2019-05-09 18:18:27 +01:00
|
|
|
- name: 'DNS: Enable DNSSEC'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- dns
|
|
|
|
block:
|
|
|
|
- name: 'DNS: Enable DNSSEC configuration'
|
|
|
|
lineinfile:
|
|
|
|
path: '/etc/systemd/resolved.conf'
|
|
|
|
state: present
|
|
|
|
regexp: 'DNSSEC='
|
2019-05-25 12:42:20 +01:00
|
|
|
line: '#DNSSEC=allow-downgrade'
|
2019-05-09 18:18:27 +01:00
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: 'DNS: Restart resolver'
|
|
|
|
systemd:
|
|
|
|
name: systemd-resolved
|
|
|
|
state: restarted
|
|
|
|
become: true
|
|
|
|
|
2019-04-20 10:18:15 +01:00
|
|
|
- name: 'IPv6: Privacy'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- ipv6
|
|
|
|
block:
|
2019-04-20 10:23:21 +01:00
|
|
|
- name: 'IPv6: Privacy: Temporary addressing defaults'
|
2019-04-20 10:18:15 +01:00
|
|
|
lineinfile:
|
2019-05-09 18:18:27 +01:00
|
|
|
path: '/etc/ufw/sysctl.conf'
|
2019-04-20 10:18:15 +01:00
|
|
|
state: present
|
|
|
|
regexp: "net/ipv6/conf/{{ item }}/use_tempaddr"
|
|
|
|
line: "net/ipv6/conf/{{ item }}/use_tempaddr=2"
|
|
|
|
loop: ['default', 'all']
|
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: 'IPv6: Privacy: Detect interfaces'
|
2019-04-20 10:23:21 +01:00
|
|
|
shell: 'nmcli -t connection show | cut -f2 -d:'
|
2019-04-20 10:18:15 +01:00
|
|
|
register: nmcli_connections
|
|
|
|
|
|
|
|
- name: 'IPv6: Privacy: Network Manager enforcement'
|
|
|
|
command: "nmcli connection modify uuid {{ item }} ipv6.ip6-privacy 2"
|
|
|
|
loop: "{{ nmcli_connections.stdout_lines }}"
|
|
|
|
|
2019-02-25 19:49:14 +00:00
|
|
|
- name: 'Wireguard'
|
2019-02-25 19:32:49 +00:00
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- wireguard
|
|
|
|
block:
|
2019-02-25 19:49:14 +00:00
|
|
|
- set_fact:
|
|
|
|
wgconfig_path: /etc/wireguard/wg0.conf
|
|
|
|
|
|
|
|
- name: 'Wireguard: Check for existing configuration'
|
|
|
|
stat:
|
|
|
|
path: "{{ wgconfig_path }}"
|
2019-02-25 19:32:49 +00:00
|
|
|
register: wgconfig
|
2019-02-25 19:49:14 +00:00
|
|
|
|
|
|
|
- name: 'Wireguard: Create configuration template'
|
|
|
|
copy:
|
|
|
|
dest: "{{ wgconfig_path }}"
|
2019-02-25 19:32:49 +00:00
|
|
|
src: files/wireguard.conf
|
|
|
|
mode: '0400'
|
2019-04-24 20:35:20 +01:00
|
|
|
when: not wgconfig.stat.exists
|
2019-02-25 19:32:49 +00:00
|
|
|
become: true
|
2019-02-25 19:49:14 +00:00
|
|
|
|
|
|
|
- name: 'Wireguard: Fix configuration permissions'
|
|
|
|
file:
|
|
|
|
state: file
|
|
|
|
path: "{{ wgconfig_path }}"
|
|
|
|
mode: '0400'
|
|
|
|
owner: 'root'
|
|
|
|
group: 'root'
|
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: 'Wireguard: Service enabled'
|
|
|
|
service:
|
|
|
|
name: 'wg-quick@wg0'
|
2019-04-20 10:18:15 +01:00
|
|
|
enabled: false
|
2019-03-02 12:34:23 +00:00
|
|
|
|
2019-05-09 18:08:53 +01:00
|
|
|
- name: 'Config: Checkout some repositories for local config'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- repos
|
|
|
|
git:
|
|
|
|
repo: "{{ item.repo }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
loop: "{{ config_repos }}"
|
|
|
|
|
|
|
|
- name: 'Conky: Configuration'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- conky
|
|
|
|
template:
|
|
|
|
src: 'templates/conkyrc.j2'
|
|
|
|
dest: '~/.conkyrc'
|
|
|
|
mode: '0400'
|
|
|
|
|
2019-03-02 16:47:59 +00:00
|
|
|
- name: 'Gnome: Custom key bindings: Add'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- keybindings
|
|
|
|
block:
|
|
|
|
- name: 'Gnome: Custom key bindings: Set facts'
|
|
|
|
set_fact:
|
|
|
|
customkbpath: '/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings'
|
|
|
|
kblist: []
|
|
|
|
|
|
|
|
- name: 'Gnome: Custom key bindings: Build list'
|
|
|
|
set_fact:
|
|
|
|
kblist: "{{ kblist + [ ( customkbpath + '/custom' + index | string + '/' ) | to_json ] }}"
|
|
|
|
loop: "{{ gnome_custom_keybindings }}"
|
|
|
|
loop_control:
|
|
|
|
index_var: index
|
|
|
|
label: "{{ item.name }}"
|
|
|
|
|
|
|
|
- name: 'Gnome: Custom key bindings: Configure list'
|
|
|
|
command: "dconf write {{ customkbpath }} [{{ kblist | join(',') | quote }}]"
|
|
|
|
|
|
|
|
- include: includes/keybindings.yaml
|
|
|
|
loop: "{{ gnome_custom_keybindings }}"
|
|
|
|
loop_control:
|
|
|
|
index_var: index
|
2019-04-30 09:57:06 +01:00
|
|
|
|
|
|
|
- name: 'Shell: Clipboard aliases'
|
|
|
|
tags:
|
|
|
|
- config
|
|
|
|
- shell
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
[[ -x /usr/bin/copyq ]] && function pbpaste() { /usr/bin/copyq clipboard; } && export -f pbpaste
|
|
|
|
[[ -x /usr/bin/copyq ]] && function pbcopy() { /usr/bin/copyq add -; } && export -f pbcopy
|
|
|
|
dest: '~/.bashrc.d/alias.clipboard'
|
|
|
|
mode: '0400'
|