arch: implement LVM-on-LUKS, begin filesystems

Loads the gnupg_agent-skript in the ~/.bashrc, which exports
the needed variables (SSH_AUTH_SOCK, SSH_AGENT_PID, GPG_AGENT_INFO).

Also downloads the pubkey of the user and sets ownertrust on the key.

Fixes #3

.gitignore

@@ -0,0 +1,2 @@
+*.swp
+*.retry

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "ansible-gpg-vault"]
+	path = ansible-gpg-vault
+	url = https://git.finallycoffee.eu/finallycoffee.eu/ansible-gpg-vault.git

README.md

@@ -0,0 +1,9 @@
+# .dotfiles - Bootstrap me!
+
+## Requirements
+
+Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`.
+
+Have your pubkey in a git-repo at `https://git.finallycoffee.eu/$USER/about` at the top-level as `pubkey.asc`, then run `ansible-playbook -i local.yml bootstrap.yml`.
+
+Reboot and then run `ansible-playbook -i local.yml all.yml`.

all.yml

@@ -0,0 +1,7 @@
+---
+
+- import_playbook: vim.yml
+- import_playbook: tmux.yml
+- import_playbook: gnupg.yml
+- import_playbook: redshift.yml
+

ansible-gpg-vault-store/gpg_ids.list

@@ -0,0 +1 @@
+johanna.reichmann@delta-industries.de

ansible-gpg-vault-store/vault_passphrase.gpg

@@ -0,0 +1,20 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxAQ//ZkLnB+f9bD12wnnRJm8S6j/iaxbxsV9vSe0xfGZH0mup
+7f9Kpg8kCxDaTnbgQw9HIPJPc4m/Kwlo8Jx+Zk3+AIvuEkqll3OjmiwstlH9EPBg
+VzDDnpWHb4EG0xYWv7+pztudwX2Ghp1xMqHYIokJNliU01vn/igoeZjLg+uogKWf
+4+qFest0CLONfHM2LUj3qfMJc1dndRM46i2YybjTC6BFmqtXGNuEeVOHNUV3AgTw
+M6gpq26rr+YdVElft43o2+sdZH/USlL/ga5+K0Ea272qhmO/fPbTeffqlUHtkkWs
+bURsLmPQYkgZxy8TflSVeB8qol5i30hqkD3WTuEHB+m92KkxveZcV2jHeNrI1OEP
+r/kbMcxivDod0eNaEwe7pMlm7NstrHrnIExm9pG5y8YIIRlaELNJbXPcZAHTG+o9
+j+kfPnRyqFrF1raktY0AO99jsNn13uXYMPb0TB78jR6Qs0HAm56GUtO+enZhUEBo
+3igpeiU5lMEhua8fD+xSUhA4Hx8InS/Oj2FxzK4GRyRhXag2xFoBEM9FMJnRr9cR
+m5mPFBvqMadZkejRrv+QpAy6phauR4Zo9M7qBwsZ79adeFFTMneYONuF8l6okjBu
+OSHFPeR9R+O+iv+toAMCyqfH93RM7NWKBbawhnBBvaS7bIzMw0x+xKJo+c5lkQXS
+wC0BupdYkeee+5KeD+LejKJK2UBRtYPhDYZRPbHu0Hu837liuXhrJYuKz6SFfoPU
+kQcyYUlFVcaqjIwKGLYQdwumZetGlw8DlfmQ9nax5n5wvVm+fv6ZF8wy60Wsehbi
+fqE2jTTBRStyIqScPOZKTu1OR17va9KKhDnAPLXVPZ/ROxJftIrsa2FFRhItJBJx
+fqCe73K8zvT5jcHlN+qQlHgmV2KdTbMa0i6IC+VMWgdlK8HhE+nzYfl5Z4cf6ZwA
+BHnAXdwgtnj8FxZmC1NgRQuhXj3UucPO9/HrqEToAUydUQvbT1YbX+RLnzIysrU=
+=cikY
+-----END PGP MESSAGE-----

ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+
+vault_password_file = ansible-gpg-vault/vault.sh

bootstrap.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Bootstrap arch linux install
+  hosts: all
+  roles:
+    - name: arch
+      become: yes
+  vars:
+    arch_device: /dev/sdg
+  

git.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Install & template git configuration
+  hosts: git
+  become: true
+  roles:
+    - git

