vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vleeuwenmenno:987166420a04cb907ad2caa231fe2137ffca1ff6
Branches Tags
vleeuwenmenno:master vleeuwenmenno:legacy
...
compare: vleeuwenmenno:master
Branches Tags
vleeuwenmenno:master vleeuwenmenno:legacy

13 Commits
987166420a ... master

Author SHA1 Message Date
Menno van Leeuwen
fd6e7d7a86 Update flake.lock
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 5s
Details
Nix Format Check / check-format (push) Successful in 41s
Details
Python Lint Check / check-python (push) Successful in 7s
Details
2025-10-30 16:22:07 +01:00
Menno van Leeuwen
b23536ecc7 chore: adds discord and gitnuro flatpaks
Some checks failed
Ansible Lint Check / check-ansible (push) Has been cancelled
Details
Nix Format Check / check-format (push) Has been cancelled
Details
Python Lint Check / check-python (push) Has been cancelled
Details
2025-10-30 16:22:03 +01:00
Menno van Leeuwen
14e9c8d51c chore: remove old stuff
Some checks failed
Ansible Lint Check / check-ansible (push) Successful in 7s
Details
Python Lint Check / check-python (push) Has been cancelled
Details
Nix Format Check / check-format (push) Has been cancelled
Details
2025-10-30 16:21:17 +01:00
Menno van Leeuwen
c1c98fa007 Merge branch 'master' of ssh://git.mvl.sh/vleeuwenmenno/dotfiles
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 6s
Details
Nix Format Check / check-format (push) Successful in 43s
Details
Python Lint Check / check-python (push) Successful in 8s
Details
2025-10-28 08:36:44 +01:00
Menno van Leeuwen
9c6e6fdf47 Add Vicinae installation and assets Ansible task 
Include Vicinae setup in workstation playbook for non-WSL2 systems

Update flake.lock to newer nixpkgs revision
 2025-10-28 08:36:26 +01:00
Menno van Leeuwen
a11376fe96 Add monitoring countries to allowed_countries_codes list
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 4s
Details
Nix Format Check / check-format (push) Successful in 41s
Details
Python Lint Check / check-python (push) Successful in 7s
Details
2025-10-26 00:24:17 +00:00
Menno van Leeuwen
e14dd1d224 Add EU and trusted country lists for Caddy access control
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 7s
Details
Nix Format Check / check-format (push) Successful in 54s
Details
Python Lint Check / check-python (push) Successful in 21s
Details 
Define separate lists for EU and trusted countries in group vars. Update
Caddyfile template to support EU, trusted, and combined allow lists.
Switch Sathub domains to use combined country allow list.
 2025-10-26 00:21:27 +00:00
Menno van Leeuwen
5353981555 Merge branch 'master' of git.mvl.sh:vleeuwenmenno/dotfiles
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 5s
Details
Nix Format Check / check-format (push) Successful in 42s
Details
Python Lint Check / check-python (push) Successful in 8s
Details
2025-10-26 00:09:31 +00:00
Menno van Leeuwen
f9ce652dfc flake lock 
Signed-off-by: Menno van Leeuwen <menno@vleeuwen.me>
 2025-10-26 00:09:15 +00:00
Menno van Leeuwen
fe9dbca2db Merge branch 'master' of git.mvl.sh:vleeuwenmenno/dotfiles
All checks were successful
Ansible Lint Check / check-ansible (push) Successful in 5s
Details
Nix Format Check / check-format (push) Successful in 43s
Details
Python Lint Check / check-python (push) Successful in 8s
Details
2025-10-26 02:08:31 +02:00
Menno van Leeuwen
e57e9ee67c chore: update country allow list and add European allow option 2025-10-26 02:02:46 +02:00
Menno van Leeuwen
f67b16f593 update flake locvk 2025-10-26 02:02:28 +02:00
Menno van Leeuwen
5edd7c413e Update bash.nix to improve WSL Windows alias handling 2025-10-26 02:02:21 +02:00
8 changed files with 363 additions and 74 deletions
Expand all files Collapse all files

9
README.md
View File

@@ -41,15 +41,6 @@ Run the `dotf update` command, although the setup script did most of the work so
dotf update dotf update
``` ```
### 5. Decrypt secrets
Either using 1Password or by manualling providing the decryption key you should decrypt the secrets.
