vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cachyos compatibility
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 48s
Details
Nix Format Check / check-format (push) Failing after 1m49s
Details
Python Lint Check / check-python (push) Failing after 33s
Details

Browse Source
This commit is contained in:
Menno van Leeuwen
2025-07-18 10:13:33 +02:00
parent fe80046042
commit 085d037f77
46 changed files with 478 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/ansible/inventory.ini
View File

@@ -1,9 +1,10 @@
[workstations]
mennos-laptop-w ansible_connection=local
mennos-desktop ansible_connection=local
mennos-cachyos-desktop ansible_connection=local
[servers]
mennos-server ansible_connection=local
mennos-cloud-server ansible_connection=local
mennos-vm ansible_connection=local
dotfiles-test ansible_connection=local
mennos-cachyos-desktop ansible_connection=local

4
config/ansible/playbook.yml
View File

@@ -12,8 +12,8 @@
- name: Include workstation tasks
ansible.builtin.import_tasks: tasks/workstations/workstation.yml
when: inventory_hostname in ['mennos-laptop-w', 'mennos-desktop']
when: inventory_hostname in ['mennos-laptop-w', 'mennos-desktop', 'mennos-cachyos-desktop']
- name: Include server tasks
ansible.builtin.import_tasks: tasks/servers/server.yml
when: inventory_hostname in ['mennos-server', 'mennos-cloud-server', 'mennos-hobbypc', 'mennos-vm', 'dotfiles-test']
when: inventory_hostname in ['mennos-server', 'mennos-cloud-server', 'mennos-hobbypc', 'mennos-vm', 'mennos-cachyos-desktop']

38
config/ansible/tasks/global/docker.yml
View File

@@ -5,19 +5,31 @@
changed_when: false
failed_when: false
# Arch-based distributions (CachyOS, Arch Linux, etc.)
- name: Install Docker on Arch-based systems
community.general.pacman:
name:
- docker
- docker-compose
- docker-buildx
state: present
become: true
when: docker_check.rc != 0 and ansible_pkg_mgr == 'pacman'
# Non-Arch distributions
- name: Download Docker installation script
ansible.builtin.get_url:
url: https://get.docker.com
dest: /tmp/get-docker.sh
mode: "0755"
when: docker_check.rc != 0
when: docker_check.rc != 0 and ansible_pkg_mgr != 'pacman'
- name: Install Docker CE
- name: Install Docker CE on non-Arch systems
ansible.builtin.shell: bash -c 'set -o pipefail && sh /tmp/get-docker.sh'
args:
executable: /bin/bash
creates: /usr/bin/docker
when: docker_check.rc != 0
when: docker_check.rc != 0 and ansible_pkg_mgr != 'pacman'
- name: Add user to docker group
ansible.builtin.user:
@@ -27,25 +39,15 @@
become: true
when: docker_check.rc != 0
- name: Check if docker is running
ansible.builtin.systemd:
name: docker
state: started
enabled: true
become: true
register: docker_service
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: true
become: true
when: docker_service.changed
- name: Enable and start docker service
ansible.builtin.systemd:
name: docker
state: started
enabled: true
become: true
when: docker_service.changed
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: true
become: true
notify: Reload systemd

42
config/ansible/tasks/global/global.yml
View File

@@ -7,6 +7,15 @@
manager: auto
become: true
- name: Debug ansible_facts for troubleshooting
ansible.builtin.debug:
msg: |
OS Family: {{ ansible_facts['os_family'] }}
Distribution: {{ ansible_facts['distribution'] }}
Package Manager: {{ ansible_pkg_mgr }}
Kernel: {{ ansible_kernel }}
tags: debug
- name: Include Tailscale tasks
ansible.builtin.import_tasks: tasks/global/tailscale.yml
become: true
@@ -27,7 +36,24 @@
become: true
when: "'microsoft-standard-WSL2' not in ansible_kernel"
- name: Ensure common packages are installed
- name: Ensure common packages are installed on Arch-based systems
ansible.builtin.package:
name:
- git
- vim
- curl
- wget
- httpie
- python
- python-pip
- python-pipx
- python-pylint
- go
state: present
become: true
when: ansible_pkg_mgr == 'pacman'
- name: Ensure common packages are installed on non-Arch systems
ansible.builtin.package:
name:
- git
@@ -35,19 +61,27 @@
- curl
- wget
- httpie
# Python is used for the dotfiles CLI tools
- python3
- python3-pip
- python3-venv
- pylint
- black
- pipx
# Package manager wrapper
- nala
# Go
- golang
state: present
become: true
when: ansible_pkg_mgr != 'pacman'
- name: Configure performance optimizations
ansible.builtin.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: true
become: true
loop:
- { name: "vm.max_map_count", value: "16777216" }
# --- PBinCLI via pipx ---
- name: Ensure pbincli is installed with pipx