global.yml

@@ -0,0 +1,43 @@
+---
+
+all:
+  hosts:
+    iodine:
+      ansible_host: iodine.int.finallycoffee.eu
+      ansible_user: jdreichmann
+      ansible_become_user: jdreichmann
+      ansible_become: true
+    carbon:
+      ansible_host: carbon.int.finallycoffee.eu
+#    iron:
+#      ansible_host: iron.int.finallycoffee.eu
+#    platinum:
+#      ansible_host: platinum.int.finallycoffee.eu
+#    xenon:
+#      ansible_host: xenon.int.finallycoffee.eu
+#    yttrium:
+#      ansible_host: yttrium.int.finallycoffee.eu
+  
+    munich:
+      ansible_host: munich.finallycoffee.eu
+      ansible_user: jdreichmann
+      ansible_become_user: jdreichmann
+      ansible_become: true
+  vars:
+    ansible_user: transcaffeine
+    ansible_become_user: transcaffeine
+    ansible_become: true
+
+
+servers:
+  hosts:
+    iodine:
+    munich:
+#    iron:
+#    platinum:
+
+clients:
+  hosts:
+#    carbon:
+#    xenon:
+

gnupg.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Sets up gpg and the configs for using it as a ssh-agent
+  hosts: all
+  become: true
+  roles:
+    - gnupg

group_vars/git.yml

@@ -0,0 +1,34 @@
+$ANSIBLE_VAULT;1.1;AES256
+64363730336134663064313633316132396335613761386239613966313864656565376230323338
+3863396633383931393031643837323037356332326664630a393662323135643562643230363437
+31343065363266353662643365303663633131393037353130316638623035356138383164346166
+6234323936383061340a366634373336333363656463656433333139333362393530363131623535
+32396534633831343632323263336565353836343035396138353132356464383763396535393337
+64353137653266653262643164613534333865666336663561376462346663663934376466343261
+64656535343937643031616663666566626265313661623034386163336232336538663365626566
+32346463363333616261643364363263363163316431623364383333353364363836613062373537
+64636337343466643333666465643162323266353663366662313639623638393961333230373838
+63363633383134623931373062396665353161636435343463646536663962333232656264306331
+37323564306135363064363663656239313165326331303865643338333463303935356436626262
+38353738366632663839626166303964396535333639646162666435363630633132646531313930
+36343439373230616433623539393938326562343465633763363865323262323366316135393339
+62616132333063643433353039353765663736633334613138363936306336303962643339313163
+35646562663861613966346437666534313839373436376666313433353338653333643263373331
+32306136333564343831343439346466626135313835346433666337653435313833383033633665
+64613430383666653036393938643734613330623066333866643965343863636166363063306534
+39343163366161373862383466313830646336333731333438663465336339313865306438353262
+37363538383132373933313566366265616538356636633636343633343830363739383237316632
+33616636666464366462613866383837323736353931623463323565356431346166393066326263
+31623561323538373437366164376464663639633932383035346165353462303264373433393231
+62353866616532313236363337306466626536306666333232613065373066663762663739633831
+39316635663761663934323733656666396661653462383665336631373537356533383332323533
+38633465326566663331383564643066366235613337356531396530323937323138313966393635
+62353365383839383762303034633562353130353434656232636539313165346134373231316333
+62656534386439623435353264313134623035303366313763316164656336346436353130363834
+36306662633139663538383238646561346166353737636163323965663030373232613564393335
+39353632333139336132636536326538353033373736643132346635613666346635616637386539
+38643031626439373830316230643331303037313363633661333539383166356137333665623336
+64376334353837353262373461663666646630323366356538313138363038626635353231626164
+64346437383261643638306566356262383534646163343164333838373738303535623535323666
+35623861663933613366306131656231353833643234373933316262633338666236386662636135
+3563

i3.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Template i3 config
+  hosts: all
+  become: true
+  roles:
+    - i3
+

