ref(playbook): Change to role-based structure

2025-02-28 20:57:34 +01:00 · 2025-02-28 20:57:34 +01:00 · b3b280fbe4
commit b3b280fbe4
parent 95fd68bed8
39 changed files with 635 additions and 601 deletions
--- a/books/void_base.yaml
+++ b/books/void_base.yaml
@ -1,257 +0,0 @@
- name: Install void base system
-  hosts: target_system
-  become: true
-  tasks:
-    # Prefer booster to dracut so make sure to never install it
-    - name: Ignore dracut
-      ansible.builtin.lineinfile:
-        path: /etc/xbps.d/ignore-dracut.conf
-        line: ignorepkg=dracut
-        state: present
-        create: true # create file if absent
-
-    - name: Update xbps and system
-      community.general.xbps:
-        name:
-          - xbps
-        state: latest
-        update_cache: true
-        upgrade: true
-
-    - name: Install Base system
-      community.general.xbps:
-        name:
-          - base-system
-        state: present
-
-    - name: Get rid of temporary container metapackage
-      community.general.xbps:
-        name:
-          - base-container-full
-        state: absent
-
-    - name: Install booster
-      community.general.xbps:
-        name: booster
-        state: present
-      notify: installed-booster
-
-  handlers:
-    - name: List kernel module dirs
-      ansible.builtin.find:
-        paths: "/usr/lib/modules"
-        file_type: directory
-      register: found_kernels
-      listen: installed-booster
-
-    - name: Find kernels
-      ansible.builtin.set_fact:
-        kernel_list: "{{ found_kernels['files'] | map(attribute='path') | map('regex_replace', '^.*/(.*)$', '\\1') | list }}"
-      listen: installed-booster
-
-    - name: Create booster initramfs
-      vars:
-        fname: /boot/booster-void
-      ansible.builtin.command:
-        argv:
-          - booster
-          - --verbose
-          - build
-          - --kernel-version={{ item }}
-          - "{{ fname }}-{{ item }}.img"
-        creates: "{{ fname }}-{{ item }}.img"
-      loop: "{{ kernel_list }}"
-      listen: installed-booster
-
- name: Configure void base system
-  hosts: target_system
-  become: true
-  vars:
-    host_name: voider
-    timezone: Europe/Berlin
-    locales_enabled:
-      - en_US.UTF-8 UTF-8
-
-  tasks:
-    - name: Set hostname
-      ansible.builtin.template:
-        src: hostname.j2
-        dest: /etc/hostname
-
-    - name: Set timezone
-      ansible.builtin.file:
-        path: /etc/localtime
-        src: /usr/share/zoneinfo/{{ timezone }}
-        state: link
-
-    - name: Check if glibc locales exist
-      ansible.builtin.stat:
-        path: /etc/default/libc-locales
-      register: libc_locales_file
-
-    - name: Set correct glibc locales
-      ansible.builtin.lineinfile:
-        path: /etc/default/libc-locales
-        regexp: "^{{ item }}"
-        line: "{{ item }}"
-        state: present
-        create: true
-      loop: "{{ locales_enabled }}"
-      when: libc_locales_file.stat.exists
-      notify: glibc-locales-changed
-
-    - name: Set up chrony for NTP management
-      community.general.xbps:
-        name:
-          - chrony
-        state: present
-      notify: installed-chrony
-
-    - name: Activate acpid service
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/acpid"
-        dest: "/etc/runit/runsvdir/default/acpid"
-        state: link
-
-  handlers:
-    - name: Regenerate locales
-      ansible.builtin.command:
-        argv:
-          - xbps-reconfigure
-          - --force
-          - libc-locales
-      listen: glibc-locales-changed
-
-    - name: Activate chronyd service
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      with_items: [chronyd]
-      listen: installed-chrony
-
- name: Set up wireless networking
-  hosts: target_system
-  become: true
-  tags:
-    - wireless
-    - iwd
-  tasks:
-    - name: Install iwd
-      community.general.xbps:
-        name:
-          - iwd
-        state: present
-
-    - name: Activate wireless networking service
-      ansible.builtin.file:
-        src: "/etc/sv/iwd"
-        dest: "/etc/runit/runsvdir/default/iwd"
-        state: link
-
- name: Set up snapper backups
-  hosts: target_system
-  become: true
-  tags:
-    - btrfs
-    - snapshots
-  tasks:
-    - name: Install snapper
-      community.general.xbps:
-        name:
-          - snapper
-        state: present
-      notify: installed-snapper
-
-    # https://wiki.archlinux.org/title/Snapper#updatedb
-    - name: Disable updatedb indexing for snapshot directories
-      ansible.builtin.copy:
-        content: 'PRUNENAMES = ".snapshots"'
-        dest: "/etc/updatedb.conf"
