2022-01-14 19:46:59 +01:00
|
|
|
---
|
2022-01-20 17:43:37 +01:00
|
|
|
- name: essential | Update repository urls
|
|
|
|
template:
|
|
|
|
src: repositories.j2
|
|
|
|
dest: /etc/apk/repositories
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: essential | Install common dependencies
|
2022-01-14 19:46:59 +01:00
|
|
|
apk:
|
|
|
|
name: >
|
2022-02-11 18:39:35 +01:00
|
|
|
doas, nftables, zstd, fish, dbus, terminus-font, apparmor-profiles,
|
|
|
|
apparmor, openresolv, libvirt-daemon, qemu-img, qemu-system-x86_64,
|
2022-02-13 20:46:12 +01:00
|
|
|
qemu-modules, shadow-login, unbound, dns-root-hints
|
2022-01-14 19:46:59 +01:00
|
|
|
available: yes
|
|
|
|
update_cache: yes
|
|
|
|
state: present
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- block:
|
|
|
|
- name: essential | Install elogind and polkit-elogind
|
|
|
|
apk:
|
|
|
|
name: elogind, polkit-elogind
|
|
|
|
state: present
|
|
|
|
|
|
|
|
# elogind also handles acpi events
|
|
|
|
- name: essential | Do not run acpid service
|
|
|
|
service:
|
|
|
|
name: acpid
|
|
|
|
enabled: no
|
|
|
|
|
|
|
|
# Some acpi functions might not work if elogind is started on
|
|
|
|
# runlevel 'default'
|
|
|
|
- name: essential | Start elogind service on runlevel 'default'
|
|
|
|
service:
|
|
|
|
name: elogind
|
|
|
|
runlevel: default
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
when: seat_manager == 'elogind'
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: essential | Install pam-rundir
|
|
|
|
apk:
|
|
|
|
name: pam-rundir
|
|
|
|
state: present
|
|
|
|
|
|
|
|
# Use Tabs to match the style of the original file
|
|
|
|
- name: essential | Add pam_rundir module to the PAM stack
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/pam.d/base-session
|
|
|
|
state: present
|
|
|
|
line: '-session optional pam_rundir.so'
|
|
|
|
search_string: 'pam_rundir.so'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- name: essential | Install polkit
|
|
|
|
apk:
|
|
|
|
name: polkit
|
|
|
|
state: present
|
|
|
|
when: use_polkit
|
|
|
|
|
|
|
|
- name: essential | Enable acpid service on runlevel 'default'
|
|
|
|
service:
|
|
|
|
name: acpid
|
|
|
|
runlevel: default
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
when: seat_manager != 'elogind'
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: essential | Install seatd
|
|
|
|
apk:
|
|
|
|
name: seatd
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: essential | Start seatd service on runlevel 'default'
|
|
|
|
service:
|
|
|
|
name: seatd
|
|
|
|
runlevel: default
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
when: seat_manager == 'seatd'
|
2022-01-14 19:46:59 +01:00
|
|
|
|
|
|
|
- name: essential | Start other services on runlevel 'default'
|
|
|
|
service:
|
|
|
|
name: '{{ item }}'
|
|
|
|
runlevel: default
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
loop: [ dbus, ntpd, cgroups ]
|
|
|
|
|
|
|
|
- name: essential | Setup eudev
|
|
|
|
command:
|
|
|
|
cmd: setup-udev
|
|
|
|
creates: /etc/runlevels/sysinit/udev
|
|
|
|
|
|
|
|
- name: essential | Change the default motd
|
|
|
|
template:
|
|
|
|
src: motd.j2
|
|
|
|
dest: /etc/motd
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- name: essential | Use zstd for initramfs
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/mkinitfs/mkinitfs.conf
|
|
|
|
state: present
|
|
|
|
search_string: initfscomp=
|
|
|
|
line: initfscomp="zstd"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
notify: Regenerate initramfs
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: essential | Enable logging and unicode support for openrc
|
2022-01-14 19:46:59 +01:00
|
|
|
lineinfile:
|
|
|
|
path: /etc/rc.conf
|
|
|
|
state: present
|
2022-02-11 18:39:35 +01:00
|
|
|
search_string: '{{ item }}='
|
|
|
|
line: '{{ item }}="YES"'
|
2022-01-14 19:46:59 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
2022-02-11 18:39:35 +01:00
|
|
|
loop:
|
|
|
|
- rc_logger
|
|
|
|
- unicode
|
2022-01-14 19:46:59 +01:00
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: essential | Blacklist bluetooth related kernel modules
|
|
|
|
copy:
|
|
|
|
src: bluetooth-blacklist.conf
|
|
|
|
dest: /etc/modprobe.d/bluetooth-blacklist.conf
|
2022-01-14 19:46:59 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
- name: sysctl | Create a custom sysctl file
|
2022-01-14 19:46:59 +01:00
|
|
|
copy:
|
2022-02-11 18:39:35 +01:00
|
|
|
src: custom.conf
|
|
|
|
dest: /etc/sysctl.d/custom.conf
|
2022-01-14 19:46:59 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
2022-02-11 18:39:35 +01:00
|
|
|
notify: Load custom sysctl settings
|