187 lines
7.6 KiB
YAML
187 lines
7.6 KiB
YAML
---
|
|
- name: Resolve desktop facts
|
|
when: system_cfg.features.desktop.enabled | bool
|
|
vars:
|
|
_autologin: "{{ system_cfg.features.desktop.autologin | default(false) }}"
|
|
ansible.builtin.set_fact:
|
|
_desktop_dm: >-
|
|
{{
|
|
system_cfg.features.desktop.display_manager
|
|
if (system_cfg.features.desktop.display_manager | length > 0)
|
|
else (configuration_desktop_dm_map[system_cfg.features.desktop.environment] | default(''))
|
|
}}
|
|
_desktop_session: "{{ system_cfg.features.desktop.session | default('') }}"
|
|
# Explicit session wins, else the per-environment command. Single source of
|
|
# truth for the greetd assert, the config gate, and the template.
|
|
_greetd_session: >-
|
|
{{
|
|
system_cfg.features.desktop.session
|
|
if (system_cfg.features.desktop.session | default('') | length > 0)
|
|
else (configuration_desktop_session_cmd_map[system_cfg.features.desktop.environment] | default(''))
|
|
}}
|
|
_desktop_autologin_user: >-
|
|
{{
|
|
_autologin
|
|
if (_autologin | string | lower not in ['', 'false'] and _autologin in system_cfg.users)
|
|
else ''
|
|
}}
|
|
|
|
- name: Enable systemd services
|
|
when: _configuration_platform.init_system == 'systemd'
|
|
vars:
|
|
configuration_systemd_services: >-
|
|
{{
|
|
['NetworkManager']
|
|
+ (['firewalld'] if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else [])
|
|
+ (['ufw'] if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else [])
|
|
+ ([_configuration_platform.ssh_service] if system_cfg.features.ssh.enabled | bool else [])
|
|
+ (['logrotate', 'systemd-timesyncd'] if os == 'archlinux' else [])
|
|
+ (['bluetooth'] if system_cfg.features.desktop.enabled | bool else [])
|
|
}}
|
|
ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ item }}"
|
|
loop: "{{ configuration_systemd_services }}"
|
|
register: configuration_enable_service_result
|
|
changed_when: configuration_enable_service_result.rc == 0
|
|
failed_when: >-
|
|
configuration_enable_service_result.rc != 0
|
|
and 'No such file or directory' not in (configuration_enable_service_result.stderr | default(''))
|
|
and 'does not exist' not in (configuration_enable_service_result.stderr | default(''))
|
|
|
|
- name: Enable display manager for selected desktop
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
- _desktop_dm | length > 0
|
|
ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ _desktop_dm }}"
|
|
register: configuration_enable_dm_result
|
|
changed_when: configuration_enable_dm_result.rc == 0
|
|
# Unlike optional services above, a missing/unenabled DM is fatal: chroot
|
|
# systemctl can exit 0 while only warning on stderr, so check both.
|
|
failed_when: >-
|
|
configuration_enable_dm_result.rc != 0
|
|
or 'No such file or directory' in (configuration_enable_dm_result.stderr | default(''))
|
|
or 'does not exist' in (configuration_enable_dm_result.stderr | default(''))
|
|
|
|
- name: Activate UFW firewall
|
|
when:
|
|
- system_cfg.features.firewall.backend == 'ufw'
|
|
- system_cfg.features.firewall.enabled | bool
|
|
ansible.builtin.command: "{{ chroot_command }} ufw --force enable"
|
|
register: _ufw_enable_result
|
|
changed_when: _ufw_enable_result.rc == 0
|
|
failed_when: false
|
|
|
|
- name: Set default systemd target to graphical
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
ansible.builtin.command: "{{ chroot_command }} systemctl set-default graphical.target"
|
|
register: _desktop_target_result
|
|
changed_when: _desktop_target_result.rc == 0
|
|
|
|
- name: Enable PipeWire user services globally
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
ansible.builtin.command: "{{ chroot_command }} systemctl --global enable {{ item }}"
|
|
loop: "{{ configuration_desktop_audio_units }}"
|
|
register: _desktop_audio_result
|
|
changed_when: _desktop_audio_result.rc == 0
|
|
failed_when: >-
|
|
_desktop_audio_result.rc != 0
|
|
and 'No such file or directory' not in (_desktop_audio_result.stderr | default(''))
|
|
and 'does not exist' not in (_desktop_audio_result.stderr | default(''))
|
|
|
|
- name: Assert greetd has a real session command to launch
|
|
when:
|
|
- system_cfg.features.desktop.enabled | bool
|
|
- _desktop_dm == 'greetd'
|
|
ansible.builtin.assert:
|
|
that:
|
|
- _greetd_session | length > 0
|
|
- not (_greetd_session | trim | regex_search('\\.desktop$'))
|
|
fail_msg: >-
|
|
greetd needs an executable session command, but the resolved command for desktop
|
|
environment '{{ system_cfg.features.desktop.environment }}' is
|
|
'{{ _greetd_session }}'. greetd suits wlroots compositors (sway, hyprland) that
|
|
launch from a plain command; kde/gnome ship a '.desktop' session and should use
|
|
their own display manager (sddm, gdm). Set features.desktop.session to an
|
|
executable, or pick a different display manager.
