ansible-infra/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml

---
- name: '[home] get user account information'
  ansible.builtin.getent:
    database: passwd
    key: "{{ workstation_user_account }}"
    split: ":"
  changed_when: false
  when: ansible_facts['getent_passwd'] is undefined or workstation_user_account not in ansible_facts['getent_passwd']

- name: '[setup] ensure expected home directories exist'
  become: true
  ansible.builtin.file:
    path: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/{{ item }}"
    state: directory
    owner: "{{ workstation_user_account }}"
    group: "{{ workstation_user_account }}"
    mode: '0750'
  loop:
    - .local/bin
    - .local/share/applications

- name: '[apt] install dependencies and tools'
  become: true
  ansible.builtin.apt:
    update_cache: true
    force_apt_get: true
    cache_valid_time: 3600
    pkg:
      - apt-file
      - curl
      - dbus-x11 # terminator
      - diffpdf
      - feh
      - ffmpeg
      - flatpak
      - gettext # terminator
      - gir1.2-keybinder-3.0 # terminator
      - gir1.2-vte-2.91 # terminator
      - gnupg2
      - gvfs-backends
      - intltool # terminator
      - mesa-utils
      - mpc
      - mpd
      - mpv
      - ncmpcpp
      - numlockx
      - openssh-server
      - pass
      - poppler-utils
      - pwgen
      - python3-configobj # terminator
      - python3-gi # terminator
      - python3-gi-cairo # terminator
      - python3-pip
      - python3-psutil # terminator
      - python3-setuptools # terminator
      - ruby
      - ruby-dev
      - scrot
      - smbclient
      - socat
      - sshfs
      - suckless-tools
      - sudo
      - unclutter-xfixes
      - vlc
      - whois
      - wireshark
      - xdotool
      - xsel
      - xserver-xephyr
    state: present

- name: '[setup] add user to sudo group'
  become: true
  ansible.builtin.user:
    name: "{{ workstation_user_account }}"
    groups:
      - sudo
    append: true

- name: '[setup] setup Flatpak'
  become: true
  become_user: "{{ workstation_user_account }}"
  block:
    - name: '[flatpak] add flatpak repos'
      ansible.builtin.command:
        cmd: flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
      changed_when: false
    - name: '[flatpak] install flatpak apps'
      ansible.builtin.command:
        cmd: "flatpak install --user --noninteractive {{ item.repo }} {{ item.app }}"
        creates: "/var/lib/flatpak/app/{{ item.app }}"
      loop:
        - repo: flathub
          app: com.discordapp.Discord
        - repo: flathub
          app: md.obsidian.Obsidian

- name: '[github] install tools'
  become: true
  nullified.infrastructure.github_artifact:
    github_token: '{{ workstation_github_token }}'
    asset_name: "{{ item.asset_name | default('') }}"
    asset_type: "{{ item.asset_type }}"
    cmds: "{{ item.cmds | default([]) }}"
    creates: "{{ item.creates | default('') }}"
    repository: "{{ item.repository }}"
    version: "{{ item.version | default('') }}"
  loop:
    - asset_name: terminator-{version}.tar.gz
      asset_type: release
      repository: gnome-terminator/terminator
      creates: /usr/local/bin/terminator
      cmds:
        - tar -zxf {asset_dirname}/{asset_filename}
        - cd $(find . -maxdepth 1 -name terminator\* -type d); python3 setup.py build; python3 setup.py install --single-version-externally-managed --record=install-files.txt
        - rm -rf {asset_dirname}/{asset_filename}
    - asset_name:  noseyparker-{version}-x86_64-unknown-linux-gnu.tar.gz
      asset_type: release
      repository: praetorian-inc/noseyparker
      creates: /usr/local/bin/noseyparker
      cmds:
        - tar -zxf {asset_dirname}/{asset_filename}
        - install --group=root --mode=755 --owner=root bin/noseyparker /usr/local/bin

- name: '[ruby] install tools'
  become: true
  ansible.builtin.command:
    cmd: "gem install {{ item.app }}"
    creates: "{{ item.creates }}"
  loop:
    - app: mdless
      creates: /usr/local/bin/mdless

- name: '[system] setup various directories'
  become: true
  ansible.builtin.file:
    path: "{{ item.path }}"
    mode: "{{ item.mode | default('0750') }}"
    owner: "{{ item.owner | default(workstation_user_account) }}"
    group: "{{ item.group | default(workstation_user_account) }}"
    state: directory
  loop:
    - { path: '/srv/git/foss' }
    - { path: '/srv/git/perso' }
    - { path: '/srv/git/work' }
    - { path: '/srv/storage' }

- name: '[emacs] fetch emacs configuration files'
  become: true
  become_user: "{{ workstation_user_account }}"
  ansible.builtin.git:
    repo: "https://gitlab.0x2a.ninja/naeikindus/emacsd.git"
    dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.emacs.d"
    force: false

- name: '[config] set tools configuration'
  become: true
  become_user: "{{ workstation_user_account }}"
  ansible.builtin.copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode | default('0640') }}"
  loop:
    - { src: "../templates/.config/terminator", dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.config" }
    - { src: "../templates/.config/vlc", dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.config" }
    - { src: "../templates/.config/picom.conf", dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.config"}

- name: '[authenticator] find if binary is already installed'
  ansible.builtin.file:
    path: /opt/yubico-authenticator/authenticator
  register: authenticator_stat
  changed_when: false
  failed_when: false

- name: '[yubico] install authenticator'
  become: true
  when: authenticator_stat.state is match("absent")
  block:
    - name: '[yubico] prepare target directory'
      ansible.builtin.file:
        path: "{{ item }}"
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"
        mode: '0750'
        state: directory
      loop:
        - /tmp/yubico-unarchive
        - /opt/yubico-authenticator

    - name: '[yubico] extract data'
      ansible.builtin.unarchive:
        src: https://developers.yubico.com/yubioath-flutter/Releases/yubico-authenticator-latest-linux.tar.gz
        remote_src: true
        dest: /tmp/yubico-unarchive
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"

    - name: '[yubico] find extracted directory'
      ansible.builtin.command:
        cmd: find /tmp/yubico-unarchive -mindepth 1 -maxdepth 1
      register: yubico_extract_path
      changed_when: false

    - name: '[yubico] move extracted data to final dir'
      ansible.builtin.copy:
        remote_src: true
        src: "{{ yubico_extract_path.stdout }}/"
        dest: /opt/yubico-authenticator
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"

    - name: '[yubico] cleanup'
      ansible.builtin.file:
        path: /tmp/yubico-unarchive
        state: absent

    - name: '[yubico] create shell wrapper'
      ansible.builtin.template:
        src: ../templates/bin_wrapper.sh.j2
        dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.local/bin/authenticator"
        mode: '0750'
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"
      vars:
        application: "/opt/yubico-authenticator/authenticator"

    - name: '[yubico] create desktop entry'
      ansible.builtin.template:
        src: ../templates/desktop_app.j2
        dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.local/share/applications/authenticator.desktop"
        mode: '0600'
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"
      vars:
        application:
          nodisplay: false
          exec_cmd: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.local/bin/authenticator"
          name: "Authenticator"

- include_tasks: window_manager.yml