diff options
| author | Aaditya Dhruv <[email protected]> | 2025-06-14 10:13:07 +0530 |
|---|---|---|
| committer | Aaditya Dhruv <[email protected]> | 2025-06-14 10:13:07 +0530 |
| commit | 5f0f24a52d9175ab638b3d1a77454e65fad88248 (patch) | |
| tree | 03159fd6a3a69e6fc56ec33258964e3bffabffc1 /src | |
| parent | bd8919afb109efa0a92def766aca81f1e2e146fa (diff) | |
Update system, packages and playbooks, add vault
Diffstat (limited to 'src')
| -rw-r--r-- | src/packages/tasks/main.yaml | 10 | ||||
| -rw-r--r-- | src/system/files/systemd/user/syncthing.service | 24 | ||||
| -rw-r--r-- | src/system/tasks/main.yaml | 4 |
3 files changed, 31 insertions, 7 deletions
diff --git a/src/packages/tasks/main.yaml b/src/packages/tasks/main.yaml index 27d8451..2d8cc51 100644 --- a/src/packages/tasks/main.yaml +++ b/src/packages/tasks/main.yaml @@ -16,15 +16,15 @@ ansible.builtin.dnf: name: "{{ packages[item].dnf }}" state: latest - loop: "{{ config.packages }}" + ignore_errors: true + loop: "{{ packages }}" - name: Setup Flathub ansible.builtin.shell: 'flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo' + - name: Installing Flatpaks community.general.flatpak: name: "{{ packages[item].flatpak }}" state: present - loop: "{{ config.packages }}" -- name: Installing Rust - ansible.builtin.shell: "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - when: '"development" in config.packages' + ignore_errors: true + loop: "{{ packages }}" diff --git a/src/system/files/systemd/user/syncthing.service b/src/system/files/systemd/user/syncthing.service new file mode 100644 index 0000000..18078d0 --- /dev/null +++ b/src/system/files/systemd/user/syncthing.service @@ -0,0 +1,24 @@ +[Unit] +Description=Syncthing - Open Source Continuous File Synchronization +Documentation=man:syncthing(1) +StartLimitIntervalSec=60 +StartLimitBurst=4 + +[Service] +ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 +Restart=on-failure +RestartSec=1 +SuccessExitStatus=3 4 +RestartForceExitStatus=3 4 + +# Hardening +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true + +# Elevated permissions to sync ownership (disabled by default), +# see https://docs.syncthing.net/advanced/folder-sync-ownership +#AmbientCapabilities=CAP_CHOWN CAP_FOWNER + +[Install] +WantedBy=default.target diff --git a/src/system/tasks/main.yaml b/src/system/tasks/main.yaml index 626f70a..d1b7d69 100644 --- a/src/system/tasks/main.yaml +++ b/src/system/tasks/main.yaml @@ -3,7 +3,7 @@ - name: Copying user systemd configs ansible.builtin.copy: src: "systemd/user/{{ item }}.service" - dest: "/home/{{ config.username }}/.config/systemd/user/" + dest: "/home/{{ username }}/.config/systemd/user/" loop: "{{ systemd }}" - name: Enable service @@ -15,7 +15,7 @@ name: "{{ item }}.service" loop: "{{ systemd }}" ignore_errors: true - when: 'config.system.install_systemd' + when: systemd - name: Setup DNF conf |