-        owner: root
-        group: root
-        mode: 0644
-        force: true
-
-    - name: Ensure snapper configs directory exists
-      ansible.builtin.file:
-        dest: "/etc/snapper/configs"
-        state: directory
-        recurse: true
-
-    - name: Ensure root /.snapshots directory exists
-      ansible.builtin.file:
-        dest: "/.snapshots"
-        state: directory
-        mode: 0755
-
-    - name: Create root backup configuration
-      ansible.builtin.template:
-        src: snapper-configurations/root.j2
-        dest: "/etc/snapper/configs/root"
-        mode: 0640
-        force: true # ensure contents are always exact
-
-    - name: Ensure home /.snapshots directory exists
-      ansible.builtin.file:
-        dest: "/home/.snapshots"
-        state: directory
-        mode: 0755
-
-    - name: Create homedir backup configuration
-      ansible.builtin.template:
-        src: snapper-configurations/home.j2
-        dest: "/etc/snapper/configs/home"
-        mode: 0640
-        force: true
-
-    - name: Add snap manual safety command
-      ansible.builtin.copy:
-        src: snapper-snap-script
-        dest: "/usr/bin/snap"
-        owner: root
-        group: root
-        mode: 0755
-
-  handlers:
-  #   # Do NOT activate the snapperd service -
-  #   # on systems without elogind I guess? Unsure
-  #   - name: Activate snapper service
-  #     ansible.builtin.file:
-  #       force: "yes"
-  #       src: "/etc/sv/snapperd"
-  #       dest: "/etc/runit/runsvdir/default/snapperd"
-  #       state: link
-  #     listen: installed-snapper
-    - name: Snapper handler stub
-      ansible.builtin.debug:
-        msg: ""
-      listen: installed-snapper
-
- name: Set up snooze as cron daemon
-  hosts: target_system
-  become: true
-  tags:
-    - cron
-    - snooze
-  tasks:
-    - name: Install snooze
-      community.general.xbps:
-        name:
-          - snooze
-        state: present
-
-    - name: Activate snooze cron services
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      loop:
-        - snooze-hourly
-        - snooze-daily
-        - snooze-weekly
-        - snooze-monthly
-
--- a/books/void_network.yaml
+++ b/books/void_network.yaml
@ -1,23 +0,0 @@
- name: Set up voidlinux networking
-  hosts: target_system
-  become: true
-  vars:
-    nameserver1: 9.9.9.9
-    nameserver2: 9.9.9.10
-  tasks:
-    - name: Configure resolv DNS
-      ansible.builtin.copy:
-        mode: 0644
-        dest: "/etc/resolv.conf"
-        content: |
-          nameserver {{ nameserver1 }}
-          nameserver {{ nameserver2 }}
-      failed_when: false # can't ever fail
-
-    - name: Activate dhcp service
-      ansible.builtin.file:
-        force: 'yes'
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      with_items: [ dhcpcd ]
--- a/books/void_packages.yaml
+++ b/books/void_packages.yaml
@ -1,90 +0,0 @@
- name: Install basic custom void packages
-  hosts: interface
-  become: true
-  tags:
-    - interface
-    - packages
-  tasks:
-    - name: Set up keyd for custom key events
-      community.general.xbps:
-        name:
-          - keyd
-        state: "{{ desired_package_state }}"
-      notify: installed-keyd
-
-    - name: Install many fonts
-      community.general.xbps:
-        name: "{{ fonts }}"
-        state: "{{ desired_package_state }}"
-      notify: installed-fonts
-      when: fonts
-
-  handlers:
-    - name: Activate keyd service
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      with_items: [keyd]
-      listen: installed-keyd
-
-    - name: Regenerate fontconfig
-      ansible.builtin.command:
-        argv:
-          - xbps-reconfigure
-          - --force
-          - fontconfig
-      listen: installed-fonts
-
- name: Install bluetooth
-  hosts: target_system
-  become: true
-  tags:
-    - bluetooth
-  tasks:
-    - name: Install bluetooth packages
-      community.general.xbps:
-        name:
-          - bluez
-        state: "{{ desired_package_state }}"
-      notify: installed-bluetooth
-
-  handlers:
-    - name: Activate bluetooth service
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      with_items: [bluetoothd, dbus]
-      listen: installed-bluetooth
-
- name: Install gnupg
-  hosts: target_system
-  become: true
-  tags:
-    - packages
-    - gpg
-  tasks:
-    - name: Install a bunch of base custom stuff
-      community.general.xbps:
-        name: [gnupg, gnupg2-scdaemon]
-        state: "{{ desired_package_state }}"
-  handlers:
-    - name: Put user in plugdev group
-      ansible.builtin.user:
-        name: "{{ user_name }}"
-        groups: [plugdev]
-        append: true
-
- name: Install basic custom void packages
-  hosts: target_system
-  become: true
-  tags:
-    - packages
-  tasks:
-    - name: Install a bunch of base custom stuff
-      community.general.xbps:
-        name: "{{ lookup('community.general.merge_variables', '^packages_.*') }}"
-        state: "{{ desired_package_state }}"
--- a/books/void_user.yaml
+++ b/books/void_user.yaml
@ -1,28 +0,0 @@
- name: Set up primary user
-  hosts: target_system
-  become: true
-  tasks:
-    - name: Ensure user groups all exist
-      ansible.builtin.group:
-        name: "{{ item }}"
-        state: present
-      loop: "{{ user_groups }}"
-
-    - name: Enable sudo for "wheel" group
-      ansible.builtin.copy:
-        content: "%wheel ALL=(ALL) ALL"
-        dest: "/etc/sudoers.d/10-wheel"
-        owner: root
-        group: root
-        mode: 0644
-        force: true
-
-    - name: Add user
-      ansible.builtin.user:
-        name: "{{ user_name }}"
-        password: "{{ user_pass | password_hash('sha512', 'supersecretsalt') }}"
-        create_home: true
-        shell: "/bin/{{ user_shell }}"
-        group: "{{ user_name }}"
-        groups: "{{ user_groups }}"
-        generate_ssh_key: true
--- a/books/void_wayland.yaml
+++ b/books/void_wayland.yaml
@ -1,174 +0,0 @@
- name: Install void wayland environment
-  hosts: target_system
-  become: true
-  tags: wayland
-  tasks:
-    - name: Install intel wayland drivers
-      community.general.xbps:
-        name:
-          - mesa-dri
-        state: present
-
-    - name: Install wayland packages
-      community.general.xbps:
-        name:
-          - dbus
-          - seatd
-          - turnstile
-        state: present
-      # notify: installed-wayland -> TODO: Use handler? Currently using task below
-
-    - name: Activate wayland services
-      ansible.builtin.file:
-        force: "yes"
-        src: "/etc/sv/{{ item }}"
-        dest: "/etc/runit/runsvdir/default/{{ item }}"
-        state: link
-      with_items: [dbus, turnstiled, seatd]
-
-    - name: Set user service directory to $HOME/.local/state/service
-      ansible.builtin.copy:
-        src: runit.conf
-        dest: /etc/turnstile/backend/runit.conf
-        mode: 0644
-
-    - name: Install wlr desktop portals
-      community.general.xbps:
-        name:
-          - xdg-desktop-portal
-          - xdg-desktop-portal-wlr
-        state: present
-      tags: desktop-portal
-
-    - name: Install qt5 and qt6 wayland libraries
-      community.general.xbps:
-        name:
-          - qt5-wayland
-          - qt6-wayland
-        state: present
-      tags: qt-wayland
-
- name: Set up display manager
-  hosts: target_system
-  become: true
-  vars:
-    greeter_user: _greeter
-  tags:
-    - wayland
-    - greetd
-    - tuigreet
-  tasks:
-    - name: Ensure user group for greeter exists
-      ansible.builtin.group:
-        name: "{{ greeter_user }}"
-        state: present
-
-    - name: Install greetd and tuigreet
-      community.general.xbps:
-        name:
-          - greetd
-          - tuigreet
-        state: present
-
-    - name: Set up tuigreet config for greetd
-      ansible.builtin.template:
-        src: greetd-config.toml.j2
-        dest: "/etc/greetd/config.toml"
-        owner: root
-        group: root
-        mode: 0644
-        force: true
-
-    - name: Activate greetd service
-      ansible.builtin.file:
-        src: "/etc/sv/greetd"
-        dest: "/etc/runit/runsvdir/default/greetd"
-        state: link
-
- name: Install audio and video for wayland
-  hosts: target_system
-  become: true
-  tags: audio
-  vars:
-    audio_groups: [audio, video]
-  tasks:
-    - name: Ensure user group for audio/video exists
-      ansible.builtin.group:
-        name: "{{ item }}"
-        state: present
-      loop: "{{ audio_groups }}"
-
-    - name: Put user in audio group
-      ansible.builtin.user:
-        name: "{{ user_name }}"
-        groups: "{{ audio_groups }}"
-        append: true
-
-    - name: Install pipewire
-      community.general.xbps:
-        name:
-          - pipewire
-        state: present
-      notify: installed-pipewire
-
-    - name: Install pipewire bluetooth
-      community.general.xbps:
-        name:
-          - libspa-bluetooth
-        state: present
-      tags: bluetooth
-
-  handlers:
-    - name: Set up wireplumber to auto start
-      ansible.builtin.file:
-        dest: "/etc/pipewire/pipewire.conf.d"
-        state: directory
-      listen: installed-pipewire
-
-      # FIXME: Does not work automatically for some reason?