19
config/ansible/tasks/global/openssh-server.yml
View File

@@ -1,14 +1,29 @@
---
- name: Ensure openssh-server is installed
- name: Ensure openssh-server is installed on Arch-based systems
ansible.builtin.package:
name: openssh
state: present
when: ansible_pkg_mgr == 'pacman'
- name: Ensure openssh-server is installed on non-Arch systems
ansible.builtin.package:
name: openssh-server
state: present
when: ansible_pkg_mgr != 'pacman'
- name: Ensure SSH service is enabled and running
- name: Ensure SSH service is enabled and running on Arch-based systems
ansible.builtin.service:
name: sshd
state: started
enabled: true
when: ansible_pkg_mgr == 'pacman'
- name: Ensure SSH service is enabled and running on non-Arch systems
ansible.builtin.service:
name: ssh
state: started
enabled: true
when: ansible_pkg_mgr != 'pacman'
- name: Ensure SSH server configuration is proper
ansible.builtin.template:

2
config/ansible/tasks/global/symlinks.yml
View File

@@ -28,10 +28,10 @@
vars:
gitconfig_mapping:
mennos-desktop: "$DOTFILES_PATH/config/git/gitconfig.wsl"
mennos-cachyos-desktop: "$DOTFILES_PATH/config/git/gitconfig.linux"
mennos-laptop-w: "$DOTFILES_PATH/config/git/gitconfig.wsl"
mennos-server: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
mennos-cloud-server: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
mennos-vm: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
dotfiles-test: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
tags:
- symlinks

25
config/ansible/tasks/servers/server.yml
View File

@@ -1,12 +1,17 @@
---
- name: Server setup
block:
- name: Ensure server common packages are installed
- name: Ensure openssh-server is installed on Arch-based systems
ansible.builtin.package:
name:
- openssh-server
name: openssh
state: present
become: true
when: ansible_pkg_mgr == 'pacman'
- name: Ensure openssh-server is installed on non-Arch systems
ansible.builtin.package:
name: openssh-server
state: present
when: ansible_pkg_mgr != 'pacman'
- name: Include JuiceFS tasks
ansible.builtin.include_tasks: juicefs.yml
@@ -27,7 +32,7 @@
enabled: true
hosts:
- mennos-cloud-server
- mennos-server
- mennos-cachyos-desktop
- name: karakeep
enabled: true
hosts:
@@ -48,7 +53,7 @@
enabled: true
hosts:
- mennos-cloud-server
- mennos-server
- mennos-cachyos-desktop
- name: seafile
enabled: true
hosts:
@@ -72,7 +77,7 @@
- name: downloaders
enabled: true
hosts:
- mennos-server
- mennos-cachyos-desktop
- name: wireguard
enabled: true
hosts:
@@ -81,7 +86,7 @@
enabled: true
hosts:
- mennos-cloud-server
- mennos-server
- mennos-cachyos-desktop
- name: arr-stack
enabled: false
hosts:
@@ -89,11 +94,11 @@
- name: home-assistant
enabled: true
hosts:
- mennos-server
- mennos-cachyos-desktop
- name: privatebin
enabled: true
hosts:
- mennos-server
- mennos-cachyos-desktop
- name: unifi-network-application
enabled: true
hosts:

46
config/ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -100,7 +100,7 @@ df.mvl.sh {
overseerr.mvl.sh jellyseerr.mvl.sh overseerr.vleeuwen.me jellyseerr.vleeuwen.me {
import country_block
reverse_proxy mennos-server:5555
reverse_proxy mennos-cachyos-desktop:5555
tls {{ caddy_email }}
}
@@ -115,28 +115,7 @@ fladder.mvl.sh {
reverse_proxy fladder:80
tls {{ caddy_email }}
}
ip.mvl.sh {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}
http://ip.mvl.sh {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
{% elif inventory_hostname == 'mennos-server' %}
{% elif inventory_hostname == 'mennos-cachyos-desktop' %}
home.vleeuwen.me {
import country_block
reverse_proxy host.docker.internal:8123 {
@@ -158,4 +137,25 @@ jellyfin.mvl.sh jellyfin.vleeuwen.me {
reverse_proxy jellyfin:8096
tls {{ caddy_email }}
}
ip.mvl.sh ip.vleeuwen.me {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}
http://ip.mvl.sh http://ip.vleeuwen.me {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
{% endif %}

4
config/ansible/tasks/servers/services/caddy/caddy.yml
View File

@@ -4,8 +4,8 @@
- name: Set Caddy directories
ansible.builtin.set_fact:
caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
caddy_data_dir: "{{ '/mnt/services/caddy' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/caddy' }}"
geoip_db_path: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
caddy_data_dir: "{{ '/mnt/services/caddy' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/caddy' }}"
geoip_db_path: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/echoip' }}"
caddy_email: "{{ lookup('community.general.onepassword', 'Caddy (Proxy)', vault='Dotfiles', field='email') }}"
- name: Create Caddy directory

2
config/ansible/tasks/servers/services/echoip/echoip.yml
View File

@@ -4,7 +4,7 @@
- name: Set EchoIP directories
ansible.builtin.set_fact:
echoip_service_dir: "{{ ansible_env.HOME }}/services/echoip"
echoip_data_dir: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
echoip_data_dir: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/echoip' }}"
maxmind_account_id: "{{ lookup('community.general.onepassword', 'MaxMind',
vault='Dotfiles', field='account_id') | regex_replace('\\s+', '') }}"
maxmind_license_key: "{{ lookup('community.general.onepassword', 'MaxMind',

21
config/ansible/tasks/servers/services/jellyfin/docker-compose.yml.j2
View File

@@ -6,15 +6,11 @@ services:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
- JELLYFIN_PublishedServerUrl=https://jellyfin.mvl.sh
{% if inventory_hostname == 'mennos-server' %}
- NVIDIA_VISIBLE_DEVICES=all
{% endif %}
volumes:
- {{ jellyfin_data_dir }}/jellyfin-config:/config
- {{ '/mnt/data/movies' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/movies' }}:/movies
- {{ '/mnt/data/tvshows' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/tvshows' }}:/tvshows
- {{ '/mnt/data/music' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/music' }}:/music
- {{ '/mnt/data/movies' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/movies' }}:/movies
- {{ '/mnt/data/tvshows' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/tvshows' }}:/tvshows
- {{ '/mnt/data/music' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/music' }}:/music
ports:
- 8096:8096
- 8920:8920
@@ -26,17 +22,6 @@ services:
- "44"
networks:
- caddy_network
{% if inventory_hostname == 'mennos-server' %}
runtime: nvidia
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
{% endif %}
fladder:
image: ghcr.io/donutware/fladder:latest

2
config/ansible/tasks/servers/services/jellyfin/jellyfin.yml
View File

@@ -3,7 +3,7 @@
block:
- name: Set Jellyfin directories
ansible.builtin.set_fact:
jellyfin_data_dir: "{{ '/mnt/services/jellyfin' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/jellyfin' }}"
jellyfin_data_dir: "{{ '/mnt/services/jellyfin' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/jellyfin' }}"
jellyfin_service_dir: "{{ ansible_env.HOME }}/services/jellyfin"
- name: Create Jellyfin directories