|
|
|
|
- name: Generate greetd configuration
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
- _desktop_dm == 'greetd'
|
|
- _greetd_session | length > 0
|
|
block:
|
|
- name: Ensure greetd config directory exists
|
|
ansible.builtin.file:
|
|
path: /mnt/etc/greetd
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Write greetd config.toml
|
|
ansible.builtin.template:
|
|
src: greetd-config.toml.j2
|
|
dest: /mnt/etc/greetd/config.toml
|
|
mode: "0644"
|
|
|
|
- name: Configure GDM autologin
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
- _desktop_dm == 'gdm'
|
|
- _desktop_autologin_user | length > 0
|
|
vars:
|
|
# Debian's gdm3 reads /etc/gdm3/daemon.conf; RedHat/Arch GDM read
|
|
# /etc/gdm/custom.conf. The keys are identical, only the path differs.
|
|
_gdm_dir: "/mnt/etc/{{ 'gdm3' if os_family == 'Debian' else 'gdm' }}"
|
|
_gdm_conf: "{{ 'daemon.conf' if os_family == 'Debian' else 'custom.conf' }}"
|
|
block:
|
|
- name: Ensure GDM config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ _gdm_dir }}"
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Write GDM autologin config
|
|
ansible.builtin.template:
|
|
src: gdm-custom.conf.j2
|
|
dest: "{{ _gdm_dir }}/{{ _gdm_conf }}"
|
|
mode: "0644"
|
|
|
|
- name: Configure SDDM autologin
|
|
when:
|
|
- _configuration_platform.init_system == 'systemd'
|
|
- system_cfg.features.desktop.enabled | bool
|
|
- _desktop_dm == 'sddm'
|
|
- _desktop_autologin_user | length > 0
|
|
block:
|
|
- name: Ensure SDDM config directory exists
|
|
ansible.builtin.file:
|
|
path: /mnt/etc/sddm.conf.d
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
# Plasma 6 ships the Wayland session as plasma.desktop; Plasma 5 ships it as
|
|
# plasmawayland.desktop (plasma.desktop is the X11 session there). Pick the
|
|
# installed Wayland session so autologin never lands on X11.
|
|
- name: Discover installed KDE Wayland sessions
|
|
ansible.builtin.find:
|
|
paths: /mnt/usr/share/wayland-sessions
|
|
patterns: "plasma.desktop,plasmawayland.desktop"
|
|
register: _kde_wayland_sessions
|
|
|
|
- name: Resolve the KDE Wayland session file
|
|
ansible.builtin.set_fact:
|
|
_sddm_session: >-
|
|
{%- set names = _kde_wayland_sessions.files | map(attribute='path') | map('basename') | list -%}
|
|
{{ 'plasma.desktop' if 'plasma.desktop' in names else (names | first | default('')) }}
|
|
|
|
- name: Write SDDM autologin drop-in
|
|
ansible.builtin.template:
|
|
src: sddm-autologin.conf.j2
|
|
dest: /mnt/etc/sddm.conf.d/10-autologin.conf
|
|
mode: "0644"
|