Various configurations depend on the secrets to be decrypted such as the SSH keys, yubikey pam configuration and more.
```bash
dotf secrets decrypt
```
### 6. Profit ### 6. Profit
You should now have a fully setup system with all the configurations applied. You should now have a fully setup system with all the configurations applied.

95
ansible/group_vars/servers.yml
View File

@@ -2,30 +2,81 @@
flatpaks: false flatpaks: false
install_ui_apps: false install_ui_apps: false
# European countries for EU-specific access control
eu_countries_codes:
- AL # Albania
- AD # Andorra
- AM # Armenia
- AT # Austria
- AZ # Azerbaijan
# - BY # Belarus (Belarus is disabled due to geopolitical reasons)
- BE # Belgium
- BA # Bosnia and Herzegovina
- BG # Bulgaria
- HR # Croatia
- CY # Cyprus
- CZ # Czech Republic
- DK # Denmark
- EE # Estonia
- FI # Finland
- FR # France
- GE # Georgia
- DE # Germany
- GR # Greece
- HU # Hungary
- IS # Iceland
- IE # Ireland
- IT # Italy
- XK # Kosovo
- LV # Latvia
- LI # Liechtenstein
- LT # Lithuania
- LU # Luxembourg
- MK # North Macedonia
- MT # Malta
- MD # Moldova
- MC # Monaco
- ME # Montenegro
- NL # Netherlands
- NO # Norway
- PL # Poland
- PT # Portugal
- RO # Romania
# - RU # Russia (Russia is disabled due to geopolitical reasons)
- SM # San Marino
- RS # Serbia
- SK # Slovakia
- SI # Slovenia
- ES # Spain
- SE # Sweden
- CH # Switzerland
- TR # Turkey
- UA # Ukraine
- GB # United Kingdom
- VA # Vatican City
# Trusted non-EU countries for extended access control
trusted_countries_codes:
- US # United States
- AU # Australia
- NZ # New Zealand
- JP # Japan
# Countries that are allowed to access the server Caddy reverse proxy # Countries that are allowed to access the server Caddy reverse proxy
allowed_countries_codes: allowed_countries_codes:
- US # United States - US # United States
- CA # Canada - GB # United Kingdom
- GB # United Kingdom - DE # Germany
- DE # Germany - FR # France
- FR # France - IT # Italy
- ES # Spain - NL # Netherlands
- IT # Italy - JP # Japan
- NL # Netherlands - KR # South Korea
- AU # Australia - CH # Switzerland
- NZ # New Zealand - AU # Australia (Added for UpDown.io to monitor server uptime)
- JP # Japan - CA # Canada (Added for UpDown.io to monitor server uptime)
- KR # South Korea - FI # Finland (Added for UpDown.io to monitor server uptime)
- SK # Slovakia - SG # Singapore (Added for UpDown.io to monitor server uptime)
- FI # Finland
- DK # Denmark
- SG # Singapore
- AT # Austria
- CH # Switzerland
# IP ranges for blocked countries (generated automatically)
# This will be populated by the country blocking script
blocked_countries: []
# Enable/disable country blocking globally # Enable/disable country blocking globally
enable_country_blocking: true enable_country_blocking: true

131
ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -5,9 +5,9 @@
} }
} }
# Country blocking snippet using MaxMind GeoLocation - reusable across all sites # Country allow list snippet using MaxMind GeoLocation - reusable across all sites
{% if enable_country_blocking | default(false) and allowed_countries_codes | default([]) | length > 0 %} {% if enable_country_blocking | default(false) and allowed_countries_codes | default([]) | length > 0 %}
(country_block) { (country_allow) {
@allowed_local { @allowed_local {
remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1 remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
} }
@@ -23,56 +23,125 @@
respond @not_allowed_countries "Access denied" 403 respond @not_allowed_countries "Access denied" 403
} }
{% else %} {% else %}
(country_block) { (country_allow) {
# Country blocking disabled # Country allow list disabled
}
{% endif %}
# European country allow list - allows all European countries only
{% if eu_countries_codes | default([]) | length > 0 %}
(eu_country_allow) {
@eu_allowed_local {
remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
}
@eu_not_allowed_countries {
not remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
not {
maxmind_geolocation {
db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb"
allow_countries {{ eu_countries_codes | join(' ') }}
}
}
}
respond @eu_not_allowed_countries "Access denied" 403
}
