arch: implement LVM-on-LUKS, begin filesystems

Loads the gnupg_agent-skript in the ~/.bashrc, which exports
the needed variables (SSH_AUTH_SOCK, SSH_AGENT_PID, GPG_AGENT_INFO).

Also downloads the pubkey of the user and sets ownertrust on the key.

Fixes #3

.gitignore

@@ -0,0 +1,2 @@
+*.swp
+*.retry

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "ansible-gpg-vault"]
+	path = ansible-gpg-vault
+	url = https://git.finallycoffee.eu/finallycoffee.eu/ansible-gpg-vault.git

README.md

@@ -0,0 +1,9 @@
+# .dotfiles - Bootstrap me!
+
+## Requirements
+
+Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`.
+
+Have your pubkey in a git-repo at `https://git.finallycoffee.eu/$USER/about` at the top-level as `pubkey.asc`, then run `ansible-playbook -i local.yml bootstrap.yml`.
+
+Reboot and then run `ansible-playbook -i local.yml all.yml`.

all.yml

@@ -0,0 +1,7 @@
+---
+
+- import_playbook: vim.yml
+- import_playbook: tmux.yml
+- import_playbook: gnupg.yml
+- import_playbook: redshift.yml
+

ansible-gpg-vault-store/gpg_ids.list

@@ -0,0 +1 @@
+johanna.reichmann@delta-industries.de

ansible-gpg-vault-store/vault_passphrase.gpg

@@ -0,0 +1,20 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxAQ//ZkLnB+f9bD12wnnRJm8S6j/iaxbxsV9vSe0xfGZH0mup
+7f9Kpg8kCxDaTnbgQw9HIPJPc4m/Kwlo8Jx+Zk3+AIvuEkqll3OjmiwstlH9EPBg
+VzDDnpWHb4EG0xYWv7+pztudwX2Ghp1xMqHYIokJNliU01vn/igoeZjLg+uogKWf
+4+qFest0CLONfHM2LUj3qfMJc1dndRM46i2YybjTC6BFmqtXGNuEeVOHNUV3AgTw
+M6gpq26rr+YdVElft43o2+sdZH/USlL/ga5+K0Ea272qhmO/fPbTeffqlUHtkkWs
+bURsLmPQYkgZxy8TflSVeB8qol5i30hqkD3WTuEHB+m92KkxveZcV2jHeNrI1OEP
+r/kbMcxivDod0eNaEwe7pMlm7NstrHrnIExm9pG5y8YIIRlaELNJbXPcZAHTG+o9
+j+kfPnRyqFrF1raktY0AO99jsNn13uXYMPb0TB78jR6Qs0HAm56GUtO+enZhUEBo
+3igpeiU5lMEhua8fD+xSUhA4Hx8InS/Oj2FxzK4GRyRhXag2xFoBEM9FMJnRr9cR
+m5mPFBvqMadZkejRrv+QpAy6phauR4Zo9M7qBwsZ79adeFFTMneYONuF8l6okjBu
+OSHFPeR9R+O+iv+toAMCyqfH93RM7NWKBbawhnBBvaS7bIzMw0x+xKJo+c5lkQXS
+wC0BupdYkeee+5KeD+LejKJK2UBRtYPhDYZRPbHu0Hu837liuXhrJYuKz6SFfoPU
+kQcyYUlFVcaqjIwKGLYQdwumZetGlw8DlfmQ9nax5n5wvVm+fv6ZF8wy60Wsehbi
+fqE2jTTBRStyIqScPOZKTu1OR17va9KKhDnAPLXVPZ/ROxJftIrsa2FFRhItJBJx
+fqCe73K8zvT5jcHlN+qQlHgmV2KdTbMa0i6IC+VMWgdlK8HhE+nzYfl5Z4cf6ZwA
+BHnAXdwgtnj8FxZmC1NgRQuhXj3UucPO9/HrqEToAUydUQvbT1YbX+RLnzIysrU=
+=cikY
+-----END PGP MESSAGE-----

ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+
+vault_password_file = ansible-gpg-vault/vault.sh

bootstrap.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Bootstrap arch linux install
+  hosts: all
+  roles:
+    - name: arch
+      become: yes
+  vars:
+    arch_device: /dev/sdg
+  

git.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Install & template git configuration
+  hosts: git
+  become: true
+  roles:
+    - git

global.yml

@@ -0,0 +1,43 @@
+---
+
+all:
+  hosts:
+    iodine:
+      ansible_host: iodine.int.finallycoffee.eu
+      ansible_user: jdreichmann
+      ansible_become_user: jdreichmann
+      ansible_become: true
+    carbon:
+      ansible_host: carbon.int.finallycoffee.eu
+#    iron:
+#      ansible_host: iron.int.finallycoffee.eu
+#    platinum:
+#      ansible_host: platinum.int.finallycoffee.eu
+#    xenon:
+#      ansible_host: xenon.int.finallycoffee.eu
+#    yttrium:
+#      ansible_host: yttrium.int.finallycoffee.eu
+  
+    munich:
+      ansible_host: munich.finallycoffee.eu
+      ansible_user: jdreichmann
+      ansible_become_user: jdreichmann
+      ansible_become: true
+  vars:
+    ansible_user: transcaffeine
+    ansible_become_user: transcaffeine
+    ansible_become: true
+
+
+servers:
+  hosts:
+    iodine:
+    munich:
+#    iron:
+#    platinum:
+
+clients:
+  hosts:
+#    carbon:
+#    xenon:
+

gnupg.yml

@@ -1,8 +1,7 @@
 ---
 
 - name: Sets up gpg and the configs for using it as a ssh-agent
-  #connection: local
-  hosts: gnupg
+  hosts: all
   become: true
   roles:
     - gnupg

group_vars/git.yml

@@ -0,0 +1,34 @@
+$ANSIBLE_VAULT;1.1;AES256
+64363730336134663064313633316132396335613761386239613966313864656565376230323338
+3863396633383931393031643837323037356332326664630a393662323135643562643230363437
+31343065363266353662643365303663633131393037353130316638623035356138383164346166
+6234323936383061340a366634373336333363656463656433333139333362393530363131623535
+32396534633831343632323263336565353836343035396138353132356464383763396535393337
+64353137653266653262643164613534333865666336663561376462346663663934376466343261
+64656535343937643031616663666566626265313661623034386163336232336538663365626566
+32346463363333616261643364363263363163316431623364383333353364363836613062373537
+64636337343466643333666465643162323266353663366662313639623638393961333230373838
+63363633383134623931373062396665353161636435343463646536663962333232656264306331
+37323564306135363064363663656239313165326331303865643338333463303935356436626262
+38353738366632663839626166303964396535333639646162666435363630633132646531313930
+36343439373230616433623539393938326562343465633763363865323262323366316135393339
+62616132333063643433353039353765663736633334613138363936306336303962643339313163
+35646562663861613966346437666534313839373436376666313433353338653333643263373331
+32306136333564343831343439346466626135313835346433666337653435313833383033633665
+64613430383666653036393938643734613330623066333866643965343863636166363063306534
+39343163366161373862383466313830646336333731333438663465336339313865306438353262
+37363538383132373933313566366265616538356636633636343633343830363739383237316632
+33616636666464366462613866383837323736353931623463323565356431346166393066326263
+31623561323538373437366164376464663639633932383035346165353462303264373433393231
+62353866616532313236363337306466626536306666333232613065373066663762663739633831
+39316635663761663934323733656666396661653462383665336631373537356533383332323533
+38633465326566663331383564643066366235613337356531396530323937323138313966393635
+62353365383839383762303034633562353130353434656232636539313165346134373231316333
+62656534386439623435353264313134623035303366313763316164656336346436353130363834
+36306662633139663538383238646561346166353737636163323965663030373232613564393335
+39353632333139336132636536326538353033373736643132346635613666346635616637386539
+38643031626439373830316230643331303037313363633661333539383166356137333665623336
+64376334353837353262373461663666646630323366356538313138363038626635353231626164
+64346437383261643638306566356262383534646163343164333838373738303535623535323666
+35623861663933613366306131656231353833643234373933316262633338666236386662636135
+3563

i3.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Template i3 config
+  hosts: all
+  become: true
+  roles:
+    - i3
+

inventory.yaml

@@ -1,28 +0,0 @@
----
-
-all:
-  hosts:
-    xenon:
-      ansible_host: xenon.int.finallycoffee.eu
-      ansible_connection: local
-  vars:
-    ansible_user: transcaffeine
-    ansible_become_user: transcaffeine
-    ansible_become: true
-
-gnupg:
-  hosts:
-    xenon:
-
-redshift:
-  hosts:
-    xenon:
-
-tmux:
-  hosts:
-    xenon:
-
-vim:
-  hosts:
-    xenon:
-

local.yml

@@ -0,0 +1,31 @@
+---
+
+all:
+  hosts:
+    local:
+      ansible_host: localhost
+      ansible_connection: local
+  vars:
+    ansible_user: transcaffeine
+    ansible_become_user: root
+    ansible_become_method: sudo
+
+gnupg:
+  hosts:
+    local:
+
+redshift:
+  hosts:
+    local:
+
+tmux:
+  hosts:
+    local:
+
+vim:
+  hosts:
+    local:
+
+git:
+  hosts:
+    local:

redshift.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Sets up redshift and creates an autostart file
-  hosts: redshift
+  hosts: clients
   become: true
   roles:
     - redshift

roles/arch/README.md

@@ -0,0 +1,14 @@
+# ArchLinux role
+
+Bootstraps an arch linux install to a given device. The whole block device is wiped in the process!
+
+## Requirements:
+
+`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]`
+
+Collections:
+
+- `community.general`
+- `community.crypto`
+- `community.posix`
+

roles/arch/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+
+arch_device: ~
+arch_hostname: cookie
+
+arch_part_label_base: "{{ arch_hostname }}"
+arch_part_efi_size: "512MiB"
+arch_part_root_size: "95%"
+
+arch_luks_device: "{{ arch_device }}2"
+arch_luks_passphrase: "super_secure!"
+arch_luks_container_name: "{{ arch_hostname }}"
+
+arch_lvm_name: "{{ arch_part_label_base }}"
+arch_lvm_volumes:
+  - name: "swap"
+    size: "16G"
+    fstype: swap
+  - name: "home"
+    size: "40G"
+    fstype: ext4
+    mountpoint: "/home"
+  - name: "cache"
+    size: "20G"
+    fstype: ext4
+    mountpoint: "/var/cache"
+  - name: "root"
+    size: "+90%FREE"
+    fstype: ext4
+    mountpoint: "/"

roles/arch/tasks/filesystems.yml

@@ -0,0 +1,107 @@
+---
+
+- name: Warn user that the blockdevice will be wiped
+  debug:
+    msg: "Warning! Continueing will wipe {{ arch_device }}!"
+
+- name: Give user the ability to abort
+  pause:
+    prompt: "You can safely abort now if you want, or continue and wipe {{ arch_device }}"
+
+- name: Create empty GPT
+  community.general.parted:
+    device: "{{ arch_device }}"
+    label: gpt
+    name: "{{ arch_part_label_base }}"
+
+- name: Create EFI system partition
+  community.general.parted:
+    device: "{{ arch_device }}"
+    state: present
+    part_start: "0%"
+    part_end: "{{ arch_part_efi_size }}"
+    number: 1
+    label: gpt
+    name: "{{ arch_part_label_base }}-efi"
+    fs_type: fat32
+
+- name: Create partition for luks
+  community.general.parted:
+    device: "{{ arch_device }}"
+    state: present
+    part_start: "{{ arch_part_efi_size }}"
+    part_end: "{{ arch_part_root_size }}"
+    number: 2
+    label: gpt
+    name: "{{ arch_part_label_base }}-main"
+
+- name: Create luks device on main partition
+  community.crypto.luks_device:
+    device: "{{ arch_luks_device }}"
+    passphrase: "{{ arch_luks_passphrase }}"
+    state: present
+
+- name: Open luks device
+  community.crypto.luks_device:
+    device: "{{ arch_luks_device }}"
+    passphrase: "{{ arch_luks_passphrase }}"
+    state: "opened"
+    name: "{{ arch_luks_container_name }}"
+
+- name: Wipe volume group if it existed
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    force: yes
+    state: absent
+
+- name: Create volume group
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    pvs: "/dev/mapper/{{ arch_luks_container_name }}"
+    pvresize: yes
+
+- name: Create logical volume for swap and root filesystem
+  community.general.lvol:
+    vg: "{{ arch_lvm_name }}"
+    lv: "{{ item.name }}"
+    size: "{{ item.size }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create filesystem on efi system partition
+  community.general.filesystem:
+    dev: "{{ arch_device }}1"
+    force: yes
+    fstype: vfat
+    opts: -F32
+
+- name: Create filesystems on the volumes
+  community.general.filesystem:
+    dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}"
+    fstype: "{{ item.fstype }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create mountpoint
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}"
+    state: directory
+
+- name: Mount root partition
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}"
+
+- name: Create mountpoints in root partition
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+    state: directory
+    recurse: yes
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}"
+
+- name: Mount efi system partition
+  command:
+    cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot"
+
+- name: Mount additional partitions
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}"