-    - name: Set up wireplumber to auto start
-      ansible.builtin.file:
-        force: "yes"
-        src: "/usr/share/examples/wireplumber/10-wireplumber.conf"
-        dest: "/etc/pipewire/pipewire.conf.d/10-wireplumber.conf"
-        state: link
-      listen: installed-pipewire
-
-    - name: Enable pipewire-pulse interface
-      ansible.builtin.file:
-        force: "yes"
-        src: "/usr/share/examples/pipewire/20-pipewire-pulse.conf"
-        dest: "/etc/pipewire/pipewire.conf.d/20-pipewire-pulse.conf"
-        state: link
-      listen: installed-pipewire
-
-      ## TODO: Enable its start in river init script
-      #
-      # TODO: Find way to install and enable pipewire-roc-sink module (and enable ~/.config/pipewire/pipewire.conf.d/roc-sink.conf)
-
-
- name: Allow user to manage system power
-  hosts: target_system
-  become: true
-  tags:
-    - power
-  tasks:
-    - name: Ensure user group "power" exists
-      ansible.builtin.group:
-        name: power
-        state: present
-
-    - name: Put user in power group
-      ansible.builtin.user:
-        name: "{{ user_name }}"
-        groups: [power]
-        append: true
-
-    - name: Enable power management for power group
-      ansible.builtin.copy:
-        content: "%power ALL=(ALL) NOPASSWD: /usr/bin/halt, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/shutdown, /usr/bin/zzz, /usr/bin/ZZZ"
-        dest: "/etc/sudoers.d/20-power"
-        owner: root
-        group: root
-        mode: 0644
-        force: true
--- a/play.yaml
+++ b/play.yaml
@ -1,6 +1,9 @@
 ---
- name: Import host tasks
-  ansible.builtin.import_playbook: books/host.yaml
+- name: Prepare host system
+  hosts: hostsystem
+  become: true
+  roles:
+    - host

 # Get python onto void - otherwise we can not interact through ansible
 - name: Bootstrap void python
@ -12,17 +15,35 @@
      register: python_install
      changed_when: "'installed successfully' in python_install.stdout"

- name: Import chroot void base tasks
-  ansible.builtin.import_playbook: books/void_base.yaml
+- name: Set up target system
+  hosts: target_system
+  become: true
+  roles:
+    - role: base
+      tags: base
+    - role: user
+      tags: user
+    - role: network
+      tags: network
+    - role: backup
+      tags: backup
+    - role: keyd
+      tags: keyd

- name: Import chroot void network tasks
-  ansible.builtin.import_playbook: books/void_network.yaml
+    - role: wayland
+      tags: wayland
+    - role: display_manager
+      tags: display_manager
+    - role: pipewire
+      tags: pipewire
+    - role: bluetooth
+      tags: bluetooth
+    - role: power
+      tags: power
+    - role: gnupg
+      tags: gnupg

- name: Import chroot void wayland tasks
-  ansible.builtin.import_playbook: books/void_wayland.yaml
-
- name: Import chroot user management tasks
-  ansible.builtin.import_playbook: books/void_user.yaml
-
- name: Import chroot void customizations
-  ansible.builtin.import_playbook: books/void_packages.yaml
+    - role: fonts
+      tags: fonts
+    - role: packages
+      tags: packages
--- a/roles/backup/files/snapper-snap-script
+++ b/roles/backup/files/snapper-snap-script
--- a/roles/backup/tasks/main.yaml
+++ b/roles/backup/tasks/main.yaml
@ -0,0 +1,5 @@
+- name: Set up snapper snapshots
+  import_tasks: snapper.yaml
+  tags:
+    - btrfs
+    - snapshots
--- a/roles/backup/tasks/snapper.yaml
+++ b/roles/backup/tasks/snapper.yaml
@ -0,0 +1,67 @@
+- name: Install snapper
+  community.general.xbps:
+    name:
+      - snapper
+    state: present
+
+# https://wiki.archlinux.org/title/Snapper#updatedb
+- name: Disable updatedb indexing for snapshot directories
+  ansible.builtin.copy:
+    content: 'PRUNENAMES = ".snapshots"'
+    dest: "/etc/updatedb.conf"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+
+- name: Ensure snapper configs directory exists
+  ansible.builtin.file:
+    dest: "/etc/snapper/configs"
+    state: directory
+    recurse: true
+
+- name: Ensure root /.snapshots directory exists
+  ansible.builtin.file:
+    dest: "/.snapshots"
+    state: directory
+    mode: 0755
+
+- name: Create root backup configuration
+  ansible.builtin.template:
+    src: snapper-configurations/root.j2
+    dest: "/etc/snapper/configs/root"
+    mode: 0640
+    force: true # ensure contents are always exact
+
+- name: Ensure home /.snapshots directory exists
+  ansible.builtin.file:
+    dest: "/home/.snapshots"
+    state: directory
+    mode: 0755
+
+- name: Create homedir backup configuration
+  ansible.builtin.template:
+    src: snapper-configurations/home.j2
+    dest: "/etc/snapper/configs/home"
+    mode: 0640
+    force: true
+
+- name: Add snap manual safety command
+  ansible.builtin.copy:
+    src: snapper-snap-script
+    dest: "/usr/bin/snap"
+    owner: root
+    group: root
+    mode: 0755
+
+# For now we never activate the snapper daemon
+# Does not work without elogind?
