Improve naming, start splitting server/desktop

main.yml

@@ -7,10 +7,9 @@
 
   vars:
     # gotify_token: "{{ gotify_x_token }}"
-    # is_vm: true
-    # is_wsl: true
+    # provision_is_vm: true
+    # provision_is_desktop: true
     # hostname: Dockerhost
-    ansible_user: root
 
   roles:
     - provision

roles/provision/README.md

@@ -7,13 +7,13 @@ Each part of that can be done separately by specifying the appropriate tag.
 Variables
 ------------
 
-`username`, `userpass` must be defined.
+`provision_username`, `provision_userpass` must be defined.
 
-`is_vm` may be defined as true to install qemu guest agent.
+`provision_is_vm` may be defined as true to install qemu guest agent.
 
-`is_wsl` may be defined to set WSL to use systemd.
+`provision_is_desktop` may be defined to configure WSL and ignore server-side dependencies
 
-`copy_private_key` may be defined to copy the SSH private key as well as authorising the public key.
+`provision_copy_private_key` may be defined to copy the SSH private key as well as authorising the public key.
 
 Requirements
 ------------

roles/provision/defaults/main.yml

@@ -1,12 +1,10 @@
 ---
 # defaults file for provision
-is_vm: false
+provision_is_vm: false
 
-is_wsl: false
+provision_is_desktop: false
 
-# Username of generic user
-username: jonathan
+provision_ssh_key: id_ed25519
+provision_ssh_key_pub: id_ed25519.pub
 
-ssh_key: id_ed25519
-ssh_key_pub: id_ed25519.pub
-copy_private_key: false
+provision_copy_private_key: "{{ not provision_is_desktop }}"

roles/provision/tasks/account_setup.yml

@@ -1,16 +1,16 @@
 ---
 - name: Create group for user
   ansible.builtin.group:
-    name: "{{ username }}"
+    name: "{{ provision_username }}"
     state: present
 
-- name: Create user {{ username }}
+- name: Create user {{ provision_username }}
   ansible.builtin.user:
     state: present
-    name: "{{ username }}"
-    group: "{{ username }}"
+    name: "{{ provision_username }}"
+    group: "{{ provision_username }}"
     groups: sudo
     append: true
     shell: /bin/bash
-    password: "{{ userpass | mandatory | password_hash('sha512') }}" # noqa: jinja[invalid]
+    password: "{{ provision_userpass | mandatory | password_hash('sha512') }}"
     update_password: on_create

roles/provision/tasks/dotfiles.yml

@@ -13,7 +13,7 @@
     repo: "https://github.com/encephala/kickstart.nvim.git"
     dest: "{{ home }}/.config/nvim"
   become: true
-  become_user: "{{ username }}"
+  become_user: "{{ provision_username }}"
 
 - name: Run kickstart.nvim setup
   ansible.builtin.command:

roles/provision/tasks/main.yml

@@ -18,30 +18,31 @@
   tags:
     - always
 
-- name: Update `username` if not root
+# TBH I don't know why this is necessary anymore
+- name: Update `provision_username` if not root
   ansible.builtin.set_fact:
-    username: "{{ ansible_user_id }}"
+    provision_username: "{{ ansible_user_id }}"
   when: ansible_user_id != "root"
   tags:
     - always
 
 - name: Set user and group id
   ansible.builtin.set_fact:
-    uid: "{{ getent_passwd[username].1 }}"
-    gid: "{{ getent_passwd[username].2 }}"
-    home: "{{ getent_passwd[username].4 }}"
+    uid: "{{ getent_passwd[provision_username].1 }}"
+    gid: "{{ getent_passwd[provision_username].2 }}"
+    home: "{{ getent_passwd[provision_username].4 }}"
   tags:
     - always
 
 
 - name: Include ssh setup
   ansible.builtin.import_tasks: ssh_setup.yml
-  remote_user: "{{ username }}"
+  remote_user: "{{ provision_username }}"
   tags:
     - ssh
 
 - name: Include dotfiles setup
   ansible.builtin.import_tasks: dotfiles.yml
-  remote_user: "{{ username }}"
+  remote_user: "{{ provision_username }}"
   tags:
     - dotfiles

roles/provision/tasks/ssh_setup.yml

@@ -1,24 +1,24 @@
 ---
 # Tasks to copy SSH ID, disable password auth and restart sshd
-# Must be run as root, requires var `username` to be set
-# If copy_private_key is true, also copies the private key
+# Must be run as root, requires var `provision_username` to be set
+# If provision_copy_private_key is true, also copies the private key
 
 - name: Authorise SSH key
   ansible.posix.authorized_key:
-    user: "{{ username }}"
+    user: "{{ provision_username }}"
     key: "{{ lookup('ansible.builtin.file', 'ssh/' + filename) }}"
   vars:
-    filename: "{{ lookup('ansible.builtin.vars', 'ssh_key_pub') }}"
+    filename: "{{ lookup('ansible.builtin.vars', 'provision_ssh_key_pub') }}"
 
 # authorized_key ensures the directory is created
 - name: Copy SSH private key
   ansible.builtin.copy:
-    src: "ssh/{{ ssh_key }}"
-    dest: "{{ home }}/.ssh/{{ ssh_key }}"
+    src: "ssh/{{ provision_ssh_key }}"
+    dest: "{{ home }}/.ssh/{{ provision_ssh_key }}"
     mode: "0600"
     owner: "{{ uid }}"
     group: "{{ gid }}"
-  when: copy_private_key | bool
+  when: provision_copy_private_key | bool
 
 
 - name: Harden SSH
@@ -34,3 +34,4 @@
   loop_control:
     loop_var: line
   notify: Restart sshd
+  when: not (provision_is_desktop | bool)

roles/provision/tasks/system_setup.yml

@@ -15,16 +15,23 @@
       - htop
       - fzf
       - bc
+    state: present
+
+- name: Install desktop packages
+  ansible.builtin.apt:
+    name:
       - gcc # For vim treesitter
       - npm # For many vim LSPs
       - r-base # For R LSP
       - libxml2-dev # For R LSP
       - luarocks # For lua LSP
       - python3-venv # For some vim LSPs
+      - pipx
     state: present
+  when: provision_is_desktop | bool
 
 # TODO: This doesn't make sense, NVim gets installed globally,
-# but relies on rust which gets installed for the {{ username }}
+# but relies on rust which gets installed for the {{ provision_username }}
 # - name: Run rustup
 #  ansible.builtin.shell: curl https://sh.rustup.rs -sSf | sh -s -- -y
 
@@ -62,13 +69,13 @@
     name:
       - qemu-guest-agent
     state: present
-  when: is_vm | bool
+  when: provision_is_vm | bool
   notify: Ensure guest agent enabled
 
 - name: Set hostname for VM if provided
   ansible.builtin.hostname:
     name: "{{ hostname }}"
-  when: hostname is defined and is_vm | bool
+  when: hostname is defined and provision_is_vm | bool
 
 - name: Set timezone to Amsterdam
   community.general.timezone:
@@ -91,7 +98,7 @@
     mode: "0644"
     owner: root
     group: root
-  when: is_wsl
+  when: provision_is_desktop | bool
 
 - name: Check if reboot required
   ansible.builtin.stat: