sysconfig/roles/essential/tasks/main.yml

---
- name: essential | Update repository urls
  template:
    src: repositories.j2
    dest: /etc/apk/repositories
    owner: root
    group: root
    mode: 0644

- name: essential | Install common dependencies
  apk:
    name: >
      doas, nftables, zstd, fish, dbus, terminus-font, apparmor-profiles,
      apparmor, openresolv, libvirt-daemon, qemu-img, qemu-system-x86_64,
      qemu-modules, shadow-login, unbound, dns-root-hints
    available: yes
    update_cache: yes
    state: present

- block:
    - name: essential | Install elogind and polkit-elogind
      apk:
        name: elogind, polkit-elogind
        state: present

    # elogind also handles acpi events
    - name: essential | Do not run acpid service
      service:
        name: acpid
        enabled: no

    # Some acpi functions might not work if elogind is started on
    # runlevel 'default'
    - name: essential | Start elogind service on runlevel 'default'
      service:
        name: elogind
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager == 'elogind'

- block:
    - name: essential | Install pam-rundir
      apk:
        name: pam-rundir
        state: present

    # Use Tabs to match the style of the original file
    - name: essential | Add pam_rundir module to the PAM stack
      lineinfile:
        path: /etc/pam.d/base-session
        state: present
        line: '-session	optional	pam_rundir.so'
        search_string: 'pam_rundir.so'
        owner: root
        group: root
        mode: 0644

    - name: essential | Install polkit
      apk:
        name: polkit
        state: present
      when: use_polkit

    - name: essential | Enable acpid service on runlevel 'default'
      service:
        name: acpid
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager != 'elogind'

- block:
    - name: essential | Install seatd
      apk:
        name: seatd
        state: present

    - name: essential | Start seatd service on runlevel 'default'
      service:
        name: seatd
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager == 'seatd'

- name: essential | Start other services on runlevel 'default'
  service:
    name: '{{ item }}'
    runlevel: default
    enabled: yes
    state: started
  loop: [ dbus, ntpd, cgroups ]

- name: essential | Setup eudev
  command:
    cmd: setup-udev
    creates: /etc/runlevels/sysinit/udev

- name: essential | Change the default motd
  template:
    src: motd.j2
    dest: /etc/motd
    owner: root
    group: root
    mode: 0644

- name: essential | Use zstd for initramfs
  lineinfile:
    path: /etc/mkinitfs/mkinitfs.conf
    state: present
    search_string: initfscomp=
    line: initfscomp="zstd"
    owner: root
    group: root
    mode: 0644
  notify: Regenerate initramfs

- name: essential | Enable logging and unicode support for openrc
  lineinfile:
    path: /etc/rc.conf
    state: present
    search_string: '{{ item }}='
    line: '{{ item }}="YES"'
    owner: root
    group: root
    mode: 0644
  loop:
    - rc_logger
    - unicode

- name: essential | Blacklist bluetooth related kernel modules
  copy:
    src: bluetooth-blacklist.conf
    dest: /etc/modprobe.d/bluetooth-blacklist.conf
    owner: root
    group: root
    mode: 0644

- name: sysctl | Create a custom sysctl file
  copy:
    src: custom.conf
    dest: /etc/sysctl.d/custom.conf
    owner: root
    group: root
    mode: 0644
  notify: Load custom sysctl settings
Getting started 2022-01-14 19:46:59 +01:00			`---`
essential: add task to change repository 2022-01-20 17:43:37 +01:00			`- name: essential \| Update repository urls`
			`template:`
			`src: repositories.j2`
			`dest: /etc/apk/repositories`
			`owner: root`
			`group: root`
			`mode: 0644`

Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`- name: essential \| Install common dependencies`
Getting started 2022-01-14 19:46:59 +01:00			`apk:`
			`name: >`
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`doas, nftables, zstd, fish, dbus, terminus-font, apparmor-profiles,`
			`apparmor, openresolv, libvirt-daemon, qemu-img, qemu-system-x86_64,`
unbound: update config and tasks for v1.15.0 - use the shipped default config as the template to adjust some values - add dns-root-hints package - update tasks to also include the root hints 2022-02-13 20:46:12 +01:00			`qemu-modules, shadow-login, unbound, dns-root-hints`
Getting started 2022-01-14 19:46:59 +01:00			`available: yes`
			`update_cache: yes`
			`state: present`

Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`- block:`
			`- name: essential \| Install elogind and polkit-elogind`
			`apk:`
			`name: elogind, polkit-elogind`
			`state: present`

			`# elogind also handles acpi events`
			`- name: essential \| Do not run acpid service`
			`service:`
			`name: acpid`
			`enabled: no`

			`# Some acpi functions might not work if elogind is started on`
			`# runlevel 'default'`
			`- name: essential \| Start elogind service on runlevel 'default'`
			`service:`
			`name: elogind`
			`runlevel: default`
			`enabled: yes`
			`state: started`
			`when: seat_manager == 'elogind'`

			`- block:`
			`- name: essential \| Install pam-rundir`
			`apk:`
			`name: pam-rundir`
			`state: present`

			`# Use Tabs to match the style of the original file`
			`- name: essential \| Add pam_rundir module to the PAM stack`
			`lineinfile:`
			`path: /etc/pam.d/base-session`
			`state: present`
			`line: '-session optional pam_rundir.so'`
			`search_string: 'pam_rundir.so'`
			`owner: root`
			`group: root`
			`mode: 0644`

			`- name: essential \| Install polkit`
			`apk:`
			`name: polkit`
			`state: present`
			`when: use_polkit`

			`- name: essential \| Enable acpid service on runlevel 'default'`
			`service:`
			`name: acpid`
			`runlevel: default`
			`enabled: yes`
			`state: started`
			`when: seat_manager != 'elogind'`

			`- block:`
			`- name: essential \| Install seatd`
			`apk:`
			`name: seatd`
			`state: present`

			`- name: essential \| Start seatd service on runlevel 'default'`
			`service:`
			`name: seatd`
			`runlevel: default`
			`enabled: yes`
			`state: started`
			`when: seat_manager == 'seatd'`
Getting started 2022-01-14 19:46:59 +01:00
			`- name: essential \| Start other services on runlevel 'default'`
			`service:`
			`name: '{{ item }}'`
			`runlevel: default`
			`enabled: yes`
			`state: started`
			`loop: [ dbus, ntpd, cgroups ]`

			`- name: essential \| Setup eudev`
			`command:`
			`cmd: setup-udev`
			`creates: /etc/runlevels/sysinit/udev`

			`- name: essential \| Change the default motd`
			`template:`
			`src: motd.j2`
			`dest: /etc/motd`
			`owner: root`
			`group: root`
			`mode: 0644`

			`- name: essential \| Use zstd for initramfs`
			`lineinfile:`
			`path: /etc/mkinitfs/mkinitfs.conf`
			`state: present`
			`search_string: initfscomp=`
			`line: initfscomp="zstd"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`notify: Regenerate initramfs`

Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`- name: essential \| Enable logging and unicode support for openrc`
Getting started 2022-01-14 19:46:59 +01:00			`lineinfile:`
			`path: /etc/rc.conf`
			`state: present`
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`search_string: '{{ item }}='`
			`line: '{{ item }}="YES"'`
Getting started 2022-01-14 19:46:59 +01:00			`owner: root`
			`group: root`
			`mode: 0644`
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`loop:`
			`- rc_logger`
			`- unicode`
Getting started 2022-01-14 19:46:59 +01:00
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`- name: essential \| Blacklist bluetooth related kernel modules`
			`copy:`
			`src: bluetooth-blacklist.conf`
			`dest: /etc/modprobe.d/bluetooth-blacklist.conf`
Getting started 2022-01-14 19:46:59 +01:00			`owner: root`
			`group: root`
			`mode: 0644`

Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`- name: sysctl \| Create a custom sysctl file`
Getting started 2022-01-14 19:46:59 +01:00			`copy:`
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`src: custom.conf`
			`dest: /etc/sysctl.d/custom.conf`
Getting started 2022-01-14 19:46:59 +01:00			`owner: root`
			`group: root`
			`mode: 0644`
Big chunk of changes - essential: - make polkit optional - move /etc/hosts file to unbound role - libvirt: - make libvirt daemons configurable - delete the firewall patch. Hardcode the rules by default (for now) so that the playbook is compatible with `ansible-core` - user: add pam_limits file (moved from dotfiles repository) - sysctl: role deleted. The task was moved to essential role - fstab: new role for /run, /tmp, /proc mounts - add seatd as a 'seat_manager' option - cron: use find command to restraint deleted files in /var/tmp 2022-02-11 18:39:35 +01:00			`notify: Load custom sysctl settings`