sysconfig/roles/essential/tasks/main.yml

---
- name: essential | Update repository urls
  template:
    src: repositories.j2
    dest: /etc/apk/repositories
    owner: root
    group: root
    mode: 0644

- name: essential | Install common dependencies
  apk:
    name: >-
      doas, nftables, zstd, fish, dbus, terminus-font, apparmor-profiles,
      apparmor, openresolv, libvirt-daemon, qemu-img, qemu-system-x86_64,
      qemu-modules, shadow-login, unbound, dns-root-hints      
    available: yes
    update_cache: yes
    state: present

- name: essential | Start some services on runlevel 'default'
  service:
    name: '{{ item }}'
    runlevel: default
    enabled: yes
    state: started
  loop: [ dbus, ntpd, cgroups ]

- block:
    - name: essential | Install elogind and polkit-elogind
      apk:
        name: elogind, polkit-elogind
        state: present

    # elogind also handles acpi events
    - name: essential | Do not run acpid service
      service:
        name: acpid
        enabled: no

    # Some acpi functions might not work if elogind is started on
    # runlevel 'default'
    - name: essential | Start elogind service on runlevel 'default'
      service:
        name: elogind
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager == 'elogind'

- block:
    - name: essential | Install pam-rundir
      apk:
        name: pam-rundir
        state: present

    # Use Tabs to match the style of the original file
    - name: essential | Add pam_rundir module to the PAM stack
      lineinfile:
        path: /etc/pam.d/base-session
        state: present
        line: '-session	optional	pam_rundir.so'
        search_string: 'pam_rundir.so'
        owner: root
        group: root
        mode: 0644

    - name: essential | Install polkit
      apk:
        name: polkit
        state: present
      when: use_polkit

    - name: essential | Enable acpid service on runlevel 'default'
      service:
        name: acpid
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager != 'elogind'

- block:
    - name: essential | Install seatd
      apk:
        name: seatd
        state: present

    - name: essential | Start seatd service on runlevel 'default'
      service:
        name: seatd
        runlevel: default
        enabled: yes
        state: started
  when: seat_manager == 'seatd'

- name: essential | Setup eudev
  command:
    cmd: /sbin/setup-udev
    creates: /etc/runlevels/sysinit/udev

- name: essential | Change the default motd
  template:
    src: motd.j2
    dest: /etc/motd
    owner: root
    group: root
    mode: 0644

- name: essential | Use zstd for initramfs
  lineinfile:
    path: /etc/mkinitfs/mkinitfs.conf
    state: present
    search_string: initfscomp=
    line: initfscomp="zstd"
    owner: root
    group: root
    mode: 0644
  notify: Regenerate initramfs

- name: essential | Enable logging and unicode support for openrc
  lineinfile:
    path: /etc/rc.conf
    state: present
    search_string: '{{ item }}='
    line: '{{ item }}="YES"'
    owner: root
    group: root
    mode: 0644
  loop:
    - rc_logger
    - unicode

- name: essential | Blacklist bluetooth related kernel modules
  copy:
    src: bluetooth-blacklist.conf
    dest: /etc/modprobe.d/bluetooth-blacklist.conf
    owner: root
    group: root
    mode: 0644

- name: essential | Create a custom sysctl file
  copy:
    src: custom.conf
    dest: /etc/sysctl.d/custom.conf
    owner: root
    group: root
    mode: 0644
  notify: Load custom sysctl settings

- name: essential | Change the console font to ter-h22b
  lineinfile:
    path: /etc/conf.d/consolefont
    state: present
    regexp: '^consolefont='
    line: 'consolefont="ter-h22b.psf.gz"'
    owner: root
    group: root
    mode: 0644

- name: essential | Start consolefont service on runlevel 'boot'
  service:
    name: consolefont
    runlevel: boot
    enabled: yes
    state: started