+# Using snooze (i.e. cron) enabled recurring
+# backup tasks instead.
+# - name: Activate snapper service
+#   ansible.builtin.file:
+#     force: "yes"
+#     src: "/etc/sv/snapperd"
+#     dest: "/etc/runit/runsvdir/default/snapperd"
+#     state: link
+#   tags: never
--- a/roles/backup/templates/snapper-configurations/home.j2
+++ b/roles/backup/templates/snapper-configurations/home.j2
--- a/roles/backup/templates/snapper-configurations/root.j2
+++ b/roles/backup/templates/snapper-configurations/root.j2
--- a/roles/backup/vars/main.yaml
+++ b/roles/backup/vars/main.yaml
--- a/roles/base/handlers/main.yaml
+++ b/roles/base/handlers/main.yaml
@ -0,0 +1,31 @@
+- name: List kernel module dirs
+  ansible.builtin.find:
+    paths: "/usr/lib/modules"
+    file_type: directory
+  register: found_kernels
+  listen: installed-booster
+
+- name: Find kernels
+  ansible.builtin.set_fact:
+    kernel_list: "{{ found_kernels['files'] | map(attribute='path') | map('regex_replace', '^.*/(.*)$', '\\1') | list }}"
+  listen: installed-booster
+
+- name: Create booster initramfs
+  ansible.builtin.command:
+    argv:
+      - booster
+      - --verbose
+      - build
+      - --kernel-version={{ item }}
+      - "{{ fname }}-{{ item }}.img"
+    creates: "{{ fname }}-{{ item }}.img"
+  loop: "{{ kernel_list }}"
+  listen: installed-booster
+
+- name: Regenerate locales
+  ansible.builtin.command:
+    argv:
+      - xbps-reconfigure
+      - --force
+      - libc-locales
+  listen: glibc-locales-changed
--- a/roles/base/tasks/main.yaml
+++ b/roles/base/tasks/main.yaml
@ -0,0 +1,122 @@
+# Prefer booster to dracut so make sure to never install it
+- name: Ignore dracut
+  ansible.builtin.lineinfile:
+    path: /etc/xbps.d/ignore-dracut.conf
+    line: ignorepkg=dracut
+    state: present
+    create: true # create file if absent
+  tags:
+    - packages
+    - dracut
+
+- name: Update xbps and system
+  community.general.xbps:
+    name:
+      - xbps
+    state: latest
+    update_cache: true
+    upgrade: true
+  tags:
+    - packages
+    - update
+
+- name: Install Base system
+  community.general.xbps:
+    name:
+      - base-system
+    state: present
+  tags:
+    - packages
+
+- name: Get rid of temporary container metapackage
+  community.general.xbps:
+    name:
+      - base-container-full
+    state: absent
+  tags:
+    - packages
+
+- name: Install booster
+  community.general.xbps:
+    name: booster
+    state: present
+  notify: installed-booster
+  tags:
+    - packages
+    - booster
+
+- name: Set hostname
+  ansible.builtin.template:
+    src: hostname.j2
+    dest: /etc/hostname
+  tags: hostname
+
+- name: Set timezone
+  ansible.builtin.file:
+    path: /etc/localtime
+    src: /usr/share/zoneinfo/{{ timezone }}
+    state: link
+  tags: timezone
+
+- name: Install glibc
+  tags: glibc
+  block:
+  - name: Check if glibc locales exist
+    ansible.builtin.stat:
+      path: /etc/default/libc-locales
+    register: libc_locales_file
+
+  - name: Set correct glibc locales
+    ansible.builtin.lineinfile:
+      path: /etc/default/libc-locales
+      regexp: "^{{ item }}"
+      line: "{{ item }}"
+      state: present
+      create: true
+    loop: "{{ locales_enabled }}"
+    when: libc_locales_file.stat.exists
+    notify: glibc-locales-changed
+
+- name: Set up chrony for NTP management
+  community.general.xbps:
+    name:
+      - chrony
+    state: present
+  tags: chrony
+
+- name: Activate chronyd service
+  ansible.builtin.file:
+    src: "/etc/sv/chronyd"
+    dest: "/etc/runit/runsvdir/default/chronyd"
+    state: link
+  tags: chrony
+
+- name: Activate acpid service
+  ansible.builtin.file:
+    src: "/etc/sv/acpid"
+    dest: "/etc/runit/runsvdir/default/acpid"
+    state: link
+  tags: acpid
+
+- name: Set up snooze as cron daemon
+  tags:
+    - cron
+    - snooze
+  block:
+    - name: Install snooze
+      community.general.xbps:
+        name:
+          - snooze
+        state: present
+
+    - name: Activate snooze cron services
+      ansible.builtin.file:
+        force: "yes"