legacy/i3/i3config

@@ -0,0 +1,161 @@
+# This file has been auto-generated by i3-config-wizard(1).
+# It will not be overwritten, so edit it as you like.
+#
+# Should you change your keyboard layout some time, delete
+# this file and re-run i3-config-wizard(1).
+#
+
+# i3 config file (v4)
+#
+# Please see http://i3wm.org/docs/userguide.html for a complete reference!
+
+set $mod Mod4
+
+# Font for window titles. Will also be used by the bar unless a different font
+# is used in the bar {} block below.
+font pango:monospace 8
+
+# This font is widely installed, provides lots of unicode glyphs, right-to-left
+# text rendering and scalability on retina/hidpi displays (thanks to pango).
+#font pango:DejaVu Sans Mono 8
+
+# Before i3 v4.8, we used to recommend this one as the default:
+# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
+# The font above is very space-efficient, that is, it looks good, sharp and
+# clear in small sizes. However, its unicode glyph coverage is limited, the old
+# X core fonts rendering does not support right-to-left and this being a bitmap
+# font, it doesn’t scale on retina/hidpi displays.
+
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
+# start a terminal
+bindsym $mod+Return exec xfce4-terminal
+
+# kill focused window
+bindsym $mod+Shift+q kill
+
+# For use with xfce4 whisker popup menu in Mint XFCE:
+bindsym $mod+d exec xfce4-popup-whiskermenu
+
+# Lock the screen
+bindsym $mod+l exec i3lock
+
+# There also is the (new) i3-dmenu-desktop which only displays applications
+# shipping a .desktop file. It is a wrapper around dmenu, so you need that
+# installed.
+# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
+
+# change focus
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# move focused window
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# split in horizontal orientation
+bindsym $mod+h split h
+
+# split in vertical orientation
+bindsym $mod+v split v
+
+# enter fullscreen mode for the focused container
+bindsym $mod+f fullscreen toggle
+
+# change container layout (stacked, tabbed, toggle split)
+bindsym $mod+s layout stacking
+bindsym $mod+w layout tabbed
+bindsym $mod+e layout toggle split
+
+# toggle tiling / floating
+bindsym $mod+Shift+space floating toggle
+
+# change focus between tiling / floating windows
+bindsym $mod+space focus mode_toggle
+
+# focus the parent container
+bindsym $mod+a focus parent
+
+# focus the child container
+# bindsym $mod+d focus child
+
+# switch to workspace
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# move focused container to workspace
+bindsym $mod+Shift+1 move container to workspace 1
+bindsym $mod+Shift+2 move container to workspace 2
+bindsym $mod+Shift+3 move container to workspace 3
+bindsym $mod+Shift+4 move container to workspace 4
+bindsym $mod+Shift+5 move container to workspace 5
+bindsym $mod+Shift+6 move container to workspace 6
+bindsym $mod+Shift+7 move container to workspace 7
+bindsym $mod+Shift+8 move container to workspace 8
+bindsym $mod+Shift+9 move container to workspace 9
+bindsym $mod+Shift+0 move container to workspace 10
+
+# reload the configuration file
+bindsym $mod+Shift+c reload
+# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
+bindsym $mod+Shift+r restart
+# exit i3 (logs you out of your X session)
+#-old-#bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'
+bindsym $mod+Shift+e exec xfce4-session-logout
+
+# class                 border  backgr. text    indicator child_border
+client.focused          #ff33cc #ff33cc #ffffff #ff33cc   #ff33cc
+client.focused_inactive #333333 #5f676a #ffffff #484e50   #5f676a
+client.unfocused        #333333 #222222 #888888 #292d2e   #222222
+client.urgent           #ff0000 #ff0000 #ffffff #ff0000   #ff0000
+client.placeholder      #000000 #0c0c0c #ffffff #000000   #0c0c0c
+
+# resize window (you can also use the mouse for that)
+mode "resize" {
+        # These bindings trigger as soon as you enter the resize mode
+
+        # Pressing left will shrink the window’s width.
+        # Pressing right will grow the window’s width.
+        # Pressing up will shrink the window’s height.
+        # Pressing down will grow the window’s height.
+        bindsym j resize shrink width 10 px or 10 ppt
+        bindsym k resize grow height 10 px or 10 ppt
+        bindsym l resize shrink height 10 px or 10 ppt
+        bindsym semicolon resize grow width 10 px or 10 ppt
+
+        # same bindings, but for the arrow keys
+        bindsym Left resize shrink width 10 px or 10 ppt
+        bindsym Down resize grow height 10 px or 10 ppt
+        bindsym Up resize shrink height 10 px or 10 ppt
+        bindsym Right resize grow width 10 px or 10 ppt
+
+        # back to normal: Enter or Escape
+        bindsym Return mode "default"
+        bindsym Escape mode "default"
+}
+
+bindsym $mod+r mode "resize"
+
+# Start i3bar to display a workspace bar (plus the system information i3status
+# finds out, if available)
+
+
+#-old-#bar {
+#-old-#       status_command i3status
+#-old-#}
+exec --no-startup-id nitrogen --restore
+exec --no-startup-id synergy
+

local.yml

@@ -0,0 +1,31 @@
+---
+
+all:
+  hosts:
+    local:
+      ansible_host: localhost
+      ansible_connection: local
+  vars:
+    ansible_user: transcaffeine
+    ansible_become_user: root
+    ansible_become_method: sudo
+
+gnupg:
+  hosts:
+    local:
+
+redshift:
+  hosts:
+    local:
+
+tmux:
+  hosts:
+    local:
+
+vim:
+  hosts:
+    local:
+
+git:
+  hosts:
+    local:

redshift.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Sets up redshift and creates an autostart file
+  hosts: clients
+  become: true
+  roles:
+    - redshift

roles/arch/README.md

@@ -0,0 +1,14 @@
+# ArchLinux role
+
+Bootstraps an arch linux install to a given device. The whole block device is wiped in the process!
+
+## Requirements:
+
+`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]`
+
+Collections:
+
+- `community.general`
+- `community.crypto`
+- `community.posix`
+

roles/arch/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+
+arch_device: ~
+arch_hostname: cookie
+
+arch_part_label_base: "{{ arch_hostname }}"
+arch_part_efi_size: "512MiB"
+arch_part_root_size: "95%"
+
+arch_luks_device: "{{ arch_device }}2"
+arch_luks_passphrase: "super_secure!"
+arch_luks_container_name: "{{ arch_hostname }}"
+
+arch_lvm_name: "{{ arch_part_label_base }}"
+arch_lvm_volumes:
+  - name: "swap"
+    size: "16G"
+    fstype: swap
+  - name: "home"
+    size: "40G"
+    fstype: ext4
+    mountpoint: "/home"
+  - name: "cache"
+    size: "20G"
+    fstype: ext4
+    mountpoint: "/var/cache"
+  - name: "root"
+    size: "+90%FREE"
+    fstype: ext4
+    mountpoint: "/"

roles/arch/tasks/filesystems.yml

@@ -0,0 +1,107 @@
+---
+
+- name: Warn user that the blockdevice will be wiped
+  debug:
+    msg: "Warning! Continueing will wipe {{ arch_device }}!"
+
+- name: Give user the ability to abort
+  pause:
+    prompt: "You can safely abort now if you want, or continue and wipe {{ arch_device }}"
+
+- name: Create empty GPT
+  community.general.parted:
+    device: "{{ arch_device }}"
+    label: gpt
+    name: "{{ arch_part_label_base }}"
+
+- name: Create EFI system partition
+  community.general.parted:
+    device: "{{ arch_device }}"
+    state: present
+    part_start: "0%"
+    part_end: "{{ arch_part_efi_size }}"
+    number: 1
+    label: gpt
+    name: "{{ arch_part_label_base }}-efi"
+    fs_type: fat32
+
+- name: Create partition for luks
+  community.general.parted:
+    device: "{{ arch_device }}"
+    state: present
+    part_start: "{{ arch_part_efi_size }}"
+    part_end: "{{ arch_part_root_size }}"
+    number: 2
+    label: gpt
+    name: "{{ arch_part_label_base }}-main"
+
+- name: Create luks device on main partition
+  community.crypto.luks_device:
+    device: "{{ arch_luks_device }}"
+    passphrase: "{{ arch_luks_passphrase }}"
+    state: present
+
+- name: Open luks device
+  community.crypto.luks_device:
+    device: "{{ arch_luks_device }}"
+    passphrase: "{{ arch_luks_passphrase }}"
+    state: "opened"
+    name: "{{ arch_luks_container_name }}"
+
+- name: Wipe volume group if it existed
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    force: yes
+    state: absent
+
+- name: Create volume group
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    pvs: "/dev/mapper/{{ arch_luks_container_name }}"
+    pvresize: yes
+
+- name: Create logical volume for swap and root filesystem
+  community.general.lvol:
+    vg: "{{ arch_lvm_name }}"
+    lv: "{{ item.name }}"
+    size: "{{ item.size }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create filesystem on efi system partition
+  community.general.filesystem:
+    dev: "{{ arch_device }}1"
+    force: yes
+    fstype: vfat
+    opts: -F32
+
+- name: Create filesystems on the volumes
+  community.general.filesystem:
+    dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}"
+    fstype: "{{ item.fstype }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create mountpoint
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}"
+    state: directory
+
+- name: Mount root partition
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}"
+
+- name: Create mountpoints in root partition
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+    state: directory
+    recurse: yes
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}"
+
+- name: Mount efi system partition
+  command:
+    cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot"
+
+- name: Mount additional partitions
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}"

roles/arch/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Format disks and setup LVM on LUKS
+  import_tasks: filesystems.yml
+
+#- name: Bootstrap all packages and configure system
+#  import_tasks: packages.yml
+
+#- name: Configure systemd boot with EFI and LUKS
+#  import_tasks: bootloader.yml

roles/bash/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Install additional packages
+  package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - bash
+    - bash-completion

roles/bash/templates/bash_aliases

@@ -2,7 +2,14 @@
 alias ll='ls -al --color=auto'
 alias ls='ls -l --color=auto'
 
+alias nb=man
+alias enby=man
+
+alias furryfox=firefox
+
+alias flauschctl=systemctl
 