roles/arch/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Format disks and setup LVM on LUKS
+  import_tasks: filesystems.yml
+
+#- name: Bootstrap all packages and configure system
+#  import_tasks: packages.yml
+
+#- name: Configure systemd boot with EFI and LUKS
+#  import_tasks: bootloader.yml

roles/bash/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Install additional packages
+  package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - bash
+    - bash-completion

roles/git/defaults/main.yml

@@ -0,0 +1,25 @@
+---
+
+git_user: your-username
+git_email: your-email@example.com
+git_signkey:
+git_signingkey:
+
+git_do_sign: false
+git_merge_autostash: true
+git_rebase_autostash: true
+git_pull_rebase: true
+git_pull_ff_only: true
+git_default_branch: main
+
+git_user_home: "/home/{{ git_system_user }}"
+git_system_user: "{{ git_user }}"
+git_system_group: "{{ git_system_user }}"
+
+git_gpg_program: ~
+
+git_aliases: []
+
+git_credentials: []
+
+git_config_preferred_editor: vim

roles/git/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Template .gitconfig
+  template:
+    src: gitconfig.j2
+    dest: "{{ git_user_home }}/.gitconfig"
+    owner: "{{ git_system_user }}"
+    group: "{{ git_system_group }}"
+    mode: 0660

roles/git/templates/gitconfig.j2

@@ -0,0 +1,49 @@
+# This is Git's per-user configuration file,
+# this file is managed by ansible.
+{% if git_do_sign %}
+[gpg]
+	program = {{ git_gpg_program }}
+{% endif %}
+
+[user]
+	name = "{{ git_author }}"
+	email = {{ git_email }}
+{% if git_do_sign %}
+	signingkey = {{ git_signingkey }}
+{% endif %}
+
+[commit]
+{% if git_do_sign %}
+	gpgsign = true
+{% endif %}
+
+[alias]
+{% for alias in git_aliases %}
+	{{ alias.name }} = {{ alias.cmd }}
+{% endfor %}
+
+[pull]
+	rebase = {{ git_pull_rebase|bool|lower }}
+{% if git_pull_ff_only|bool %}
+	ff = only
+{% endif %}
+
+[rebase]
+	autostash = {{ git_rebase_autostash|bool|lower }}
+
+[merge]
+	autostash = {{ git_merge_autostash|bool|lower }}
+
+[init]
+	defaultBranch = {{ git_default_branch }}
+
+[core]
+	editor = {{ git_config_preferred_editor }}
+
+{% for cred in git_credentials %}
+[credential "{{ cred.remote_url }}"]
+	username = {{ cred.username }}
+{% if cred.helper is defined %}
+	helper = {{ cred.helper }}
+{% endif %}
+{% endfor %}

roles/gnupg/defaults/main.yml

@@ -7,3 +7,4 @@ gpg_keygrips: []
 
 gpg_folder: "~/.gnupg"
 
+gpg_user: "{{ ansible_user }}"

roles/gnupg/tasks/main.yml

@@ -5,7 +5,11 @@
   package:
     name: gnupg2
     state: latest
+  become: yes
+  become_user: root
+  become_method: sudo
   when: ansible_os_family == "RedHat"
+  ignore_errors: true
 
 - name: Install gnupg (Arch)
   package:
@@ -34,8 +38,26 @@
     dest: "{{ gpg_folder }}/gnupg_agent"
     mode: 0700
 
+- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
+  blockinfile:
+    path: "~/.bashrc"
+    insertafter: "\[\[ \$- != \*i\* \]\] && return"
+    line: |
+      # load script telling SSH to use the gpg agent
+      source "{{ gpg_folder }}"/gnupg_agent
+    state: present
 
+- name: Download own pubkey
+  get_url:
+    url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
+    dest: "~/{{ gpg_user }}.pub"
 
-
-
+- name: Import own pubkey and set owner-trust
+  command:
+    cmd: |
+      gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
+      trust
+      5
+      quit
+      EOF
 

roles/gnupg/templates/gpg.conf.j2

@@ -8,5 +8,4 @@ allow-freeform-uid
 with-fingerprint
 keyid-format 0xlong
 keyserver hkps://hkps.pool.sks-keyservers.net
-#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
 keyserver-options no-honor-keyserver-url

roles/i3/tasks/main.yml

@@ -4,6 +4,7 @@
   package:
     name: i3
     state: present
+  ignore_errors: yes
 
 - name: Ensure folder for configuration exists
   file:

roles/i3/templates/config.j2

@@ -1,10 +1,3 @@
-# This file has been auto-generated by i3-config-wizard(1).
-# It will not be overwritten, so edit it as you like.
-#
-# Should you change your keyboard layout some time, delete
-# this file and re-run i3-config-wizard(1).
-#
-
 # i3 config file (v4)
 #
 # Please see http://i3wm.org/docs/userguide.html for a complete reference!
@@ -39,7 +32,7 @@ bindsym $mod+Shift+q kill
 bindsym $mod+d exec xfce4-popup-whiskermenu
 
 # Lock the screen
-bindsym $mod+l exec i3lock
+bindsym $mod+l exec xflock4
 
 # There also is the (new) i3-dmenu-desktop which only displays applications
 # shipping a .desktop file. It is a wrapper around dmenu, so you need that
@@ -149,13 +142,6 @@ mode "resize" {
 
 bindsym $mod+r mode "resize"
 
-# Start i3bar to display a workspace bar (plus the system information i3status
-# finds out, if available)
-
-
-#-old-#bar {
-#-old-#       status_command i3status
-#-old-#}
 exec --no-startup-id nitrogen --restore
 exec --no-startup-id synergy
 

roles/network/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Install network manager
+
+- name: Template config for default network
+
+- name: Copy KIT VPN configuration
+
+- name: Copy flauschekatze.space VPN configuration
+
+- name: Copy FFKA VLAN config
+
+- name: Copy int.finallycofffee.eu VPN/VLAN config
+

roles/passwordstore/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Install package
+  package:
+    name: pass
+    state: present
+
+- name: Initialise password store
+  command:
+    cmd: "pass init {{ passwordstore_id }}"
+
+- name: Set password store git upstream
+  command:
+    cmd: "pass git remote set origin ssh://git@git.finallycoffee.eu:8022/{{ ansible_user }}/password-store.git"
+
+- name: Fetch upstream password store
+  command:
+    cmd: "pass git fetch --all"
+
+- name: Set master to upstream master
+  command:
+    cmd: "pass git checkout -B master origin/master"
+

roles/redshift/tasks/main.yml

@@ -4,7 +4,7 @@
   package:
     name: redshift
     state: present
-
+  ignore_errors: true
 
 - name: Ensure .config folder for redshift exists
   file:

roles/tmux/tasks/main.yml

@@ -4,9 +4,18 @@
   package:
     name: tmux
     state: present
+  become: yes
+  become_user: root
+  become_method: sudo
+  ignore_errors: true
 
 - name: Template config file into home folder
   template:
     src: tmux.conf.j2
     dest: ~/.tmux.conf
 
+- name: Template controller config file to home folder
+  template:
+    src: controller.tmux.conf.j2
+    dest: ~/.controller.tmux.conf
+

roles/tmux/templates/controller.tmux.conf.j2

@@ -0,0 +1,39 @@
+# Reload controller config with "r" key
+unbind t
+bind t source-file ~/.controller.tmux.conf \; display-message "Controller config reloaded..."
+
+# No automatic renaming of windows
+set -g automatic-rename off
+
+# Enable 256-color terminal
+set -g default-terminal "screen-256color"
+
+# Set titles to be informative
+set set-titles on
+set set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
+
+# Change colors on the pane seperators
+set pane-border-fg colour237
+set pane-active-border-fg colour27
+
+# Tweak currently highlighted window ('active')
+setw window-status-current-fg colour255
+setw window-status-current-bg colour27
+setw window-status-current-format " #F[#W] "
+setw window-status-current-attr none
+
+# Tweak overview of windows
+setw window-status-format " #F[#I][#W] "
+setw window-status-bg colour237
+setw window-status-fg colour255
+
+# Tweak status line design
+set status-bg colour237
+set status-fg colour27
+set status-justify centre
+set status-left " [#H] [#S] "
+set status-left-length 100
+set status-right ' [#(curl https://wttr.in/berlin?format=3)] [%Y-%m-%d %H:%M.%S] '
+# Refresh status bar every second
+set status-interval 1
+

roles/tmux/templates/tmux.conf.j2

@@ -1,40 +1,46 @@
+# vi:syntax=tmux
 # Reload the config with the "r" key
 bind r source-file ~/.tmux.conf \; display-message "Config reloaded..."
 
 # No automatic renaming of windows
-set -g automatic-rename off
+set automatic-rename off
 
 # Enable 256-color terminal
-set -g default-terminal "screen-256color"
+set default-terminal "screen-256color"
 
 # Set titles to be informative
-set -g set-titles on
-set -g set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
+set set-titles on
+set set-titles-string "tmux: [#H] [#S] [#W:#D #I:#P]"
 
-# Install tmux-plugin-manager, first run `git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm`
-#set -g @plugin 'tmux-plugins/tpm'
-#set -g @plugin 'tmux-plugins/tmux-sensible'
+# Change pane colors
+set -g pane-border-style fg=colour237
+set -g pane-active-border-style fg=colour199
 
-# Tweak currently highlighted pane
-setw -g window-status-current-fg colour236
-setw -g window-status-current-bg colour199
+# Tweak currently active window
+setw -g window-status-current-style bg=colour199,fg=colour255,none
 setw -g window-status-current-format " #F[#W] "
-setw -g window-status-current-attr none
+# Tweak last active window style
+setw -g window-status-last-style fg=colour255,bg=colour238,none
 
-# Tweak pane display
+# Tweak display of window overview
 setw -g window-status-format " #F[#W][#I] "
-setw -g window-status-bg colour237
-setw -g window-status-fg colour255
+setw -g window-status-style bg=colour233,fg=colour255,none
 
 # Tweak status line design
-set -g status-bg colour235
-set -g status-fg colour199
-set -g status-justify centre
-set -g status-left " [#H] [#S] "
-set -g status-left-length 100
-set -g status-right '[FFKA: #(ip addr show freifunk | grep inet6 | grep -v fe80 | cut -d/ -f1 | cut -d " " -f6)] [%Y-%m-%d %H:%M.%S]'
-# Refresh status bar every 5s
-set -g status-interval 5
+set -g status-style bg=colour235,fg=colour199
+set status-justify centre
+set status-left " [#H] [#S] "
+set status-left-length 100
+set status-right '[%Y-%m-%d %H:%M.%S]'
+# Refresh status bar every 2s
+set status-interval 2
+
+# Set some helpful limits & modes
+set -g mouse off
+set -g history-limit 50000
+
+# Make tmux resize based on smallest client actually viewing the window, not just attached
+setw -g aggressive-resize on
 
 # Initialize tmux-plugin-manager
 run '~/.tmux/plugins/tpm/tpm'

tmux.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Set up tmux
-  hosts: tmux
+  hosts: all
   become: true
   roles:
     - tmux

vim.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Install vim and copy color scheme and template its config
-  hosts: vim
+  hosts: all
   become: true
   roles:
     - vim

vim/.netrwhist

@@ -1,3 +0,0 @@
-let g:netrw_dirhistmax  =10
-let g:netrw_dirhist_cnt =1
-let g:netrw_dirhist_1='/home/electron/git/critical_infrastructure'