+        src: "/etc/sv/{{ item }}"
+        dest: "/etc/runit/runsvdir/default/{{ item }}"
+        state: link
+      loop:
+        - snooze-hourly
+        - snooze-daily
+        - snooze-weekly
+        - snooze-monthly
--- a/roles/base/templates/hostname.j2
+++ b/roles/base/templates/hostname.j2
--- a/roles/base/vars/main.yaml
+++ b/roles/base/vars/main.yaml
@ -0,0 +1,6 @@
+---
+booster_initramfs_name: /boot/booster-void
+host_name: voider
+timezone: Europe/Berlin
+locales_enabled:
+  - en_US.UTF-8 UTF-8
--- a/roles/bluetooth/tasks/main.yaml
+++ b/roles/bluetooth/tasks/main.yaml
@ -0,0 +1,16 @@
+- name: Install bluetooth packages
+  community.general.xbps:
+    name:
+      - bluez
+    state: "{{ desired_package_state }}"
+  tags: packages
+
+- name: Activate bluetooth service
+  ansible.builtin.file:
+    force: "yes"
+    src: "/etc/sv/{{ item }}"
+    dest: "/etc/runit/runsvdir/default/{{ item }}"
+    state: link
+  with_items:
+    - bluetoothd
+    - dbus
--- a/roles/display_manager/tasks/main.yaml
+++ b/roles/display_manager/tasks/main.yaml
@ -0,0 +1,29 @@
+---
+- name: Ensure user group for greeter exists
+  ansible.builtin.group:
+    name: "{{ greeter_user }}"
+    state: present
+
+- name: Install greetd and tuigreet
+  community.general.xbps:
+    name:
+      - greetd
+      - tuigreet
+    state: present
+  tags:
+    - packages
+
+- name: Set up tuigreet config for greetd
+  ansible.builtin.template:
+    src: greetd-config.toml.j2
+    dest: "/etc/greetd/config.toml"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+
+- name: Activate greetd service
+  ansible.builtin.file:
+    src: "/etc/sv/greetd"
+    dest: "/etc/runit/runsvdir/default/greetd"
+    state: link
--- a/roles/display_manager/templates/greetd-config.toml.j2
+++ b/roles/display_manager/templates/greetd-config.toml.j2
--- a/roles/display_manager/vars/main.yaml
+++ b/roles/display_manager/vars/main.yaml
@ -0,0 +1,2 @@
+---
+greeter_user: _greeter
--- a/roles/fonts/handlers/main.yaml
+++ b/roles/fonts/handlers/main.yaml
@ -0,0 +1,9 @@
+---
+- name: Regenerate fontconfig
+  ansible.builtin.command:
+    argv:
+      - xbps-reconfigure
+      - --force
+      - fontconfig
+  listen: installed-fonts
+
--- a/roles/fonts/tasks/main.yaml
+++ b/roles/fonts/tasks/main.yaml
@ -0,0 +1,8 @@
+---
+- name: Install many fonts
+  community.general.xbps:
+    name: "{{ fonts }}"
+    state: "{{ desired_package_state }}"
+  notify: installed-fonts
+  when: fonts
+
--- a/roles/gnupg/tasks/main.yaml
+++ b/roles/gnupg/tasks/main.yaml
@ -0,0 +1,18 @@
+- name: Install gnupg and smartcard addon
+  community.general.xbps:
+    name:
+      - gnupg
+      - gnupg2-scdaemon
+    state: "{{ desired_package_state }}"
+  tags: packages
+
+- name: Ensure user group plugdev exist
+  ansible.builtin.group:
+    name: plugdev
+    state: present
+
+- name: Put user in plugdev group
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    groups: [plugdev]
+    append: true
--- a/roles/host/defaults/main.yml
+++ b/roles/host/defaults/main.yml
@ -0,0 +1,3 @@
+---
+mount_dir: /mnt/void
+tarball_url: "https://repo-default.voidlinux.org/live/current/void-x86_64-ROOTFS-20250202.tar.xz"
--- a/roles/host/tasks/main.yaml
+++ b/roles/host/tasks/main.yaml
@ -27,14 +27,7 @@
 #         # TODO: should take opts from fstab. Definitely needs 'boot' type option
 #        - { fstype: 'vfat',  src: '/dev/disk/by-uuid/{{ boot_dev_uuid }}', path: '{{ mount_dir }}/boot' }

- name: Create voidlinux guest
-  hosts: hostsystem
-  become: true
-  vars:
-    mount_dir: /mnt/void
-    tarball_url: "https://repo-default.voidlinux.org/live/current/void-x86_64-ROOTFS-20250202.tar.xz"
-  tasks:
-    - name: Unpack rootfs
+- name: Unpack rootfs
  ansible.builtin.unarchive:
    remote_src: yes # we already downloaded it to the 'remote' system
    src: "{{ tarball_url }}"
--- a/roles/keyd/files/default.conf
+++ b/roles/keyd/files/default.conf
@ -0,0 +1,41 @@
+# Makes capslock to control/escape
+# insert to paste
+# right alt to enable German Umlaute (äÄöÖüÜ),
+# sharp s (ß), and the Euro sign (€).