{% else %}
(eu_country_allow) {
# EU country allow list disabled
}
{% endif %}
# Trusted country allow list - allows US, Australia, New Zealand, and Japan
{% if trusted_countries_codes | default([]) | length > 0 %}
(trusted_country_allow) {
@trusted_allowed_local {
remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
}
@trusted_not_allowed_countries {
not remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
not {
maxmind_geolocation {
db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb"
allow_countries {{ trusted_countries_codes | join(' ') }}
}
}
}
respond @trusted_not_allowed_countries "Access denied" 403
}
{% else %}
(trusted_country_allow) {
# Trusted country allow list disabled
}
{% endif %}
# Sathub country allow list - combines EU and trusted countries
{% if eu_countries_codes | default([]) | length > 0 and trusted_countries_codes | default([]) | length > 0 %}
(sathub_country_allow) {
@sathub_allowed_local {
remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
}
@sathub_not_allowed_countries {
not remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
not {
maxmind_geolocation {
db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb"
allow_countries {{ (eu_countries_codes + trusted_countries_codes) | join(' ') }}
}
}
}
respond @sathub_not_allowed_countries "Access denied" 403
}
{% else %}
(sathub_country_allow) {
# Sathub country allow list disabled
} }
{% endif %} {% endif %}
{% if inventory_hostname == 'mennos-server' %} {% if inventory_hostname == 'mennos-server' %}
git.mvl.sh { git.mvl.sh {
import country_block import country_allow
reverse_proxy gitea:3000 reverse_proxy gitea:3000
tls {{ caddy_email }} tls {{ caddy_email }}
} }
git.vleeuwen.me { git.vleeuwen.me {
import country_block import country_allow
redir https://git.mvl.sh{uri} redir https://git.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
df.mvl.sh { df.mvl.sh {
import country_block import country_allow
redir / https://git.mvl.sh/vleeuwenmenno/dotfiles/raw/branch/master/setup.sh redir / https://git.mvl.sh/vleeuwenmenno/dotfiles/raw/branch/master/setup.sh
tls {{ caddy_email }} tls {{ caddy_email }}
} }
fsm.mvl.sh { fsm.mvl.sh {
import country_block import country_allow
reverse_proxy factorio-server-manager:80 reverse_proxy factorio-server-manager:80
tls {{ caddy_email }} tls {{ caddy_email }}
} }
fsm.vleeuwen.me { fsm.vleeuwen.me {
import country_block import country_allow
redir https://fsm.mvl.sh{uri} redir https://fsm.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
beszel.mvl.sh { beszel.mvl.sh {
import country_block import country_allow
reverse_proxy beszel:8090 reverse_proxy beszel:8090
tls {{ caddy_email }} tls {{ caddy_email }}
} }
beszel.vleeuwen.me { beszel.vleeuwen.me {
import country_block import country_allow
redir https://beszel.mvl.sh{uri} redir https://beszel.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
sathub.de { sathub.de {
import country_block import sathub_country_allow
handle { handle {
reverse_proxy sathub-frontend:4173 reverse_proxy sathub-frontend:4173
@@ -93,31 +162,31 @@ sathub.de {
} }
api.sathub.de { api.sathub.de {
import country_block import sathub_country_allow
reverse_proxy sathub-backend:4001 reverse_proxy sathub-backend:4001
tls {{ caddy_email }} tls {{ caddy_email }}
} }
sathub.nl { sathub.nl {
import country_block import sathub_country_allow
redir https://sathub.de{uri} redir https://sathub.de{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
photos.mvl.sh { photos.mvl.sh {
import country_block import country_allow
reverse_proxy immich:2283 reverse_proxy immich:2283
tls {{ caddy_email }} tls {{ caddy_email }}
} }
photos.vleeuwen.me { photos.vleeuwen.me {
import country_block import country_allow
redir https://photos.mvl.sh{uri} redir https://photos.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
home.mvl.sh { home.mvl.sh {
import country_block import country_allow
reverse_proxy host.docker.internal:8123 { reverse_proxy host.docker.internal:8123 {
header_up Host {upstream_hostport} header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -126,7 +195,7 @@ home.mvl.sh {
} }
home.vleeuwen.me { home.vleeuwen.me {
import country_block import country_allow