 # GnuPG2
 alias gpg=gpg2
 
+

roles/git/defaults/main.yml

@@ -0,0 +1,25 @@
+---
+
+git_user: your-username
+git_email: your-email@example.com
+git_signkey:
+git_signingkey:
+
+git_do_sign: false
+git_merge_autostash: true
+git_rebase_autostash: true
+git_pull_rebase: true
+git_pull_ff_only: true
+git_default_branch: main
+
+git_user_home: "/home/{{ git_system_user }}"
+git_system_user: "{{ git_user }}"
+git_system_group: "{{ git_system_user }}"
+
+git_gpg_program: ~
+
+git_aliases: []
+
+git_credentials: []
+
+git_config_preferred_editor: vim

roles/git/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Template .gitconfig
+  template:
+    src: gitconfig.j2
+    dest: "{{ git_user_home }}/.gitconfig"
+    owner: "{{ git_system_user }}"
+    group: "{{ git_system_group }}"
+    mode: 0660

roles/git/templates/gitconfig.j2

@@ -0,0 +1,49 @@
+# This is Git's per-user configuration file,
+# this file is managed by ansible.
+{% if git_do_sign %}
+[gpg]
+	program = {{ git_gpg_program }}
+{% endif %}
+
+[user]
+	name = "{{ git_author }}"
+	email = {{ git_email }}
+{% if git_do_sign %}
+	signingkey = {{ git_signingkey }}
+{% endif %}
+
+[commit]
+{% if git_do_sign %}
+	gpgsign = true
+{% endif %}
+
+[alias]
+{% for alias in git_aliases %}
+	{{ alias.name }} = {{ alias.cmd }}
+{% endfor %}
+
+[pull]
+	rebase = {{ git_pull_rebase|bool|lower }}
+{% if git_pull_ff_only|bool %}
+	ff = only
+{% endif %}
+
+[rebase]
+	autostash = {{ git_rebase_autostash|bool|lower }}
+
+[merge]
+	autostash = {{ git_merge_autostash|bool|lower }}
+
+[init]
+	defaultBranch = {{ git_default_branch }}
+
+[core]
+	editor = {{ git_config_preferred_editor }}
+
+{% for cred in git_credentials %}
+[credential "{{ cred.remote_url }}"]
+	username = {{ cred.username }}
+{% if cred.helper is defined %}
+	helper = {{ cred.helper }}
+{% endif %}
+{% endfor %}

roles/gnupg/defaults/main.yml

@@ -5,3 +5,6 @@ gpg_cache_ttl_ssh: 300
 # Array of all keygrips to pass to sshcontrol
 gpg_keygrips: []
 
+gpg_folder: "~/.gnupg"
+
+gpg_user: "{{ ansible_user }}"

roles/gnupg/files/gnupg_agent

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-rc=$(pgrep gpg-agent)
-if [ "$rc" != 0 ]; then
-  export GPG_AGENT_INFO
-  export SSH_AUTH_SOCK
-  export SSH_AGENT_PID
-else
-  eval $(gpg-agent --daemon)
-fi
-
-gpg-connect-agent /bye
-export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
-

roles/gnupg/tasks/main.yml

@@ -2,27 +2,62 @@
 # Installs GnuPG2 and templates the configs
 
 - name: Install gnupg (RedHat*)
-  yum: name=gnupg2 state=latest
+  package:
+    name: gnupg2
+    state: latest
+  become: yes
+  become_user: root
+  become_method: sudo
   when: ansible_os_family == "RedHat"
+  ignore_errors: true
 
 - name: Install gnupg (Arch)
-  pacman:
+  package:
     name: gnupg
     state: latest
   when: ansible_os_family == "Archlinux"
 
 - name: Configure gpg.conf (behaviour of gpg)
-  template: src=gpg.conf.j2 ~/.gnupg/gpg.conf
+  template:
+    src: gpg.conf.j2
+    dest: "{{ gpg_folder }}/gpg.conf"
 
 - name: Configure gpg-agent.conf (agent configuration)
-  template: src=gpg-agent.conf.j2 ~/.gnupg/gpg-agent.conf
+  template:
+    src: gpg-agent.conf.j2
+    dest: "{{ gpg_folder }}/gpg-agent.conf"
 
 - name: Configure ssh-control (in order for gpg-agent to act as ssh-agent)
-  template: src=sshcontrol.j2 ~/.gnupg/sshcontrol
+  template:
+    src: sshcontrol.j2
+    dest: "{{ gpg_folder }}/sshcontrol"
 
 - name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
-  copy:
+  template:
-    src: "{{ role_path }}/files/gpg_agent"
+    src: gnupg_agent.j2
-    dest: ~/.gnupg/gpg_agent
+    dest: "{{ gpg_folder }}/gnupg_agent"
     mode: 0700
 
+- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
+  blockinfile:
+    path: "~/.bashrc"
+    insertafter: "\[\[ \$- != \*i\* \]\] && return"
+    line: |
+      # load script telling SSH to use the gpg agent
+      source "{{ gpg_folder }}"/gnupg_agent
+    state: present
+
+- name: Download own pubkey
+  get_url:
+    url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
+    dest: "~/{{ gpg_user }}.pub"
+
+- name: Import own pubkey and set owner-trust
+  command:
+    cmd: |
+      gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
+      trust
+      5
+      quit
+      EOF
+

roles/gnupg/templates/gnupg_agent.j2

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+rc=$(pgrep gpg-agent)
+if [ "$rc" != 0 ]; then
+  export GPG_AGENT_INFO
+  export SSH_AUTH_SOCK
+  export SSH_AGENT_PID
+else
+  eval $(gpg-agent --daemon)
+fi
+
+gpg-connect-agent /bye
+export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+

roles/gnupg/templates/gpg.conf.j2

@@ -8,5 +8,4 @@ allow-freeform-uid
 with-fingerprint
 keyid-format 0xlong
 keyserver hkps://hkps.pool.sks-keyservers.net
-#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
 keyserver-options no-honor-keyserver-url

roles/gnupg/templates/sshcontrol.j2

@@ -10,5 +10,5 @@
 # flags.   Prepend the keygrip with an '!' mark to disable it.
 
 {% for keygrip in gpg_keygrips %}
-{{ gpg_keygrips.keygrip }}
+{{ keygrip }}
 {% endfor %}

roles/i3/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Ensure i3 is installed
+  package:
+    name: i3
+    state: present
+  ignore_errors: yes
+
+- name: Ensure folder for configuration exists
+  file:
+    path: ~/.config/i3
+    state: directory
+    recurse: yes
+
+- name: Template config into configuration directory
+  template:
+    src: config.j2
+    dest: ~/.config/i3/config
+

roles/i3/templates/config.j2

@@ -0,0 +1,147 @@
+# i3 config file (v4)
+#
+# Please see http://i3wm.org/docs/userguide.html for a complete reference!
+
+set $mod Mod4
+
+# Font for window titles. Will also be used by the bar unless a different font
+# is used in the bar {} block below.
+font pango:monospace 8
+
+# This font is widely installed, provides lots of unicode glyphs, right-to-left
+# text rendering and scalability on retina/hidpi displays (thanks to pango).
+#font pango:DejaVu Sans Mono 8
+
+# Before i3 v4.8, we used to recommend this one as the default:
+# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
+# The font above is very space-efficient, that is, it looks good, sharp and
+# clear in small sizes. However, its unicode glyph coverage is limited, the old
+# X core fonts rendering does not support right-to-left and this being a bitmap
+# font, it doesn’t scale on retina/hidpi displays.
+
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
+# start a terminal
+bindsym $mod+Return exec xfce4-terminal
+
+# kill focused window
+bindsym $mod+Shift+q kill
+
+# For use with xfce4 whisker popup menu in Mint XFCE:
+bindsym $mod+d exec xfce4-popup-whiskermenu
+
+# Lock the screen
+bindsym $mod+l exec xflock4
+
+# There also is the (new) i3-dmenu-desktop which only displays applications
+# shipping a .desktop file. It is a wrapper around dmenu, so you need that
+# installed.
+# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
+
+# change focus
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# move focused window
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# split in horizontal orientation
+bindsym $mod+h split h
+
+# split in vertical orientation
+bindsym $mod+v split v
+
+# enter fullscreen mode for the focused container
+bindsym $mod+f fullscreen toggle
+
+# change container layout (stacked, tabbed, toggle split)
+bindsym $mod+s layout stacking
+bindsym $mod+w layout tabbed
+bindsym $mod+e layout toggle split
+
+# toggle tiling / floating
+bindsym $mod+Shift+space floating toggle
+
+# change focus between tiling / floating windows
+bindsym $mod+space focus mode_toggle
+
+# focus the parent container
+bindsym $mod+a focus parent
+
+# focus the child container
+# bindsym $mod+d focus child
+
+# switch to workspace
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# move focused container to workspace
+bindsym $mod+Shift+1 move container to workspace 1
+bindsym $mod+Shift+2 move container to workspace 2
+bindsym $mod+Shift+3 move container to workspace 3
+bindsym $mod+Shift+4 move container to workspace 4
+bindsym $mod+Shift+5 move container to workspace 5
+bindsym $mod+Shift+6 move container to workspace 6
+bindsym $mod+Shift+7 move container to workspace 7
+bindsym $mod+Shift+8 move container to workspace 8
+bindsym $mod+Shift+9 move container to workspace 9
+bindsym $mod+Shift+0 move container to workspace 10
+
+# reload the configuration file
+bindsym $mod+Shift+c reload
+# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
+bindsym $mod+Shift+r restart
+# exit i3 (logs you out of your X session)
+#-old-#bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'
+bindsym $mod+Shift+e exec xfce4-session-logout
+
+# class                 border  backgr. text    indicator child_border
+client.focused          #ff33cc #ff33cc #ffffff #ff33cc   #ff33cc
+client.focused_inactive #333333 #5f676a #ffffff #484e50   #5f676a
+client.unfocused        #333333 #222222 #888888 #292d2e   #222222
+client.urgent           #ff0000 #ff0000 #ffffff #ff0000   #ff0000
+client.placeholder      #000000 #0c0c0c #ffffff #000000   #0c0c0c
+
+# resize window (you can also use the mouse for that)
+mode "resize" {
+        # These bindings trigger as soon as you enter the resize mode
+
+        # Pressing left will shrink the window’s width.
+        # Pressing right will grow the window’s width.
+        # Pressing up will shrink the window’s height.
+        # Pressing down will grow the window’s height.
+        bindsym j resize shrink width 10 px or 10 ppt
+        bindsym k resize grow height 10 px or 10 ppt
+        bindsym l resize shrink height 10 px or 10 ppt
+        bindsym semicolon resize grow width 10 px or 10 ppt
+
+        # same bindings, but for the arrow keys
+        bindsym Left resize shrink width 10 px or 10 ppt
+        bindsym Down resize grow height 10 px or 10 ppt
+        bindsym Up resize shrink height 10 px or 10 ppt
+        bindsym Right resize grow width 10 px or 10 ppt
+
+        # back to normal: Enter or Escape
+        bindsym Return mode "default"
+        bindsym Escape mode "default"
+}
+
+bindsym $mod+r mode "resize"
+
+exec --no-startup-id nitrogen --restore
+exec --no-startup-id synergy
+

roles/network/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Install network manager
+
+- name: Template config for default network
+
+- name: Copy KIT VPN configuration
+
+- name: Copy flauschekatze.space VPN configuration
+
+- name: Copy FFKA VLAN config
+
+- name: Copy int.finallycofffee.eu VPN/VLAN config
+

roles/passwordstore/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Install package
+  package:
+    name: pass
+    state: present
+
+- name: Initialise password store
+  command:
+    cmd: "pass init {{ passwordstore_id }}"
+
+- name: Set password store git upstream
+  command:
+    cmd: "pass git remote set origin ssh://git@git.finallycoffee.eu:8022/{{ ansible_user }}/password-store.git"
+
+- name: Fetch upstream password store
+  command:
+    cmd: "pass git fetch --all"
+
+- name: Set master to upstream master
+  command:
+    cmd: "pass git checkout -B master origin/master"
+

roles/redshift/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Install redshift
+  package:
+    name: redshift
+    state: present
+  ignore_errors: true
+
+- name: Ensure .config folder for redshift exists
+  file:
+    path: ~/.config/redshift
+    state: directory
+
+- name: Template redshift config
+  template:
+    src: redshift.conf.j2
+    dest: ~/.config/redshift/redshift.conf
+
+- name: Template redshift autostart file
+  template:
+    src: redshift-gtk.desktop.j2
+    dest: ~/.config/autostart/redshift-gtk.desktop
+

roles/redshift/templates/redshift-gtk.desktop.j2

@@ -0,0 +1,12 @@
+[Desktop Entry]
+Version=1.0
+Name=Redshift
+Exec=redshift-gtk
+Icon=redshift
+Terminal=false
+Type=Application
+Categories=Utility;
+StartupNotify=true
+Hidden=false
+X-GNOME-Autostart-enabled=true
+

roles/tmux/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Ensure tmux is installed
+  package:
+    name: tmux
+    state: present
+  become: yes
+  become_user: root
+  become_method: sudo
+  ignore_errors: true
+
+- name: Template config file into home folder
+  template:
+    src: tmux.conf.j2
+    dest: ~/.tmux.conf
+
+- name: Template controller config file to home folder
+  template:
+    src: controller.tmux.conf.j2
+    dest: ~/.controller.tmux.conf
+

roles/tmux/templates/controller.tmux.conf.j2

@@ -0,0 +1,39 @@
+# Reload controller config with "r" key
+unbind t
+bind t source-file ~/.controller.tmux.conf \; display-message "Controller config reloaded..."
+
+# No automatic renaming of windows
+set -g automatic-rename off
+
+# Enable 256-color terminal
+set -g default-terminal "screen-256color"
+
+# Set titles to be informative
+set set-titles on
+set set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
+
+# Change colors on the pane seperators
+set pane-border-fg colour237
+set pane-active-border-fg colour27
+
+# Tweak currently highlighted window ('active')
+setw window-status-current-fg colour255
+setw window-status-current-bg colour27
+setw window-status-current-format " #F[#W] "
+setw window-status-current-attr none
+
+# Tweak overview of windows
+setw window-status-format " #F[#I][#W] "
+setw window-status-bg colour237
+setw window-status-fg colour255
+
+# Tweak status line design
+set status-bg colour237
+set status-fg colour27
+set status-justify centre
+set status-left " [#H] [#S] "
+set status-left-length 100
+set status-right ' [#(curl https://wttr.in/berlin?format=3)] [%Y-%m-%d %H:%M.%S] '
+# Refresh status bar every second
+set status-interval 1
+

roles/tmux/templates/tmux.conf.j2

@@ -0,0 +1,46 @@
+# vi:syntax=tmux
+# Reload the config with the "r" key
+bind r source-file ~/.tmux.conf \; display-message "Config reloaded..."
+
+# No automatic renaming of windows
+set automatic-rename off
+
+# Enable 256-color terminal
+set default-terminal "screen-256color"
+
+# Set titles to be informative
+set set-titles on
+set set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
+
+# Change pane colors
+set -g pane-border-style fg=colour237
+set -g pane-active-border-style fg=colour199
+
+# Tweak currently active window
+setw -g window-status-current-style bg=colour199,fg=colour255,none
+setw -g window-status-current-format " #F[#W] "
+# Tweak last active window style
+setw -g window-status-last-style fg=colour255,bg=colour238,none
+
+# Tweak display of window overview
+setw -g window-status-format " #F[#W][#I] "
+setw -g window-status-style bg=colour233,fg=colour255,none
+
+# Tweak status line design
+set -g status-style bg=colour235,fg=colour199
+set status-justify centre
+set status-left " [#H] [#S] "
+set status-left-length 100
+set status-right '[%Y-%m-%d %H:%M.%S]'
+# Refresh status bar every 2s
+set status-interval 2
+
+# Set some helpful limits & modes
+set -g mouse off
+set -g history-limit 50000
+
+# Make tmux resize based on smallest client actually viewing the window, not just attached
+setw -g aggressive-resize on
+
+# Initialize tmux-plugin-manager
+run '~/.tmux/plugins/tpm/tpm'

roles/vim/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Ensure vim is installed
+  package:
+    name: vim
+    state: present
+  become: true
+  become_user: root
+  ignore_errors: yes
+
+- name: Ensure ~/.vim/colors folder exists
+  file:
+    path: ~/.vim/colors
+    state: directory
+    recurse: yes
+
+- name: Copy kuroi color scheme
+  copy:
+    src: kuroi.vim
+    dest: ~/.vim/colors/kuroi.vim
+
+- name: Template vim config
+  template:
+    src: vimrc.j2
+    dest: ~/.vimrc
+

tmux.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Set up tmux
+  hosts: all
+  become: true
+  roles:
+    - tmux

tmux/tmux.conf

@@ -1,40 +0,0 @@
-# Reload the config with the "r" key
-bind r source-file ~/.tmux.conf \; display-message "Config reloaded..."
-
-# No automatic renaming of windows
-set -g automatic-rename off
-
-# Enable 256-color terminal
-set -g default-terminal "screen-256color"
-
-# Set titles to be informative
-set -g set-titles on
-set -g set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
-
-# Install tmux-plugin-manager, first run `git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm`
-#set -g @plugin 'tmux-plugins/tpm'
-#set -g @plugin 'tmux-plugins/tmux-sensible'
-
-# Tweak currently highlighted pane
-setw -g window-status-current-fg colour236
-setw -g window-status-current-bg colour199
-setw -g window-status-current-format " #F[#W] "
-setw -g window-status-current-attr none
-
-# Tweak pane display
-setw -g window-status-format " #F[#W][#I] "
-setw -g window-status-bg colour237
-setw -g window-status-fg colour255
-
-# Tweak status line design
-set -g status-bg colour235
-set -g status-fg colour199
-set -g status-justify centre
-set -g status-left " [#H] [#S] "
-set -g status-left-length 100
-set -g status-right '[FFKA: #(ip addr show freifunk | grep inet6 | grep -v fe80 | cut -d/ -f1 | cut -d " " -f6)] [%Y-%m-%d %H:%M.%S]'
-# Refresh status bar every 5s
-set -g status-interval 5
-
-# Initialize tmux-plugin-manager
-run '~/.tmux/plugins/tpm/tpm'

vim.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Install vim and copy color scheme and template its config
+  hosts: all
+  become: true
+  roles:
+    - vim