51
config/ansible/tasks/workstations/firefoxpwa.yml
View File

@@ -1,51 +0,0 @@
---
- name: Install required packages for FirefoxPWA
ansible.builtin.apt:
name:
- curl
- gpg
- apt-transport-https
- debian-archive-keyring
state: present
update_cache: true
become: true
- name: Download FirefoxPWA GPG key
ansible.builtin.get_url:
url: https://packagecloud.io/filips/FirefoxPWA/gpgkey
dest: /usr/share/keyrings/firefoxpwa-keyring.gpg
mode: "0644"
become: true
- name: Import FirefoxPWA GPG key
ansible.builtin.command:
cmd: "set -o pipefail && gpg --dearmor < /usr/share/keyrings/firefoxpwa-keyring.gpg | tee /usr/share/keyrings/firefoxpwa-keyring.gpg > /dev/null"
args:
creates: /usr/share/keyrings/firefoxpwa-keyring.gpg
become: true
- name: Add FirefoxPWA repository
ansible.builtin.copy:
content: "deb [signed-by=/usr/share/keyrings/firefoxpwa-keyring.gpg] https://packagecloud.io/filips/FirefoxPWA/any any main"
dest: /etc/apt/sources.list.d/firefoxpwa.list
mode: "0644"
become: true
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
become: true
- name: Install FirefoxPWA package
ansible.builtin.apt:
name: firefoxpwa
state: present
become: true
- name: Ensure FirefoxPWA integration is enabled for compatible browsers
ansible.builtin.command:
cmd: "firefoxpwa install --global"
register: pwa_integration
changed_when: "'Integration installed' in pwa_integration.stdout"
failed_when: false
become: true

1
config/ansible/tasks/workstations/flatpaks.yml
View File

@@ -45,7 +45,6 @@
- org.prismlauncher.PrismLauncher
# Multimedia
- com.spotify.Client
- com.plexamp.Plexamp
- tv.plex.PlexDesktop

1
config/ansible/tasks/workstations/purge-libreoffice.yml
View File

@@ -18,3 +18,4 @@
purge: true
autoremove: true
update_cache: true
when: ansible_pkg_mgr == 'apt'

5
config/ansible/tasks/workstations/symlinks.yml
View File

@@ -17,6 +17,11 @@
mode: "0755"
loop: "{{ workstation_symlinks }}"
- name: Remove existing autostart directory if it exists
ansible.builtin.file:
path: "{{ user_home }}/.config/autostart"
state: absent
- name: Create workstation symlinks
ansible.builtin.file:
src: "{{ item.src | replace('~', user_home) | replace('$DOTFILES_PATH', lookup('env', 'DOTFILES_PATH')) }}"

13
config/ansible/tasks/workstations/workstation.yml
View File

@@ -35,10 +35,6 @@
ansible.builtin.import_tasks: tasks/workstations/1password-browsers.yml
when: "'microsoft-standard-WSL2' not in ansible_kernel"
- name: Include Firefox PWA tasks
ansible.builtin.import_tasks: tasks/workstations/firefoxpwa.yml
when: "'microsoft-standard-WSL2' not in ansible_kernel"
- name: Include purge LibreOffice tasks
ansible.builtin.import_tasks: tasks/workstations/purge-libreoffice.yml
@@ -58,15 +54,6 @@
- mangohud
# Used for VSCode Extensions
- nodejs
# File Manager
- nemo
# File Manager Extensions
- nemo-compare
- nemo-data
- nemo-fileroller
- nemo-font-manager
- nemo-gtkhash
- nemo-python
# DistroBox
- distrobox
state: present

2
config/ansible/tasks/workstations/zen-browser.yml
View File

@@ -1,7 +1,7 @@
---
- name: Set Zen browser version
ansible.builtin.set_fact:
zen_browser_version: "1.13.2b"
zen_browser_version: "1.14.5b"
- name: Create directory for browser
ansible.builtin.file:

2
config/ansible/templates/juicefs.service.j2
View File

@@ -5,7 +5,7 @@ Before=docker.service
[Service]
Type=simple
ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@mennos-cloud-server:6379/0 /mnt/object_storage \
ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@100.82.178.14:6379/0 /mnt/object_storage \
--cache-dir=/var/jfsCache \
--buffer-size=4096 \
--prefetch=16 \