+# Needs compose key to be set in xkb to work correctly:
+# $ setxkbmap -option "compose:menu"
+
+[ids]
+
+*
+
+[main]
+
+capslock = overload(control, esc)
+insert = S-insert
+rightalt = layer(dia)
+shift = layer(shift)
+rightshift = layer(shift)
+
+[shift:S]
+
+rightalt = layer(shiftedDia)
+
+[dia]
+
+shift = layer(shiftedDia)
+rightshift = layer(shiftedDia)
+
+a = macro(compose a ")
+o = macro(compose o ")
+u = macro(compose u ")
+s = macro(compose s s)
+e = macro(compose = e)
+
+[shiftedDia]
+
+a = macro(compose A ")
+o = macro(compose O ")
+u = macro(compose U ")
+s = macro(compose S S)
+e = macro(compose l -)
--- a/roles/keyd/tasks/main.yaml
+++ b/roles/keyd/tasks/main.yaml
@ -0,0 +1,22 @@
+---
+- name: Install keyd
+  community.general.xbps:
+    name:
+      - keyd
+    state: "{{ desired_package_state }}"
+  tags:
+    - packages
+
+- name: Set up keyd umlaut configuration
+  ansible.builtin.copy:
+    src: default.conf
+    dest: "/etc/keyd/default.conf"
+    force: yes
+
+- name: Activate keyd service
+  ansible.builtin.file:
+    src: "/etc/sv/keyd"
+    dest: "/etc/runit/runsvdir/default/keyd"
+    state: link
+    force: true
+
--- a/roles/network/tasks/main.yaml
+++ b/roles/network/tasks/main.yaml
@ -0,0 +1,21 @@
+---
+- name: Configure resolv DNS
+  ansible.builtin.copy:
+    mode: 0644
+    dest: "/etc/resolv.conf"
+    content: |
+      nameserver {{ nameserver1 }}
+      nameserver {{ nameserver2 }}
+  failed_when: false # can't ever fail
+
+- name: Activate dhcp service
+  ansible.builtin.file:
+    src: "/etc/sv/dhcpcd"
+    dest: "/etc/runit/runsvdir/default/dhcpcd"
+    state: link
+
+- name: Set up wireless networking
+  import_tasks: wireless.yaml
+  tags:
+    - wireless
+    - iwd
--- a/roles/network/tasks/wireless.yaml
+++ b/roles/network/tasks/wireless.yaml
@ -0,0 +1,13 @@
+---
+- name: Install iwd
+  community.general.xbps:
+    name:
+      - iwd
+    state: present
+
+- name: Activate wireless networking service
+  ansible.builtin.file:
+    src: "/etc/sv/iwd"
+    dest: "/etc/runit/runsvdir/default/iwd"
+    state: link
+
--- a/roles/network/vars/main.yaml
+++ b/roles/network/vars/main.yaml
@ -0,0 +1,3 @@
+---
+nameserver1: 9.9.9.9
+nameserver2: 9.9.9.10
--- a/roles/packages/tasks/main.yaml
+++ b/roles/packages/tasks/main.yaml
@ -0,0 +1,4 @@
+- name: Install all my used void packages
+  community.general.xbps:
+    name: "{{ lookup('community.general.merge_variables', '^packages_.*') }}"
+    state: "{{ desired_package_state }}"
--- a/roles/pipewire/tasks/main.yaml
+++ b/roles/pipewire/tasks/main.yaml
@ -0,0 +1,49 @@
+- name: Ensure user group for audio/video exists
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ audio_groups }}"
+
+- name: Put user in audio group
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    groups: "{{ audio_groups }}"
+    append: true
+
+- name: Install pipewire
+  community.general.xbps:
+    name:
+      - pipewire
+    state: present
+  tags: packages
+
+- name: Install pipewire bluetooth
+  community.general.xbps:
+    name:
+      - libspa-bluetooth
+    state: present
+  tags:
+    - packages
+    - bluetooth
+
+- name: Set up wireplumber to auto start
+  ansible.builtin.file:
+    dest: "/etc/pipewire/pipewire.conf.d"
+    state: directory
+
+  # FIXME: Does not work automatically for some reason?
+- name: Set up wireplumber to auto start
+  ansible.builtin.file:
+    force: "yes"
+    src: "/usr/share/examples/wireplumber/10-wireplumber.conf"
+    dest: "/etc/pipewire/pipewire.conf.d/10-wireplumber.conf"
+    state: link
+
+- name: Enable pipewire-pulse interface
+  ansible.builtin.file:
+    force: "yes"
+    src: "/usr/share/examples/pipewire/20-pipewire-pulse.conf"
+    dest: "/etc/pipewire/pipewire.conf.d/20-pipewire-pulse.conf"
+    state: link
+
+# TODO: Find way to install and enable pipewire-roc-sink module (and enable ~/.config/pipewire/pipewire.conf.d/roc-sink.conf)
--- a/roles/pipewire/vars/main.yaml
+++ b/roles/pipewire/vars/main.yaml
@ -0,0 +1,4 @@
+---
+audio_groups:
+  - audio
+  - video
--- a/roles/power/tasks/main.yaml
+++ b/roles/power/tasks/main.yaml
@ -0,0 +1,20 @@
+---
+- name: Ensure user group "power" exists
+  ansible.builtin.group:
+    name: power
+    state: present
+
+- name: Put user in power group
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    groups: [power]
+    append: true
+
+- name: Enable power management for power group
+  ansible.builtin.copy:
+    content: "%power ALL=(ALL) NOPASSWD: /usr/bin/halt, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/shutdown, /usr/bin/zzz, /usr/bin/ZZZ"
+    dest: "/etc/sudoers.d/20-power"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
--- a/roles/power/vars/main.yaml
+++ b/roles/power/vars/main.yaml
--- a/roles/user/tasks/main.yaml
+++ b/roles/user/tasks/main.yaml
@ -0,0 +1,27 @@
+- name: Enable sudo access for "wheel" group
+  ansible.builtin.copy:
+    content: "%wheel ALL=(ALL) ALL"
+    dest: "/etc/sudoers.d/10-wheel"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+  tags: sudo
+
+- name: Ensure all desired user groups exist
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ user_groups }}"
+
+- name: Add primary user
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    password: "{{ user_pass | password_hash('sha512', '{{ user_pass_salt}}') }}"
+    create_home: true
+    shell: "/bin/{{ user_shell }}"
+    group: "{{ user_name }}"
+    groups: "{{ user_groups }}"
+    generate_ssh_key: true
+  tags:
+    - passlib
--- a/roles/user/vars/main.yaml
+++ b/roles/user/vars/main.yaml
@ -0,0 +1,18 @@
+user_pass_salt: supersecretsalt
+user_name: voidboi
+user_pass: voidlinux
+user_shell: zsh
+user_shell: zsh
+user_groups:
+  - wheel
+  - _seatd # TODO: This will error if it does not exist? (seatd not installed)
+  - dialout
+  - disk
+  - input
+  - kvm
+  - lp
+  - plugdev
+  - scanner
+  - storage
+  - usbmon
+
--- a/roles/wayland/files/runit.conf
+++ b/roles/wayland/files/runit.conf
--- a/roles/wayland/tasks/main.yaml
+++ b/roles/wayland/tasks/main.yaml
@ -0,0 +1,54 @@
+- name: Install intel wayland drivers
+  community.general.xbps:
+    name:
+      - mesa-dri
+    state: present
+  tags:
+    - intel
+    - drivers
+    - packages
+
+- name: Install wayland packages
+  community.general.xbps:
+    name:
+      - dbus
+      - seatd
+      - turnstile
+    state: present
+  tags:
+    - packages
+
+- name: Activate wayland services
+  ansible.builtin.file:
+    force: "yes"
+    src: "/etc/sv/{{ item }}"
+    dest: "/etc/runit/runsvdir/default/{{ item }}"
+    state: link
+  with_items: [dbus, turnstiled, seatd]
+
+- name: Set user service directory to $HOME/.local/state/service
+  ansible.builtin.copy:
+    src: runit.conf
+    dest: /etc/turnstile/backend/runit.conf
+    mode: 0644
+
+- name: Install wlr desktop portals
+  community.general.xbps:
+    name:
+      - xdg-desktop-portal
+      - xdg-desktop-portal-wlr
+    state: present
+  tags: desktop-portal
+  tags:
+    - packages
+
+# required e.g. for sioyek to work in wayland void
+- name: Install qt5 and qt6 wayland libraries
+  community.general.xbps:
+    name:
+      - qt5-wayland
+      - qt6-wayland
+    state: present
+  tags:
+    - packages
+    - qt