dotfiles/.ansible/roles/linux_desktop/tasks/config.yaml

131 lines
3.3 KiB
YAML

- name: 'DNS: Enable DNSSEC'
tags:
- config
- dns
block:
- name: 'DNS: Enable DNSSEC configuration'
lineinfile:
path: '/etc/systemd/resolved.conf'
state: present
regexp: 'DNSSEC='
line: '#DNSSEC=allow-downgrade'
become: true
- name: 'DNS: Restart resolver'
systemd:
name: systemd-resolved
state: restarted
become: true
- name: 'IPv6: Privacy'
tags:
- config
- ipv6
block:
- name: 'IPv6: Privacy: Temporary addressing defaults'
lineinfile:
path: '/etc/ufw/sysctl.conf'
state: present
regexp: "net/ipv6/conf/{{ item }}/use_tempaddr"
line: "net/ipv6/conf/{{ item }}/use_tempaddr=2"
loop: ['default', 'all']
become: true
- name: 'IPv6: Privacy: Detect interfaces'
shell: 'nmcli -t connection show | cut -f2 -d:'
register: nmcli_connections
- name: 'IPv6: Privacy: Network Manager enforcement'
command: "nmcli connection modify uuid {{ item }} ipv6.ip6-privacy 2"
loop: "{{ nmcli_connections.stdout_lines }}"
- name: 'Wireguard'
tags:
- config
- wireguard
block:
- set_fact:
wgconfig_path: /etc/wireguard/wg0.conf
- name: 'Wireguard: Check for existing configuration'
stat:
path: "{{ wgconfig_path }}"
register: wgconfig
- name: 'Wireguard: Create configuration template'
copy:
dest: "{{ wgconfig_path }}"
src: files/wireguard.conf
mode: '0400'
when: not wgconfig.stat.exists
become: true
- name: 'Wireguard: Fix configuration permissions'
file:
state: file
path: "{{ wgconfig_path }}"
mode: '0400'
owner: 'root'
group: 'root'
become: true
- name: 'Wireguard: Service enabled'
service:
name: 'wg-quick@wg0'
enabled: false
- name: 'Config: Checkout some repositories for local config'
tags:
- config
- repos
git:
repo: "{{ item.repo }}"
dest: "{{ item.dest }}"
loop: "{{ config_repos }}"
- name: 'Conky: Configuration'
tags:
- config
- conky
template:
src: 'templates/conkyrc.j2'
dest: '~/.conkyrc'
mode: '0400'
- name: 'Gnome: Custom key bindings: Add'
tags:
- config
- keybindings
block:
- name: 'Gnome: Custom key bindings: Set facts'
set_fact:
customkbpath: '/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings'
kblist: []
- name: 'Gnome: Custom key bindings: Build list'
set_fact:
kblist: "{{ kblist + [ ( customkbpath + '/custom' + index | string + '/' ) | to_json ] }}"
loop: "{{ gnome_custom_keybindings }}"
loop_control:
index_var: index
label: "{{ item.name }}"
- name: 'Gnome: Custom key bindings: Configure list'
command: "dconf write {{ customkbpath }} [{{ kblist | join(',') | quote }}]"
- include: includes/keybindings.yaml
loop: "{{ gnome_custom_keybindings }}"
loop_control:
index_var: index
- name: 'Shell: Clipboard aliases'
tags:
- config
- shell
copy:
content: |
[[ -x /usr/bin/copyq ]] && function pbpaste() { /usr/bin/copyq clipboard; } && export -f pbpaste
[[ -x /usr/bin/copyq ]] && function pbcopy() { /usr/bin/copyq add -; } && export -f pbcopy
dest: '~/.bashrc.d/alias.clipboard'
mode: '0400'