reverse_proxy host.docker.internal:8123 { reverse_proxy host.docker.internal:8123 {
header_up Host {upstream_hostport} header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -160,13 +229,13 @@ hotspot.mvl.sh:80 {
} }
bin.mvl.sh { bin.mvl.sh {
import country_block import country_allow
reverse_proxy privatebin:8080 reverse_proxy privatebin:8080
tls {{ caddy_email }} tls {{ caddy_email }}
} }
ip.mvl.sh ip.vleeuwen.me { ip.mvl.sh ip.vleeuwen.me {
import country_block import country_allow
reverse_proxy echoip:8080 { reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
} }
@@ -174,26 +243,26 @@ ip.mvl.sh ip.vleeuwen.me {
} }
http://ip.mvl.sh http://ip.vleeuwen.me { http://ip.mvl.sh http://ip.vleeuwen.me {
import country_block import country_allow
reverse_proxy echoip:8080 { reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
} }
} }
overseerr.mvl.sh { overseerr.mvl.sh {
import country_block import country_allow
reverse_proxy overseerr:5055 reverse_proxy overseerr:5055
tls {{ caddy_email }} tls {{ caddy_email }}
} }
overseerr.vleeuwen.me { overseerr.vleeuwen.me {
import country_block import country_allow
redir https://overseerr.mvl.sh{uri} redir https://overseerr.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
plex.mvl.sh { plex.mvl.sh {
import country_block import country_allow
reverse_proxy host.docker.internal:32400 { reverse_proxy host.docker.internal:32400 {
header_up Host {upstream_hostport} header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -202,13 +271,13 @@ plex.mvl.sh {
} }
plex.vleeuwen.me { plex.vleeuwen.me {
import country_block import country_allow
redir https://plex.mvl.sh{uri} redir https://plex.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
tautulli.mvl.sh { tautulli.mvl.sh {
import country_block import country_allow
reverse_proxy host.docker.internal:8181 { reverse_proxy host.docker.internal:8181 {
header_up Host {upstream_hostport} header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -217,13 +286,13 @@ tautulli.mvl.sh {
} }
tautulli.vleeuwen.me { tautulli.vleeuwen.me {
import country_block import country_allow
redir https://tautulli.mvl.sh{uri} redir https://tautulli.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
cloud.mvl.sh { cloud.mvl.sh {
import country_block import country_allow
reverse_proxy cloudreve:5212 { reverse_proxy cloudreve:5212 {
header_up Host {host} header_up Host {host}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -232,13 +301,13 @@ cloud.mvl.sh {
} }
cloud.vleeuwen.me { cloud.vleeuwen.me {
import country_block import country_allow
redir https://cloud.mvl.sh{uri} redir https://cloud.mvl.sh{uri}
tls {{ caddy_email }} tls {{ caddy_email }}
} }
collabora.mvl.sh { collabora.mvl.sh {
import country_block import country_allow
reverse_proxy collabora:9980 { reverse_proxy collabora:9980 {
header_up Host {host} header_up Host {host}
header_up X-Real-IP {http.request.remote.host} header_up X-Real-IP {http.request.remote.host}
@@ -247,7 +316,7 @@ collabora.mvl.sh {
} }
drive.mvl.sh drive.vleeuwen.me { drive.mvl.sh drive.vleeuwen.me {
import country_block import country_allow
# CalDAV and CardDAV redirects # CalDAV and CardDAV redirects
redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/carddav /remote.php/dav/ 301

4
ansible/tasks/workstations/flatpaks.yml
View File

@@ -41,12 +41,13 @@
# Multimedia # Multimedia
- com.plexamp.Plexamp - com.plexamp.Plexamp
- tv.plex.PlexDesktop - tv.plex.PlexDesktop
- com.spotify.Client
# Messaging # Messaging
- com.rtosta.zapzap - com.rtosta.zapzap
- org.telegram.desktop - org.telegram.desktop
- org.signal.Signal - org.signal.Signal
- com.spotify.Client - com.discordapp.Discord
# 3D Printing # 3D Printing
- com.bambulab.BambuStudio - com.bambulab.BambuStudio
@@ -74,6 +75,7 @@
- io.github.bytezz.IPLookup - io.github.bytezz.IPLookup
- org.gaphor.Gaphor - org.gaphor.Gaphor
- io.dbeaver.DBeaverCommunity - io.dbeaver.DBeaverCommunity
- com.jetpackduba.Gitnuro
- name: Define system desired Flatpak remotes - name: Define system desired Flatpak remotes
ansible.builtin.set_fact: ansible.builtin.set_fact:

175
ansible/tasks/workstations/vicinae.yml Normal file
View File

@@ -0,0 +1,175 @@
---
- name: Install Vicinae
block:
