|
||||||
|
- name: Set devfs_system_ruleset
|
||||||
|
when: devfs_system_ruleset is defined
|
||||||
|
community.general.sysrc:
|
||||||
|
name: "devfs_system_ruleset"
|
||||||
|
value: "{{ devfs_system_ruleset }}"
|
||||||
|
path: /etc/rc.conf.d/devfs
|
||||||
6
ansible/roles/devfs/tasks/linux.yaml
Normal file
6
ansible/roles/devfs/tasks/linux.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# - name: Install packages
|
||||||
|
# pacman:
|
||||||
|
# name:
|
||||||
|
# - foo
|
||||||
|
# state: present
|
||||||
|
# update_cache: true
|
||||||
2
ansible/roles/devfs/tasks/main.yaml
Normal file
2
ansible/roles/devfs/tasks/main.yaml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
- import_tasks: tasks/common.yaml
|
||||||
|
when: devfs_rules is defined
|
||||||
29
ansible/roles/devfs/tasks/peruser.yaml
Normal file
29
ansible/roles/devfs/tasks/peruser.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
- include_role:
|
||||||
|
name: per_user
|
||||||
|
|
||||||
|
# - name: Create directories
|
||||||
|
# file:
|
||||||
|
# name: "{{ account_homedir.stdout }}/{{ item }}"
|
||||||
|
# state: directory
|
||||||
|
# mode: 0700
|
||||||
|
# owner: "{{ account_name.stdout }}"
|
||||||
|
# group: "{{ group_name.stdout }}"
|
||||||
|
# loop:
|
||||||
|
# - ".config/foo"
|
||||||
|
|
||||||
|
# - name: Copy files
|
||||||
|
# copy:
|
||||||
|
# src: "files/{{ item.src }}"
|
||||||
|
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
|
||||||
|
# mode: 0600
|
||||||
|
# owner: "{{ account_name.stdout }}"
|
||||||
|
# group: "{{ group_name.stdout }}"
|
||||||
|
# loop:
|
||||||
|
# - src: foo.conf
|
||||||
|
# dest: .config/foo/foo.conf
|
||||||
|
|
||||||
|
- import_tasks: tasks/peruser_freebsd.yaml
|
||||||
|
when: 'os_flavor == "freebsd"'
|
||||||
|
|
||||||
|
- import_tasks: tasks/peruser_linux.yaml
|
||||||
|
when: 'os_flavor == "linux"'
|
||||||
0
ansible/roles/devfs/tasks/peruser_freebsd.yaml
Normal file
0
ansible/roles/devfs/tasks/peruser_freebsd.yaml
Normal file
0
ansible/roles/devfs/tasks/peruser_linux.yaml
Normal file
0
ansible/roles/devfs/tasks/peruser_linux.yaml
Normal file
@ -1,6 +0,0 @@
|
|||||||
enable-ssh-support
|
|
||||||
write-env-file
|
|
||||||
use-standard-socket
|
|
||||||
default-cache-ttl 600
|
|
||||||
max-cache-ttl 7200
|
|
||||||
display :0
|
|
||||||
@ -1,2 +1,3 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- users
|
- users
|
||||||
|
- devfs # For access to usb devices like yubikeys
|
||||||
|
|||||||
@ -19,11 +19,20 @@
|
|||||||
loop:
|
loop:
|
||||||
- src: gpg.conf
|
- src: gpg.conf
|
||||||
dest: .gnupg/gpg.conf
|
dest: .gnupg/gpg.conf
|
||||||
- src: gpg-agent.conf
|
|
||||||
dest: .gnupg/gpg-agent.conf
|
|
||||||
- src: scdaemon.conf
|
- src: scdaemon.conf
|
||||||
dest: .gnupg/scdaemon.conf
|
dest: .gnupg/scdaemon.conf
|
||||||
|
|
||||||
|
- name: Copy templates
|
||||||
|
template:
|
||||||
|
src: "templates/{{ item.src }}.j2"
|
||||||
|
dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
|
||||||
|
mode: 0600
|
||||||
|
owner: "{{ account_name.stdout }}"
|
||||||
|
group: "{{ group_name.stdout }}"
|
||||||
|
loop:
|
||||||
|
- src: gpg-agent.conf
|
||||||
|
dest: .gnupg/gpg-agent.conf
|
||||||
|
|
||||||
- name: Check trusted gpg keys
|
- name: Check trusted gpg keys
|
||||||
command: gpg --list-public-keys --keyid-format LONG
|
command: gpg --list-public-keys --keyid-format LONG
|
||||||
register: gpgkeys
|
register: gpgkeys
|
||||||
|
|||||||
11
ansible/roles/gpg/templates/gpg-agent.conf.j2
Normal file
11
ansible/roles/gpg/templates/gpg-agent.conf.j2
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
enable-ssh-support
|
||||||
|
write-env-file
|
||||||
|
use-standard-socket
|
||||||
|
default-cache-ttl 600
|
||||||
|
max-cache-ttl 7200
|
||||||
|
display :0
|
||||||
|
{% if os_flavor == "linux" %}
|
||||||
|
pinentry-program /usr/bin/pinentry-qt5
|
||||||
|
{% elif os_flavor == "freebsd" %}
|
||||||
|
pinentry-program /usr/local/bin/pinentry-qt5
|
||||||
|
{% endif %}
|
||||||
Loading…
Reference in New Issue
Block a user