- name: Set Vicinae version
ansible.builtin.set_fact:
vicinae_version: "v0.15.6"
vicinae_appimage_commit: "13865b4c5"
- name: Set architecture-specific variables
ansible.builtin.set_fact:
vicinae_arch: "{{ 'x86_64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
- name: Ensure /opt/vicinae directory exists
ansible.builtin.file:
path: "/opt/vicinae"
state: directory
mode: "0755"
become: true
- name: Download Vicinae AppImage
ansible.builtin.get_url:
url: "https://github.com/vicinaehq/vicinae/releases/download/{{ vicinae_version }}/Vicinae-{{ vicinae_appimage_commit }}-{{ vicinae_arch }}.AppImage"
dest: "/opt/vicinae/vicinae.AppImage"
mode: "0755"
become: true
- name: Remove old Vicinae binary if exists
ansible.builtin.file:
path: "/usr/local/bin/vicinae"
state: absent
become: true
- name: Create symlink to Vicinae AppImage
ansible.builtin.file:
src: "/opt/vicinae/vicinae.AppImage"
dest: "/usr/local/bin/vicinae"
state: link
become: true
- name: Create temporary directory for Vicinae assets download
ansible.builtin.tempfile:
state: directory
suffix: vicinae
register: vicinae_temp_dir
- name: Download Vicinae tarball for assets
ansible.builtin.get_url:
url: "https://github.com/vicinaehq/vicinae/releases/download/{{ vicinae_version }}/vicinae-linux-{{ vicinae_arch }}-{{ vicinae_version }}.tar.gz"
dest: "{{ vicinae_temp_dir.path }}/vicinae.tar.gz"
mode: "0644"
- name: Extract Vicinae tarball
ansible.builtin.unarchive:
src: "{{ vicinae_temp_dir.path }}/vicinae.tar.gz"
dest: "{{ vicinae_temp_dir.path }}"
remote_src: true
- name: Ensure systemd user directory exists
ansible.builtin.file:
path: "/usr/lib/systemd/user"
state: directory
mode: "0755"
become: true
- name: Copy systemd user service
ansible.builtin.copy:
src: "{{ vicinae_temp_dir.path }}/lib/systemd/user/vicinae.service"
dest: "/usr/lib/systemd/user/vicinae.service"
mode: "0644"
remote_src: true
become: true
- name: Update systemd service to use AppImage
ansible.builtin.replace:
path: "/usr/lib/systemd/user/vicinae.service"
regexp: "ExecStart=.*"
replace: "ExecStart=/usr/local/bin/vicinae"
become: true
- name: Ensure applications directory exists
ansible.builtin.file:
path: "/usr/share/applications"
state: directory
mode: "0755"
become: true
- name: Copy desktop files
ansible.builtin.copy:
src: "{{ vicinae_temp_dir.path }}/share/applications/{{ item }}"
dest: "/usr/share/applications/{{ item }}"
mode: "0644"
remote_src: true
become: true
loop:
- vicinae.desktop
- vicinae-url-handler.desktop
- name: Update desktop files to use AppImage
ansible.builtin.replace:
path: "/usr/share/applications/{{ item }}"
regexp: "Exec=.*vicinae"
replace: "Exec=/usr/local/bin/vicinae"
become: true
loop:
- vicinae.desktop
- vicinae-url-handler.desktop
- name: Ensure Vicinae share directory exists
ansible.builtin.file:
path: "/usr/share/vicinae"
state: directory
mode: "0755"
become: true
- name: Copy Vicinae themes directory
ansible.builtin.copy:
src: "{{ vicinae_temp_dir.path }}/share/vicinae/themes/"
dest: "/usr/share/vicinae/themes/"
mode: "0644"
remote_src: true
become: true
- name: Ensure hicolor icons directory exists
ansible.builtin.file:
path: "/usr/share/icons/hicolor/512x512/apps"
state: directory
mode: "0755"
become: true
- name: Copy Vicinae icon
ansible.builtin.copy:
src: "{{ vicinae_temp_dir.path }}/share/icons/hicolor/512x512/apps/vicinae.png"
dest: "/usr/share/icons/hicolor/512x512/apps/vicinae.png"
mode: "0644"
remote_src: true
become: true
- name: Update desktop database
ansible.builtin.command:
cmd: update-desktop-database /usr/share/applications
become: true
changed_when: false
- name: Update icon cache
ansible.builtin.command:
cmd: gtk-update-icon-cache /usr/share/icons/hicolor
become: true
changed_when: false
failed_when: false
- name: Clean up temporary directory
ansible.builtin.file:
path: "{{ vicinae_temp_dir.path }}"
state: absent
- name: Verify Vicinae installation
ansible.builtin.command:
cmd: /usr/local/bin/vicinae --version
register: vicinae_version_check
changed_when: false
failed_when: false
- name: Display installation result
ansible.builtin.debug:
msg: |
{% if vicinae_version_check.rc == 0 %}
✓ Vicinae AppImage installed successfully with all themes and assets!
Version: {{ vicinae_version_check.stdout }}
{% else %}
✗ Vicinae installation completed but version check failed.
This may be normal if --version flag is not supported.
Try running: vicinae
{% endif %}
tags:
- vicinae

4
ansible/tasks/workstations/workstation.yml
View File

@@ -42,6 +42,10 @@
ansible.builtin.import_tasks: tasks/workstations/autostart.yml ansible.builtin.import_tasks: tasks/workstations/autostart.yml
when: "'microsoft-standard-WSL2' not in ansible_kernel" when: "'microsoft-standard-WSL2' not in ansible_kernel"
- name: Include Vicinae tasks
ansible.builtin.import_tasks: tasks/workstations/vicinae.yml
when: "'microsoft-standard-WSL2' not in ansible_kernel"
- name: Ensure workstation common packages are installed - name: Ensure workstation common packages are installed
ansible.builtin.package: ansible.builtin.package:
name: name:

7
config/bash.nix
View File

@@ -82,6 +82,8 @@
if [[ "$(uname -a)" == *"microsoft-standard-WSL2"* ]]; then if [[ "$(uname -a)" == *"microsoft-standard-WSL2"* ]]; then
[ -f "${config.home.homeDirectory}/.agent-bridge.sh" ] && source "${config.home.homeDirectory}/.agent-bridge.sh" [ -f "${config.home.homeDirectory}/.agent-bridge.sh" ] && source "${config.home.homeDirectory}/.agent-bridge.sh"
alias winget='winget.exe' alias winget='winget.exe'
alias ssh-add="ssh-add.exe"
alias git="git.exe"
fi fi
# Set SSH_AUTH_SOCK to 1Password agent if not already set # Set SSH_AUTH_SOCK to 1Password agent if not already set
@@ -137,11 +139,6 @@
bind -x '"\C-r": fzf_history_search' bind -x '"\C-r": fzf_history_search'
fi fi
# In case this is WSL, let's add various Windows executables as aliases
if [ -f "/mnt/c/Windows/System32/cmd.exe" ]; then
alias ssh-add="ssh-add.exe"
fi
# Display welcome message for interactive shells # Display welcome message for interactive shells
if [ -t 1 ]; then if [ -t 1 ]; then
command -v helloworld &> /dev/null && helloworld command -v helloworld &> /dev/null && helloworld

12
flake.lock generated
View File

@@ -41,11 +41,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1760862643, "lastModified": 1761597516,
"narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -77,11 +77,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1760894497, "lastModified": 1761503988,
"narHash": "sha256-u2unItzVvUe3Y2opdJrISGtHSmQLVnDOIfhWvSBrw74=", "narHash": "sha256-MlMZXCTtPeXq/cDtJcL2XM8wCN33XOT9V2dB3PLV6f0=",
"owner": "brizzbuzz", "owner": "brizzbuzz",
"repo": "opnix", "repo": "opnix",
"rev": "92974503378ca6ec6206b74cd3a78377a5796cbb", "rev": "48fdb078b5a1cd0b20b501fccf6be2d1279d6fe6",
"type": "github" "type": "github"
}, },
"original": { "original": {